1 2012-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
4 Update for sudo 1.8.5p2
7 2012-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
9 * src/env_hooks.c, src/sudo.h, src/tgetpass.c:
10 Provide unhooked version of getenv() and use it when looking up
11 DISPLAY and SUDO_ASKPASS in the environment.
14 2012-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
16 * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
17 If sudoers_mode is group-readable but the actual sudoers file is
18 not, open the file as uid 0, not uid 1. This fixes a problem when
19 sudoers has a more restrictive mode than what sudo expects to find.
20 In older versions, sudo would silently chmod the file to add the
24 2012-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
26 * NEWS, configure, configure.in:
30 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
31 Fix #includedir; from Mike Frysinger
34 * plugins/sudoers/check.c:
35 Don't prompt for a password if the user is in the exempt group, is
36 root, or is running the command as themselves even if the -k option
37 was specified. This makes "sudo -k command" consistent with the
38 behavior one would get if the user ran "sudo -k" immediately before
42 2012-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
49 Build PIE executable on Mac OS X 10.5 and above.
52 2012-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
55 Update for sudo 1.8.4p5
58 * plugins/sudoers/match_addr.c:
59 Add missing break between AF_INET and AF_INET6 in
60 addr_matches_if_netmask()
63 * plugins/sudoers/mon_systrace.c:
64 Move systrace monitor code to the attic
67 2012-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
70 The pointer to the siginfo_t struct in a signal handler may be NULL.
73 2012-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
75 * plugins/sudoers/pwutil.c:
76 Fix an alignment problem on NetBSD systems with a 64-bit time_t and
77 strict alignment. Based on a patch from Martin Husemann.
81 Add offsetof macro for those without it.
85 add system_group plugin
88 2012-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
91 Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX.
94 2012-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
97 Mention system_group plugin
100 * Makefile.in, plugins/sudoers/Makefile.in,
101 plugins/system_group/Makefile.in:
105 * plugins/system_group/system_group.c:
106 Only call gr_delref() when use sudo's password caching functions.
109 * plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in:
110 Add missing dependency on libreplace.la
114 Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and
118 * Makefile.in, configure, configure.in,
119 plugins/system_group/Makefile.in,
120 plugins/system_group/system_group.c,
121 plugins/system_group/system_group.sym:
122 Add group plugin that does lookups by name using the system group
126 * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo,
128 sync with translationproject.org
131 2012-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
133 * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
134 plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
135 plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
136 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
137 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
138 src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po,
139 src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
140 src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po,
141 src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
142 src/po/zh_CN.mo, src/po/zh_CN.po:
143 sync with translationproject.org
146 2012-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
149 Add mode for docdir and use '-' (default) for localedir mode. Fixes
150 a problem on Linux when building in a directory with the setgid bit
154 2012-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
160 2012-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
163 Update with recent changes
167 Fix version check on AIX
170 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
174 * plugins/sudoers/ldap.c:
175 Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP
179 * plugins/sudoers/ldap.c:
180 Fix printing of invalid uri
183 * plugins/sudoers/auth/pam.c:
184 Pass PAM_SILENT when deleting creds to remove an annoying warning
188 2012-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
191 Fix the setutxent and endutxent compatibility defines (this time
192 correctly) when only setutent and endutent are available.
195 * plugins/sudoers/ldap.c:
196 sudo_ldap_set_options_global() should not take an LDAP handle as an
197 argument since the options affect the global settings.
201 Debian sudo has not been built with --with-exempt=sudo since 1.6.8.
204 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
205 plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c,
207 Call the policy's init_session() function before we fork the child.
208 That way, the session is created and destroyed in the same process,
209 which is needed by some modules, such as pam_mount.
212 * doc/TROUBLESHOOTING:
213 Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is
217 * plugins/sudoers/auth/pam.c:
218 Delete creds after closing the PAM session.
221 * plugins/sudoers/ldap.c:
222 Provide a more useful error message if using a Mozilla-style LDAP
223 SDK and you forgot to specify TLS_CERT in ldap.conf.
227 Add missing initialization of a sigaction structure when I/O
228 logging. Fixes a potential problem when suspending the command.
231 * plugins/sudoers/ldap.c:
232 Split global and per-connection LDAP options into separate arrays.
233 Set global LDAP options before calling ldap_initialize() or
234 ldap_init(). After we have an LDAP handle, set the per-connection
235 options. Fixes a problem with OpenLDAP using the nss crypto backend;
239 * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
240 plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
241 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
242 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
243 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
244 src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po,
245 src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
246 sync with translationproject.org
249 2012-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
251 * src/sudo.c, src/sudo.h:
252 Move struct passwd pointer into struct command details.
255 2012-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
258 Sync with upstream for Mac OS X (and other) fixes.
262 Only built Mac intel universal binary on an intel machine.
266 Do not pass libtool the -static-libtool-libs option when building
267 sudo and sesh. Otherwise, libtool may prefer a static version of an
268 installed library over a dynamic one when linking.
271 2012-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
273 * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo,
274 plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po:
275 Add German translation for sudo Add Croatian translation for sudoers
278 * plugins/sudoers/iolog.c:
282 2012-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
285 Update with recent changes
288 * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
289 Sort xgettext output by file name.
292 * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
293 Clarify what "sudoreplay -l" displays and mention that it is sorted.
296 * config.h.in, configure, configure.in, src/ttyname.c:
297 Use AC_HEADER_MAJOR to determine where major/minor are defined.
300 * config.h.in, configure, configure.in, src/ttyname.c:
301 Include sys/mkdev.h if present instead of sys/sysmacros.h for
302 minor(). This is needed on Solaris (at least) where the makedev
303 macros in sysmacros.h are obsolete and library functions should be
308 When building on Mac OS X, only set SDK_FLAGS if specified osversion
312 2012-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
315 Add back buf and tty variables for _ttyname() case that were
316 inadvertantly removed.
319 2012-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
321 * plugins/sudoers/po/sudoers.pot:
325 * configure, configure.in:
326 Remove b8 from version number.
334 When looking for a device match, do a breadth-first search instead
335 of depth-first. We already special case /dev/pts/ so chances are
336 good that if it is not a pseudo-tty it is in the base of /dev/. Also
337 avoid a stat(2) when possible if struct dirent has d_type.
340 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
341 src/sudo.c, src/sudo.h:
342 Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list.
345 * src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo,
346 src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo,
348 sync with translationproject.org
351 * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po,
352 src/po/hr.mo, src/po/hr.po:
353 New Croatian and Galician translations from translationproject.org
357 Add depth-first traversal of /dev/ for the /proc case when not
361 * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c:
362 If struct dirent has d_type, use it to avoid an extra stat().
365 * plugins/sudoers/sudoreplay.c:
366 Sort output of "sudoreplay -l"
369 2012-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
371 * plugins/sudoers/sudoreplay.c:
372 Fix duplicate free introduced in last rev
375 2012-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
377 * plugins/sudoers/auth/pam.c:
378 Instead of treating ^C from tgetpass() specially, always return
379 AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL
380 like PAM_AUTH_ERR which Mac OS X returns this when there is no tty.
383 * config.h.in, configure, configure.in, src/ttyname.c:
384 Rototill code to determine the tty. For Linux, we now look up the
385 tty device in /proc/pid/stat instead of trying to open
386 /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given
387 device number to a string. On BSD, we can use devname(). On
388 Solaris, _ttyname_dev() does what we want. TODO: write /dev/
389 traversal code for the generic sudo_ttyname_dev().
392 2012-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
395 Define PRNODEV for those w/o it.
398 * config.h.in, configure, configure.in, src/ttyname.c:
399 Check for SVR4-style struct psinfo.pr_ttydev and use that to
400 determine the tty if std{in,out,err} are not ttys.
404 Better support for SVR4-style /proc entries where we can't use
405 ttyname() on the /proc/pid/fd/[0-2] entries. We can, however,
406 attempt to map the device number back to the correct pseudo-tty
411 When trying to determine the tty name, check parent's stderr in
412 addition to its stdin and stdout.
416 Treat a tty read failure like EOF as it usually means the pty has
417 gone away. Handle write() on the tty returning EIO.
420 * src/exec.c, src/exec_pty.c:
421 Linux select() may return ENOMEM if there is a kernel resource
422 shortage. Older Solaris select() may return EIO instead of EBADF
423 when the tty goes away. If we get an unhandled select() failure,
424 kill the child and exit cleanly.
428 Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might
432 2012-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
434 * plugins/sudoers/set_perms.c:
435 Fix restoration of AIX permissions.
439 Allow the -k flag to be used along with the -i and -s flags.
442 * plugins/sudoers/sudoreplay.c:
443 Plug memory leak in parse_logfile() in the error path.
446 * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
447 src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po,
448 src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po,
449 src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
450 src/po/zh_CN.mo, src/po/zh_CN.po:
451 sync with translationproject.org
454 2012-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
456 * compat/regress/glob/globtest.c, config.h.in, configure,
457 configure.in, plugins/sudoers/match.c:
458 Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the
459 glob() and fnmatch() results to be consistent.
462 2012-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
464 * MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in,
466 Move ttysize.c to common so sudoreplay can use it.
469 * plugins/sudoers/sudoreplay.c:
470 If I/O log file includes rows + cols, warn if the user's tty is not
474 * plugins/sudoers/sudoreplay.c:
475 Fix printing of TSID in "sudoreplay -l"
478 * common/sudo_debug.c, include/sudo_debug.h,
479 plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c,
481 Log the process id in the debug file output. Since we don't want to
482 keep calling getpid(), stash the value at init time and when we
487 Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It
488 is better to receive EIO from read()/write() than to be suspended
489 when we don't expect it. Fixes a problem when our terminal is
490 revoked which can happen when, e.g. our sshd is killed
491 unceremoniously. Also, only change the value of "alive" from true to
492 false, never from false to true. It is possible for us to receive
493 notification of the child having stopped after it is already dead.
494 This does not mean it has risen from the grave.
498 Distinguish between signals we received from the parent vs. those
499 delivered explicitly to the monitor process in debugging info.
502 2012-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
504 * plugins/sudoers/check.c:
505 In Solaris 11, /dev/pts under the "dev" filesystem, not "devices".
506 Update tty_is_devpts() to match so we can determine when the tty has
510 * common/sudo_debug.c, include/error.h, include/sudo_debug.h:
511 Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf()
512 and use a new flag, SUDO_DEBUG_FILENO to specify when to use it.
513 This allows consumers of sudo_debug_printf() to log that data
514 without having to specify it manually.
518 Make this compile after last change.
522 Don't try to restore the terminal if we are not the foreground
523 process. Otherwise, we may be stopped by SIGTTOU when we try to
524 update the terminal settings when cleaning up.
528 If select() return EBADF in the main event loop, one of the ttys
529 must have gone away so perform any I/O we can and close the bad fds.
532 * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
533 plugins/sudoers/toke.c, plugins/sudoers/toke.h,
534 plugins/sudoers/toke.l:
535 Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the
536 function, file and line number in the debug log for warning() and
540 2012-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
542 * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
544 Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno.
545 Use this flag when wrapping error() and warning() so the debug
546 output includes the error string.
549 2012-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
552 Update for sudo 1.8.5
555 * plugins/sudoers/po/sudoers.pot:
563 * plugins/sudoers/pwutil.c:
568 Don't need zero_bytes() after ecalloc()
571 * config.h.in, configure, configure.in, src/sudo_noexec.c:
572 Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to
577 Fix compat setutxent and endutxent macros for systems with
578 setutent() but not setutxent(). From Gustavo Zacarias
581 2012-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
584 Add ignore_result definition to AH_BOTTOM
587 * common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c,
588 plugins/sudoers/iolog.c, plugins/sudoers/toke.c,
589 plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c,
590 src/exec.c, src/exec_pty.c, src/tgetpass.c:
591 Fix compiler warnings on some platforms and provide a better method
592 of defeating gcc's warn_unused_result attribute.
595 * configure, configure.in:
596 Fix building the builtin zlib from a build dir. When a zlib dir was
597 specified, prepend its include path instead of appending so we get
598 the right zlib headers.
601 * doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h,
602 zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c,
603 zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h,
604 zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in,
605 zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
606 Update zlib to version 1.2.6
609 2012-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
612 g/c __unused which is no longer used
616 Fix compilation if RTLD_NEXT is not defined.
619 * src/po/sr.mo, src/po/sr.po:
620 sync with translationproject.org
623 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
628 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
633 Ignore Project-Id-Version when comparing pot files.
636 * plugins/sudoers/bsm_audit.c:
637 Use error() instead of log_fatal()
640 * plugins/sudoers/env.c:
641 Fix signedness of didvar in env_update_didvar()
644 * plugins/sudoers/iolog.c:
645 Quiet a compiler warning on some platforms.
649 cast ctype(3) function/macro arguments from char to unsigned char to
650 avoid potential negative subscripting.
653 * common/setgroups.c:
654 Quiet a warning on systems where the gids array in setgroups() is
655 not prototyped as being const, even though it really is.
659 Quiet a compiler warning on systems where the argument to putenv(3)
663 * plugins/sudoers/sudoreplay.c:
664 Undo an incorrect int -> bool conversion.
667 * MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
668 src/po/sv.mo, src/po/sv.po:
669 Add Swedish sudo and sudoers translations from
670 translationproject.org
673 * plugins/sudoers/env.c:
674 No need to preserve ODMDIR on AIX now that we always read
678 2012-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
680 * doc/sudoers.pod, plugins/sudoers/env.c:
681 When initializing the environment for env_reset, start out with the
682 contents of /etc/environment on AIX and login.conf on BSD.
685 * doc/TROUBLESHOOTING, src/sudo.c:
686 If we are not running with an effective uid of 0, try to give the
687 user enough information to debug the problem.
690 * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
691 Quiet a clang-analyzer false positive.
695 If there is nothing to read from the askpass program, set errno to
696 EINTR. This makes the cancel button behave like the user entered ^C
697 at the password prompt when PAM is used.
700 * src/sudo.h, src/tgetpass.c:
701 Fetch the value of "askpass" from the sudo conf struct.
704 * common/sudo_conf.c:
705 Fix matching of "Path askpass" and "Path noexec"
708 2012-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
710 * plugins/sudoers/visudo.c:
711 Quiet a clang-analyzer dead store warning.
714 * plugins/sudoers/sudoers.c:
715 If the "timestampowner" user cannot be resolved, use ROOT_UID
716 instead of exiting with a fatal error.
719 * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
720 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
721 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c,
722 plugins/sudoers/check.c, plugins/sudoers/env.c,
723 plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
724 plugins/sudoers/logging.h, plugins/sudoers/parse.c,
725 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
726 Remove the NO_EXIT flag to log_error() and add a log_fatal()
727 function that exits and is marked no_return. Fixes false positives
728 from static analyzers and is easier for humans to read too.
731 2012-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
733 * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
735 sync with translationproject.org
738 2012-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
740 * src/po/da.mo, src/po/da.po:
741 sync with translationproject.org
744 * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
745 sync with translationproject.org
748 2012-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
750 * src/po/it.mo, src/po/it.po:
751 sync with translationproject.org
754 * common/sudo_conf.c, plugins/sudoers/alias.c,
755 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
756 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
757 plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c,
758 plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
759 plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c,
761 Use ecalloc() when allocating structs.
764 * common/alloc.c, include/alloc.h:
765 Add ecalloc() and commented out recalloc(). Use inline strnlen()
766 instead of strlen() in estrndup().
769 2012-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
771 * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
772 plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
773 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
774 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
775 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
776 src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
777 src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
778 src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
779 src/po/zh_CN.mo, src/po/zh_CN.po:
780 sync with translationproject.org
783 2012-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
785 * plugins/sudoers/set_perms.c:
789 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
790 Document what changed in each plugin API revision
793 * plugins/sudoers/set_perms.c:
794 Remove bogus optimization that could lead to a double free of the
798 2012-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
800 * doc/TROUBLESHOOTING:
801 Expand AIX /etc/security/privcmds entry.
805 Update for sudo 1.8.5
808 * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat,
809 doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
810 doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat,
811 doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h,
812 include/sudo_plugin.h, src/load_plugins.c, src/sudo.c,
813 src/sudo_plugin_int.h:
814 Rename plugin "args" to "options"
818 Add Lithuanian and Vietnamese translators
822 Ignore comments when comparing new and old pot files.
829 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in:
833 * doc/sudo_plugin.pod, include/sudo_plugin.h,
834 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
835 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c,
836 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c,
837 src/sudo.c, src/sudo.h:
838 Pass a pointer to user_env in to the init_session policy plugin
839 function so session setup can modify the user environment as needed.
840 For PAM authentication, merge the PAM environment with the user
841 environment at init_session time. We no longer need to swap in the
842 user_env for environ during session init, nor do we need to disable
843 the env hooks at init_session time.
846 * plugins/sample/sample_plugin.c:
847 Add explicit NULL entries for init_session, register_hooks and
848 deregister_hooks with appropriate comments.
852 Quiet a gcc "used uninitialized in this function" false positive.
855 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
856 We should always call warning() with a format string or a string
857 literal. In this case, the argument (path) is not user-controlled.
860 2012-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
863 Include sudo_exec.h for the sudo_execve() prototype.
866 * config.h.in, configure, configure.in:
867 Add check for pam_getenvlist()
870 * common/sudo_conf.c:
871 Set args to NULL in default plugin info struct when there is no
872 Plugin line in sudo.conf.
875 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
879 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
880 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
881 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
882 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
886 * configure, configure.in:
887 Bump version to 1.8.5
890 * doc/sudo_plugin.pod:
894 2012-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
897 Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris.
900 * include/sudo_plugin.h:
901 Use sudo_hook_fn_t in struct sudo_hook.
904 * doc/TROUBLESHOOTING:
905 If cross compiling, --host must include the OS in the tuple. E.g.
906 --host powerpc-unknown-linux
909 2012-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
911 * plugins/sudoers/parse.c:
912 Fix bogus int -> bool conversion; tags can have a value of -1.
915 * plugins/sudoers/env.c:
916 Add env_should_keep() and env_should_delete() wrapper functions to
917 simplify things a bit and hide the fact that matches_env_check() is
922 Fix application of debian-specific sudoers mods when building
923 packages as non-root.
926 * plugins/sudoers/env.c:
927 matches_env_check() returns int, not boolean
931 Fix compilation when seteuid() is not available.
935 Simply move the free of ki_proc outside the realloc() loop.
939 Bring back the erealloc() for the ENOMEM loop and just zero the
940 pointer after we free it.
944 Don't try to erealloc() a potentially freed pointer; Mateusz Guzik
947 2012-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
949 * plugins/sudoers/set_perms.c:
950 Use normal error path if unable to set sudoers gid.
953 * plugins/sudoers/set_perms.c:
954 Make this work again on systems w/o seteuid().
957 2012-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
959 * plugins/sudoers/set_perms.c:
960 Fix compilation if no seteuid/setreuid/setresuid available.
963 * plugins/sudoers/set_perms.c:
964 Better error messages, and added debugging throughout. Fixed
965 seteuid() version of set_perms()/restore_perms(). Fixed logic bug in
966 AIX version of restore_perms(). Added checks to avoid changing
967 uid/gid when we don't have to. Never set gid/uid state to -1, use
968 the old value instead.
971 * src/exec_pty.c, src/ttyname.c:
972 Fix format string warning on Solaris with gcc 3.4.3.
976 Always declare environ now that we swap it around unilaterally.
980 Honor LDFLAGS when linking sesh; from Vita Cizek
984 Include alloc.h for estrdup() prototype; from Vita Cizek
987 2012-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
989 * plugins/sudoers/sudoers.c:
990 Don't read /etc/environment on Linux when using PAM, PAM should set
991 the environment variables as needed via pam_env.
998 * src/hooks.c, src/sudo.c, src/sudo.h:
999 Disable environment hooks after we get user_env back to make sure a
1000 plugin can't to modify user_env after we "own" it. This is kind of
1001 a hack but we don't want the init_session plugin function to modify
1005 * src/hooks.c, src/sudo.c:
1006 Add support for deregistering hooks. If an I/O log plugin fails to
1007 initialize, deregister its hooks (if any).
1010 2012-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
1012 * plugins/sudoers/sudoers.c, src/sudo.c:
1013 Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook
1017 * MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in,
1018 compat/setenv.c, compat/unsetenv.c, config.h.in, configure,
1019 configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl,
1020 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c,
1021 plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c,
1022 plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c,
1023 src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h,
1024 src/sudo_plugin_int.h:
1025 Initial cut at a hooks implementation. The plugin can register
1026 hooks for getenv, putenv, setenv and unsetenv. This makes it
1027 possible for the plugin to trap changes to the environment made by
1028 authentication methods such as PAM or BSD auth so that such changes
1029 are reflected in the environment passed back to sudo for execve().
1032 2012-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
1034 * MANIFEST, src/po/vi.mo, src/po/vi.po:
1035 Add Vietnamese sudo translation from translationproject.org
1038 2012-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
1040 * doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod,
1042 List sudo_noexec.so not noexec.so in the sample sudo.conf
1045 * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
1046 doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h,
1047 include/sudo_plugin.h, plugins/sample/sample_plugin.c,
1048 plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
1049 plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c,
1050 src/sudo_plugin_int.h:
1051 Add support for plugin args at the end of a Plugin line in
1052 sudo.conf. Bump the minor number accordingly and update the
1053 documentation. A plugin must check the sudo front end's version
1054 before using the plugin_args parameter since it is only supported
1055 for API version 1.2 and higher.
1058 2012-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
1060 * plugins/sudoers/Makefile.in:
1065 secure_path.c is in common, not compat
1068 * configure, configure.in:
1069 Add check for variadic macro support in cpp.
1072 2012-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
1074 * common/secure_path.c, common/sudo_conf.c, include/secure_path.h,
1075 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
1076 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
1077 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
1078 Add type param to sudo_secure_path() and add sudo_secure_file() and
1079 sudo_secure_dir() wrappers which get by #includedir in sudoers.
1082 2012-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
1084 * doc/visudo.pod, plugins/sudoers/visudo.c:
1085 Check the owner and mode in -c (check) mode unless the -f option is
1086 specified. Previously, the owner and mode were checked on the main
1087 sudoers file when the -s (strict) option was given, but this was not
1091 * config.h.in, configure, configure.in, src/ttyname.c:
1092 Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some
1093 versions of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
1096 2012-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
1099 Add Eric Lakin for patch in bug #538
1103 Fix typo in safe_close() made while converting to debug framework
1104 that prevented it from actually closing anything.
1108 Add some more debugging.
1111 * common/Makefile.in, compat/Makefile.in, doc/Makefile.in,
1112 include/Makefile.in:
1113 We need sysconfdir in compat/Makfile to get the proper sudo.conf
1114 path. Add standard prefix and foodir expansion in all Makefiles to
1115 avoid this problem in the future.
1118 2012-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
1120 * MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po:
1121 New Lithuanian sudoers translation from translationproject.org
1124 * plugins/sudoers/po/ja.po:
1125 Update from translationproject.org
1128 2012-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
1130 * plugins/sudoers/ldap.c:
1131 When adding gids to the LDAP filter, only add the primary gid once.
1132 This is consistent with the space computation/allocation. From Eric
1136 * doc/TROUBLESHOOTING:
1137 Add entry for AIX enhanced RBAC config.
1141 Target Mac OS X 10.5 when building packages.
1144 2012-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
1146 * MANIFEST, common/Makefile.in, common/secure_path.c,
1147 common/sudo_conf.c, include/secure_path.h,
1148 plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c:
1149 Relax the user/group/mode checks on sudoers files. As long as the
1150 file is owned by the right user, not world-writable and not writable
1151 by a group other than the one specified at configure time (gid 0 by
1152 default), the file is considered OK. Note that visudo will still
1153 set the mode to the value specified at configure time.
1156 2012-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
1158 * plugins/sudoers/set_perms.c:
1159 Add AIX-specific version of permission setting code to make sure
1160 that the saved uid gets restored properly.
1163 * config.h.in, configure, configure.in, src/exec_common.c:
1164 Check for LD_PRELOAD variants in configure instead of checkign cpp
1165 symbols. In disable_execute(), compute the length of the new envp
1166 and allocate it once instead of reallocating on demand. Also append
1167 old value of LD_PRELOAD (if any) to the new value.
1170 * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
1171 Fix the description of noexec.
1174 * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
1175 The "op" parameter to set_default() must be int, not bool since it
1176 is set to '+' or '-' for list add and subtract.
1180 Make sure sudoers is writable before calling ed script.
1183 2012-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
1185 * doc/CONTRIBUTORS, doc/contributors.pod:
1186 Update contributors. Now includes translators and authors of compat
1190 2012-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
1197 Build flat packages, not package bundles, on Mac OS X.
1200 2012-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
1203 Move macos section to be with the other OS-specific sections.
1206 * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
1207 plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
1208 Sync with translationproject.org
1211 * configure, configure.in:
1212 Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS
1216 Add Mac OS X support, printing the latest chunk of the NEWS file and
1217 the license text in the installer.
1221 Add explicit file modes that match those used by "make install"
1225 Sync with upstream for Mac OS X fixes.
1228 * plugins/sudoers/Makefile.in, src/Makefile.in:
1229 Got back to using "install-sh -M" for files installed as non-
1230 readable by owner. This fixes "make install" as non-root for
1234 2012-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
1236 * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
1237 plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
1238 plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
1239 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
1240 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
1241 Sync with translationproject.org
1244 * Makefile.in, doc/Makefile.in, include/Makefile.in,
1245 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
1246 plugins/sudoers/Makefile.in, src/Makefile.in:
1247 Use -m not -M for install-sh for everything except setuid. Install
1248 locale .mo files mode 0444, not 0644. If timedir parent doesn't
1249 exist, use default dir mode, not 0700.
1252 2012-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
1255 Re-sync with upstream; no longer need a local patch.
1259 Add support for building Mac OS X packages.
1267 No longer need to define _PATH_SUDO_CONF here.
1270 * src/exec_common.c:
1271 Fix noexec for Mac OS X.
1274 2012-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
1276 * common/Makefile.in:
1277 Move _PATH_SUDO_CONF override to common to match sudo_debug.c
1280 * plugins/sudoers/set_perms.c:
1281 More complete fix for LDR_PRELOAD on AIX. The addition of
1282 set_perm(PERM_ROOT) before calling the nss open functions (needed to
1283 avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective
1284 and then real uid to 0 for PERM_ROOT works around the issue.
1287 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1292 Set real uid to root before calling sudo_edit() or run_command() so
1293 that the monitor process is owned by root and not by the user.
1294 Otherwise, on AIX at least, the monitor process shows up in ps as
1295 belonging to the user (and can be killed by the user).
1298 * plugins/sudoers/set_perms.c:
1299 For PERM_ROOT when using setreuid(), only set the euid to 0 prior to
1300 the call to setuid(0) if the current euid is non-zero. This
1301 effectively restores the state of things prior to rev 7bfeb629fccb.
1302 Fixes a problem on AIX where LDR_PRELOAD was not being honored for
1303 the command being executed.
1306 * MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in,
1307 include/missing.h, src/sudo.c:
1308 Make a copy of the struct passwd in exec_setup() to make sure
1309 nothing in the policy init modifies it.
1312 2012-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
1318 * common/sudo_debug.c, include/sudo_debug.h:
1319 g/c now-unused debug subsystems
1322 * doc/sudo.pod, doc/sudoers.pod:
1323 Enumerate the debug subsystems used by sudo and sudoers.
1326 2012-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
1328 * NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
1329 include/sudo_conf.h, src/sudo.c:
1330 Normally, sudo disables core dumps while it is running. This
1331 behavior can now be modified at run time with a line in sudo.conf
1332 like "Set disable_coredumps false"
1336 Mention Spanish translation
1339 * common/sudo_debug.c:
1340 Make sure we don't try to fall back to using the conversation
1341 function for debugging in the main sudo process if we are unable to
1342 open the debug file.
1345 * MANIFEST, src/po/es.mo, src/po/es.po:
1346 Add sudo Spanish translation from translationproject.org
1349 2012-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
1351 * plugins/sudoers/iolog.c:
1352 Better debug subsystem usage
1356 Remove duplicate function prototypes
1359 2012-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
1361 * configure, configure.in:
1362 Error out if user specified --with-pam but we can't find the headers
1363 or library. Also throw an error if the headers are present but the
1364 library is not and vice versa.
1367 2012-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
1369 * plugins/sudoers/sudoers.c:
1370 Fix the sudoers permission check when the expected sudoers mode is
1374 2012-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
1376 * configure, configure.in:
1377 Verify that we can link executables built with -D_FORTIFY_SOURCE
1381 * src/exec_common.c:
1382 Fix potential off-by-one when making a copy of the environment for
1383 LD_PRELOAD insertion. Fixes bug #534
1386 * configure, configure.in:
1387 Add rudimentary check for _FORTIFY_SOURCE support by checking for
1388 __sprintf_chk, one of the functions used by gcc to support it.
1391 * compat/stdbool.h, config.h.in, configure, configure.in:
1392 Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves.
1395 2012-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
1397 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1401 2012-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
1403 * src/exec.c, src/sudo.c:
1404 The change in 818e82ecbbfc that caused to exit when the monitor dies
1405 created a race condition between the monitor exiting and the status
1406 being read. All we really want to do is make sure that select()
1407 notifies us that there is a status change when the monitor dies
1408 unexpectedly so shutdown the socketpair connected to the monitor for
1409 writing when it dies. That way we can still read the status that is
1410 pending on the socket and select() on Linux will tell us that the fd
1414 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
1415 src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h,
1417 Refactor disable_execute() and my_execve() into exec_common.c for
1418 use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of
1419 disabling exec in exec_setup(), disable it immediately before
1420 executing the command. Adapted from a diff by Arno Schuring.
1423 2012-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
1425 * aclocal.m4, configure, configure.in:
1426 Add custom version of AC_CHECK_LIB that uses the extra libs in the
1427 cache value name. With this we no longer need to rely on a modified
1428 version of autoconf.
1431 2012-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
1433 * configure, configure.in:
1434 Better handling of network functions that need -lsocket -lnsl
1438 When setting up the execution environment, set groups before
1439 gid/egid like sudo 1.7 did.
1442 * configure, configure.in:
1443 Remove "WARNING: unable to find foo() trying -lsocket -lnsl"
1446 * plugins/sudoers/sudoers.c:
1447 For "sudo -g" prepend the specified group ID to the beginning of the
1448 groups list. This matches BSD convention where the effective gid is
1449 the first entry in the group list. This is required on newer
1450 FreeBSD where the effective gid is not tracked separately and thus
1451 setgroups() changes the egid if this convention is not followed.
1455 2012-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
1457 * configure, configure.in:
1458 Fix sh warning; use "test" instead of "["
1462 When not logging I/O, use a signal handler that only forwards
1463 SIGINT, SIGQUIT and SIGHUP when they are user-generated signals.
1464 Fixes a race in the non-I/O logging path where the command may
1465 receive two keyboard-generated signals; one from the kernel and one
1466 from the sudo process.
1470 Back out change that put the command in its own pgrp when not
1471 logging I/O. It causes problems with pipelines.
1474 2012-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
1476 * compat/Makefile.in, configure, configure.in:
1477 Only run compat regress tests on compat objects we actually build.
1478 Fixes "make check" in the compat dir for systems that don't
1479 implement character classes in fnmatch() or glob(). Bug #531
1482 2012-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
1484 * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
1485 Update po files from translationproject.org
1488 2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
1491 Include parent directories in case they don't already exist. This
1492 fixes a directory permissions problem with the AIX package when the
1493 /usr/local directories don't already exist.
1497 sync with git version
1500 * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
1504 * MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c:
1505 Move tty name lookup code to its own file.
1508 2012-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
1511 Update with latest sudo 1.8.4 changes.
1514 * config.h.in, configure, configure.in:
1515 Remove obsolete template for HAVE_TIMESPEC
1519 Add a check for devname() returning a fully-qualified pathname. None
1520 of the devname() implementations do this today but you never know
1521 when this might change.
1524 2012-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
1526 * plugins/sudoers/visudo.c:
1527 For "visudo -c" also list include files that were checked when
1532 The device name returned by devname() does not include the /dev/
1533 prefix so we need to add it ourselves.
1537 Add debug warning if KERN_PROC sysctl fails or devname() can't
1538 resolve the tty device to a name.
1541 * common/sudo_debug.c:
1542 The result of writev() is never checked so just cast to NULL.
1545 * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
1546 plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
1547 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
1548 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
1549 Update Esperanto, Finnish, Polish and Ukrainian translations from
1550 translationproject.org.
1553 2012-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
1555 * config.h.in, configure, configure.in, src/sudo.c:
1556 Add support for determining tty via sysctl on other BSD variants.
1559 * configure, configure.in:
1560 Only check for struct kinfo_proc.ki_tdev on systems that support
1565 For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on
1566 ttyname() of std{in,out,err}.
1569 2012-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
1571 * config.h.in, configure, configure.in, src/sudo.c:
1572 On newer FreeBSD we can get the parent's tty name via sysctl().
1575 * plugins/sudoers/testsudoers.c:
1580 Silence a gcc warning.
1583 * plugins/sudoers/bsm_audit.c:
1584 Need to include gettext.h and sudo_debug.h; from John Hein
1587 * plugins/sudoers/iolog.c:
1588 Initialize the debug framework from the I/O plugin too.
1591 2012-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
1593 * plugins/sudoers/testsudoers.c:
1594 Enable debugging via sudo.conf.
1597 2012-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
1599 * plugins/sudoers/visudo.c:
1600 Use SUDO_DEBUG_ALIAS for alias checking functions.
1603 * configure, configure.in:
1604 More complete test for getaddrinfo() that doesn't rely on the
1605 network libraries already being added to LIBS.
1608 2012-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
1614 * configure, configure.in:
1615 Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least.
1618 * compat/getaddrinfo.c:
1619 Include errno.h and missing.h
1626 * configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in,
1627 plugins/sudoers/gram.y, plugins/sudoers/match.c,
1628 plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c,
1629 src/parse_args.c, src/sudo.c, src/sudo.h:
1630 Update copyright year.
1634 Update for sudo 1.8.4
1637 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1641 * plugins/sudoers/sudoreplay.c:
1642 Enable debugging via sudo.conf.
1645 * plugins/sudoers/visudo.c:
1646 Enable debugging via sudo.conf.
1649 * plugins/sudoers/visudo.c:
1650 Allow "visudo -c" to work when we only have read-only access to the
1651 sudoers include files.
1654 * doc/sudo.pod, doc/visudo.pod:
1655 Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add
1656 HISTORY section in sudo that points to HISTORY file.
1659 * doc/sudo.pod, doc/sudo_plugin.pod:
1660 Document Debug setting in sudo.conf and debug_flags in plugin.
1663 2012-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
1665 * plugins/sudoers/match.c:
1666 Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a
1667 bug where a pattern like "/usr/*" include /usr/bin/ in the results,
1668 which would be incorrectly be interpreted as if the sudoers file had
1669 specified a directory. From Vitezslav Cizek.
1672 * INSTALL, config.h.in, configure, configure.in,
1673 plugins/sudoers/auth/kerb5.c:
1674 Add --enable-kerb5-instance configure option to allow people using
1675 Kerberos V authentication to use a custom instance. Adapted from a
1676 diff by Michael E Burr.
1679 * doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h:
1680 Remove -D debug_level option.
1684 Update copyright year.
1687 2012-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
1689 * plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
1690 plugins/sudoers/visudo.c:
1691 parse_error is now bool, not int
1694 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
1695 plugins/sudoers/parse.c:
1696 Print a more sensible error if yyparse() returns non-zero but
1697 yyerror() was not called.
1700 * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
1701 plugins/sudoers/gram.c:
1702 Replace y.tab.c with the correct filename in #line directives.
1705 2012-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
1708 When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2}
1709 if the main process's fds 0-2 are not hooked up to a tty. Adapted
1710 from a diff by Zdenek Behan.
1714 When not logging I/O, put command in its own pgrp and make that the
1715 controlling pgrp if the command is in the foreground. Fixes a race
1716 in the non-I/O logging path where the command may receive two
1717 keyboard-generated signals; one from the kernel and one from the
1721 2011-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
1724 Quiet a bogus gcc warning.
1727 * src/parse_args.c, src/sudo.h:
1728 Fix warnings related to sudo.conf accessors.
1731 * common/sudo_conf.c, include/sudo_conf.h:
1732 Separate sudo.conf parsing from plugin loading and move the parse
1733 functions into the common lib so that visudo, etc. can use them.
1736 * MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c,
1737 src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h:
1738 Separate sudo.conf parsing from plugin loading and move the parse
1739 functions into the common lib so that visudo, etc. can use them.
1742 * doc/sudoers.pod, plugins/sudoers/def_data.c,
1743 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
1744 plugins/sudoers/sudoers.c, src/sudo.c:
1745 Remove support for noexec_file in sudoers and the plugin API
1748 * plugins/sudoers/sudoers.c:
1749 Don't dump interfaces if there are none.
1752 * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
1753 Add missing %s printf escape to the group_plugin, iolog_dir and
1754 iolog_file descriptions.
1757 2011-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
1759 * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c:
1760 Fix typo in visiblepw description; from Joel Pickett
1763 2011-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
1765 * MANIFEST, configure, configure.in, mkdep.pl,
1766 plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
1767 plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
1768 plugins/sudoers/sudoers.h, src/sudo.c:
1769 When running a login shell with a login_class specified, use
1770 LOGIN_SETENV instead of rolling our own login.conf setenv support
1771 since FreeBSD's login.conf has more than just setenv capabilities.
1772 This requires us to swap the plugin-provided envp for the global
1773 environ before calling setusercontext() and then stash the resulting
1774 environ pointer back into the command details, which is kind of a
1778 * plugins/sudoers/Makefile.in:
1779 If srcdir is "." just use the basename of the yacc/lex file when
1780 generating the C version. This matches the generated files
1781 currently in the repo.
1784 * doc/Makefile.in, plugins/sudoers/Makefile.in:
1785 Clean up the DEVEL noise
1789 Handle different Unix domain socket (actually socketpair) semantics
1790 in BSD vs. Linux. In BSD if one end of the socketpair goes away
1791 select() returns the fd as readable and the read will fail with
1792 ECONNRESET. This doesn't appear to happen on Linux so if we notice
1793 that the monitor process has died when I/O logging is enabled,
1794 behave like the command has exited. This means we log the wait
1795 status of the monitor, not the command, but there is nothing else we
1796 can do at that point. This should only be an issue if SIGKILL is
1797 sent to the monitor process.
1801 Catch common signals in the monitor process so they get passed to
1802 the command. Fixes a problem when the entire login session is
1803 killed when ssh is disconnected or the terminal window is closed.
1804 Previously, the monitor would exit and plugin's close method would
1808 * INSTALL, configure, configure.in:
1809 Mention how to configure pam_hpsec on HP-UX to play nicely with
1813 2011-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
1815 * plugins/sudoers/ldap.c:
1816 Escape values in the search expression as per RFC 4515.
1819 * doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
1820 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
1822 No need for install target to depend explicitly on install-dirs, the
1823 install-foo targets all depend on it.
1826 2011-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
1832 * MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl,
1833 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
1834 plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
1835 plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
1836 plugins/sudoers/sudoers.h, src/Makefile.in:
1837 Add support for setenv entries in login.conf. We can't use
1838 LOGIN_SETENV since the plugin sets up the envp the command is
1839 executed with. Also regen the Makefile.in files while here. Fixes
1843 2011-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
1845 * MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h,
1846 config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
1848 Add getaddrinfo() for those without it, written by Russ Allbery
1852 Restore PACKAGE_TARNAME, it is used in docdir
1855 * MANIFEST, compat/stdbool.h:
1856 SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to
1860 * common/atobool.c, common/term.c, src/exec.c:
1861 Remove duplicate return statements.
1864 * plugins/sudoers/auth/bsdauth.c:
1865 Remove inaccurate comment
1868 * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c:
1869 Fetch the login class for the user we authenticate specifically when
1870 using BSD authentication. That user may have a different login
1871 class than what we will use to run the command. When setting the
1872 login class for the command, use the target user's struct passwd,
1873 not the invoking user's. Fixes bug 526
1876 * compat/Makefile.in, configure, configure.in, doc/Makefile.in,
1877 plugins/sudoers/Makefile.in:
1878 Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1"
1881 * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
1882 plugins/sudoers/regress/logging/check_wrap.c,
1883 plugins/sudoers/regress/parser/check_addr.c,
1884 plugins/sudoers/regress/parser/check_fill.c:
1885 Fix "make check" fallout from the sudo_conv changes in sudo_debug.
1888 * common/fileops.c, common/sudo_debug.c, configure, configure.in,
1889 include/fileops.h, plugins/sample/Makefile.in,
1890 plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in,
1891 plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
1892 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
1893 plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
1894 plugins/sudoers/env.c, plugins/sudoers/find_path.c,
1895 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
1896 plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
1897 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
1898 plugins/sudoers/ldap.c, plugins/sudoers/match.c,
1899 plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
1900 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
1901 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
1902 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
1903 plugins/sudoers/toke.c, plugins/sudoers/toke.h,
1904 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
1905 plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c,
1906 src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h,
1907 src/sudo_plugin_int.h, src/utmp.c:
1908 Use stdbool.h instead of rolling our own TRUE/FALSE macros.
1911 2011-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
1913 * compat/stdbool.h, config.h.in, configure, configure.in:
1914 Add stdbool.h for systems without it.
1917 * aclocal.m4, config.h.in, configure, configure.in:
1918 No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default
1919 includes have unistd.h in them. Add check for socklen_t for
1920 upcoming getaddrinfo compat.
1923 * common/fileops.c, compat/nanosleep.c, config.h.in, configure,
1924 configure.in, plugins/sudoers/interfaces.c,
1925 plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c,
1926 plugins/sudoers/sudoreplay.c, src/net_ifs.c:
1927 Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of
1928 HAVE_TIMESPEC and HAVE_IN6_ADDR respectively.
1931 * src/sudo_noexec.c:
1932 No longer need to include time.h here as missing.h does not use
1936 2011-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
1938 * plugins/sudoers/visudo.c:
1939 Fix mode on sudoers as needed when the -f option is not specified.
1942 * MANIFEST, src/po/sr.mo, src/po/sr.po:
1943 Add Serbian translation for sudo from translationproject.org
1946 * common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c,
1948 No longer pass debug_file to plugin, plugins must now use
1953 Build PIE executables for newer Debian and Ubuntu
1956 * common/sudo_debug.c:
1957 Include time.h for ctime() prototype.
1960 2011-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
1962 * common/sudo_debug.c, include/sudo_debug.h, src/exec.c,
1964 Do not close error pipe or debug fd via closefrom() as we need them
1965 to report an exec error should one occur.
1968 * doc/sudoers.ldap.pod:
1969 Document that a sudoUser may now be a group ID.
1972 * plugins/sudoers/ldap.c:
1973 Add support for permitting access by group ID in addition to group
1977 * plugins/sudoers/ldap.c:
1978 Older Netscape LDAP SDKs don't prototype ldapssl_set_strength()
1981 * compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE:
1982 Replace UCB fnmatch.c with a non-recursive version written by
1986 * plugins/sudoers/auth/pam.c:
1987 Fix typo, return_debug vs. debug_return
1990 2011-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
1992 * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
1993 Update Japanese sudoers translation from translationproject.org
1997 Make the env_reset descriptions consistent.
2000 2011-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
2002 * configure, configure.in:
2003 Do multiple expansion when expanding paths to the noexec file, sesh
2004 and the plugin directory. Adapted from a diff by Mike Frysinger
2007 * common/Makefile.in:
2011 2011-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
2014 Add ignore file; from Mike Frysinger
2018 no longer save old Makefile.in to .old
2021 * plugins/sudoers/Makefile.in, src/Makefile.in:
2025 * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4,
2026 m4/ltoptions.m4, m4/ltversion.m4:
2027 Update to libtool 2.4.2
2030 2011-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
2032 * plugins/sudoers/sudoers_version.h:
2033 Bump grammar version for #include and #includedir relative path
2037 2011-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
2039 * doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2040 Add support for relative paths in #include and #includedir
2043 * plugins/sudoers/Makefile.in:
2044 Fix install-plugin when shared objects are unsupported or disabled.
2047 * plugins/sudoers/goodpath.c:
2048 Don't write to sbp if it is NULL
2051 2011-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
2054 Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set,
2055 only install matching .mo files
2058 2011-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
2060 * plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
2061 plugins/sudoers/sudoers.c, src/conversation.c:
2062 Fix non-dynamic (no dlopen) sudo build.
2065 * configure, configure.in:
2066 Don't error out if the user specified --disable-shared
2069 * common/sudo_debug.c, plugins/sudoers/sudoreplay.c,
2070 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
2072 Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to
2076 * plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
2077 plugins/sudoers/sudoers.h:
2078 Make sudo_goodpath() return value bolean
2081 * INSTALL, MANIFEST, configure, configure.in, mkdep.pl,
2082 plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c:
2083 Remove obsolete securid auth method.
2086 * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
2087 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
2088 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
2089 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
2090 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
2091 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
2092 plugins/sudoers/auth/sudo_auth.h:
2093 Prefix authentication functions with a "sudo_" prefix to avoid
2097 * INSTALL, MANIFEST, config.h.in, configure, configure.in,
2098 doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in,
2099 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c,
2100 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c:
2101 Remove the old Kerberos IV support
2104 2011-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
2106 * plugins/sudoers/check.c:
2107 Don't print garbage at the end of the custom lecture.
2110 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2111 Add lexer tracing as debug@parser
2114 * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
2115 plugins/sudoers/defaults.h, plugins/sudoers/gram.c,
2116 plugins/sudoers/match.c, plugins/sudoers/parse.c,
2117 plugins/sudoers/regress/parser/check_fill.c,
2118 plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
2119 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
2120 plugins/sudoers/visudo.c:
2121 Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and
2122 <def_data.h> and not "def_data.h" when generating the parser in a
2126 2011-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
2128 * mkdep.pl, plugins/sudoers/Makefile.in:
2129 Better devdir support in mkdep.pl
2132 * plugins/sudoers/Makefile.in:
2133 Add devdir before srcdir in include path and fix up dependecies
2137 * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
2138 plugins/sudoers/defaults.h, plugins/sudoers/match.c,
2139 plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
2140 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
2141 plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
2142 #include "gram.h" not <gram.h> and "def_data.h" and not
2147 Mark libexec files as optional. If we build without shared object
2148 support, libexec is not used.
2151 * src/load_plugins.c:
2152 Change Debug sudo.conf setting to take a program name as the first
2153 argument. In the future, this will allow visudo and sudoreplay to
2154 use their own Debug entries.
2158 fix sudo_debug_printf priority
2161 * plugins/sudoers/sudoers.c:
2162 add missing debug_return_int
2165 2011-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
2167 * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
2168 plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c:
2169 Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR
2173 Add missing word in HOME security note.
2176 * plugins/sudoers/testsudoers.c:
2177 Prevent "testsudoers -d username" from trying to malloc(0).
2180 2011-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
2182 * plugins/sudoers/regress/sudoers/test10.in,
2183 plugins/sudoers/regress/sudoers/test10.out.ok,
2184 plugins/sudoers/regress/sudoers/test10.toke.ok,
2185 plugins/sudoers/regress/sudoers/test10.toke.out.ok,
2186 plugins/sudoers/regress/sudoers/test11.in,
2187 plugins/sudoers/regress/sudoers/test11.out.ok,
2188 plugins/sudoers/regress/sudoers/test11.toke.ok,
2189 plugins/sudoers/regress/sudoers/test11.toke.out.ok,
2190 plugins/sudoers/regress/sudoers/test12.in,
2191 plugins/sudoers/regress/sudoers/test12.out.ok,
2192 plugins/sudoers/regress/sudoers/test12.toke.ok,
2193 plugins/sudoers/regress/sudoers/test13.in,
2194 plugins/sudoers/regress/sudoers/test13.out.ok,
2195 plugins/sudoers/regress/sudoers/test13.toke.ok,
2196 plugins/sudoers/regress/sudoers/test9.in,
2197 plugins/sudoers/regress/sudoers/test9.out.ok,
2198 plugins/sudoers/regress/sudoers/test9.toke.ok,
2199 plugins/sudoers/regress/sudoers/test9.toke.out.ok:
2200 Tests for empty sudoers (should parse OK) and syntax errors within a
2201 line (should report correct line number) both with and without the
2205 * plugins/sudoers/regress/sudoers/test4.out.ok,
2206 plugins/sudoers/regress/sudoers/test5.out.ok,
2207 plugins/sudoers/regress/sudoers/test7.out.ok,
2208 plugins/sudoers/regress/sudoers/test8.out.ok,
2209 plugins/sudoers/testsudoers.c:
2210 Print line number when there is a parser error.
2213 2011-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
2215 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2216 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2217 Keep track of the last token returned. On error, if the last token
2218 was COMMENT, decrement sudolineno since the error most likely
2219 occurred on the preceding line. Previously we always uses
2220 sudolineno-1 which will give the wrong line number for errors within
2224 2011-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
2227 update with sudo 1.8.3p1 info
2230 * plugins/sudoers/sudoers.c:
2231 Fix crash when "sudo -g group -i" is run. Fixes bug 521
2234 2011-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
2236 * plugins/sudoers/visudo.c:
2237 Make alias_remove_recursive() return TRUE/FALSE as its callers
2238 expect and remove two unused arguments. Fixes bug 519.
2241 * plugins/sudoers/regress/visudo/test1.out.ok,
2242 plugins/sudoers/regress/visudo/test1.sh:
2243 Add regress test for bugzilla 519
2246 * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
2247 plugins/sudoers/regress/logging/check_wrap.c,
2248 plugins/sudoers/regress/parser/check_addr.c,
2249 plugins/sudoers/regress/parser/check_fill.c:
2250 Disable warning/error wrapping in regress tests.
2253 2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
2256 Do compile-po as part of sync-po so that the .mo files get rebuild
2257 automatically when we sync with translationproject.org
2260 * plugins/sudoers/Makefile.in:
2261 check_addr needs to link with the network libraries on Solaris
2264 * plugins/sudoers/match.c:
2265 When matching a RunasAlias for a runas group, pass the alias in as
2266 the group_list, not the user_list. From Daniel Kopecek.
2269 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
2270 We need to init the auth system regardless of whether we need a
2271 password since we will be closing the PAM session in the monitor
2272 process. Fixes a crash in the monitor on Solaris; bugzilla #518
2275 2011-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
2278 Get rid of done: label. If the child exits we still need to close
2279 the pty, update utmp and restore the SELinux tty context.
2282 2011-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
2284 * common/Makefile.in, common/atobool.c, common/fileops.c,
2285 common/fmt_string.c, common/lbuf.c, common/list.c,
2286 common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in,
2287 plugins/sudoers/alias.c, plugins/sudoers/audit.c,
2288 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
2289 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
2290 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
2291 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
2292 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
2293 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
2294 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
2295 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
2296 plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
2297 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
2298 plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
2299 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
2300 plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
2301 plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
2302 plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
2303 plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
2304 plugins/sudoers/logwrap.c, plugins/sudoers/match.c,
2305 plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
2306 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
2307 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
2308 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
2309 plugins/sudoers/toke.c, plugins/sudoers/toke.h,
2310 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
2311 src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c,
2312 src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
2313 src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
2314 src/tgetpass.c, src/ttysize.c, src/utmp.c:
2315 Add debug_decl/debug_return (almost) everywhere. Remove old
2316 sudo_debug() and convert users to sudo_debug_printf().
2319 * common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c,
2320 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
2321 plugins/sudoers/visudo.c, src/error.c:
2322 Wrap error/errorx and warning/warningx functions with debug
2323 statements. Disable wrapping for standalone sudoers programs as well
2324 as memory allocation functions (to avoid infinite recursion).
2327 * README, config.h.in, configure, configure.in:
2328 Add checks for __func__ and __FUNCTION__ and mention that we now
2329 require a cpp that supports variadic macros.
2332 * MANIFEST, common/Makefile.in, common/sudo_debug.c,
2333 include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c,
2334 src/load_plugins.c, src/parse_args.c, src/sudo.c,
2335 src/sudo_plugin_int.h:
2336 New debug framework for sudo and plugins using /etc/sudo.conf that
2337 also supports function call tracing.
2340 2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
2342 * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
2343 Update Japanese sudoers translation from translationproject.org
2346 2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
2348 * configure, configure.in:
2349 Override and ignore the --disable-static option. Sudo already runs
2350 libtool with -tag=disable-static where applicable and we need non-
2351 PIC objects to build the executables.
2354 2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
2360 * plugins/sudoers/po/sudoers.pot:
2364 * plugins/sudoers/env.c:
2365 Ignore set_logname (which is now the default) for sudoedit since we
2366 want the LOGNAME, USER and USERNAME environment variables to refer
2367 to the calling user since that is who the editor runs as. This
2368 allows the editor to find the user's startup files. Fixes bugzilla
2372 * plugins/sudoers/pwutil.c:
2373 Instead of trying to grow the buffer in make_grlist_item(), simply
2374 increase the total length, free the old buffer and allocate a new
2375 one. This is less error prone and saves us from having to adjust
2376 all the pointers in the buffer. This code path is only taken when
2377 there are groups longer than the length of the user field in struct
2378 utmp or utmpx, which should be quite rare.
2382 Add Italian translation for sudo from translationproject.org
2385 * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
2386 src/po/ja.mo, src/po/ja.po:
2387 Japanese translation for sudo and sudoers from
2388 translationproject.org
2391 2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
2393 * plugins/sudoers/Makefile.in:
2394 sudoreplay depends on timestr.lo too; from Mike Frysinger
2397 2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
2399 * plugins/sudoers/po/sudoers.pot:
2400 Regen sudoers pot file.
2404 Update with latest sudo 1.8.3 news
2407 * plugins/sudoers/sudoers.c:
2408 It appears that LDAP or NSS may modify the euid so we need to be
2409 root for the open(). We restore the old perms at the end of
2410 sudoers_policy_open().
2413 * plugins/sudoers/set_perms.c:
2414 Better warning message on setuid() failure for the setreuid()
2415 version of set_perms().
2418 2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
2420 * plugins/sudoers/check.c:
2421 Delref auth_pw at the end of check_user() instead of getting a ref
2425 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c:
2426 Make sudo_auth_{init,cleanup} return TRUE on success and check for
2427 sudo_auth_init() return value in check_user().
2430 * plugins/sudoers/auth/sudo_auth.c:
2431 Do not return without restoring permissions.
2434 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
2438 * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c,
2439 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
2440 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
2441 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
2442 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
2443 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
2444 plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
2445 plugins/sudoers/sudoers.h:
2446 Modify the authentication API such that the init and cleanup
2447 functions are always called, regardless of whether or not we are
2448 going to verify a password. This is needed for proper PAM session
2452 * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
2453 Add missing dependency for getspwuid.lo and regen other depends.
2456 * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
2457 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c:
2458 Fix a PAM_USER mismatch in session open/close. We update PAM_USER
2459 to the target user immediately before setting resource limits, which
2460 is after the monitor process has forked (so it has the old value).
2461 Also, if the user did not authenticate, there is no pamh in the
2462 monitor so we need to init pam here too. This means we end up
2463 calling pam_start() twice, which should be fixed, but at least the
2464 session is always properly closed now.
2468 Add check for old being NULL in utmp_setid(); from Steven McDonald
2471 2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
2473 * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
2474 plugins/sudoers/sudoers.h:
2475 If the invoking user cannot be resolved by uid fake the struct
2476 passwd and store it in the cache so we can delref it on exit.
2479 2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
2481 * plugins/sudoers/sudoers.c:
2482 Don't error out if the group plugin cannot be loaded, just warn.
2485 2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
2487 * plugins/sudoers/sudoers.c:
2488 Quiet a false positive found by several static analysis tools. These
2489 tools don't know that log_error() does not return (it longjmps to
2490 error_jmp which returns to the sudo front-end).
2493 2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
2495 * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo,
2496 plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
2497 plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po:
2498 Add Italian translation for sudo from translationproject.org Regen
2502 2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
2504 * doc/TROUBLESHOOTING:
2505 Update to current reality and add bit about ssh auth
2508 * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
2509 Make "verbose" static; fixes a namespace clash with
2510 pam_ssh_agent_auth (and it doesn't need to be extern these days).
2513 * config.h.in, configure, configure.in, src/get_pty.c:
2514 FreeBSD has libutil.h not util.h
2517 * configure, configure.in:
2518 Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD
2521 2011-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
2523 * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po,
2524 plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po,
2525 plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po:
2526 Update po files from translationproject.org
2529 2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
2531 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
2532 Add support for DEREF in ldap.conf.
2536 install target should depend on ChangeLog too, not just install-doc
2540 Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
2544 Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes.
2548 Document group lookup change and possible side effects.
2551 * configure, configure.in:
2552 Fix some square brackets in case statements that needed to be
2553 doubled up. While here, use $OSMAJOR when it makes sense.
2556 * plugins/sudoers/pwutil.c:
2557 Fix a crash in make_grlist_item() on 64-bit machines with strict
2561 * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
2562 Remove list_options() function that is no longer used now that "sudo
2566 * configure, configure.in:
2567 Error message if user tries --with-CC
2570 * configure, configure.in:
2571 Check for -libmldap too when looking for ldap libs, which is the
2572 Tivoli Directory Server client library.
2575 2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
2577 * plugins/sudoers/parse.c:
2578 Honor NOPASSWD tag for denied commands too.
2581 2011-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
2583 * INSTALL, configure, configure.in:
2584 Remove --with-CC option; it doesn't work correctly now that we use
2585 libtool. Users can get the same effect by setting the CC
2586 environment variable when running configure.
2589 2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
2591 * config.h.in, configure, configure.in, plugins/sudoers/visudo.c,
2593 Assume all modern systems support fstat(2).
2596 2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
2598 * compat/regress/glob/globtest.c, config.h.in, configure,
2599 configure.in, include/missing.h, plugins/sudoers/sudoers.h,
2600 src/sudo.h, src/sudo_noexec.c:
2601 Add configure test for missing errno declaration and only declare it
2602 ourselves if it is missing.
2605 * plugins/sudoers/alias.c:
2606 Include errno.h before sudo.h to avoid conflicting with the system
2607 definition of errno.
2610 2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
2612 * plugins/sudoers/regress/parser/check_addr.c:
2613 Only print individual check status when there is a failure.
2616 * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
2617 plugins/sudoers/regress/logging/check_wrap.c,
2618 plugins/sudoers/regress/parser/check_addr.c:
2619 Add calls to setprogname() for test programs.
2622 * configure, configure.in:
2623 Add -Wall and -Werror after all tests so they don't cause failures.
2626 * plugins/sudoers/Makefile.in:
2627 Actually run check_addr in the check target
2630 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c,
2631 plugins/sudoers/match_addr.c,
2632 plugins/sudoers/regress/parser/check_addr.c,
2633 plugins/sudoers/regress/parser/check_addr.in:
2634 Split out address matching into its own file and add regression
2638 2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
2640 * plugins/sudoers/match.c:
2641 When matching an address with a netmask in sudoers, AND the mask and
2642 addr before checking against the local addresses.
2645 2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
2647 * plugins/sudoers/match.c:
2648 Fix netmask matching.
2651 * plugins/sudoers/visudo.c:
2652 Don't assume all editors support the +linenumber command line
2653 argument, use a whitelist of known good editors.
2656 2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
2658 * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c,
2659 src/exec_pty.c, src/sudo.c:
2660 Silence compiler warnings on Solaris with gcc 3.4.3
2664 Fix building on RHEL 3
2667 * INSTALL, configure, configure.in:
2668 Add --enable-werror configure option.
2671 * common/setgroups.c:
2672 setgroups() proto lives in grp.h on RHEL4, perhaps others.
2675 * configure, configure.in:
2676 Use PAM by default on AIX 6 and higher.
2679 2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
2681 * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
2682 src/po/eo.mo, src/po/eo.po:
2683 Add new Esperanto translation from translationproject.org
2686 2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
2688 * plugins/sudoers/iolog_path.c:
2689 Quiet an innocuous valgrind warning.
2692 2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
2694 * plugins/sudoers/iolog_path.c,
2695 plugins/sudoers/regress/iolog_path/data:
2696 Fix expansion of strftime() escapes in log_dir and add a regress
2697 test that exhibited the problem.
2700 * plugins/sudoers/Makefile.in:
2701 Fix "make check" return value.
2704 2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
2706 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
2711 Fix logic inversion in pot file up to date check.
2714 2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
2716 * configure, configure.in:
2717 Add caching for gettext() checks.
2720 * configure, configure.in:
2721 Better handling of libintl header and library mismatch.
2724 2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
2726 * plugins/sudoers/sudoers.c:
2727 Also check sudoers gid if sudoers is group writable.
2730 2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
2732 * configure, configure.in:
2733 If dlopen is present but libtool doesn't find it, error out since it
2734 probably means that libtool doesn't support the system.
2738 configure args on the command line should override builtin defaults.
2739 Disable NLS for non-Linux/Solaris unless explicitly enabled.
2742 * plugins/sudoers/auth/aix_auth.c:
2743 Fix loop that calls authenticate(). If there was an error message
2744 from authenticate(), display it.
2747 2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
2749 * m4/libtool.m4, m4/ltversion.m4:
2750 Update to autoconf 2.68 and libtool 2.4
2753 * config.guess, config.sub, configure, configure.in, ltmain.sh:
2754 Update to autoconf 2.68 and libtool 2.4
2758 Fix typo; OPT should be OTP
2761 * plugins/sudoers/Makefile.in:
2762 Rename libsudoers convenience library to libparsesudoers to avoid
2766 2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
2768 * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
2769 Add Danish sudoers translation from translationproject.org
2772 * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
2773 Add dedicated callback function for runas_default sudoers setting
2774 that only sets runas_pw if no runas user or group was specified by
2778 2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
2780 * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
2781 plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
2782 plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo,
2784 Update Finish, Polish, Russian and Ukrainian translations from
2785 translationproject.org.
2788 * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c,
2789 plugins/sudoers/testsudoers.c:
2790 Go back to using a callback for runas_default to keep runas_pw in
2791 sync. This is needed to make per-entry runas_default settings work
2792 with LDAP-based sudoers. Instead of declaring it a callback in
2793 def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
2794 bit naughty, but avoids requiring stub functions in visudo and the
2798 2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
2801 Add check for out of date message catalogs when doing "make dist".
2804 2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
2811 Make sure compiler supports static-libgcc before using it.
2814 2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
2817 Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
2820 2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
2822 * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
2823 plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo,
2824 plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po,
2826 Add new Russian sudo translation from translationproject.org and
2827 rebuild the other translation files.
2830 2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
2832 * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po:
2833 Update Finish and Polish translations from translationproject.org
2836 * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c:
2837 Go back to escaping the command args for "sudo -i" and "sudo -s"
2838 before calling the plugin. Otherwise, spaces in the command args
2839 are not treated properly. The sudoers plugin will unescape non-
2840 spaces to make matching easier.
2843 2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
2845 * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c,
2846 plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
2847 plugins/sudoers/set_perms.c, plugins/sudoers/toke.c,
2848 plugins/sudoers/toke.l:
2849 Fix some potential problems found by the clang static analyzer, none
2853 * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po,
2855 Updated Ukranian and Chinese (simplified) po files from
2856 translationproject.org
2859 2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
2861 * plugins/sudoers/po/pl.po:
2862 Updated Polish translation from translationproject.org
2865 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
2869 * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c:
2870 Don't try to audit failure if the runas user does not exist. We
2871 don't have the user's command at this point so there is nothing to
2872 audit. Add a NULL check in audit_success() and audit_failure() just
2873 to be on the safe side.
2877 Add -g to CFLAG for PIE builds.
2880 2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
2882 * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
2883 plugins/sudoers/sudoers.h, src/sudo.c:
2884 Remove fallback to per-group lookup when matching groups in sudoers.
2885 The sudo front-end will now use getgrouplist() to get the user's
2886 list of groups if getgroups() fails or returns zero groups so we
2887 always have a list of the user's groups. For systems with
2888 mbr_check_membership() which support more that NGROUPS_MAX groups
2889 (Mac OS X), skip the call to getgroups() and use getgrouplist() so
2890 we get all the groups.
2893 2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
2895 * common/setgroups.c:
2896 Fix setgroups() fallback code on EINVAL.
2899 * plugins/sudoers/set_perms.c:
2900 Fix two PERM_INITIAL cases that were still using user_gids.
2904 Add Polish sudo message catalog
2907 * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
2908 user_group is no longer used, remove it
2911 2011-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
2913 * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po:
2914 Add Polish translation from translationproject.org
2917 * MANIFEST, common/Makefile.in, common/setgroups.c,
2918 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c,
2919 src/sudo.h, src/sudo_edit.c:
2920 Add a wrapper for setgroups() that trims off extra groups and
2921 retries if setgroups() fails. Also add some missing addrefs for
2922 PERM_USER and PERM_FULL_USER.
2925 * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in,
2926 configure, configure.in, include/missing.h, mkdep.pl,
2927 plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
2928 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
2929 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c:
2930 Instead of keeping separate groups and gids arrays, create struct
2931 group_info and use it to store both, along with a count for each.
2932 Cache group info on a per-user basis using getgrouplist() to get the
2933 groups. We no longer need special to special case the user or list
2934 user for user_in_group() and thus no longer need to reset the groups
2935 list when listing another user.
2939 Don't rely on NULL since we don't include a header for it.
2942 2011-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
2948 2011-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
2950 * plugins/sudoers/sudoers.c:
2951 Do not shadow global sudo_mode with a local variable in set_cmnd()
2954 2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
2956 * plugins/sudoers/sudoers.c:
2957 bash 2.x doesd not support the -l flag and exits with an error if it
2958 is specified so use --login instead. This causes an error with bash
2959 1.x (which uses -login instead) but this version is hopefully less
2963 * src/po/pl.mo, src/po/pl.po:
2964 Add Polish translation from translationproject.org
2967 2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
2969 * plugins/sudoers/set_perms.c:
2970 Make error strings translatable.
2974 Only run configure with --with-pam-login for RHEL 5 and above.
2981 2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
2983 * plugins/sudoers/logwrap.c:
2984 Add missing logwrap.c
2987 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
2988 plugins/sudoers/logging.h,
2989 plugins/sudoers/regress/logging/check_wrap.c,
2990 plugins/sudoers/regress/logging/check_wrap.in,
2991 plugins/sudoers/regress/logging/check_wrap.out.ok:
2992 Split out log file word wrap code into its own file and add unit
2993 tests. Fixes an off-by one in the word wrap when the log line
2994 length matches loglinelen.
2997 2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
3000 For SuSE, only use /usr/lib64 as libexec if generating 64-bit
3004 * src/load_plugins.c, src/sudo.c:
3005 Fix build error when --without-noexec configure option is used.
3008 * configure, configure.in:
3009 Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX
3013 2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
3015 * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
3016 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
3017 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
3018 Resolve the list of gids passed in from the sudo frontend (the
3019 result of getgroups()) to names and store both the group names and
3020 ids in the sudo_user struct. When matching groups in the sudoers
3021 file, match based on the names in the groups list first and only do
3022 a gid-based match when we absolutely have to. By matching on the
3023 group name (as it is listed in sudoers) instead of id (which we
3024 would have to resolve) we save a lot of group lookups for sudoers
3025 files with a lot of groups in them.
3028 2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
3030 * plugins/sudoers/sudoers.c:
3031 Workaround for "sudo -i command" and newer versions of bash which
3032 don't go into login mode when -c is specified unless -l is too.
3035 2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
3037 * plugins/sudoers/logging.c:
3038 Rewrite logfile word wrapping code to be more straight-forward and
3039 actually wrap at the correct place.
3042 2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
3044 * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c:
3045 Set use_pty=true in command details when use_pty is set in sudoers.
3049 2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
3051 * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
3052 src/po/zh_CN.mo, src/po/zh_CN.po:
3053 Sync Chinese (simplified) PO files from translationproject.org
3056 2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
3058 * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo,
3059 plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo:
3060 Add Danish translation from translationproject.org and add missing
3064 * Makefile.in, configure, configure.in:
3065 No longer need to specify LINGUAS in configure, "make install-nls"
3066 now just installs all the .mo files it finds.
3069 2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
3071 * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod:
3072 Build CONTRIBUTORS from newly-added contributors.pod
3076 Rework the wording in the leading paragraph
3079 2011-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
3081 * MANIFEST, doc/CONTRIBUTORS:
3082 Add a CONTRIBUTORS file with the names of folks who have contributed
3083 code or patches to sudo since I started maintaining it (plus the
3087 2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
3089 * plugins/sudoers/env.c:
3090 Preserve SHELL variable for "sudo -s". Otherwise we can end up with
3091 a situation where the SHELL variable and the actual shell being run
3095 2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
3097 * configure, configure.in:
3098 Only enable Solaris project support when setproject() is present in
3103 Explicitly set mode and owner of /etc/sudoers instead of relying on
3104 "cp -p" to work in the postinstall script. On AIX 6.1 at least the
3105 postinstall script runs before the final file permissions are set.
3108 2011-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
3110 * doc/sudo.pod, doc/sudoers.pod:
3111 Refer the user to the "Command Environment" section in description
3112 of sudo's -i option.
3119 2011-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
3122 If there is no old dependency for an object file, use the MANIFEST
3126 * compat/Makefile.in:
3127 Remove dependency for getgrouplist.lo as we don't ship that source
3131 2011-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
3133 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
3134 Do not declare yyparse() static as the actual function generated by
3138 2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
3141 Remove locale files in "make uninstall"
3144 * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po,
3145 plugins/sudoers/po/uk.po, src/po/eu.po:
3146 Add Basque translation and sync Finish and Ukranian translations.
3149 * configure, configure.in:
3150 FreeBSD no longer needs the main sudo binary to link with -lpam now
3151 that plug-ins are loaded with RTLD_GLOBAL.
3154 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
3155 Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
3156 problems with pam modules not having access to symbols provided by
3157 libpam on some platforms. Affects FreeBSD and SLES 10 at least.
3161 Move xgettext invocation out of update-po target into update-pot
3164 2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
3166 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
3167 Regenerate .pot files for 1.8.2rc2
3170 * Makefile.in, common/Makefile.in, compat/Makefile.in,
3171 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
3172 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3173 src/Makefile.in, zlib/Makefile.in:
3174 Move nls targets to the top level Makefile so the paths in the pot
3179 Add compiled version of sudo Finish translation
3182 * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo:
3183 Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
3187 * configure, configure.in, plugins/sudoers/po/fi.po:
3188 Add Finish translation from translationproject.org
3191 2011-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
3194 The group named by exempt_group should not have a % prefix.
3197 2011-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
3200 Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
3203 2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
3205 * src/exec.c, src/exec_pty.c:
3206 Fix compressed io log corruption in background mode by using _exit()
3207 instead of exit() to avoid flushing buffers twice.
3209 Improved background mode support. When not allocating a pty, the
3210 command is run in its own process group. This prevents write access
3211 to the tty. When running in a pty, stdin is not hooked up and we
3212 never read from /dev/tty, which results in similar behavior.
3215 * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
3216 Clean up regress files Generate proper dependencies for regress objs
3220 * plugins/sudoers/Makefile.in:
3221 Add missing dependency for check_fill.o.
3224 2011-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
3226 * INSTALL, configure, configure.in:
3227 Add support for --enable-nls[=location]
3230 2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
3232 * plugins/sudoers/linux_audit.c:
3236 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
3240 * configure, configure.in:
3241 Don't install .mo files if gettext was not found.
3244 2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
3247 Always allocate a pty when running a command in the background but
3248 call setsid() after forking to make sure we don't end up with a
3252 * plugins/sudoers/iolog.c:
3253 Add missing space between command name and the first command line
3257 * plugins/sudoers/sudoreplay.c:
3258 Quiet a compiler warning on some platforms.
3261 * plugins/sudoers/po/README, src/po/README:
3262 README file that directs people to translationproject.org
3265 * plugins/sudoers/po/uk.po, src/po/fi.po:
3266 Sync translations with TP
3270 Add 'sync-po' target to top-level Makefile to rsync the po files
3271 from translationproject.org.
3274 * plugins/sudoers/Makefile.in:
3275 install nls files from install target
3278 * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp:
3279 Include .mo files in sudo binary packags.
3282 * configure, configure.in, plugins/sudoers/po/zh_CN.mo,
3283 plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po:
3284 Add simplified chinese translation
3287 2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
3289 * configure, configure.in, plugins/sudoers/po/uk.mo,
3290 plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po:
3291 Add ukranian translation
3294 * compat/Makefile.in:
3295 refer to siglist.c, not ./siglist.c since not all makes will treat
3296 foo and ./foo the same.
3299 * plugins/sudoers/sudoers.c:
3300 Set def_preserve_groups before searching for the command when the -P
3304 * Makefile.in, compat/Makefile.in, mkdep.pl,
3305 plugins/sudoers/Makefile.in:
3306 Add dependency for siglist.lo in compat. This is a generated file
3307 so "make depend" needs to depend on it.
3310 * compat/Makefile.in:
3311 More dependency fixes.
3314 * compat/Makefile.in:
3315 Fix a few dependencies.
3318 * plugins/sudoers/Makefile.in, src/Makefile.in:
3319 Place compiled mo files in the src dir, not the build dir. When
3320 installing compiled mo files, display a status message.
3323 2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
3325 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
3326 Tivoli Directory Server requires that seconds be present in a
3327 timestamp, even though RFC 4517 states that they are optional.
3330 * plugins/sudoers/sudo_nss.h:
3331 Add missing bit of copyright
3335 Mention cycle detection warnings
3338 * plugins/sudoers/visudo.c:
3339 When checking aliases, also check the contents of the alias in case
3340 there are problems with an alias that is referenced inside another.
3341 Replace the self reference check with real alias cycle detection.
3344 * plugins/sudoers/alias.c:
3345 Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
3346 ENOENT in alias_find() and alias_remove() if the entry could not be
3350 * plugins/sudoers/visudo.c:
3351 Increment alias_seqno before calls to alias_remove_recursive() to
3352 avoid false positives with the alias loop detection. Fixes spurious
3353 warnings about unused aliases when they are nested.
3360 * plugins/sudoers/Makefile.in:
3361 Add dependency on convenience libs to binaries
3365 mkdep.pl only works when run from the src dir
3368 * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl,
3369 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
3370 plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
3371 Auto-generate Makefile dependencies with a perl script.
3374 2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
3376 * plugins/sudoers/match.c:
3377 If the user specifies a runas group via sudo's -g option that
3378 matches the runas user's group in the passwd database and that group
3379 is not denied in the Runas_Spec, allow it. Thus, if user root's gid
3380 in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
3381 no groups are present in the Runas_Spec.
3384 2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
3386 * plugins/sudoers/Makefile.in, src/Makefile.in:
3387 Add dependencies on gettext.h
3390 * plugins/sudoers/Makefile.in, src/Makefile.in:
3391 Fix install-nls target with HP-UX sh when gettext is not present.
3394 2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
3396 * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot,
3397 src/Makefile.in, src/po/sudo.pot:
3398 regenerate .pot files for lbuf changes
3401 * configure, configure.in:
3402 Add missing "checking" message for gettext when using the cache.
3405 * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c,
3406 plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c,
3408 Add primitive format string support to the lbuf code to make
3409 translations simpler.
3412 * MANIFEST, plugins/sudoers/Makefile.in,
3413 plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot:
3414 Add message catalog template files for sudo and the sudoers module.
3417 * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c,
3418 config.h.in, configure.in, doc/Makefile.in, include/gettext.h,
3419 plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
3420 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
3421 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
3422 src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h:
3423 Add gettext.h convenience header. This is similar to but distinct
3424 from the one included with the gettext package.
3427 2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
3429 * configure, configure.in:
3430 Add checks for nroff -c and -Tascii flags
3433 * configure, configure.in:
3434 Add check for HP bundled C Compiler (which cannot create shared
3438 * plugins/sudoers/sudoreplay.c:
3439 Fix C format warnings.
3446 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
3447 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c,
3448 plugins/sudoers/visudo.c, src/parse_args.c:
3449 Translate help / usage strings.
3452 * plugins/sudoers/Makefile.in, src/Makefile.in:
3453 Set --msgid-bugs-address to the bugzilla url
3456 * Makefile.in, common/Makefile.in, compat/Makefile.in, configure,
3457 configure.in, doc/Makefile.in, include/Makefile.in,
3458 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
3459 plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
3460 Add scaffolding to update .po files and install .mo files.
3464 update copyright year
3468 No need to include version number at the top of these files.
3471 2011-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
3473 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c,
3474 plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
3475 plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
3476 plugins/sudoers/visudo.c:
3477 Minor warning/error cleanup
3480 * config.h.in, configure.in:
3481 Emulate ngettext for the non-nls case
3484 * plugins/sudoers/ldap.c:
3485 Do not mark untranslatable strings for translation
3488 * plugins/sudoers/check.c:
3492 * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
3493 plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c,
3494 src/load_plugins.c, src/sudo.c, src/sudo_edit.c:
3495 Minor warning/error message cleanup
3498 * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c,
3499 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
3500 plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
3501 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c,
3502 src/exec_pty.c, src/net_ifs.c, src/selinux.c:
3503 cannot -> "unable to" in warning/error messages
3506 * plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c,
3507 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
3508 plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c,
3509 src/sudo.c, src/utmp.c:
3510 can't -> "unable to" in warning/error messages
3513 * configure, configure.in:
3514 FreeBSD needs the main sudo executable to link with -lpam when
3515 loading dynaic pam modules for some reason.
3518 2011-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
3520 * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c:
3521 We don't want to translate debugging messages.
3524 * configure, configure.in, plugins/sudoers/Makefile.in,
3525 plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
3526 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
3527 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
3528 src/Makefile.in, src/sesh.c, src/sudo.c:
3529 Add calls to bindtextdomain() and textdomain() Currently there are
3530 two domains, one for the sudo front-end and one for the sudoers
3531 plugin and its associated utilities.
3534 * configure, configure.in:
3535 Fix caching of libc gettext check.
3538 * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c,
3539 plugins/sudoers/mkdefaults:
3540 Mark defaults descriptions for translation
3544 Update for sudo 1.8.1p2
3547 2011-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
3549 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3550 Quiet compiler warning when SELinux is enabled.
3553 * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
3554 src/error.c, src/net_ifs.c, src/sesh.c:
3555 Add missing includes of libintl.h.
3558 * plugins/sudoers/auth/pam.c:
3562 * common/aix.c, common/alloc.c, compat/strsignal.c,
3563 plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h:
3564 Include libint.h where needed.
3567 * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c,
3568 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
3569 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c,
3570 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
3571 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
3572 plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
3573 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
3574 plugins/sudoers/find_path.c, plugins/sudoers/gram.c,
3575 plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
3576 plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
3577 plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
3578 plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
3579 plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c,
3580 plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c,
3581 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
3582 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
3583 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
3584 plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
3585 Prepare sudoers module messages for translation.
3588 * plugins/sudoers/sudoers.c:
3589 Only check gid of sudoers file if it is group-readable.
3592 * plugins/sudoers/auth/aix_auth.c:
3593 For AIX, keep calling authenticate() until reenter reaches 0.
3596 2011-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
3598 * configure, configure.in:
3599 Cache the status of the initial gettext() check.
3602 * INSTALL, configure, configure.in:
3603 Add --disable-nls flag and improve checks for gettext.
3606 * configure, configure.in:
3607 When building with gcc on HP-UX, use -march=1.1 to produce portable
3608 binaries on a pa-risc2 host. Previously, the +Dportable option was
3609 used for the HP-UX C compiler but gcc always produced native
3613 2011-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
3615 * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c,
3616 src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c,
3617 src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c,
3618 src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
3619 Prepare sudo front end messages for translation.
3622 2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
3624 * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c:
3625 Add initial scaffolding to support localization via gettext()
3628 * compat/fnmatch.h, compat/glob.h:
3629 Don't let the fnmatch/glob macros expand the function prototype.
3632 2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
3634 * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h:
3635 Resolve namespace collisions on HP-UX ia64 and possibly others by
3636 adding a rpl_ prefix to our fnmatch and glob replacements and
3637 #defining rpl_foo to foo in the header files.
3640 2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
3642 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3643 Split ALL, ROLE and TYPE into their own actions. Since you can only
3644 have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
3645 the non-SELinux case. This is safe because the actions are in one
3646 big switch() statement.
3649 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3650 Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
3653 2011-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
3655 * doc/UPGRADE, doc/sudoers.pod:
3656 askpass moved from sudoers to sudo.conf in sudo 1.8.0
3660 Remove obsolete warning about runas_default and ordering. Move
3661 syslog facility and priority lists into the section where the
3662 relevant options are described.
3665 2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
3667 * plugins/sudoers/auth/sia.c:
3668 Fix SIA support; we no longer have access to the real argc and argv
3669 so allocate space for a fake one and use the argv passed to the
3670 plugin with "sudo" for argv[0].
3673 2011-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
3676 Remove useless realloc when trying to get the buffer size right.
3679 * plugins/sudoers/set_perms.c:
3680 Be explicit when setting euid to 0 before call to setreuid(0, 0)
3683 2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
3685 * configure, configure.in:
3686 Need to do checks for krb5_verify_user, krb5_init_secure_context and
3687 krb5_get_init_creds_opt_alloc regardless of whether or not
3688 krb5-config is present.
3691 2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
3693 * plugins/sudoers/set_perms.c:
3694 Work around weird AIX saved uid semantics on setuid() and
3695 setreuid(). On AIX, setuid() will only set the saved uid if the euid
3699 2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
3702 update copyright year
3705 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3706 Treat a missing includedir like an empty one and do not return an
3710 2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
3713 Fix ARCH setting in cross-compile Solaris packages.
3717 Fix aix version setting.
3720 * plugins/sudoers/ldap.c:
3721 Remove extraneous parens in LDAP filter when sudoers_search_filter
3722 is enabled that causes a search error. From Matthew Thomas.
3725 2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
3727 * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
3728 Correct sizeof() to fix test failure.
3731 * plugins/sudoers/Makefile.in:
3732 "install" target should depend on "install-dirs". Fixes "make -j"
3733 problem and closes bz #487. From Chris Coleman.
3736 2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
3739 Add HAVE_RFC1938_SKEYCHALLENGE
3742 2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
3745 Mention plugin loading and libgcc changes
3748 * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:
3749 Load plugins after parsing arguments and potentially printing the
3750 version. That way, an error loading or initializing a plugin
3751 doesn't break "sudo -h" or "sudo -V".
3755 When using a sub-shell to invoke the sub-make, exec make instead of
3756 running it inside the shell to avoid an extra process.
3759 * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c:
3760 Stop testing unspecified behavior in fnmatch Make glob test more
3764 * compat/Makefile.in:
3765 No need to add current dir to include path and having it breaks the
3766 test programs that expect to get the system glob.h and fnmatch.h
3769 * INSTALL, configure, configure.in:
3770 Fix and document --with-plugindir; partially from Diego Elio Petteno
3773 * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
3774 compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c,
3775 compat/regress/glob/globtest.in:
3776 Fix fnmatch and glob tests to not use hard-coded flag values in the
3777 input file. Link test programs with libreplace so we get our
3778 replacement verions as needed.
3782 If make in a subdir fails, fail the target in the upper level
3783 Makefile too. Adapted from a patch from Diego Elio Petteno
3786 * configure, configure.in, plugins/sudoers/auth/rfc1938.c:
3787 Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
3788 has this. Adapted from a patch from Diego Elio Petteno
3791 * plugins/sudoers/Makefile.in:
3792 Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
3796 * configure, configure.in:
3797 Fix warnings when -without-skey, --without-opie, --without-kerb4,
3798 --without-kerb5 or --without-SecurID were specified.
3802 Add plugins/sudoers/sudoers_version.h
3805 * configure, configure.in, plugins/sample/Makefile.in,
3806 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
3807 Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
3808 now include LDFLAGS in the sudoers Makefile.in. Add missing settng
3809 of @LDFLAGS@ in plugin Makefile.in files.
3812 2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
3815 Mention %#gid support in User_List and Runas_List
3818 * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h,
3819 plugins/sudoers/visudo.c:
3820 Keep track of sudoers grammar version and report it in the -V
3824 * plugins/sudoers/sudo_nss.h:
3825 Add multiple inclusion guard
3828 * configure, configure.in, plugins/sample/Makefile.in,
3829 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
3830 The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
3831 LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
3832 set it to -Wc,-static-libgcc if not using GNU ld so we don't
3833 have a dependency on the shared libgcc in sudoers.so.
3837 Fix typo; from Petr Uzel
3840 2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
3842 * plugins/sudoers/testsudoers.c:
3843 In dump-only mode, use "root" as the default username instead of
3844 "nobody" as the latter may not be available on all systems.
3847 2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
3849 * plugins/sudoers/testsudoers.c:
3850 Remove NewArgv/NewArgc, they are no longer needed.
3853 * plugins/sudoers/testsudoers.c:
3854 Fix setting of user_args
3857 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3858 Add '!' token to lex tracing
3861 * plugins/sudoers/regress/testsudoers/test1.sh:
3862 Use group bin in test, not wheel as most systems have the bin group
3863 but the same is no longer true of wheel.
3866 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3867 Avoid using pre or post increment in a parameter to a ctype(3)
3868 function as it might be a macro that causes the increment to happen
3872 2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
3875 Strip off the beta or release candidate version when building AIX
3879 * configure, configure.in:
3880 We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
3881 structure checks for glibc which only has __e_termination visible
3882 when _GNU_SOURCE is *not* defined.
3886 getuserattr(user, ...) will fall back to the "default" entry
3887 automatically, there's no need to check "default" manually.
3890 2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
3893 Document parser changes.
3896 * Makefile.in, common/Makefile.in, compat/Makefile.in,
3897 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
3898 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3899 src/Makefile.in, zlib/Makefile.in:
3900 If there is an existing sudoers file, only install if it passes a
3904 * plugins/sudoers/regress/sudoers/test6.out.ok,
3905 plugins/sudoers/testsudoers.c:
3906 Add runasgroup support to testsudoers
3909 * plugins/sudoers/Makefile.in:
3910 For "make check", keep going even if a test fails.
3913 * plugins/sudoers/testsudoers.c:
3914 More useful exit codes:
3915 * 0 - parsed OK and command matched.
3917 * 2 - command not matched
3918 * 3 - command denied
3922 Document %#gid, and %:#nonunix_gid syntax.
3925 * plugins/sudoers/pwutil.c:
3926 Add support to user_in_group() for treating group names that begin
3930 * config.h.in, configure, configure.in, src/utmp.c:
3931 Add explicit check for struct utmpx.ut_exit.e_termination and struct
3932 utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
3933 ut_exit if we detect one or the other.
3936 2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
3938 * plugins/sudoers/toke.c:
3939 Add back missing #include of config.h
3942 * plugins/sudoers/iolog_path.c,
3943 plugins/sudoers/regress/iolog_path/data:
3944 Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
3949 Quote first argument to AC_DEFUN(); from Elan Ruusamae
3952 2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
3955 add new sudoers tests
3958 * plugins/sudoers/regress/sudoers/test8.in,
3959 plugins/sudoers/regress/sudoers/test8.out.ok,
3960 plugins/sudoers/regress/sudoers/test8.toke.ok:
3961 Add test for a newline in the middle of a string when no line
3962 continuation character is used.
3965 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3966 Use bitwise AND instead of modulus to check for length being odd. A
3967 newline in the middle of a string is an error unless a line
3968 continuation character is used.
3971 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
3972 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3973 Move lexer globals initialization into init_lexer.
3976 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3977 Fix a potential crash when a non-regular file is present in an
3978 includedir. Fixes bz #452
3982 On some Linux systems, "uname -p" contains detailed processor info
3983 so check "uname -m" first and then "uname -p" if needed. Recognize
3987 2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
3989 * plugins/sudoers/redblack.c:
3990 Don't need all sudoers.h here.
3994 Print sudo version early, in case policy plugin init fails.
3997 2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
3999 * plugins/sudoers/regress/sudoers/test4.toke.ok:
4000 Update to match change in input.
4003 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4004 Make an empty group or netgroup a syntax error.
4007 * plugins/sudoers/regress/sudoers/test7.in,
4008 plugins/sudoers/regress/sudoers/test7.out.ok,
4009 plugins/sudoers/regress/sudoers/test7.toke.ok:
4010 An empty group or netgroup should be a syntax error.
4013 * plugins/sudoers/regress/sudoers/test6.in,
4014 plugins/sudoers/regress/sudoers/test6.out.ok,
4015 plugins/sudoers/regress/sudoers/test6.toke.ok:
4016 Check that uids work in per-user and per-runas Defaults Check that
4017 uids and gids work in a Command_Spec
4020 * plugins/sudoers/regress/sudoers/test5.in,
4021 plugins/sudoers/regress/sudoers/test5.out.ok,
4022 plugins/sudoers/regress/sudoers/test5.toke.ok:
4023 Test empty string in User_Alias and Command_Spec
4026 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4027 Allow a group ID in the User_Spec.
4030 2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
4032 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4033 Return an error for the empty string when a word is expected. Allow
4034 an ID for per-user or per-runas Defaults.
4037 * plugins/sudoers/testsudoers.c:
4038 Fix printing "User_Alias FOO = ALL"
4041 2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
4044 Better error message about invalid -C argument
4052 Fix placement of equal size ('=') in user specification summary.
4055 2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
4058 update to match sudoers regress
4061 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4062 Restore ability to define TRACELEXER and have trace output go to
4066 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4067 Restore old behavior of setting sawspace = TRUE for command line
4068 args when a line continuation character is hit to avoid causing
4069 problems for existing sudoers files.
4072 * plugins/sudoers/regress/sudoers/test4.in,
4073 plugins/sudoers/regress/sudoers/test4.out.ok,
4074 plugins/sudoers/regress/sudoers/test4.toke.ok:
4075 Add test for line continuation and aliases
4078 * plugins/sudoers/Makefile.in:
4079 Make test output line up nicely for parse vs. toke
4082 * plugins/sudoers/Makefile.in,
4083 plugins/sudoers/regress/sudoers/test1.in,
4084 plugins/sudoers/regress/sudoers/test1.out.ok,
4085 plugins/sudoers/regress/sudoers/test1.toke.ok,
4086 plugins/sudoers/regress/sudoers/test2.in,
4087 plugins/sudoers/regress/sudoers/test2.out.ok,
4088 plugins/sudoers/regress/sudoers/test2.toke.ok,
4089 plugins/sudoers/regress/sudoers/test3.in,
4090 plugins/sudoers/regress/sudoers/test3.out.ok,
4091 plugins/sudoers/regress/sudoers/test3.toke.ok,
4092 plugins/sudoers/regress/testsudoers/test1.ok,
4093 plugins/sudoers/regress/testsudoers/test1.out.ok,
4094 plugins/sudoers/regress/testsudoers/test1.sh,
4095 plugins/sudoers/regress/testsudoers/test2.out,
4096 plugins/sudoers/regress/testsudoers/test2.sh,
4097 plugins/sudoers/regress/testsudoers/test3.ok,
4098 plugins/sudoers/regress/testsudoers/test3.sh,
4099 plugins/sudoers/regress/visudo/test1.ok,
4100 plugins/sudoers/regress/visudo/test1.sh:
4101 Move parser tests to sudoers directory and test the tokenizer output
4105 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4106 If we match a rule anchored to the beginning of a line after parsing
4107 a line continuation character, return an ERROR token. It would be
4108 nicer to use REJECT instead but that substantially slows down the
4112 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
4113 plugins/sudoers/toke.c, plugins/sudoers/toke.h,
4114 plugins/sudoers/toke.l:
4115 Move LEXTRACE macro to toke.h so we can use it in yyerror().
4118 2011-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
4120 * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
4121 plugins/sudoers/toke.l:
4122 Make lex tracing settable at run-time in testsudoers via the -t
4123 flag. Trace output goes to stderr. Will be used by regress tests
4127 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4128 Allow whitespace after the modifier in a Defaults entry. E.g.
4129 "Defaults: username set_home"
4132 2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
4135 Don't set CC when cross-compiling.
4139 Credit Matthew Thomas for the sudoers_search_filter changes.
4143 Add the .sym files to the MANIFEST
4147 Update for sudo 1.8.1 beta
4150 * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c:
4151 user_shell -> run_shell to avoid confusion with the user's SHELL
4156 Save the controlling tty process group before suspending in pty
4157 mode. Previously, we assumed that the child pgrp == child pid
4158 (which is usually, but not always, the case).
4161 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
4162 Add support for sudoers_search_filter setting in ldap.conf. This
4163 can be used to restrict the set of records returned by the LDAP
4167 2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
4169 * configure, configure.in:
4170 Remove the hack to disable -g in CFLAGS unless --with-devel
4174 The '@' character does not normally need to be quoted.
4177 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4178 We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
4179 if that whitespace is followed by a comma, we want to treat it as
4180 part of a list and not transition.
4183 * plugins/sudoers/regress/testsudoers/test3.ok,
4184 plugins/sudoers/regress/testsudoers/test3.sh:
4185 Add check for whitespace when a User_List is used for a per-user
4189 * plugins/sudoers/regress/testsudoers/test2.out,
4190 plugins/sudoers/regress/testsudoers/test2.sh:
4191 Expand quoted name checks to cover recent fixes.
4194 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4195 Fix parsing of double-quoted names in Defaultd and Aliases which was
4196 broken in 601d97ea8792.
4199 * plugins/sudoers/Makefile.in:
4200 toke_util.c lives in $(srcdir) not $(devdir)
4203 2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
4205 * configure, configure.in:
4206 Change trunk version to 1.8.x to distinguish from real 1.8.0.
4209 * NEWS, doc/UPGRADE:
4210 Document major changes in 1.8.1 and add upgrade notes.
4213 * plugins/sudoers/match.c:
4214 Be careful not to deref user_stat if it is NULL. This cannot
4215 currently happen in sudo but might in other programs using the
4220 configure will not add -O2 to CFLAGS if it is already defined to add
4221 -O2 to the CFLAGS we pass in when PIE is being used.
4225 Warn about the dangers of log_input and mention iolog_file and
4226 iolog_dir in the log_input and log_output descriptions.
4230 sync with git version
4234 It seems that h comes after i
4238 Move log_input and log_output to their proper, sorted, location.
4239 Document set_utmp and utmp_runas.
4243 Save the controlling tty process group before suspending so we can
4244 restore it when we resume. Fixes job control problems on Linux
4245 caused by the previous attemp to fix resuming a shell when I/O
4246 logging not enabled.
4250 Fix printing of the remainder after a newline. Fixes "sudo -l"
4251 output corruption that could occur in some cases.
4254 2011-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
4256 * config.h.in, configure, configure.in, src/exec_pty.c,
4257 src/sudo_exec.h, src/utmp.c:
4258 Add support for ut_exit
4261 * doc/sudo_plugin.pod, plugins/sudoers/def_data.c,
4262 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
4263 plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c,
4264 src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c:
4265 Add support for controlling whether utmp is updated and which user
4266 is listed in the entry.
4269 * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h,
4270 plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults,
4271 plugins/sudoers/parse.c:
4272 Fix typo; tupple vs. tuple
4276 For legacy utmp, strip the /dev/ prefix before trying to determine
4277 slot since the ttys file does not include the /dev/ prefix.
4280 * aclocal.m4, configure, configure.in, pathnames.h.in:
4281 Add check for _PATH_UTMP
4284 2011-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
4286 * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
4287 Adapt check_iolog_path to sessid changes
4290 * config.h.in, configure, configure.in, src/Makefile.in,
4291 src/exec_pty.c, src/sudo_exec.h, src/utmp.c:
4292 Redo utmp handling. If no getutent()/getutxent() is available,
4293 assume a ttyslot-based utmp. If getttyent() is available, use that
4294 directly instead of ttyslot() so we don't have to do the stdin dup2
4298 2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
4300 * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h,
4302 Move utmp handling into utmp.c
4305 * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
4306 common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c,
4307 compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c,
4308 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
4309 compat/utimes.c, doc/sudo.pod, doc/visudo.pod,
4310 include/sudo_plugin.h, plugins/sample/sample_plugin.c,
4311 plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
4312 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
4313 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
4314 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
4315 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
4316 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
4317 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
4318 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
4319 plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c,
4320 plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
4321 plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
4322 plugins/sudoers/logging.c, plugins/sudoers/parse.c,
4323 plugins/sudoers/parse.h, plugins/sudoers/redblack.c,
4324 plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c,
4325 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c,
4326 src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c,
4327 src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c,
4328 src/sudo_plugin_int.h, src/tgetpass.c:
4329 Update copyright years.
4332 * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c,
4333 plugins/sudoers/sudoers.h, src/parse_args.c:
4334 Add "user_shell" boolean as a way to indicate to the plugin that the
4338 * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
4339 plugins/sudoers/sudoers.h:
4340 Move sessid out of sudo_user.
4343 * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
4344 plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
4345 plugins/sudoers/sudoers.h:
4346 Log the TSID even if it is not a simple session ID.
4349 * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod:
4350 Document noexec in sample.sudo.conf and add back noexec_file section
4351 in sudoers with a note that it is deprecated.
4354 * plugins/sudoers/set_perms.c:
4355 Fix running commands as non-root on systems where setreuid() changes
4356 the saved uid based on the effective uid we are changing to.
4359 2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
4361 * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c,
4363 Move noexec path into sudo.conf now that sudo itself handles noexec.
4364 Currently can be configured in sudoers too but is now undocumented
4365 and will be removed in a future release.
4368 * doc/sudo.pod, doc/sudoers.pod:
4369 Document "Path noexec ..." in sudo.conf. No longer document
4370 noexec_file in sudoers, it will be removed in a future release.
4373 * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
4374 plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h:
4375 Move noexec handling to sudo front-end where it is documented as
4379 * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
4380 src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
4382 Add support for disabling exec via solaris privileges. Includes
4383 preparation for moving noexec support out of sudoers and into front
4387 * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym,
4388 plugins/sample_group/Makefile.in,
4389 plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
4390 plugins/sudoers/sudoers.sym:
4391 Only export the symbols corresponding to the plugin structs.
4394 * configure, configure.in, plugins/sample/Makefile.in,
4395 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
4396 Install plugins manually instead of using libtool. This works
4397 around a problem on AIX where libtool will install a .a file
4398 containing the .so file instead of the .so file itself.
4402 Move check into its own rule since some versions of make will run
4403 both targets as the default rule.
4406 * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
4407 m4/ltversion.m4, m4/lt~obsolete.m4:
4408 Update to libtool 2.2.10
4411 2011-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
4414 In handle_signals(), restart the read() on EINTR to make sure we
4415 keep up with the signal pipe. Don't return -1 on EAGAIN, it just
4416 means we have emptied the pipe.
4420 Reorder functions to quiet a compiler warning.
4424 Use the Sun Studio C compiler on Solaris if possible
4427 2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
4430 Fix default setting of osversion variable.
4433 * doc/sudo_plugin.pod:
4434 Make two login_class entris consistent.
4437 * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c,
4439 Add support for adding a utmp entry when allocating a new pty.
4440 Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
4441 Currently only creates a new entry if the existing tty has a utmp
4445 * plugins/sudoers/boottime.c:
4446 Avoid pulling in headers we don't need on Linux For getutx?id(),
4447 call setutx?ent() first and always call endutx?ent().
4450 * configure, configure.in:
4451 Add some more libs to SUDOERS_LIBS instead of relying on them to be
4452 pulled in by SUDO_LIBS.
4455 * plugins/sudoers/sudoers.c:
4456 Fix return value of "sudo -l command" when command is not allowed,
4457 broken in [c7097ea22111]. The default return value is now TRUE and
4458 a bad: label is used when permission is denied. Also fixed missing
4459 permissions restoration on certain errors. On error()/errorx(), the
4460 password and group files are now closed before returning.
4463 2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
4465 * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
4466 Fix passing of login class back to sudo front end.
4470 Add --osversion flag to specify OS instead of running "pp
4475 Fix expr usage w/ GNU expr
4478 2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
4480 * plugins/sudoers/sudoers.c:
4481 Fix exit value for validate and list mode.
4484 * plugins/sudoers/sudoers.c:
4485 Fix non-interactive mode with sudoers plugin.
4488 2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
4490 * doc/sudoreplay.pod:
4491 sudoreplay can now find IDs other than %{seq} and display the
4495 2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
4497 * plugins/sudoers/sudoreplay.c:
4498 Add support for replaying sessions when iolog_file is set to
4499 something other than %{seq}.
4502 * plugins/sudoers/visudo.c:
4503 If we are killed by a signal, display the name of the signal that
4507 * configure, configure.in:
4508 Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
4513 Fix bug in skey/opie check that could cause a shell warning.
4516 * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
4517 No longer need sudo_getepw() stubs.
4520 2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
4522 * plugins/sudoers/sudo_nss.c:
4523 Fix exit value of "sudo -l command" in sudoers module.
4526 2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
4528 * compat/regress/glob/globtest.c:
4529 Use fgets() not fgetln() for portability.
4533 Don't use the beta or release candidate version as the rpm release.
4536 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
4538 * configure, configure.in:
4540 [f6530d56f6ae] [SUDO_1_8_0]
4543 update sudo 1.8 section
4546 2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
4548 * plugins/sudoers/regress/testsudoers/test2.sh:
4549 fix test description
4552 * plugins/sudoers/regress/testsudoers/test2.out,
4553 plugins/sudoers/regress/testsudoers/test2.sh,
4554 plugins/sudoers/regress/visudo/test2.out,
4555 plugins/sudoers/regress/visudo/test2.sh:
4556 convert test2 to use testsudoers
4559 * include/sudo_plugin.h, src/sudo_plugin_int.h:
4560 Move struct generic_plugin to sudo_plugin_int.h
4563 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
4564 plugins/sudoers/parse.c, plugins/sudoers/parse.h,
4565 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
4566 plugins/sudoers/sudoers.h:
4567 Allow sudoers file name, mode, uid and gid to be specified in the
4568 settings list. The sudo front end does not currently set these but
4572 2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
4574 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
4575 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
4576 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
4577 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
4582 * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
4583 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
4584 src/parse_args.c, src/sudo.h:
4585 add help text to sudo, visudo and sudoreplay for the -h option
4588 2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
4590 * compat/snprintf.c:
4591 avoid using "howmany" for a parameter name since it is a select-
4596 mention group_plugin when describing nonunix_group
4599 * doc/sudo_plugin.pod:
4600 Add missing period at end of sentence
4603 * Makefile.in, doc/Makefile.in, include/Makefile.in,
4604 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
4605 plugins/sudoers/Makefile.in, src/Makefile.in:
4606 add localstatedir; closes bug 471
4609 * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
4610 src/exec.c, src/exec_pty.c:
4611 The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
4616 add missing AH_TEMPLATE for ENV_RESET
4620 SVR5 systems return non-zero for success on socketpair(), check for
4621 -1 instead. Closes Bug 469
4624 2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
4626 * configure, configure.in:
4630 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
4631 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
4632 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
4633 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
4638 Document that a sudo.conf file with no Pligin lines uses the default
4642 * src/load_plugins.c:
4643 If sudo.conf contains no Plugin lines, use the default sudoers
4644 policy and I/O plugins.
4647 2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
4649 * plugins/sudoers/sudo_nss.c:
4650 Avoid printing empty "Runas and Command-specific defaults for user"
4655 Truncate the buffer at buf.len before printing in the non-wordwrap
4660 Remove extra newline when the tty width is very small or unavailable
4663 2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
4665 * plugins/sudoers/alias.c:
4666 Remove unneeded variable.
4669 2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
4671 * configure, configure.in:
4672 Prefer getutxid over getutid
4675 * plugins/sudoers/boottime.c:
4676 Include utmp.h / utmpx.h before missing.h as apparently including it
4677 afterwards causes a compilation problem on GNU Hurd.
4680 2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
4682 * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
4683 #include "foo.h", not <foo.h> for local includes.
4690 * compat/mksiglist.c:
4694 * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
4695 plugins/sudoers/match.c:
4696 return foo not return(foo)
4699 2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
4702 Remove duplicate FD_SET of signal_pipe[0]
4705 2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
4707 * compat/mksiglist.c:
4708 Use "missing.h" not <missing.h> in generated code.
4711 2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
4713 * aclocal.m4, configure:
4714 fix --with-iologdir=no
4717 * aclocal.m4, configure:
4718 fix typo that broke --with-iologdir
4721 2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
4723 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
4724 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
4725 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
4726 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
4728 Bump version to 1.8.0b4
4735 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4736 Attempt to clarify how users and groups interact in Runas_Specs
4739 * plugins/sudoers/regress/visudo/test2.out,
4740 plugins/sudoers/regress/visudo/test2.sh:
4741 Add test for quoted group that contains escaped double quotes
4744 * src/exec.c, src/exec_pty.c:
4745 Pass SIGUSR1/SIGUSR2 through to the child.
4748 * src/exec_pty.c, src/sudo_exec.h:
4749 Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
4750 SIGUSR2 to indicate whether the child should be continued in the
4751 foreground or background.
4755 Use pid_t not int and check the return value of kill()
4758 2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
4761 Remove obsolete comment
4765 In non-pty mode before continuing the child, make it the foreground
4766 pgrp if possible. Fixes resuming a shell.
4770 If we get a signal other than SIGCHLD in the monitor, pass it
4771 directly to the child.
4774 * src/exec.c, src/exec_pty.c, src/sudo.h:
4775 Save signal state before changing handlers and restore before we
4776 execute the command.
4779 2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
4781 * plugins/sudoers/iolog.c:
4782 Use a char array to map a number to a base36 digit.
4785 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
4786 Be clear about what versions of sudo support new LDAP attributes.
4787 Fix up some formatting of attribute names. Minor other tweaks.
4790 2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
4792 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4793 match quoted strings the same way whether in a Defaults line or as a
4794 user/group/netgroup name. Fixes escaped double quotes in quoted
4795 user/group/netgroup names.
4798 * plugins/sudoers/Makefile.in:
4799 'make check' depends on visudo and testsudoers
4802 * plugins/sudoers/sudoers2ldif:
4803 Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
4806 2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
4809 Mention LDAP attribute compatibility status.
4812 2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
4818 * INSTALL, NEWS, config.h.in, configure, configure.in,
4819 doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
4820 Add --disable-env-reset configure option.
4823 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4824 Document that sudoers_locale also affects logging and email.
4827 * NEWS, config.h.in, configure, configure.in,
4828 plugins/sudoers/logging.c:
4829 Do logging and email sending in the locale specified by the
4830 "sudoers_locale" setting ("C" by default). Email send by sudo
4831 includes MIME headers when the sudoers locale is not "C".
4834 2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
4836 * plugins/sudoers/check.c:
4840 2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
4842 * NEWS, src/parse_args.c, src/sudo.c:
4843 Perform command escaping for "sudo -s" and "sudo -i" after
4844 validating sudoers so the sudoers entries don't need to have all the
4848 2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
4850 * plugins/sudoers/logging.c:
4851 Prepend "list " to the command logged when "sudo -l command" is used
4852 to make it clear that the command was listed, not run.
4855 * plugins/sudoers/parse.c:
4859 * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
4860 common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
4861 compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
4862 compat/nanosleep.c, compat/regress/glob/globtest.c,
4863 compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
4864 compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
4865 plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
4866 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
4867 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
4868 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
4869 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
4870 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
4871 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
4872 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
4873 plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
4874 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
4875 plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
4876 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
4877 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
4878 plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
4879 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
4880 plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
4881 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
4882 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4883 plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
4884 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
4885 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
4886 src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
4887 src/sudo_noexec.c, src/tgetpass.c:
4888 standardize on "return foo;" rather than "return(foo);" or "return
4892 * plugins/sudoers/sudoers.c:
4893 Do not reject sudoers file just because it is root-writable.
4896 2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
4902 * plugins/sudoers/sudo_nss.c:
4903 For "sudo -U user -l" if user is not authorized on the host, say so.
4906 * plugins/sudoers/ldap.c:
4907 In sudo_ldap_lookup(), always do the initial sudoers check as the
4908 invoking user. If we are listing another user's privs we will do a
4909 separate lookup using list_pw later.
4912 2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
4915 add parser fill tests
4918 * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
4919 Don't test features not supported by the bundled glob()
4922 * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
4923 compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
4924 doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4925 doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
4926 doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
4927 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
4928 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
4929 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
4930 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
4931 plugins/sudoers/ldap.c, plugins/sudoers/match.c,
4932 plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
4933 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
4934 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4935 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
4936 plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
4937 Update copyright year to 2011
4940 * plugins/sudoers/sudo_nss.c:
4941 When listing, use separate lbufs for the defaults and the privileges
4942 and only print something if the number of privileges is non-zero.
4943 Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
4946 * plugins/sudoers/ldap.c:
4947 Stash pointer to user group vector in LDAP handle and only reuse the
4948 query if it has not changed. We always allocate a new buffer when
4949 we reset the group vector so a simple pointer check is sufficient.
4952 * plugins/sudoers/sudo_nss.c:
4953 Check initgroups() return value.
4956 * plugins/sudoers/Makefile.in,
4957 plugins/sudoers/regress/parser/check_fill.c:
4958 Add tests for the fill functions in toke_util.c
4961 2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
4963 * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
4971 2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
4974 Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
4977 2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
4980 Add Requires line for audit-libs >= 1.4 for RHEL5+
4984 sync with git version
4987 2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
4989 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4993 2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
4996 Update for sudo 1.7.4p5
4999 * doc/schema.OpenLDAP, doc/schema.iPlanet:
5000 Add sudoNotBefore and sudoNotAfter attributes as optional attributes
5001 to the sudoRole object class. From Andreas Mueller
5004 2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
5007 Mention "sudo -g group" password check fix.
5010 * plugins/sudoers/sudoers.c:
5011 Fix "sudo -g" support in the sudoers module.
5014 * plugins/sudoers/check.c:
5015 If the user is running sudo as himself but as a different group we
5016 need to prompt for a password.
5019 2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
5021 * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
5022 doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
5023 plugins/sudoers/ldap.c:
5024 Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
5025 LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
5026 derived LDAP SDKs but we can pass the timeout parameter to
5027 ldap_search_ext_s() or ldap_search_st() when possible.
5030 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
5034 * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
5035 Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
5036 with OpenLDAP ldap.conf files.
5039 * plugins/sudoers/pwutil.c:
5040 If user has no supplementary groups, fall back on checking the group
5044 2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
5046 * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
5050 * plugins/sudoers/toke.c, plugins/sudoers/toke.h,
5051 plugins/sudoers/toke.l:
5052 Move fill macro to toke.h
5055 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
5056 plugins/sudoers/toke.h, plugins/sudoers/toke.l,
5057 plugins/sudoers/toke_util.c:
5058 Split tokenizer utility functions out into toke_util.c
5061 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
5062 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5066 2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
5072 * plugins/sudoers/Makefile.in:
5073 Add visudo tests to check target
5076 * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
5077 compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
5078 compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
5079 Add my regress tests for fnmatch() and glob() from OpenBSD.
5082 * plugins/sudoers/regress/testsudoers/test1.sh,
5083 plugins/sudoers/regress/visudo/test1.ok,
5084 plugins/sudoers/regress/visudo/test1.sh:
5085 Add regress test for command tags using visudo -c
5088 * plugins/sudoers/Makefile.in,
5089 plugins/sudoers/regress/testsudoers/test1.ok,
5090 plugins/sudoers/regress/testsudoers/test1.sh:
5091 Add support for regress tests using testsudoers
5094 * plugins/sudoers/testsudoers.c:
5095 Need to set user_name explicitly due to internal changes made when
5096 converting sudoers to a plugin.
5099 2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
5101 * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
5102 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
5103 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
5104 plugins/sudoers/regress/iolog_path/check_iolog_path.c,
5105 plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
5107 Add regression tests for iolog_path()
5110 * Makefile.in, common/Makefile.in, compat/Makefile.in,
5111 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
5112 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
5113 src/Makefile.in, zlib/Makefile.in:
5114 Add support for "make Makefile" to regenerate Makefile from
5118 * plugins/sudoers/iolog_path.c:
5119 Quiest a bogus compiler warning.
5122 2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
5124 * plugins/sudoers/iolog_path.c:
5125 Protect call to setlocale() with HAVE_SETLOCALE
5128 2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
5131 mkstemps.c was renamed mktemp.c
5135 Update from 1.7 branch
5139 Use "mv -f" when regenerating ChangeLog
5142 * plugins/sudoers/match.c:
5143 Fix NULL dereference with "sudo -g group" when the sudoers rule has
5144 no runas user or group listed. Fixes RedHat bug Bug 667103.
5147 2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
5149 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5150 Correct the default sudo.conf example
5153 2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
5155 * plugins/sudoers/iolog_path.c:
5156 Reset slashp if we allocate a new buffer for strftime()
5159 * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
5160 plugins/sudoers/sudoers.h:
5161 Add extra out parameter to expand_iolog_path() to allow the caller
5162 to split the path into dir and file components if needed.
5165 2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
5167 * plugins/sudoers/iolog.c:
5168 mkdir_iopath() returns size_t now that it uses strlcpy() and not
5172 * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
5173 Trim leading slashes from iolog_file and trailing slashes from
5177 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5178 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
5179 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5180 Pass a single I/O log file name in command_details instead of
5181 separate dir + file parameters.
5184 * plugins/sudoers/sudoreplay.c:
5185 change an error() to errorx()
5188 * plugins/sudoers/iolog.c:
5189 Add missing cwd line to I/O log info file that got dropped when
5190 iolog_deserialize_info() was added
5193 2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
5195 * plugins/sudoers/iolog.c:
5196 Avoid relying on globals filled in by the sudoers policy module for
5197 the sudoers I/O log module. The I/O log open function now pulls the
5198 bits it needs out of user_info and command_info.
5201 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
5202 plugins/sudoers/sudoers.h:
5203 If no iolog file is specified by the policy plugin, use io_nextid()
5204 to determine the next file in the sequence.
5207 2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
5209 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5210 Document iolog_compress in command_info
5213 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
5214 Add support for the iolog_compress variable in command_info.
5217 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
5218 Add sigsetjmp() calls to all plugin entry points just to be safe.
5221 * src/sudo.c, src/sudo.h:
5222 Don't need iolog variables in struct command_details, they are for
5223 the I/O log plugins to handle.
5226 2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
5228 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
5229 Document use of mkdtemp() for iolog path teplates
5232 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
5233 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
5234 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
5235 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
5239 * doc/sudo_plugin.pod, doc/sudoers.pod:
5240 Document iolog_file and supported escape sequences for sudoers.
5241 Clarify that iolog_file can contain directories.
5244 * compat/Makefile.in, configure, configure.in:
5245 Fix building of mkstemps/mkdtemp replacements.
5248 * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
5249 configure.in, include/missing.h:
5250 Provide mkdtemp() for systems without it.
5253 * plugins/sudoers/iolog_path.c:
5257 * plugins/sudoers/iolog.c:
5258 Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
5259 glibc mkdtemp() returns EINVAL.
5262 * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
5263 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
5264 plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
5265 plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
5266 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5267 Allow sudoers to specify the iolog file in addition to the iolog
5268 dir. Add escape sequence support to iolog file and dir: sequence
5269 number, user, group, runas_user, runas_group, hostname and
5270 command in addition to any escape sequence recognized by
5274 * plugins/sudoers/iolog.c:
5275 Add missing sigsetjmp() call in I/O plugin open function. Fixes a
5276 crash when the I/O plugin calls error(), errorx() or log_error().
5279 2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
5281 * doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
5282 plugins/sudoers/sudoers.c:
5283 Give the policy module fine-grained control over what the I/O plugin
5288 Clear OPOST from c_oflag like we used to. Fixes screen-based
5293 Clarify umask option description. From Reuben Thomas.
5296 2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
5298 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
5299 Pick last match in LDAP sudoers too
5302 * doc/sudo_plugin.pod:
5303 Document iolog_file, iolog_dir and use_pty
5306 * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
5307 plugins/sudoers/sudoers.c:
5308 Adapt plugins to version I/O logging ABI 1.1
5311 * src/exec.c, src/sudo.h:
5312 Add use_pty command_info flag for policies to indicate that a pty
5313 should be allocated even if no I/O logging is performed.
5317 Add remaining plugin convenience functions
5320 * include/sudo_plugin.h, src/sudo.c, src/sudo.h,
5321 src/sudo_plugin_int.h:
5322 Change I/O log API to pass in command info to the I/O log open
5323 function. Add iolog_file and iolog_dir parameters to command info.
5324 This allows the policy plugin to specify the I/O log pathname. Add
5325 convenience functions for calling plugin functions that handle ABI
5326 backwards compatibility.
5333 2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
5335 * configure, configure.in:
5336 Bump version to 1.8.0b3
5339 2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
5342 Remove extraneous newline
5345 2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
5347 * doc/sudoers.pod, plugins/sudoers/def_data.c,
5348 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
5349 plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
5350 Make I/O log dir configurable.
5353 * aclocal.m4, configure, configure.in, doc/sudoers.pod:
5354 Rename io_logdir to iolog_dir
5357 2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
5360 Add missing '*' that prevented the generic ELF case from matching.
5364 If file(1) can't identify the ELF binary type, try readelf(1).
5367 2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
5369 * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
5370 plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
5371 plugins/sudoers/sudoers.c, src/sudo.c:
5372 Use %u to print uid/gid, not %lu and adjust casts to match.
5375 * doc/sudoers.ldap.pod:
5376 Clarify ordering of entries and attributes.
5379 * doc/sudoers.ldap.pod:
5380 Fix typo and editing goof.
5383 * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
5384 doc/sudoers.ldap.pod:
5385 Merge in ordered LDAP entry support from Andreas Mueller.
5388 * plugins/sudoers/ldap.c:
5389 Make sure we don't dereference a NULL handle.
5392 2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
5395 Add support for RHEL 6 file modes that include a trailing dot on
5396 files with an SELinux security context
5399 2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
5402 exec_setup() does not need to setuid(0), the Ubuntu issue was in the
5406 * plugins/sudoers/sudoers.c:
5407 create_admin_success_flag() should use restore_perms() rather than
5408 set_perms() to restore the uid.
5412 In exec_setup() call setuid(0) to make certain the subsequent uid
5413 and gid changes will succeed. Fixes a problem on Ubuntu.
5417 Error out if we cannot change to root's uid so we catch the failure
5421 2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
5424 fix typo; from Michael T Hunter
5427 * plugins/sudoers/match.c:
5428 In sudoedit mode, assume command line arguments are paths and pass
5429 FNM_PATHNAME to fnmatch().
5432 2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
5434 * configure, configure.in:
5435 Add workaround for an error in sys/types.h on HP-UX 11.23 when large
5436 file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
5437 broken bits of the header file.
5441 Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
5445 For Tru64, strip off beta version.
5448 * MANIFEST, plugins/sudoers/testsudoers.c,
5449 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
5450 Avoid conflicts with system definitions in grp.h and pwd.h
5454 Include stdio.h after zlib.h, not before. We need the large file
5455 defines to come first.
5458 2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
5460 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
5465 Don't clean ChangeLog
5468 * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
5469 Add prototype for cleanup()
5472 2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
5474 * plugins/sudoers/group_plugin.c:
5475 Avoid deferencing group_plugin if it is NULL in
5476 group_plugin_query(). This should not happen.
5479 * plugins/sudoers/group_plugin.c:
5480 group plugin init function return TRUE when successful
5483 2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
5485 * plugins/sudoers/ldap.c:
5486 Enlarge the array of entry wrappers int blocks of 100 entries to
5487 save on allocation time. From Andreas Mueller
5490 * plugins/sudoers/ldap.c:
5491 Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
5492 that was mistakenly dropped.
5495 2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
5497 * doc/TROUBLESHOOTING:
5498 Mention that sudo needs "ar" to build.
5501 * configure, configure.in:
5502 Fail with a more useful error if "ar" is not found.
5505 2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
5507 * plugins/sudoers/ldap.c:
5508 Merge in ordered LDAP entry support from Andreas Mueller and add
5509 local changes from the 1.7 branch.
5512 2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
5514 * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
5515 doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
5516 Add timed entry support from Andreas Mueller.
5519 * plugins/sudoers/group_plugin.c:
5520 Don't try to unload if group_plugin is NULL. Don't call dlclose() if
5521 group_handle is NULL
5524 * plugins/sudoers/sudoers.h:
5525 It is now plugin_cleanup(), not cleanup()
5528 * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
5529 Call plugin_cleanup(), not cleanup()
5532 2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
5534 * plugins/sudoers/ldap.c:
5535 Use efree() not free() and remove malloc.h include since we never
5536 directly call malloc() or free().
5539 2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
5542 set PSTAMP for Solaris and move the backend-specific bits to their
5543 own %if [xxx] %endif blocks in %set.
5550 * configure, configure.in:
5551 Only substitute file zlib files when using the builtin zlib
5554 * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
5555 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
5556 src/Makefile.in, zlib/Makefile.in:
5557 Give up on using VPATH to find sources as it is implemented
5558 inconsistenly in different versions of make.
5561 * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
5562 plugins/sudoers/gram.c, plugins/sudoers/toke.c:
5563 Include config.h before any other includes to make sure we get the
5564 right value for _FILE_OFFSET_BITS.
5576 g/c unused $(GENERATED)
5579 2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
5581 * plugins/sudoers/group_plugin.c:
5582 Zero out group_plugin on unload just to be safe.
5585 * plugins/sudoers/group_plugin.c:
5586 Unload group plugin if its init function fails.
5590 Only chdir to cwd if it is different from the current cwd or there
5591 is a new root (chroot).
5594 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
5595 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
5596 doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
5597 Bump version to 1.8.0b2
5600 2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
5603 Better --enable-zlib description
5607 Use system zlib on Linux Let configure decide on Solaris For all
5608 others, use builtin zlib
5612 Add large file support.
5616 Add large file support.
5619 * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
5620 zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
5621 zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
5622 zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
5623 zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
5624 zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
5625 zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
5626 zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
5627 Add local copy of zlib for systems that lack it.
5630 2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
5633 If perform_io() fails, kill the child before exiting so it doesn't
5634 complain about connection reset. We can get an I/O error if, for
5635 example, and we get EIO reading from stdin.
5638 2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
5640 * plugins/sudoers/sudoers.c, src/sudo.c:
5641 Fix complilation on systems with set_auth_parameters() Sprinkle
5642 volatile to quiet warnings from gcc 2.8.0
5645 * compat/dlfcn.h, compat/dlopen.c:
5646 Avoid potential namespace issues with dlopen() emulation.
5653 * plugins/sudoers/interfaces.c:
5654 Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
5659 Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
5662 * configure, configure.in:
5663 HP-UX 10.20 libc has an incompatible getline
5666 * plugins/sudoers/visudo.c:
5667 Quiet an HP-UX compiler warning.
5670 * configure, configure.in:
5671 Check for vi even with --with-editor specified; the sample plugin
5675 2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
5678 Fix remaining syntax errors.
5682 sudo binary depends on the libtool-generated libs
5685 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
5686 Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
5687 include the local or system dlfcn.h
5691 Don't use run_as_superuser=false on HP-UX
5695 Use memset() instead of zero_bytes() since we don't include
5699 * plugins/sudoers/interfaces.c:
5700 Fix pasto; AF_INET not AF_INET6
5704 Actually call shl_load()
5708 Update from git repo. Debian: version numbers now compliant with
5709 policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
5713 * configure, configure.in:
5714 Fix dlopen() detection for systems where dlopen() is in a separate
5718 * plugins/sudoers/auth/pam.c:
5719 If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
5720 useful message and return AUTH_FATAL so sudo does not keep trying to
5725 sudo_preload_table is an array
5729 Quiet a compiler warning and fix sudo_preload_table external
5734 Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
5737 * plugins/sudoers/group_plugin.c:
5738 Make this compile correctly when no dlopen is available.
5741 2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
5743 * plugins/sudoers/check.c:
5744 Having a timestamp file defined is no longer indicative of tty
5745 tickets being enabled. Check def_tty_tickets directly.
5748 * src/exec_pty.c, src/sudo.h, src/ttysize.c:
5749 Fix TCGETWINSZ compat.
5752 2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
5754 * src/exec_pty.c, src/ttysize.c:
5755 Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
5758 2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
5760 * plugins/sudoers/sudoers.c, src/sudo.c:
5761 Move set_project() from sudoers module into sudo proper.
5764 * configure, configure.in:
5765 Fix typo and regenerate
5768 * plugins/sudoers/ldap.c:
5769 When iterating over returned LDAP entries, keep looking at remaining
5770 matches even if we have a positive match. This catches negative
5771 matches that may exist in other entries and more closely match the
5772 sudoers file behavior.
5776 Add support for multiple package instances on Solaris.
5780 Add missing signal_pipe[0] to fdsr for the non-pty case.
5784 Add --with-project for Solaris
5788 Need ar and ranlib too
5791 2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
5793 * plugins/sudoers/env.c:
5794 Preserve ODMDIR environment variable by default on AIX.
5797 2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
5799 * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
5800 config.h.in, configure, configure.in, plugins/sample/Makefile.in,
5801 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
5802 plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
5803 plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
5805 Add dlopen() emulation for systems without it. For HP-UX 10, emulate
5806 using shl_load(). For others, link sudoers plugin statically and use
5807 a lookup table to emulate dlsym().
5810 2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
5812 * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
5813 compat/nanosleep.c, compat/utimes.c:
5814 When including compat headers, use the compat dir as part of the
5815 path so we are sure to get the correct header.
5818 2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
5820 * plugins/sudoers/linux_audit.c:
5821 Ignore ECONNREFUSED from audit_log_user_command() which will occur
5822 if auditd is not running.
5825 2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
5828 Sync with git version
5831 2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
5833 * common/fileops.c, plugins/sudoers/defaults.c:
5834 Cast isblank argument to unsigned char.
5837 2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
5839 * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
5840 doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
5841 Implement --with-umask-override configure flag.
5844 * plugins/sudoers/env.c:
5845 Take MODE_LOGIN_SHELL into account when initially setting reset_home
5846 instead of special-casing it later.
5849 * plugins/sudoers/sudoers.c:
5850 In login mode, make a copy of the runas user's pw_shell for
5851 NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
5855 * plugins/sudoers/env.c:
5856 Reset HOME for "sudo -i" even if HOME was listed in env_keep.
5860 Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
5864 Reset signal mask at sudo startup time; we need to be able to rely
5865 on normal signal delivery to control the child process.
5868 2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
5871 Use sed instead of expr to split a flag from its argument. Fixes a
5872 problem with expr interpreting its arguments as a flag when they
5877 Do not need sys/time.h after all
5881 Include sys/time.h for utimes() and struct timeval. No longer need
5882 ioctl.h or termios.h
5885 * compat/snprintf.c:
5886 Quiet bogus compiler warnings.
5889 * include/missing.h:
5890 Declare innetgr() for HP-UX which is missing a declaration. Declare
5891 domainname() for HP-UX and Solaris which are missing a declaration.
5894 * plugins/sudoers/bsm_audit.c:
5895 Use __sun for consistency with the rest of the sources.
5898 * plugins/sudoers/group_plugin.c:
5899 Quiet a bogus compiler warning.
5902 * plugins/sudoers/pwutil.c:
5903 Don't try to delref a NULL group.
5906 * common/alloc.c, common/lbuf.c:
5907 Include memory.h on systems that need it.
5910 2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
5913 Quiet gcc warnings on glibc systems that use warn_unused_result for
5917 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
5918 sudo_plugin is in section 8; from Ted Percival
5921 * plugins/sudoers/Makefile.in:
5922 testsudoers depends on libsudoers.la, not sudoreplay
5925 2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
5928 Read as many signals on the signal pipe as we can before returning.
5931 * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
5932 Instead of using a array to store received signals, open a pipe and
5933 have the signal handler write the signal number to one end and
5934 select() on the other end. This makes it possible to handle signals
5935 similar to I/O without race conditions.
5938 2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
5940 * doc/visudo.pod, plugins/sudoers/visudo.c:
5941 Make "visudo -c -f -" check the standard input.
5945 set_home and always_set_home have an effect if HOME is present in
5949 * plugins/sudoers/env.c:
5950 Make -H flag work when HOME is listed in env_keep. Also makes
5951 "set_home" and "always_set_home" override override HOME in env_keep.
5954 2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
5956 * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
5957 plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
5958 plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
5959 plugins/sudoers/visudo.c, src/net_ifs.c:
5960 Convert sudoers plugin to use interface list passed in settings.
5963 * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
5964 src/parse_args.c, src/sudo.h:
5965 Query local network interfaces in the main sudo driver and pass to
5966 the plugin as "network_addrs" in the settings list.
5969 * plugins/sudoers/bsm_audit.c:
5970 Solaris BSM audit return EINVAL when auditing is not enabled,
5971 whereas OpenBSM returns ENOSYS.
5974 2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
5977 missing.h should come before most local includes
5980 * plugins/sudoers/sudoreplay.c:
5981 missing.h should come before most local includes
5984 * plugins/sudoers/sudoers.h:
5985 Make local includes consistent; use double quotes for local includes
5986 except for generated ones where we use angle brackets.
5989 * plugins/sudoers/sudoers.c:
5990 Always fill in NewArgv for audit code.
5993 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5994 Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
5997 * common/alloc.c, common/atobool.c, common/fileops.c,
5998 common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
5999 common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
6000 compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
6001 compat/getprogname.c, compat/glob.c, compat/isblank.c,
6002 compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
6003 compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
6004 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
6005 compat/unsetenv.c, compat/utimes.c, include/compat.h,
6006 plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
6007 plugins/sample_group/plugin_test.c,
6008 plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
6009 plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
6010 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
6011 plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
6012 plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
6013 plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
6014 src/sudo_noexec.c, src/ttysize.c:
6015 Make local includes consistent; use double quotes for local includes
6016 except for generated ones where we use angle brackets. Also g/c
6020 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
6022 * plugins/sudoers/match.c:
6023 When matching the runas user and runas group (-u and -g command line
6024 options), keep track of runas group and runas user matches
6025 separately. Only return a positive match if we have a match for
6026 both runas user and runas group (if specified).
6029 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
6031 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
6032 Add support for multiple URI lines by joining the contents and
6033 passing the result to ldap_initialize.
6036 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
6037 Do not return -1 on error from the display functions; the caller
6038 expects a return value >= 0.
6041 * plugins/sudoers/sudoers.c:
6042 Do not set both MODE_EDIT and MODE_RUN
6045 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
6047 * include/missing.h:
6048 Move includes to the top of the file.
6051 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
6053 * plugins/sudoers/Makefile.in:
6054 Add missing definition of timedir
6057 * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
6058 compat/mksiglist.c, compat/strsignal.c,
6059 plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
6060 Add #include of sys/types.h for .c files that include missing.h to
6061 be sure that size_t and ssize_t are defined.
6064 * plugins/sudoers/Makefile.in:
6065 Install sudoers file from the build dir not hte src dir.
6068 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
6070 * plugins/sudoers/set_perms.c:
6071 If runas_pw changes, reset the stashed runas aux group vector.
6072 Otherwise, if runas_default is set in a per-command Defaults
6073 statement, the command runs with root's aux group vector (i.e. the
6074 one that was used when locating the command).
6077 * plugins/sudoers/Makefile.in:
6078 Add target to generate sudoers file Remove generated sudoers file as
6082 2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
6085 When not logging I/O install a handler for SIGCONT and deliver it to
6086 the command upon resume. Fixes bugzilla #431
6089 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
6091 * plugins/sudoers/sudoers.h:
6092 g/c unused auth_pw extern definition
6095 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
6096 Move get_auth() into check.c where it is actually used.
6099 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
6102 Convert a remaining puts() and putchar() to use the output function.
6105 * plugins/sudoers/plugin_error.c:
6109 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
6111 * plugins/sudoers/env.c:
6112 Set dupcheck to TRUE when setting new HOME value if !env_reset but
6113 always_set_home is true. Prevents a duplicate HOME in the
6114 environment (old value plus the new one) introduced in f421f8827340.
6117 * configure, configure.in, plugins/sudoers/sudoers,
6118 plugins/sudoers/sudoers.in:
6119 Substitute sysconfdir in the installed sudoers file to get the
6120 correct path for sudoers.d.
6123 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
6126 Fix typo that prevented compilation on Irix; Friedrich Haubensak
6129 2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
6131 * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
6132 common/atobool.c, common/fileops.c, common/fmt_string.c,
6133 common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
6134 compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
6135 compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
6136 compat/getprogname.c, compat/glob.c, compat/isblank.c,
6137 compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
6138 compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
6139 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
6140 compat/unsetenv.c, compat/utimes.c, include/compat.h,
6141 include/missing.h, plugins/sample/sample_plugin.c,
6142 plugins/sample_group/getgrent.c,
6143 plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
6144 plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
6145 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
6146 plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
6147 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
6148 plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
6149 src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
6150 Merge compat.h and missing.h into missing.h
6153 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
6155 * plugins/sudoers/auth/pam.c:
6156 If the user hits ^C while a password is being read, error out before
6157 reading any further passwords in the pam conversation function.
6158 Otherwise, if multiple PAM auth methods are required, the user will
6159 have to hit ^C for each one.
6162 2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
6164 * plugins/sudoers/check.c:
6168 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6169 Document sudo_conv_t function and sudo_printf_t return values.
6172 * src/conversation.c:
6173 Make _sudo_printf return the number of characters printed on success
6177 2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
6179 * plugins/sudoers/sudoers.c:
6180 sudoers.h includes sudo_plugin.h for us
6183 * common/Makefile.in, common/gettime.c, compat/mkstemps.c,
6184 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
6186 Use gettimeofday() directly instead of via the gettime() wrapper.
6189 * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
6190 compat/strerror.c, config.h.in, configure, configure.in,
6191 include/compat.h, include/missing.h, plugins/sudoers/logging.c,
6192 plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
6193 Remove some obsolete configure tests, ancient Unix systems are no
6197 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
6200 Set pp_kit_version and strip off patch level
6204 Better handling of versions with a patchlevel. For rpm and deb, use
6205 the patchlevel+1 as the release. For AIX, use the patchlevel as the
6206 4th version number. For the rest, just leave the patchlevel in the
6210 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
6212 * plugins/sudoers/auth/sudo_auth.c:
6213 For non-standalone auth methods, stop reading the password if the
6214 user enters ^C at the prompt.
6217 * configure, configure.in, plugins/sudoers/Makefile.in,
6218 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
6219 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
6220 plugins/sudoers/pwutil.c:
6221 No need to look up shadow password unless we are doing password-
6222 style authentication. This moves the shadow password lookup to the
6223 auth functions that need it.
6226 * plugins/sudoers/sudoers.c:
6227 Retain final passwd/group refs until the policy close() function.
6228 Note that this doesn't get called in all cases so putting this in a
6229 cleanup function is probably better.
6232 * plugins/sudoers/check.c:
6236 * plugins/sudoers/check.c:
6237 When removing/resetting the timestamp file ignore the tty ticket
6241 * plugins/sudoers/sudoers.c:
6242 delref sudo_user.pw, runas_pw and runas_gr immediately before we
6246 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
6248 * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
6249 plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
6250 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
6251 Reference count cached passwd and group structs. The cache holds
6252 one reference itself and another is added by sudo_getgr{gid,nam} and
6253 sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
6254 group structs are persistent for now.
6261 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
6263 * plugins/sudoers/check.c:
6264 Do not produce a warning for "sudo -k" if the ticket file does not
6268 * plugins/sudoers/pwutil.c:
6269 Instead of caching struct passwd and struct group in the red-black
6270 tree, store a struct cache_item which includes both the key and
6271 datum. This allows us to user the actual name that was looked up as
6272 the key instead of the contents of struct passwd or struct group.
6273 This matters because the name in the database may not match what we
6274 looked up, due either to case folding or truncation (historically at
6275 8 characters). Also mark the disabled calls to sudo_freepwcache()
6276 and sudo_freegrcache() as broken since we use cached data for things
6277 like set_perms() and the logging functions. Fixing this would
6278 require making a copy of the structs for user and runas or adding a
6279 reference count (better).
6282 * plugins/sudoers/Makefile.in:
6283 Fix path to mkinstalldirs
6286 * plugins/sudoers/check.c, plugins/sudoers/logging.c,
6287 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
6288 src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
6289 Quiet gcc warnings on glibc systems that use warn_unused_result for
6290 write(2) and others.
6293 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
6295 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
6299 * aclocal.m4, configure, configure.in:
6300 Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
6301 back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
6305 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
6307 * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
6308 Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
6309 and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
6312 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
6315 Update to latest version
6318 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
6321 Let pp determine pp_aix_version itself.
6324 * INSTALL, config.h.in, configure, configure.in, mkpkg,
6325 plugins/sudoers/sudoers.c:
6326 Add support for Ubuntu admin flag file and enable it when building
6330 * plugins/sudoers/sudoers, sudo.pp:
6331 Add commented out SuSE-like targetpw settings
6334 * configure, configure.in:
6335 Only try to use +DAportable for non-GCC on hppa
6338 * configure, configure.in:
6339 Prevent configure from adding the -g flag unless in devel mode
6342 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
6345 Go back to sudo-flavor to match existing packages and only use an
6346 underscore for those that need it.
6350 Use sudo_$flavor instead of sudo-$flavor since that causes the least
6351 amount of trouble for the various package managers.
6355 Fix handling of the ldap flavor Remove destdir unless --debug was
6356 specified Make distclean before running configure if there is a
6361 Add back include file.
6365 Pass extra args on to configure on HP-UX, if we don't have the HP C
6366 compiler, disable zlib to prevent gcc from finding it in
6371 Use the HP ANSI C compiler on HP-UX if possible
6374 * plugins/sudoers/sudoreplay.c:
6375 Some getline() implementations (FreeBSD 8.0) do not ignore the
6376 length pointer when the line pointer is NULL as they should.
6379 * plugins/sudoers/sudoreplay.c:
6380 Don't need to check for *cp being non-zero, isdigit() will do that.
6383 * plugins/sudoers/sudoreplay.c:
6384 Add setlocale() so the command line arguments that use floating
6385 point work in different locales. Since sudo now logs the timing
6386 data in the C locale we must Parse the seconds in the timing file
6387 manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
6388 the number of seconds with the user's locale so if the decimal point
6389 is not '.' try using the locale-specific version.
6393 Do I/O logging in the C locale so the floating point numbers in the
6394 timing file are not locale-dependent.
6397 * plugins/sudoers/sudoreplay.c:
6398 Use errorx() not error() for thingsthat don't set errno.
6401 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
6404 Better support for 1.2.3 style versions in Tru64 kits
6408 Add Tru64 kit support
6412 Remove apparently unnecessary use of sudo
6415 * Makefile.in, plugins/sudoers/Makefile.in:
6416 Create timedir as part of install-dirs target.
6420 Handle ENXIO from read/write which can occur when reading/writing a
6421 pty that has gone away.
6424 * plugins/sudoers/pwutil.c:
6425 sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
6429 platform is a pp flag not a variable
6432 * Makefile.in, mkpkg, sudo.pp:
6433 Add simple arg parsing for mkpkg so we can set debug, flavor or
6438 Make rpm backend work on AIX 5.x
6441 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
6443 * plugins/sudoers/sudoers:
6444 Add commented out Defaults entry for log_output
6447 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
6450 Remove sudo docdir completely
6453 * doc/sample.sudo.conf:
6454 Add sample sudo.conf
6457 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
6459 * plugins/sudoers/Makefile.in:
6460 Add PACKAGE_TARNAME for docdir
6463 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
6466 Pass install-sh -b~ here too.
6469 * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
6470 plugins/sudoers/Makefile.in, src/Makefile.in:
6471 Install binary files with -b~ to make a backup. Fixes "text file
6472 busy" error on HP-UX during install.
6476 "mv -f" on HP-UX doesn't unlink the destination first so add an
6477 explicit rm before moving the temporary into place.
6480 * configure, configure.in:
6481 Some more ${foo} -> $(foo) conversion for consistent Makefiles.
6484 * doc/Makefile.in, plugins/sudoers/Makefile.in:
6485 Install sudoers2ldif in the doc dir
6488 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
6491 Add missing include of maillock.h for Solaris
6494 * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE,
6495 doc/sample.syslog.conf, doc/sudoers.cat:
6496 Change the default syslog facility from local2 to authpriv (or auth
6497 if the operating system doesn't support authpriv).
6500 * Makefile.in, sudo.pp:
6501 Install sudoers as /etc/sudoers on RPM and debian systems where the
6502 package manager will not replace a user-modified configuration file.
6503 This fixes upgrades from the vendor sudo packages.
6507 RPM: use %config(noreplace) instead of %config for volatile This
6508 results in the new file being installed with a .rpmnew suffix
6509 instead of the file being replaced and the old one renamed with a
6513 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
6515 * compat/mkstemps.c, plugins/sudoers/boottime.c:
6516 Include time.h for struct timeval
6520 The return value of strsignal() may be const and should be treated
6521 as const regardless.
6524 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6525 Mention that 127.0.0.1 will not match, nor will localhost unless
6526 that is the actual host name.
6529 * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE:
6530 Rename WHATSNEW -> NEWS
6534 Updated pp with latest patches
6541 * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
6542 plugins/sudoers/sudoers:
6543 Add commented out line to add HOME to env_keep and add a warning to
6544 the note about the HOME change in UPGRADE.
6547 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
6549 * plugins/sudoers/sudoreplay.c:
6550 Add LINE_MAX define for those without it.
6553 * INSTALL, WHATSNEW, config.h.in, configure, configure.in,
6554 doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
6555 plugins/sudoers/defaults.c:
6556 The tty_tickets option is now on by default.
6560 Mention that AIX authdb support has been fixed.
6564 setauthdb() only sets the "old" registry if it was set by a previous
6565 call to setauthdb(). To restore the original value, passing NULL
6566 (or an empty string) to setauthdb() is sufficient.
6569 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
6571 * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod,
6572 doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
6573 plugins/sudoers/env.c:
6574 Reset HOME when env_reset is enabled unless it is in env_keep
6577 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6578 The default for set_logname has been "true" for some time now.
6581 * plugins/sudoers/boottime.c:
6582 Add missing include of time.h
6585 * plugins/sudoers/logging.c:
6586 Fix check for dup2() return value.
6589 * plugins/sudoers/env.c:
6590 Add PYTHONUSERBASE to initial_badenv_table
6593 * plugins/sudoers/visudo.c:
6594 Treat an unknown defaults entry as a parse error.
6597 * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
6598 Check return value of setdefs() but don't stop setting defaults if
6599 we hit an unknown one.
6602 * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in,
6603 doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
6604 doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in,
6605 plugins/sudoers/env.c:
6606 If env_reset is enabled, set the MAIL environment variable based on
6607 the target user unless MAIL is explicitly preserved in sudoers.
6610 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
6613 decode debian code names
6620 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
6627 Restore RLIMIT_NPROC after the uid switch if it appears that
6628 runas_setup() did not do it for us. Fixes a bash script problem on
6629 SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
6632 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
6634 * mkpkg, pp, sudo.pp:
6635 Restore the dot removal in the os version reported by polypkg. Adapt
6636 mkpkg and sudo.pp to the change.
6639 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
6642 document --with-pam-login
6645 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6646 The tag is NOSETENV, not UNSETENV. From Petr Uzel.
6649 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
6652 Include flavor in solaris package name
6656 Older shells don't support IFS= so set explictly to space, tab,
6661 Use '=' not '==' in test
6665 Fix typo that prevented debian from matching
6669 Add missing prefix setting for debian
6673 Use tab indents to reduce the chance of problem with <<- Fix the
6674 debian %set section, pp does not set pp_deb_distro Uncomment %sudo
6675 line in sudoers for debian Uncomment some env_keep lines for RHEL,
6676 SLES and debian to more closely match the vendor sudoers files.
6677 Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
6678 debian for ldap flavor
6681 * plugins/sudoers/sudoers:
6682 Add commented out env_keep entries, sample Aliases and a %sudo line
6686 * configure, configure.in:
6687 Move zlib check later on in the script to avoid a strange shell
6692 Remove check for egrep; configure has its own
6695 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
6698 Enable zlib for linux distros
6702 Add ldap flavor to default build
6706 Simplify rpm linux distro settings
6709 * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat:
6710 Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
6714 Fix ChangeLog creation from build dir
6717 * plugins/sudoers/sudoers.c:
6718 Handle getcwd() failure.
6721 * doc/Makefile.in, mkpkg, sudo.pp:
6722 Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
6723 environment variable.
6727 Create sudo group on debian
6731 Add debian 4/5/6 and use the dot when doing version matches
6734 * aclocal.m4, configure:
6735 Use a loop when searching for mv, sendmail and sh
6738 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6739 Remove spurious "and"; from debian
6742 * aclocal.m4, configure, configure.in, doc/sudoers.cat,
6743 doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat,
6744 doc/visudo.man.in, doc/visudo.pod:
6745 Substitute the value of EDITOR into the sudoers and visudo manuals.
6748 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
6750 * mkpkg, pp, sudo.pp:
6751 Initial support for debian 4.0
6755 Some platforms need -fPIE instead of -fpie
6758 * plugins/sudoers/auth/pam.c:
6759 Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
6760 On Linux it causes a DNS lookup via libaudit.
6764 Update MANIFEST to match packaging changes
6768 We now use pp to generate HP-UX packages
6771 * INSTALL.binary, plugins/sudoers/Makefile.binary.in:
6772 Remove vestiges of old binary package bits.
6775 * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in,
6776 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
6777 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6779 install-man -> install-doc
6782 * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg,
6783 plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp:
6784 Use http://rc.quest.com/topics/polypkg/ for packaging
6788 Just ignore the -c option, it is the default Add support for -d
6792 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
6794 * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c:
6795 Use _PATH_STDPATH instead of _PATH_DEFPATH
6798 * plugins/sudoers/Makefile.in, src/Makefile.in:
6799 Do not strip binaries.
6802 * INSTALL, configure, configure.in:
6803 Add --insults=disabled configure option to allow people to build in
6804 insult support but have the insults disabled unless explicitly
6808 * compat/mkstemps.c:
6809 Add prototype for gettime()
6812 * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c,
6813 plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
6814 plugins/sudoers/sudoers.h:
6815 Add support for a sudo-i pam.d file to be used for "sudo -i".
6816 Adapted from a RedHat patch.
6819 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
6821 * include/missing.h:
6822 Fix mkstemps() prototype
6825 * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c,
6826 config.h.in, configure, configure.in, include/missing.h,
6828 Use mkstemps() instead of mkstemp() in sudoedit. This allows
6829 sudoedit to preserve the file extension (if any) which may be used
6830 by the editor (like emacs) to choose the editing mode.
6833 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
6835 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
6836 plugins/sudoers/ldap.c:
6837 TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
6838 TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
6839 code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
6840 should avoid disabling TLS_CHECKPEER is possible.
6843 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
6845 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6846 Make sudo_plugin format a bit more like a man page
6849 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
6850 Add suport for negated user/host/command lists in a Defaults entry.
6851 E.g. Defaults:!baduser noexec
6854 * Makefile.in, common/Makefile.in, compat/Makefile.in,
6855 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
6856 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6858 Add uninstall target
6861 * common/Makefile.in, compat/Makefile.in:
6862 Remove unused AR, SED and RANLIB variables
6866 Do not install sample plugins
6869 2010-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
6871 * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure,
6872 configure.in, plugins/sudoers/env.c:
6873 Now that sudoers is a dynamically loaded module we cannot override
6874 the libc environment functions because the symbols may already have
6875 been resolved via libc. Remove getenv/putenv/setenv/unsetenv
6876 replacements from sudoers and add replacements for setenv/unsetenv
6877 for systems that lack them.
6880 * configure, configure.in, plugins/sudoers/Makefile.in:
6881 Link testsudoers with -ldl when needed
6884 * plugins/sample_group/plugin_test.c:
6885 Remove unused time.h and add limits.h for PATH_MAX
6888 * doc/sudoers.ldap.pod:
6892 2010-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
6894 * plugins/sample_group/plugin_test.c:
6895 Do not depend on strlcpy/strlcat
6898 * plugins/sample_group/plugin_test.c:
6899 Standalone test driver for sudoers group plugin.
6902 2010-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
6904 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
6905 Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging
6909 * plugins/sample_group/sample_group.c:
6910 Fix style nit in function declarations
6913 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6914 Document group_plugin syntax.
6917 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6918 Document the sudoers group plugin.
6921 * INSTALL, MANIFEST, Makefile.in, config.h.in, configure,
6922 configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h,
6923 plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
6924 plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
6925 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
6926 plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c,
6927 plugins/sudoers/match.c, plugins/sudoers/nonunix.h,
6928 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
6929 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
6930 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c:
6931 Replace built-in non-unix group support with a sudoers group plugin.
6932 Include a sample plugin that can read Unix-format group files.
6935 * configure, configure.in, src/load_plugins.c:
6936 Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage.
6939 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
6941 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
6942 doc/sudoers.man.in, doc/sudoers.pod:
6943 Move sudoers-specific bits out of sudo(8) and into sudoers(5)
6946 * aclocal.m4, configure, configure.in:
6947 Substitute @io_logdir@ for the sudoers I/O log directory.
6950 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
6952 * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
6953 common/atobool.c, common/fileops.c, common/fmt_string.c,
6954 common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
6955 compat/getgrouplist.c, compat/getline.c, compat/glob.c,
6956 compat/snprintf.c, config.h.in, configure, configure.in,
6957 include/fileops.h, plugins/sample/sample_plugin.c,
6958 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
6959 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
6960 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
6961 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
6962 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
6963 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
6964 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
6965 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
6966 plugins/sudoers/boottime.c, plugins/sudoers/check.c,
6967 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
6968 plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
6969 plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
6970 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
6971 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
6972 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
6973 plugins/sudoers/logging.c, plugins/sudoers/match.c,
6974 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
6975 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
6976 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6977 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
6978 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
6979 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
6980 src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c,
6981 src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
6982 src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
6983 Set usrinfo for AIX Set adminstrative domain for the process when
6984 looking up user's password or group info and when preparing for
6985 execve(). Include strings.h even if string.h exists since they may
6986 define different things. Fixes warnings on AIX and others.
6990 Add a separate all target for AIX make which was using the entire
6991 LHS (not just the first entry) of the first target as the implicit
6995 * plugins/sudoers/env.c:
6996 Do not rely on env.env_len when unsetting a variable, just use the
7000 * plugins/sudoers/env.c:
7001 In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
7004 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
7006 * plugins/sudoers/vasgroups.c:
7007 Use warningx() instead of log_error() since the latter is not
7008 available to visudo or testsudoers. This does mean that they don't
7012 * plugins/sudoers/sudoers.c:
7013 Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
7014 closed the sudoers sources. From Quest sudo.
7017 * plugins/sudoers/pwutil.c:
7018 Ignore case when matching user/group names in the cache. From Quest
7022 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
7024 * config.h.in, configure, configure.in, src/selinux.c:
7025 Add check for setkeycreatecon() when --with-selinux is specified.
7028 * configure, configure.in:
7029 Error out if libaudit.h is missing or ununable when --with-linux-
7033 * doc/HISTORY, doc/history.pod:
7034 Add =head3 entries, mostly for the html version
7037 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
7039 * doc/HISTORY, doc/history.pod:
7040 Mention when LDAP was incorporate.
7043 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
7045 * configure, configure.in:
7046 Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
7047 not covered by _ALL_SOURCE.
7050 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
7052 * plugins/sudoers/iolog.c:
7053 Add a cast to quiet a compiler warning.
7056 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
7057 Quiet a compiler warning.
7060 * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
7061 Call set_fqdn() after sudoers has parsed instead of inline as a
7065 * WHATSNEW, plugins/sudoers/sudoers.c:
7066 Do not call set_fqdn() until sudoers parses (where is gets run as a
7071 mention the change in tty ticket behavior when there is no tty
7074 * plugins/sudoers/check.c:
7075 Do not update tty ticket if there is no tty.
7078 * doc/LICENSE, doc/license.pod:
7079 Update copyright year
7083 Do not rely on BSD make's $>
7086 * configure, configure.in:
7087 Set timedir to /var/db/sudo for darwin to match Apple sudo's
7091 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
7093 * plugins/sudoers/sudoers.h:
7094 Add stub declarations for struct stat and struct timeval
7098 Remove compat/sigaction.c
7101 * config.h.in, configure, configure.in, plugins/sudoers/defaults.c,
7102 plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
7103 Check for zlib.h in addition to libz.
7106 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h,
7108 Move functions and symbols shared between exec.c and exec_pty.c into
7113 Comment out rules to build .man.in and .cat files unless --with-
7118 Comment out rules to build .man.in and .cat files unless --with-
7123 Quote any non-alphanumeric characters other than '_' or '-' when
7124 passing a command to be run via the shell for the -s and -i options.
7128 Add back .man suffix
7131 * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in,
7132 plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
7133 plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
7134 plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
7136 Add Linux audit support.
7139 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
7141 * plugins/sudoers/iolog.c:
7145 * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
7146 plugins/sudoers/sudoreplay.c:
7147 Add -f (filter) option to sudoreplay to allow certain streams to be
7148 replayed and others ignored.
7151 * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
7153 Fix -A flag when askpass is specified in sudo.conf or if sudo
7154 doesn't need to read a password.
7157 * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c,
7158 src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
7162 * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
7163 doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
7164 Add support for multiple sudoers_base entries in ldap.conf. From
7168 * config.h.in, configure, configure.in, plugins/sudoers/logging.c,
7170 remove setsid check, we require a POSIX system
7173 * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c,
7174 src/sudo.c, src/tgetpass.c:
7175 Check for dup2() failure.
7178 * config.h.in, configure, configure.in:
7179 Remove dup2() check, it is not optional.
7182 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
7185 sync with sudo 1.7.3
7189 SunOS does not ship with an ANSI compiler
7193 Update OS specific notes. Delete some really ancient ones and move
7194 older ones to the end of the list.
7198 Sudo can be downloaded from the web site too Mention "OS dependent
7199 notes" section in INSTALL
7202 * src/exec_pty.c, src/selinux.c:
7203 Call selinux_restore_tty() as part of cleanup() so it gets called
7204 from error()/errorx()
7207 * MANIFEST, doc/PORTING:
7208 Remove obsolete porting guide
7211 * plugins/sudoers/interfaces.h, plugins/sudoers/match.c:
7212 Move union sudo_in_addr_un into interfaces.h
7216 Remove useless circular dependencies
7219 * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
7220 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
7221 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
7222 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
7223 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
7224 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
7225 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c:
7226 Convert to ANSI C function declarations
7229 * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c,
7230 common/zero_bytes.c, compat/charclass.h, compat/closefrom.c,
7231 compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c,
7232 compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c,
7233 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
7234 compat/strlcpy.c, compat/timespec.h, compat/utime.h,
7235 compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod,
7236 include/alloc.h, include/error.h, include/lbuf.h, include/list.h,
7237 include/missing.h, pathnames.h.in, plugins/sudoers/alias.c,
7238 plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h,
7239 plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
7240 plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
7241 plugins/sudoers/defaults.h, plugins/sudoers/find_path.c,
7242 plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
7243 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
7244 plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
7245 plugins/sudoers/logging.h, plugins/sudoers/match.c,
7246 plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c,
7247 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
7248 plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
7249 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
7250 plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
7251 plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c,
7252 src/conversation.c, src/error.c, src/load_plugins.c,
7253 src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c,
7254 src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c:
7255 Update copyright year
7259 Fix commented DEVDOCS when not in devel mode.
7262 * plugins/sudoers/match.c:
7263 Quiet a compiler warning.
7266 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
7267 Quiet a compiler warning.
7270 * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h:
7271 Make all functions in ldap.c static
7274 * doc/schema.ActiveDirectory:
7275 Updates from Alain Roy to provide better examples for importing the
7276 schema and to fix problems caused by Windows validating attributes
7277 which have not yet been added before committing the changes.
7280 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
7282 * configure, configure.in, doc/Makefile.in, doc/sudo.cat,
7283 doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
7284 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
7285 doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
7286 doc/visudo.cat, doc/visudo.man.in:
7287 Leave rules to build .man.in and .cat files uncommented but only
7288 make them part of the "all" rule in devel mode. Generate .cat files
7289 directly from .man.in instead of .man using default values in
7293 * configure, configure.in:
7294 Bump sudo version to 1.8.0b1
7297 * configure, configure.in, src/sudo.c, src/sudo_usage.h.in:
7298 Print configure args with verbose version information.
7301 * TODO, plugins/sudoers/visudo.c:
7302 Remove tfd from struct sudoersfile; it is not used. Add prev pointer
7303 to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
7304 Use tq_append to append sudoers entries to the tail queue.
7307 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
7310 Describe tty timestamp improvements
7313 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7314 A comment character may not be part of a command line argument
7315 unless it is quoted with a backslash. Fixes parsing of:
7316 testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
7320 Make this read a little bit better when passwd_timeout is 0.
7323 * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod:
7324 Attempt to handle a default password prompt timeout of zero more
7328 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7329 Do not override value of keepopen global, instead restore it to the
7330 value we pushed onto the stack when popping.
7333 * plugins/sudoers/Makefile.in:
7334 Add dependency for utility programs on libreplace and libcommon
7337 * compat/sigaction.c, config.h.in, configure.in, include/compat.h,
7338 plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
7339 src/exec.c, src/exec_pty.c, src/tgetpass.c:
7340 Remove sigaction emulation Use SA_INTERRUPT in sa_flags
7343 * MANIFEST, config.h.in, configure, configure.in, include/missing.h:
7344 We don't use getgrouplist() at the moment so there's no need to
7345 provide a compat version.
7352 * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
7353 src/conversation.c, src/sudo.h, src/tgetpass.c:
7354 Fix visiblepw sudoers option; the plugin API portion still needs
7359 Print sudo version as well.
7362 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
7363 Use sudo_printf for I/O log version Clarify policy plugin version
7367 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
7368 plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c:
7369 Silence some compiler warnings
7372 * src/load_plugins.c, src/tgetpass.c:
7373 Store askpass path in a global instead of uses setenv() which many
7377 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
7379 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
7380 doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
7381 plugins/sudoers/check.c, plugins/sudoers/def_data.c,
7382 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
7383 plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c,
7384 plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c,
7386 Move askpass path specification from sudoers to sudo.conf.
7389 * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
7390 Use a flag bit in struct command_details for selinux instead of a
7394 * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
7395 Implement background mode. If I/O logging we use pipes instead of a
7399 * compat/mksiglist.c, compat/strsignal.c, include/compat.h,
7400 src/exec.c, src/exec_pty.c, src/tgetpass.c:
7401 Move compat definition of NSIG to compat.h
7404 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
7405 doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
7406 Mention plugins in the sudo manual and add some missing path
7407 substitution in the sudo_plugin manual.
7411 Set _PATH_SUDO_CONF based on $(sysconfdir)
7414 * common/lbuf.c, common/term.c, config.h.in, configure, configure.in,
7415 src/exec.c, src/exec_pty.c, src/ttysize.c:
7416 Require POSIX termios to build sudo
7420 Ignore SIGPIPE for "sudo -S"
7424 Fix uninitialized variable in TGP_ECHO case and print a newline if
7425 the user interrupted password input.
7429 Make TGP_ECHO override TGP_MASK and don't try to restore the
7430 terminal if we didn't modify it.
7433 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
7434 include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
7435 src/conversation.c, src/sudo.h, src/tgetpass.c:
7436 Add SUDO_CONV_PROMPT_MASK define which corresponds to the
7437 "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is
7442 Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
7445 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
7447 * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
7448 Add selinux_enabled flag into struct command_details and set it in
7449 command_info_to_details(). Return an error from selinux_setup()
7450 instead of exiting. Call selinux_setup() from exec_setup().
7453 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
7456 Remove commented out copy of old sudo_execve() function.
7459 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
7461 * plugins/sudoers/sudoers.c:
7462 Fix setting selinux type on command line.
7465 * plugins/sudoers/iolog.c:
7466 In sudoers_io_close(), skip NULL io_fds[] elements.
7470 No longer need NGROUPS_MAX define
7473 * compat/nanosleep.c, config.h.in, configure, configure.in,
7474 include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c,
7475 plugins/sudoers/visudo.c, src/sudo_edit.c:
7476 Replace timerfoo macros with timevalfoo since the timer macros are
7477 known to be busted on some systems.
7481 Remove duplicate call to selinux_setup().
7484 * plugins/sudoers/auth/pam.c:
7485 If pam_open_session() fails, pass its status to pam_end.
7488 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7489 If a file in a #includedir has improper permissions or owner just
7490 skip it. This prevents packages that incorrectly install a file
7491 into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
7492 #includedir files still result in a parse error (for now).
7495 * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
7496 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
7497 plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
7498 Add use_pty sudoers option to force use of a pty even when not
7502 * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
7503 Make env_init() void as it never fails.
7506 * plugins/sudoers/env.c:
7507 No longer use _NSGetEnviron so don't need crt_externs.h
7510 * plugins/sudoers/env.c:
7511 Remove unused VNULL define
7514 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
7516 * plugins/sudoers/iolog.c:
7517 Add #define for maximum session id
7520 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h:
7521 Split exec.c into exec.c and exec_pty.c
7525 Sync with source file moves.
7528 * src/Makefile.in, src/get_pty.c, src/pty.c:
7529 Rename pty.c -> get_pty.c
7532 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
7534 * plugins/sudoers/iolog.c:
7535 Only use I/O input log file if def_log_input is set and output file
7536 if def_log_output is set.
7539 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
7541 * compat/strsignal.c:
7542 Update copyright year
7549 * plugins/sudoers/sudoers.c:
7550 For sudoedit, make a local copy of editor string si become part of
7551 argv. If no editor environment variable, split def_editor on ':'
7552 since it may be a colon-delimited path.
7556 Remove unneeded endpwent()/endgrent()
7560 Use value of nroff from configure
7564 Add missing const to I/O log action function
7567 * plugins/sudoers/check.c:
7568 Update copyright year and fix whitespace
7571 * configure, configure.in:
7575 * plugins/sudoers/iolog.c:
7576 Remove redundant tty signal blocking in log function.
7579 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
7581 * plugins/sudoers/iolog.c:
7582 Place static keyword where it belongs
7585 * plugins/sudoers/logging.c:
7586 Always use a printf format string for send_mail()
7589 * common/atobool.c, plugins/sudoers/ldap.c:
7590 Extend atobool() so we can use it in the LDAP code.
7593 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
7594 Sudo now stashes tty ctime for tty_tickets on Solaris too.
7597 * plugins/sudoers/boottime.c:
7598 Fix dummy version of get_boottime()
7601 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
7603 * plugins/sudoers/check.c:
7604 Enable tty_is_devpts() support for Solaris with the "devices"
7609 Unbreak the non-io logging case.
7612 * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
7613 Fix symbol name conflict with sudo_printf.
7616 * plugins/sudoers/auth/pam.c:
7617 Fix OpenPAM detection for newer versions.
7620 * plugins/sudoers/vasgroups.c:
7621 Sync with Quest sudo git repo
7624 * aclocal.m4, configure, configure.in:
7625 HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
7626 Add missing template for ENV_DEBUG Adapted from Quest sudo
7630 Fix typos; from Quest Sudo
7633 2010-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
7635 * plugins/sudoers/Makefile.in:
7636 Add back -I$(top_srcdir); we need it for including compat/foo.h
7637 since we cannot rely on "foo.h" being found relative to the source
7638 file when the cwd is different.
7642 Fix a bug where we could treat EAGAIN as a permanent error. Also set
7643 cstat if perform_io() returns an error.
7646 * common/alloc.c, plugins/sudoers/boottime.c,
7647 plugins/sudoers/sudoers.c:
7648 Add casts to quiet compiler warnings.
7651 * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
7652 plugins/sudoers/visudo.c:
7653 Fix typo in ternary operator usage.
7656 2010-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
7658 * INSTALL, configure, configure.in:
7659 Add --enable-warnings and fix typo in SUDO_IO_LOGDIR
7662 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
7663 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
7664 Update docs to match sudoers I/O logging changes
7667 * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in,
7668 pathnames.h.in, plugins/sudoers/def_data.c,
7669 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
7670 plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
7671 plugins/sudoers/gram.h, plugins/sudoers/gram.y,
7672 plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
7673 plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
7674 plugins/sudoers/sudoreplay.c:
7675 Break sudoers transcript feature up into log_input and log_output.
7678 * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
7679 plugins/sudoers/visudo.c:
7680 Use setprogname() as needed.
7683 * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
7684 Adapt sudoreplay to iolog changes.
7687 2010-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
7689 * plugins/sudoers/iolog.c:
7690 Log all input and output into separate files and store a number on
7691 each timing file line to indicate which file the data is in.
7694 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
7695 plugins/sudoers/sudoers.h:
7696 Make sudoers_io functions static to iolog.c
7699 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
7701 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
7702 src/sudo_usage.h.in:
7703 Completely remove the -L flag from the sudo front end.
7706 * plugins/sudoers/sudoreplay.c:
7707 Fix EAGAIN handling when writing to stdout.
7710 * plugins/sudoers/sudoers.c:
7711 Eliminate unused variables
7714 * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c:
7715 Re-enable cleanup functions in sudoers plugin and sudo driver for
7719 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
7720 plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
7721 plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
7722 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
7723 Use sudo_printf to display verbose version information.
7726 * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
7727 plugins/sudoers/Makefile.in, src/Makefile.in:
7728 Minor Makefile cleanup: fix a typo, change the removal order in the
7729 clean targets, and remove a superfluous include path for the sudoers
7733 * plugins/sudoers/env.c:
7734 Handle duplicate variables in the environment. For unsetenv(), keep
7735 looking even after remove the first instance. For sudo_putenv(),
7736 check for and remove dupes after we replace an existing value.
7739 2010-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
7741 * plugins/sudoers/Makefile.in:
7742 Use explicit path to source file instead of $< for files that live
7743 in devdir and top_srcdir.
7746 * plugins/sudoers/Makefile.in:
7747 Add explicit rules to compile gram.c and toke.c for HP-UX Pevent
7748 ending LIBSUDOERS_OBJS with a backslash
7751 * plugins/sudoers/Makefile.in, src/Makefile.in:
7752 Link libcommon before libreplace since libcommon may use functions
7753 only present in libreplace.
7756 * common/Makefile.in:
7757 Move code common to sudo and the sudoers plugin to a convenience
7758 library, libcommon. Removes the need to make links in the sudoers
7759 plugin dir and reduces re-compilation of duplicate object files.
7762 * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c,
7763 common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c,
7764 common/term.c, common/zero_bytes.c, configure, configure.in,
7765 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
7766 src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c,
7767 src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c,
7769 Move code common to sudo and the sudoers plugin to a convenience
7770 library, libcommon. Removes the need to make links in the sudoers
7771 plugin dir and reduces re-compilation of duplicate object files.
7774 * src/exec.c, src/sudo.c, src/sudo.h:
7775 Rename script_execve to sudo_execve and rename script_foo in exec.c
7778 * MANIFEST, src/Makefile.in, src/exec.c, src/script.c:
7779 rename script.c exec.c and fix up the MANIFEST file
7782 * src/script.c, src/sudo.c, src/sudo.h:
7783 Rename script_setup() to pty_setup() and call from script_execve()
7787 * configure, configure.in:
7788 bump version to 1.8.0a2
7791 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
7792 Document init_session
7795 * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
7796 plugins/sudoers/auth/sudo_auth.h:
7797 Clean up the sudoers auth API a bit and update the docs.
7800 * include/sudo_plugin.h, plugins/sudoers/auth/pam.c,
7801 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
7802 plugins/sudoers/sudoers.h, src/script.c, src/sudo.c:
7803 Add init_session function to struct policy_plugin that gets called
7804 before the uid/gid/etc changes. A struct passwd pointer is passed
7805 in,which may be NULL if the user does not exist in the passwd
7806 database.The sudoers module uses init_session to open the pam
7810 2010-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
7812 * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
7813 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c,
7814 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
7815 Add open/close session to sudo auth, only used by PAM. This allows
7816 us to open (and close) the PAM session from sudoers.
7819 * plugins/sudoers/Makefile.in:
7820 Add explicit rule to build getdate.o for HP-UX make.
7823 * plugins/sudoers/Makefile.in:
7824 Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c
7825 rules as an alternate way to prevent HP-UX make (and others) from
7826 trying to rebuild the parser in non-dev mode.
7829 * plugins/sudoers/sudoers.c:
7830 Re-enable PATH_MAX check for command
7834 For distclean, clean the main directory last since the subdirs need
7835 to be able to run libtool to clean things.
7838 * compat/Makefile.in:
7839 Fix generation of mksiglist.h
7843 Now that we defer sending cstat until the end of script_child() we
7844 cannot reuse cstat when reading command status from parent.
7847 2010-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
7849 * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl,
7850 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
7851 doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat,
7852 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
7853 Use numeric registers to handle conditionals instead of trying to do
7854 it all with text processing.
7858 Document per-command SELinux settings
7861 * plugins/sudoers/sudoers.c:
7862 Repair "sudo -l -U username"
7865 * plugins/sudoers/sudoers.c:
7866 Set selinux role and type in command details.
7869 * src/script.c, src/selinux.c, src/sudo.h:
7870 Rework SELinux support.
7873 2010-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
7875 * src/script.c, src/selinux.c, src/sudo.h:
7876 Make SELinux support compile again. Needs more work to be complete.
7879 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
7880 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
7881 src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c,
7883 Bring back closefrom settings.
7886 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
7887 plugins/sudoers/sudoers.h:
7888 If running a command or sudoedit in transcript mode, call
7889 io_nextid() before log_allowed() so the session id is logged.
7892 * configure, configure.in:
7893 Use mandoc(1) if nroff(1) is not present.
7897 Use the --file argument to config.status instead of setting
7898 CONFIG_FILES in the environment.
7901 * plugins/sudoers/Makefile.in:
7902 We cannot conditionally update gram.h or the dependency ordering
7903 gets messed up in devel mode.
7906 2010-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
7908 * Makefile.in, compat/Makefile.in, configure, configure.in,
7909 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
7910 plugins/sudoers/Makefile.in, src/Makefile.in:
7911 Substitute @SHELL@ into Makefiles
7918 * config.guess, config.sub, configure, configure.in:
7919 Update to autoconf 2.65
7923 Fix libtool target (space vs. tabs)
7926 * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c:
7927 Remove use of RETSIGTYPE; all modern systems have signal handlers
7931 * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in,
7932 ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
7933 m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in,
7934 plugins/sudoers/Makefile.in, src/Makefile.in:
7935 Update to libtool-2.2.6b. I haven't made any local modifications
7936 this time, which should be OK since we install sudo_noexec.so by
7940 * compat/Makefile.in, plugins/sample/Makefile.in,
7941 plugins/sudoers/Makefile.in, src/Makefile.in:
7942 Use libtool to clean objects
7945 * include/Makefile.in:
7946 Install sudo_plugin.h as part of "make install" and make other
7947 install targets callable from the top-level Makefile
7950 * configure, configure.in:
7951 regen with autoupdate to eliminate AC_TRY_LINK
7954 * Makefile.in, compat/Makefile.in, configure, configure.in,
7955 doc/Makefile.in, plugins/sample/Makefile.in,
7956 plugins/sudoers/Makefile.in, src/Makefile.in:
7957 Install sudo_plugin.h as part of "make install" and make other
7958 install targets callable from the top-level Makefile
7961 * plugins/sample/sample_plugin.c:
7962 The sample plugin doesn't support being run with no args so return a
7963 usage error in this case.
7966 * plugins/sudoers/iolog.c:
7967 Set close on exec flag for descriptors used for I/O logging so they
7968 are not present in the command being run.
7971 * plugins/sudoers/tsgetgrpw.c:
7972 Set close on exec flag in private versions of setpwent() and
7977 Close the I/O pipes aftering dup2()ing them to std{in,out,err}.
7978 Fixes extra fds being present in the command when it is part of a
7982 * plugins/sudoers/sudoers.c:
7983 Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it
7984 is used when logging). Note that user_ttypath will still be NULL if
7988 * src/script.c, src/sudo.h:
7989 Cosmetic changes: add comments, remove orphaned prototype and
7990 make a global static.
7993 2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
7996 Move check for maxfd == -1 to flush_output where it belongs.
8000 Break out of select loop if all the fds we want to select on are -1.
8004 Avoid possible malloc(0) if plugin returns an empty groups list.
8008 Add debugging info when calling plugin close function
8012 Avoid closing stdin/stdout/stderr when we are piping output.
8016 When execve() of the command fails, it is possible to receive
8017 SIGCHLD before we've read the error status from the pipe. Re-order
8018 things such that we send the final status at the very end and prefer
8019 error status over wait status.
8022 2010-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
8024 * plugins/sudoers/auth/sudo_auth.c:
8025 Fix compilation for non PAM/BSD auth/AIX auth
8028 2010-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
8031 Additional checks to make sure we don't close /dev/tty by mistake.
8032 When flushing, sleep in select as long as we have buffers that need
8037 Now that we can use pipes for stdin/stdout/stderr there is no longer
8038 a need to error out when there is no tty. We just need to make sure
8039 we don't try to use the tty fd if it is -1.
8042 2010-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
8044 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
8045 include/sudo_plugin.h, plugins/sample/sample_plugin.c,
8046 plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c:
8047 Add argc and argv to I/O logger open function.
8050 * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h,
8051 plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
8052 src/parse_args.c, src/sudo.c, src/sudo_edit.c:
8053 Remove check_sudoedit function pointer in struct sudo_policy.
8054 Instead, sudo will set sudoedit=true in the settings array. The
8055 plugin should check for this and modify argv_out as appropriate in
8059 2010-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
8061 * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
8063 If plugin sets "sudoedit=true" in the command info, enable sudoedit
8064 mode even if not invoked as sudoedit. This allows a plugin to
8065 enable sudoedit when the user runs an editor.
8068 2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
8070 * plugins/sudoers/Makefile.in:
8071 gram.h must not depend on gram.y if we want to avoid unnecessary
8072 rebuilding of targets dependent on gram.h when gram.y changes.
8075 * plugins/sample/sample_plugin.c:
8076 Refactor common bits of check_policy and check_edit
8079 * plugins/sample/sample_plugin.c:
8080 Add sudoedit support
8083 2010-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
8085 * plugins/sudoers/Makefile.in:
8086 Rely more on VPATH; fixes a dependency issue with the parser.
8090 Fix typo introduced in last commit
8094 Emulate seteuid using setreuid() or setresuid() as needed. There are
8095 still a few places that call seteuid() directly.
8098 * src/parse_args.c, src/sudo_edit.c:
8099 Attempt to fix building on systems that only have setuid.
8102 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8103 Clarify sudoedit a tad.
8106 2010-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
8109 Fix compilation on HP-UX
8112 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8116 * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
8117 Change how we handle the sudoedit argv. We now require that there
8118 be a "--" in argv to separate the editor and any command line
8119 arguments from the files to be edited.
8122 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
8123 plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
8124 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
8125 src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c,
8126 src/sudo.h, src/sudo_edit.c:
8127 Work in progress support for sudoedit. The actual interface used by
8128 the plugin for sudoedit is likely to change.
8131 * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
8132 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
8133 Make find_path() a little more generic by not checking def_foo
8134 variables inside it. Instead, pass in ignore_dot as a function
8138 * plugins/sudoers/env.c:
8139 Add version of getenv(3) that uses our own environ pointer.
8142 2010-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
8145 Avoid a potential race condition if SIGCHLD is received immediately
8146 before we call select().
8149 * plugins/sudoers/sudoers.c:
8150 Call env_init() before we open the sudoers sources as those may call
8151 our setenv() replacement.
8154 * plugins/sudoers/env.c:
8155 Initialize env_len in env_init()
8158 2010-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
8160 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
8161 Document time stamp shortcomings under SECURITY NOTES Use "time
8162 stamp" instead of timestamp.
8166 Make sed substitution of mansectsu and mansectform global.
8169 * plugins/sudoers/check.c:
8170 If the tty lives on a devpts filesystem, stash the ctime in the tty
8171 ticket file, as it is not updated when the tty is written to. This
8172 helps us determine when a tty has been reused without the user
8173 authenticating again with sudo.
8177 Fix pasto in mulitple signal fix and use _NSIG not NSIG since that
8178 is what our compat checks set.
8181 * configure, configure.in:
8182 Add check for whether sudo need to link with -ldl to get dlopen().
8183 This is a bit of a hack that will get reworked when libtool is
8187 * plugins/sudoers/check.c:
8188 Fix timestamp removal with -k/-K
8191 * plugins/sudoers/Makefile.in:
8192 audit.c is now private to the sudoers plugin
8195 * configure, configure.in:
8196 Link with -lpthread on HP-UX since a plugin may be linked with
8197 -lpthread and dlopen() will fail if the shared object has a
8198 dependency on -lpthread but the main program is not linked with it.
8201 * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c:
8202 Add separate test for getresuid() since HP-UX has setresuid() but no
8207 Remove errant backslash
8211 Fix SIGPIPE handling. Now that we use may use pipes for
8212 stdin/stdout we need to pass any SIGPIPE we receive to the running
8217 Also start the command in the background if stdin is not a tty.
8220 2010-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
8222 * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c:
8223 No need to use pseudo-cbreak mode now that we use pipes when stdout
8224 is not a tty. Instead, check whether stdin is a tty and if not,
8225 delay setting the tty to raw mode until the command tries to access
8226 it itself (and receives SIGTTIN or SIGTTOU).
8230 Use an array for signals received instead of a single variable so we
8231 don't lose any when there are multiple different signals.
8235 Do signal setup after turning off echo, not before. If we are using
8236 a tty but are not the foreground pgrp this will generate SIGTTOU so
8237 we want the default action to be taken (suspend process).
8240 2010-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
8243 Flush the iobufs on suspend or child exit using the same logic as
8244 the main event loop.
8248 Free memory after we are done with it.
8251 2010-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
8254 Quest now sponsors Sudo development
8257 2010-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
8260 Install sudo_plugin man page.
8264 Go back to reseting io_buffer offset and length (and now also the
8265 EOF handling) in the loop we do the FD_SET, not after we drain the
8266 buffer after write() since we don't know what order reads and writes
8271 audit files moved to sudoers plugin directory
8274 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8275 Document plugin_printf and new logging functions.
8279 Add support for logging stdin when it is not a tty. There is still a
8280 bug where "cat | sudo cat" has problems because both cat and sudo
8281 are trying to read from the tty.
8284 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
8285 plugins/sudoers/sudoers.c, src/script.c:
8286 Add separate I/O logging functions for tty in/out and
8287 stdin/stdout/stderr. NOTE: stdin logging does not currently work and
8288 is disabled for now.
8291 2010-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
8293 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
8294 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
8295 plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
8296 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
8297 src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
8298 Add pointer to a printf like function to plugin open functon. This
8299 can be used instead of the conversation function to display info and
8304 Stop if make in a subdir fails
8308 Only set user's tty to blocking mode when doing the final flush.
8309 Flush pipes as well as pty master when the process is done.
8312 2010-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
8314 * plugins/sudoers/ldap.c:
8315 Use print_error() when displaying ldap config info in debugging
8319 * compat/Makefile.in, compat/strdup.c, compat/strndup.c:
8320 No longer need strdup() or strndup() replacements.
8323 * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
8324 plugins/sudoers/sudoers.h:
8325 Add print_error() function that uses the conversation function to
8326 print a variable number of error strings and use it in log_error().
8329 * src/script.c, src/sudo.h, src/term.c:
8330 Do not need the opost flag to term_copy() now that we use pipes for
8331 stdout/stderr when they are not a tty.
8335 Use pipes to the sudo process if stdout or stderr is not a tty.
8336 Still needs some polishing and a decision as to whether it is
8337 desirable to add additonal entry points for logging
8338 stdout/stderr/stdin when they are not ttys. That would allow a
8339 replay program to keep things separate and to know whether the
8340 terminal needs to be in raw mode at replay time.
8343 2010-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
8345 * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
8346 plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
8347 src/audit.c, src/bsm_audit.c, src/bsm_audit.h:
8348 Move audit sources into the sudoers plugin dir; the driver does not
8352 * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c,
8353 compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c,
8354 plugins/sudoers/boottime.c, plugins/sudoers/getdate.c,
8355 plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
8356 plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c,
8357 src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c,
8358 src/term.c, src/ttysize.c:
8359 Use angle brackets when including headers that can only be found
8360 when an -I flag is specified. The files in the compat dir could get
8361 away with double quotes here but I've converted all the source files
8362 to use angle brackets for consistency.
8365 * plugins/sudoers/Makefile.in:
8366 Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat
8367 dir can be found when building outside the source tree.
8370 * plugins/sudoers/Makefile.in:
8371 Clean up links in distclean
8374 * plugins/sudoers/Makefile.in:
8375 Hack around VPATH semantic differences by symlinking files we need
8376 from ../../src into the current directory and build those. A better
8377 fix would be to either make a .a or .la file with those files in it
8378 or simply use a single, flat, Makefile instead of per-subdirs
8382 * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c:
8383 fmt_string is used by the sudoers plugin too so do not include
8384 sudo.h (which is not really needed here anyway)
8387 * compat/Makefile.in, plugins/sample/Makefile.in,
8388 plugins/sudoers/Makefile.in, src/Makefile.in:
8389 Fix building with non-BSD versions of make such as GNU make.
8390 Requires VPATH support, which should be in any non-neolithic make.
8393 * configure, configure.in, plugins/sudoers/Makefile.in,
8394 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
8396 Re-enable bsm audit. Currently auditing is done within the sudoers
8397 plugin itself. If possible, this should really be done in the main
8398 driver but we don't presently have the needed data to do that. This
8399 will be re-evaluated when Linux audit support is added.
8402 * compat/Makefile.in, plugins/sample/Makefile.in,
8403 plugins/sudoers/Makefile.in, src/Makefile.in:
8404 Remove extraneous $srcdir and use more .c.lo and .c.o rules instead
8405 of explicit rules in the dependency.
8408 * plugins/sudoers/visudo.c:
8409 Fix mismerge; alias_remove_recursive() now returns int
8412 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
8414 * plugins/sudoers/visudo.c:
8415 Fix a crash when checking a sudoers file that has aliases that
8416 reference themselves. Based on a diff from David Wood.
8420 Print signal info after restoring the tty mode, not before.
8424 Defer call to alarm() until after we fork the child. Pass correct
8425 pid to terminate_child() If the command exits due to signal, set
8426 alive to false like we do when it exits normally. Add missing
8427 check for errpipe[0] != -1 before using it in FD_ISSET
8430 2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
8432 * plugins/sudoers/boottime.c:
8433 Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h
8436 2010-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
8439 Simplify dependencies by using .c.o and .c.lo rules.
8442 * configure, configure.in, plugins/sudoers/Makefile.in,
8444 Substitute in @PROGS@ into src/Makefile to add sesh
8447 2010-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
8449 * plugins/sudoers/sudoers.c:
8450 Add back calls to log_denial() if sudoers does not allow the
8454 * plugins/sudoers/sudoers.c:
8455 Pass in correct pwflag for list and validate.
8458 * plugins/sudoers/env.c:
8459 Add missing check for NULL in validate_env_vars
8463 Add sudo_noexec.la to "all" target, otherwise it only gets built at
8467 * plugins/sudoers/sudoers.c:
8468 Only set sudo_user.env_vars if the env_add list is empty.
8471 * plugins/sudoers/sudoers.c:
8472 Set sudo_user.env_vars so that environment variables specified on
8473 the command line get logged correctly.
8476 * plugins/sudoers/env.c, plugins/sudoers/logging.c,
8477 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
8478 Re-enable environment files and setting environment variables on the
8482 2010-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
8484 * plugins/sudoers/check.c:
8485 Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime()
8486 a pointer to time_t as tv_sec in struct timeval may be long.
8489 * plugins/sudoers/check.c:
8490 Don't stash ctime in on-disk tty ticket info for now; on many
8491 (most?) systems the ctime is updated when the tty is written to.
8492 Once I have a better idea of what systems do not update ctime on
8493 ttys (and have a way to test for this) the ctime stash will be
8494 conditionally re-enabled.
8497 2010-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
8499 * MANIFEST, Makefile.in:
8500 Add back "dist" target, this time using a MANIFEST file
8504 Remove Makefile in distclean target
8507 * Makefile.in, src/Makefile.in:
8508 Update clean and cleandir targets
8511 * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c,
8513 Move fileops.c defines and prototypes to filesops.h
8516 * plugins/sudoers/check.c:
8517 Lock the tty timestamp when writing. We shouldn't have to lock when
8518 reading since the file is updated via a single write system call.
8521 2010-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
8523 * plugins/sudoers/alias.c, plugins/sudoers/check.c,
8524 plugins/sudoers/defaults.c, plugins/sudoers/find_path.c,
8525 plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c,
8526 plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c,
8527 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
8528 plugins/sudoers/logging.c, plugins/sudoers/match.c,
8529 plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
8530 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
8531 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
8532 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
8533 plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c,
8534 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
8535 Convert to ANSI C function declarations
8538 * plugins/sudoers/sudoers.h:
8539 Remove extraneous bits and classify by source file.
8543 Add timercmp macro for systems without it
8546 * plugins/sudoers/boottime.c, plugins/sudoers/check.c,
8547 plugins/sudoers/sudoers.h:
8548 get_boottime() now fills in a timeval struct
8551 * plugins/sudoers/check.c:
8552 Store info from stat(2)ing the tty in the tty ticket when tty
8553 tickets are in use. On most systems, this closes the loophole
8554 whereby a user can log out of a tty, log back in and still have the
8558 * config.h.in, configure.in:
8559 Add timespec2timeval and use it when getting ctime/mtime
8562 2010-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
8564 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c,
8565 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
8566 plugins/sudoers/testsudoers.c:
8567 Convert perm setting to push/pop model; still needs some work Use
8568 the stashed runas groups instead of using getgrouplist() Reset perms
8569 to the initial value on error
8572 * config.h.in, configure.in:
8573 fix ctim_get and mtim_get macros
8576 * config.h.in, configure, configure.in, include/compat.h,
8577 plugins/sudoers/check.c, plugins/sudoers/gettime.c,
8578 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c:
8579 Use timeval directly instead of converting to timespec when dealing
8580 with file times and time of day.
8583 * plugins/sudoers/Makefile.in:
8584 Don't like sudoreplay with libsudoers.la due to a yacc symbol
8588 2010-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
8590 * configure, configure.in:
8591 Darwin >= 9.x has real setreuid(2)
8594 2010-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
8596 * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
8600 * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
8601 plugins/sudoers/sudoers.h:
8602 Remove remaining references to the environ pointer.
8605 2010-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
8607 * config.h.in, configure, configure.in, plugins/sudoers/env.c:
8608 Don't change the environ directly in the sudoers plugin
8611 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
8613 * plugins/sudoers/sudoers.c:
8617 * plugins/sudoers/alias.c:
8618 Fix use after free in error message when a duplicate alias exists.
8621 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
8623 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
8625 Add a "noninteractive" boolean to the settings passed in to the
8626 plugin's open function that is set when the user specifies the -n
8630 * config.h.in, configure, configure.in, plugins/sudoers/env.c:
8631 Add workaround for the lack of the environ pointer on Mac OS X in
8632 dlopen()ed modules. Use of environ in the sudoers plugin should
8633 ultimately be removed but this will do for the moment.
8636 * plugins/sudoers/visudo.c:
8637 Set errorfile to the sudoers path if we set parse_error manually.
8638 This prevents a NULL dereference in printf() when checking a sudoers
8639 file in strict mode when alias errors are present.
8642 * plugins/sudoers/sudoers.c:
8643 Main sudo no longer print "unable to execute" on exec failure so do
8647 2010-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
8650 Use a pipe to pass back errno to the parent if execve() fails. If we
8651 get an error in script_child(), kill the command and exit.
8654 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
8655 src/parse_args.c, src/sudo.c:
8656 Handle plugin's open function returning -2 (usage error).
8660 If execve() fails, leave it to the plugin to print an error string.
8664 If execve fails in logging mode, pass the errno directly to the
8665 grandparent on the backchannel and exit. The immediate parent will
8666 get SIGCHLD and try to report that status but its parent will no
8667 longer be listening. It would probably be cleaner to pass this over
8668 a pipe in script_child().
8671 * plugins/sudoers/sudoers.c:
8672 Don't override rval with results of check_user() unless it failed.
8675 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
8677 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
8682 NULL-terminate env_add
8685 2010-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
8688 Call the I/O log open function before the I/O version function.
8691 * plugins/sudoers/iolog.c:
8692 Remove io_conv and just use sudo_conv
8695 * plugins/sudoers/set_perms.c:
8696 Fix set/restore perms for systems w/o setresuid
8699 2010-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
8701 * plugins/sudoers/check.c, plugins/sudoers/logging.c,
8702 plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
8703 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
8704 Primitive set/restore permissions. Will be replaced by a push/pop
8709 Only need to take action on SIGCHLD in parent if no I/O logger. If
8710 there is an I/O logger we will receive ECONNRESET or EPIPE when we
8711 try to read from the socketpair.
8714 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
8716 * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in,
8717 doc/sudoers.pod, plugins/sudoers/find_path.c:
8718 Merge fb4d571495fa from the 1.7 branch to trunk.
8721 2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
8724 Don't set SA_RESTART when registering SIGALRM handler. Do set
8725 SA_RESTART when registering SIGWINCH handler.
8729 Add dev targets for *.man.in and *.cat that don't specfify the
8734 If log_input or log_output returns false, terminate the command.
8738 Better signal handling. Instead of using a single variable to store
8739 the received signal, use an array so we can't lose a signal when
8740 multiple are sent. Fix process termination by SIGALRM in non-I/O
8741 logger mode. Fix relaying terminal signals to the child in non-I/O
8746 Fix a race between when we get the child pid in the parent and when
8747 the child process exits. The problem exhibited as a hang after a
8748 short-lived process, e.g. "sudo id" when no IO logger was enabled.
8751 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
8753 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
8754 Add a note about the security implications of the fast_glob option.
8757 2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
8759 * config.h.in, configure, configure.in:
8760 Fix up some AC_DEFINE descriptions and regen config.h.in
8763 2010-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
8765 * include/missing.h:
8766 No longer check for strdup or strndup for LIBOBJ replacement.
8770 Avoid installing signal handlers that are io-logger specific. Fixes
8771 job control when no io logger is enabled.
8775 Only regen man pages from pod when configured with --with-devel
8778 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
8780 * Makefile, Makefile.in, configure, configure.in:
8781 Top-level Makefile.in. Nothing is currently substituted but this is
8782 needed for separate build dirs.
8785 * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in,
8786 plugins/sudoers/Makefile.in, src/Makefile.in:
8787 Fix out-of-tree builds
8794 We always install sudoreplay in 1.8
8797 2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
8799 * compat/siglist.in:
8800 SIGPOLL is sometimes the same as SIGIO (like on HP-UX)
8803 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
8805 * configure, configure.in:
8806 No need to provide strdup() or strndup(), sudo uses estrdup() and
8810 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
8812 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
8813 Free str after using it in the version method. Use sudo_conv, not
8814 io_conv since we don't have the IO conversation function pointer in
8815 the I/O version method anymore now that io_open is delayed.
8818 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
8820 * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
8822 Add license to mksiglist.c and note that the bits from pdksh are
8826 * compat/Makefile.in:
8827 Fix LIBOBJDIR vs. srcdir wrt the siglist bits
8830 * plugins/sudoers/Makefile.in:
8831 Add sudoreplay testsudoers and visudo to clean target
8834 * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
8835 compat/siglist.in, compat/strsignal.c, configure, configure.in,
8836 include/missing.h, src/script.c:
8837 Create our own sys_siglist for systems without it for use by
8841 * compat/Makefile.in:
8842 Remove duplicate $(LIBOBJDIR)
8845 2010-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
8847 * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c:
8848 Main sudo should not block signals; the plugin should do this in
8852 2010-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
8855 Fix a sizeof(ptr) vs. sizeof(*ptr)
8859 Unlike most operating systems, HP-UX select() is not interrupted by
8860 SIGCHLD when the signal is registered with SA_RESTART. If we clear
8861 SA_RESTART when calling sigaction() for SIGCHLD we get the expected
8862 behavior and the code in the select() loops already handles EINTR
8866 * compat/getprogname.c:
8867 progname should be const
8870 * plugins/sudoers/Makefile.in:
8871 Move --tag=disable-static to when we link sudoers.la, not when we
8875 * src/load_plugins.c:
8876 Load the sudoers I/O plugin by default too now that it is hooked up.
8879 2010-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
8882 It looks like AIX doesn't need to push STREAMS modules for ptys.
8885 2010-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
8887 * src/parse_args.c, src/sudo.c:
8888 Delay calling the I/O plugin open function until the policy plugin
8892 2010-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
8894 * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
8895 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
8896 plugins/sudoers/sudoers.h:
8897 Add back io logging (transcript) support. Currently, the open
8898 function runs too early and it is not possible to use the io module
8899 independently of the policy module.
8902 * plugins/sudoers/set_perms.c:
8903 Comment out dead code; will be removed when set_perms is rewritten.
8906 2010-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
8908 * plugins/sudoers/sudoers.c:
8909 Fix off by one error when allocating user_groups.
8912 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
8914 * configure, configure.in, plugins/sudoers/Makefile.in:
8915 Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris.
8918 * plugins/sudoers/sudoers.c:
8919 Fix typo in preserve groups case
8922 * plugins/sudoers/sudoers.c:
8923 In command_info it is "runas_groups" not "groups".
8927 Fix iteration over runas_groups list.
8930 * configure, configure.in, plugins/sudoers/env.c,
8931 plugins/sudoers/match.c, src/script.c:
8932 Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch.
8935 * compat/getgrouplist.c:
8936 getgrouplist(3) for those without it
8939 * plugins/sudoers/sudoers.c:
8940 Set preserve_groups or groups list in command_info
8944 Fix setting of groups list
8947 * config.h.in, configure, configure.in, include/compat.h,
8949 Add checks for getgrset and getgrouplist and use replacement
8950 getgrouplist if the system doesn't support it.
8954 Pass in preserve_groups when the -P flag is specified as per the
8958 * plugins/sudoers/sudoers.c:
8959 Check preserve_groups and ignore_ticket args with atobool instead of
8960 assuming they are true if present.
8963 2010-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
8965 * plugins/sudoers/Makefile.in, plugins/sudoers/error.c,
8966 plugins/sudoers/plugin_error.c:
8967 Rename plugin-specific error.c to plugin_error.c Wire up visudo,
8968 sudoreplay and testsudoers in the build
8971 * src/Makefile.in, src/term.c:
8972 term.c does not needto include sudo.h
8975 * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
8976 doc/sudo_plugin.pod:
8977 Document the -2 return in the check_policy section too
8980 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
8981 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
8982 src/parse_args.c, src/sudo.c, src/sudo.h:
8983 Fix the -s and -i flags and add support for the "implied_shell"
8984 option. If the user does not specify a command, sudo will now pass
8985 in the path to the user's shell and set impied_shell=true. The
8986 plugin can them either check the command normally or return -2 to
8987 cause sudo to print a usage message and exit.
8990 2010-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
8992 * config.h.in, configure, configure.in, src/load_plugins.c:
8993 Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for
8994 Darwin where libraries end in .dylib but modules end in .so
8997 * plugins/sudoers/parse.c:
8998 Better prefix determination now that we can't rely on len==0 to tell
8999 the beginning on an entry.
9002 * plugins/sudoers/ldap.c:
9003 display_bound_defaults() stub should return 0, not 1 since it is a
9004 count, not a boolean.
9007 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9008 Document progname in settings
9011 * compat/getprogname.c, include/compat.h,
9012 plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
9013 src/parse_args.c, src/sudo.c:
9014 Rewrite compat/getprogname.c and add setprogname(). The progname is
9015 now passed to the plugin via the settings array.
9018 * configure, configure.in, plugins/sudoers/Makefile.in:
9022 * plugins/sudoers/sudo_nss.c:
9023 Add missing whitespace for Runas and Command-specific defaults
9026 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
9027 plugins/sudoers/sudo_nss.c:
9028 Use embedded newlines in lbuf instead of multiple calls to
9033 Add support for embedded newlines.
9036 2010-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
9038 * compat/getprogname.c:
9039 If system doesn't support getprogname or __programe and we are
9040 building a shared object don't bother with Argc/Argv, just return
9044 * config.h.in, configure, configure.in, src/load_plugins.c:
9045 Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool
9046 appears to always install a shared object with the .so suffix.
9049 * compat/Makefile.in, configure, configure.in,
9050 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
9052 Play more nicely with libtool and let it build libreplace (was
9056 * include/missing.h:
9057 Include stdarg.h for va_list rather than requiring all consumers of
9058 missing.h to include stdarg.h themselves.
9061 * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c,
9062 plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c,
9063 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
9065 Pass in output function to lbuf_init() instead of writing to stdout.
9066 A side effect is that the usage info can now go to stderr as it
9070 2010-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
9072 * include/lbuf.h, plugins/sudoers/sudo_nss.c,
9073 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
9074 src/parse_args.c, src/sudo.c:
9075 Use number of tty columns that is passed in user_info instead of
9076 getting it directly in the lbuf code.
9079 * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
9080 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
9081 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h,
9082 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
9083 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
9084 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
9085 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
9086 plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
9087 plugins/sudoers/logging.h, plugins/sudoers/match.c,
9088 plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c,
9089 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
9090 plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
9091 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h,
9092 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
9093 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
9094 plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
9095 plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c,
9096 plugins/sudoers/visudo.c:
9100 * config.h.in, configure, configure.in, src/load_plugins.c:
9101 Set the sudoers plugin name in configure so we get the extension
9105 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9106 Document lines/cols in user_info
9109 * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c:
9110 Add tty size to user info
9114 Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ
9117 2010-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
9119 * plugins/sudoers/sudoers.c:
9120 Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error
9121 out if we fail to lookup the user's name that is passed in
9124 * plugins/sudoers/error.c:
9125 Pass the error value back via siglongjmp.
9128 * plugins/sudoers/check.c:
9129 Use conversation function for lecture.
9132 * plugins/sudoers/check.c:
9133 Don't update ticket file if verify_user returns FALSE.
9136 2010-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
9138 * plugins/sudoers/sudoers.c, src/sudo.c:
9139 Wire up invalidate and validate methods for sudoers
9142 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
9143 plugins/sudoers/sudoers.h:
9144 Add support for -k flag with a command.
9148 Allow -k to be specified with a command.
9151 * plugins/sudoers/sudoers.c:
9155 * plugins/sudoers/error.c:
9156 Add newline at the end of message and space after the colon in
9160 * plugins/sudoers/auth/sudo_auth.c:
9161 Add missing newline after pass password warning
9164 * plugins/sudoers/sudoers.c:
9165 Set user_groups and user_ngroups based on user_info
9168 * plugins/sudoers/error.c:
9172 * plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
9173 Make _warning in error.c use the conversation function and remove
9174 commented out warning/warningx in sudoers.c.
9177 * plugins/sudoers/logging.c:
9178 Use siglongjmp() in log_error for fatal errors
9181 * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in:
9182 Quiet a libtool warning
9186 Build sudoers plugin
9189 * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
9190 Use warningx in yyerror() so the conversation function gets used
9191 when built as part of sudoers.
9194 2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
9196 * plugins/sudoers/auth/pam.c:
9197 Rename sudo_conv to conversation to avoid a namespace conflict.
9200 * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
9201 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
9202 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
9203 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
9204 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
9205 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
9206 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
9207 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
9208 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
9209 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
9210 plugins/sudoers/env.c, plugins/sudoers/error.c,
9211 plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
9212 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
9213 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
9214 plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
9215 plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
9216 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
9217 plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
9218 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
9219 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
9220 plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c,
9221 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
9222 Initial bits of sudoers plugin; still needs work.
9226 Add HAVE_STRDUP and HAVE_STRNDUP
9229 * compat/Makefile.in, configure, configure.in:
9230 Build libmissing in two flavors (one PIC one non-PIC) and link with
9231 the appropriate one.
9234 * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
9235 compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in:
9236 Build libmissing in two flavors (one PIC one non-PIC) and link with
9237 the appropriate one.
9240 2010-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
9242 * include/missing.h:
9243 Add strdup and strndup and fix strsignal
9246 2010-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
9248 * compat/strdup.c, compat/strndup.c, configure, configure.in,
9249 plugins/sample/Makefile.in, src/Makefile.in:
9250 Add strdup and strndup to compat
9253 * plugins/sample/sample_plugin.c:
9254 Need to include compat.h before missing.h
9257 * compat/strsignal.c:
9258 Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if
9259 it doesn't exist configure will set it to 0.
9263 Fix botched ANSI C coversion of globexp2()
9266 * configure, configure.in:
9267 Remove redundant getgroups check
9270 * configure, configure.in, src/lbuf.c, src/script.c, src/term.c:
9271 Require either termios or termio, no more sgtty.
9274 * compat/strsignal.c, config.h.in, configure, configure.in:
9275 Change the sys_siglist check to use AC_CHECK_DECLS and also check
9276 for _sys_siglist and__sys_siglist
9279 2010-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
9281 * configure, configure.in, src/Makefile.in:
9282 Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now
9283 use SUDO_OBJS for the main driver as part of OBJS.
9286 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9287 Mention in the conversation function section that a newline is not
9292 Add definition of WCOREDUMP for systems without it. This is known
9293 to work on AIX and SunOS 4, but may be incorrect on other systems
9294 that lack WCOREDUMP.
9297 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
9299 * plugins/sample/sample_plugin.c, src/conversation.c:
9300 conversation function no longer puts a newline at the end of info or
9304 2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
9307 Use parent process group id instead of parent process id when
9308 checking foreground status and suspending parent. Fixes an issue
9309 when running commands under /usr/bin/time and others.
9312 2010-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
9315 transcript option is now --with not --enable
9318 * plugins/sample/sample_plugin.c:
9319 Add support to -u and -g flags Check fmt_string retval Add timeout
9320 for debugging purposes
9323 * src/script.c, src/sudo.c:
9324 Wire up SIGALRM handler Set close on exec flag for child side of the
9325 socketpair Fix signal handling when not doing I/O logging
9329 g/c unused SIGCHLD handler
9332 * src/fmt_string.c, src/parse_args.c, src/sudo.c:
9333 Don't use emalloc() in fmt_string(); we want to be able to use it
9338 tq_remove not list_remove
9341 * configure, configure.in:
9342 AUTH_OBJS should contain .lo files not .o files.
9345 2010-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
9348 Simplify conversion of command line args to name=value pairs.
9351 * plugins/sample/sample_plugin.c:
9352 Handle NULL reply from conversation function
9356 Don't depend on emalloc/erealloc
9359 * plugins/sample/Makefile.in:
9360 Use $(OBJS) instead of sample_plugin.lo
9363 * plugins/sample/sample_plugin.c:
9364 runas_user is in settings not user_info
9368 Fix a mismatch between sudo_settings and settings_pairs that causes
9369 some settings to get the wrong values.
9372 2010-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
9374 * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c,
9375 src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c,
9376 src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c:
9380 * src/load_plugins.c:
9381 Fix strlcpy() return value check.
9384 * INSTALL, configure, configure.in:
9385 No longer need to substitute in script.o and pty.o; I/O logging
9386 support is always built.
9389 2010-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
9392 Add fallback to /bin/sh when execve() fails with ENOEXEC.
9395 * include/alloc.h, src/alloc.c:
9399 2010-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
9401 * src/script.c, src/sudo.c:
9402 Refactor script_execve() a bit so that it can be used in non-script
9403 mode. Needs more cleanup.
9407 Ignore empty entries in command_info list
9410 * include/list.h, src/list.c:
9414 * src/conversation.c:
9415 Pass timeout to tgetpass()
9419 Add ChangeLog target
9423 Bump version and update things slightly for sudo 1.8.0
9426 * configure, configure.in:
9427 Sudo now requires an ANSI/ISO C compiler
9430 * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c,
9435 * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
9436 include/list.h, include/missing.h:
9440 * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c,
9441 compat/fnmatch.h, compat/getcwd.c, compat/getline.c,
9442 compat/getprogname.c, compat/glob.c, compat/glob.h,
9443 compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
9444 compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
9445 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
9446 compat/strlcpy.c, compat/strsignal.c, compat/utime.h,
9451 2010-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
9453 * src/sudo.c, src/tgetpass.c:
9454 Make user_details extern so tgetpass can get at the uid and gid. Set
9455 uid/gid to user before executing askpass program. Check environment
9456 for SUDO_ASKPASS and use that if set. TODO: a way for the policy to
9457 set the askpass program itself
9461 No longer need sudo_usage.h in sudo.c
9464 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in,
9465 doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c,
9466 src/sudo_usage.h.in:
9467 Document -D level command line flag which maps to the debug_level
9471 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9472 Document debug_level in plugin doc. Still need to document the -D
9473 flag in sudo itself.
9476 2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
9478 * plugins/sample/sample_plugin.c:
9479 include missing,h for vasprintf
9482 * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat,
9483 doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9484 Rename plugin.pod -> sudo_plugin.pod and wire into Makefile
9487 * plugins/sample/sample_plugin.c:
9488 Need to include limits.h
9495 * plugins/sample/Makefile.in, src/Makefile.in:
9496 Add missing compat bits
9499 * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in:
9500 compat files should not include sudo.h wire up compat in sample
9504 * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in:
9505 Fix up compat dependencies. Fix distclean target in doc/Makefile.in
9508 * configure, configure.in:
9512 * plugins/sample/sample_plugin.c:
9513 Log input and output to temp files for proof of concept.
9516 * Makefile, configure, configure.in, doc/Makefile.in:
9517 Add doc Makefile.in and wire it up
9521 Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with
9522 suspending a shell with the "suspend" builtint.
9526 In child, handle parent side of the pipe going away.
9530 No longer need to check for explicit death of the child (process #2)
9531 since if it dies we will get EPIPE from the socketpair. Fix a
9532 sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to
9537 Make sudo_debug do a single vfprintf() which will result in a single
9538 write call on most systems. Avoids problems with interleaved debug
9539 printf from different processes. Also remove an extraneous error
9540 case since recv() can't return a short read and add some more XXX.
9543 2010-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
9546 Fix uninitialized variable.
9550 Fix sudo install target
9553 * src/parse_args.c, src/sudo.c, src/sudo.h:
9561 * configure, configure.in:
9562 Fix setting of plugin dir
9570 Add missing source for sudo front end
9573 * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c:
9574 Sample plugin demonstrating the sudo plugin API
9577 * Makefile, configure, configure.in, install-sh, pathnames.h.in,
9578 plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c,
9579 src/fileops.c, src/fmt_string.c, src/load_plugins.c,
9580 src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h,
9581 src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c,
9583 Modular sudo front-end which loads policy and I/O plugins that do
9584 most the actual work. Currently relies on dynamic loading using
9585 dlopen(). See doc/plugin.pod for the plugin API.
9588 * doc/plugin.pod, include/sudo_plugin.h:
9592 * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
9593 compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c,
9594 plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
9595 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
9596 src/fileops.c, src/sudo_edit.c:
9597 Replace emul/include.h with compat/include.h to match new source
9602 Include missing.h for memrchr() proto
9605 * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING,
9606 TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c,
9607 alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c,
9608 auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
9609 auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
9610 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
9611 auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c,
9612 closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c,
9613 compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c,
9614 compat/getline.c, compat/getprogname.c, compat/glob.c,
9615 compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
9616 compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
9617 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
9618 compat/strlcpy.c, compat/strsignal.c, compat/timespec.h,
9619 compat/utime.h, compat/utimes.c, def_data.c, def_data.h,
9620 def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE,
9621 doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod,
9622 doc/license.pod, doc/sample.pam, doc/sample.sudoers,
9623 doc/sample.syslog.conf, doc/schema.ActiveDirectory,
9624 doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat,
9625 doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat,
9626 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
9627 doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod,
9628 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
9629 doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h,
9630 emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c,
9631 error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c,
9632 getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c,
9633 gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod,
9634 include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
9635 include/list.h, include/missing.h, ins_2001.h, ins_classic.h,
9636 ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c,
9637 interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod,
9638 list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h,
9639 mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c,
9640 nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in,
9641 plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp,
9642 plugins/sudoers/alias.c, plugins/sudoers/auth/API,
9643 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
9644 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
9645 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
9646 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
9647 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
9648 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
9649 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
9650 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
9651 plugins/sudoers/boottime.c, plugins/sudoers/check.c,
9652 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
9653 plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
9654 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
9655 plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
9656 plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
9657 plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c,
9658 plugins/sudoers/gram.c, plugins/sudoers/gram.h,
9659 plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h,
9660 plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
9661 plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh,
9662 plugins/sudoers/insults.h, plugins/sudoers/interfaces.c,
9663 plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
9664 plugins/sudoers/logging.c, plugins/sudoers/logging.h,
9665 plugins/sudoers/match.c, plugins/sudoers/mkdefaults,
9666 plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h,
9667 plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
9668 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
9669 plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
9670 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
9671 plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers,
9672 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
9673 plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c,
9674 plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
9675 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
9676 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c,
9677 plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h,
9678 sample.pam, sample.sudoers, sample.syslog.conf,
9679 schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c,
9680 selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c,
9681 src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h,
9682 src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c,
9683 src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c,
9684 src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c,
9685 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
9686 sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c,
9687 sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat,
9688 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
9689 sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif,
9690 sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod,
9691 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
9692 tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat,
9693 visudo.man.in, visudo.pod, zero_bytes.c:
9694 Rework source layout in preparation for modular sudo.
9697 2010-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
9699 * Avoid a duplicate fclose() of the sudoers file.
9702 * Fix size arg when realloc()ing include stack. From Daniel Kopecek
9705 * Use setrlimit64(), if available, instead of setrlimit() when setting
9706 AIX resource limits since rlim_t is 32bits.
9709 * Fix use after free when sending error messages. From Timo Juhani
9713 * ChangeLog, Makefile.in:
9714 Generate the ChangeLog as part of "make dist" instead of having it
9718 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
9720 * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
9721 auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
9722 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
9723 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
9724 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
9725 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
9726 emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
9727 fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
9728 gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
9729 ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
9730 isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
9731 logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
9732 mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
9733 pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
9734 sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
9735 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
9736 strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
9737 sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
9738 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
9739 sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
9740 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
9741 utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
9742 Remove CVS $Sudo$ tags.
9745 2010-01-18 convert-repo <convert-repo>
9751 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
9754 make this match sudoers SYNOPSIS
9758 Print a newline between Runas and Command-specific defaults in sudo
9763 Use SET and CLR macros in term_raw
9767 Set stdin to non-blocking mode early instead of in check_input. Use
9768 term_raw instead of term_cbreak since the data we get has already
9769 been expanded via OPOST.
9772 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
9775 Enable/disable all postprocessing instead of just nl->crnl
9776 processing since things like tab expansion matter too. However, if
9777 stdout is a tty leave postprocessing on in the pty since we run into
9778 problems doing it only on the real stdout with .e.g nvi.
9781 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
9784 If tty_tickets is enabled and there is no tty, prompt for a
9785 password. Do not lecture user for "sudo -k command" if user has a
9790 Document missing options: --with-efence and --with-bsm-audit
9793 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
9794 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
9795 sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
9796 visudo.man.in, visudo.pod:
9797 username -> user name groupname -> group name hostname -> host name
9800 * INSTALL, README.LDAP, sudoers.pod:
9801 filename -> file name like the rest of the docs
9804 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
9807 Fix printing of entries with multiple host entries on a single line.
9810 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
9813 Mention that targetpw affects the timestamp file name.
9816 * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
9818 Add compress_transcript option.
9821 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
9823 * configure, configure.in:
9827 * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
9828 Better split of membership vs. traditional group check in
9829 user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
9832 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
9835 Fix pasto and add default return value.
9838 * check.c, match.c, pwutil.c, sudo.h:
9839 refactor group member checking into user_in_group()
9842 * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
9844 Add support for mbr_check_membership() as present in darwin.
9847 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
9850 Rename label to be accurate
9853 * Makefile.in, boottime.c, check.c, config.h.in, configure,
9854 configure.in, sudo.h:
9855 Treat timestamp files from before we booted as old. Idea from and
9859 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
9861 * sudo.c, sudo.pod, sudo_usage.h.in:
9862 Allow the -u flag to be used in conjunction with the -v flag as per
9863 older versions of sudo.
9867 fix typo in last commit
9870 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
9873 Convert fmt_first and fmt_confd into macros.
9877 timeouts can be floats now
9880 * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
9881 defaults.h, mkdefaults:
9882 Add support for floating point timeout values (e.g. 2.5 minutes).
9885 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
9888 The -L flag will be removed in sudo 1.7.4
9891 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
9894 Fix a bug due to order of operators.
9897 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
9900 cmnd_matches() already deals with negation so _cmndlist_matches()
9901 does not need to do so itself. Fixes a bug with negated entries in
9905 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
9908 Don't exit() from open_sudoers, just return NULL for all errors.
9912 Can't rely on the shell sending us SIGCONT when transitioning from
9913 backgroup to foreground process.
9917 Add missing extern def for parse_error
9920 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
9923 Avoid a parse error when #includedir doesn't find any files. Closes
9928 Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
9931 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
9934 Start command out in foreground mode if stdout is a tty. Works
9935 around issues with some curses-based programs that don't handle
9936 tcsetattr getting interrupted by a signal. Still allows us to avoid
9937 hogging the tty if the command is part of a pipeline.
9940 * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
9941 Use a socketpair to pass signals from parent to child. Child will
9942 now pass command status change info back via the socketpair. This
9943 allows the parent to distinguish between signals it has been sent
9944 directly and signals the command has received. It also means the
9945 parent can once again print the signal notifications to the tty so
9946 all writes to the pty master occur in the parent. The command is
9947 now always started in background mode with tty signals handled by
9951 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
9953 * configure, configure.in:
9954 Fix a few typos in the descriptions; from Jeff Makey Only do the
9955 check for krb5_get_init_creds_opt_free() taking two arguments if we
9956 find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
9957 positive when using our own krb5_get_init_creds_opt_free which takes
9958 only a single argument.
9961 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
9963 * configure, configure.in:
9964 Remove a spurious comma in the kerb5 bits.
9968 Call krb5_get_init_creds_opt_init() in our emulated
9969 krb5_get_init_creds_opt_alloc() for MIT kerberos.
9972 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
9979 Need to ignore SIGTT{IN,OU} in child when running the command in the
9980 background. Also some minor cleanup.
9983 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
9986 Instead of calling sigsuspend when waiting for SIGUSR[12] from
9987 parent, install the signal handlers w/o SA_RESTART and let them
9988 interrupt waitpid().
9992 Pass along SIGHUP and SIGTERM from parent to child.
9996 Close unused bits of script_fds in processes that don't need them.
9997 Restore default SIGCONT handler in child.
10001 Update foreground/background status in SIGCONT handler in parent
10005 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
10008 Defer setting terminal into raw mode until just before we fork() and
10009 only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
10010 and sudo is already in the foreground be sure to set raw mode before
10011 continuing the child.
10014 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
10017 Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
10018 give the command the controlling tty if the main sudo process is the
10019 foreground process.
10023 Don't bother with sudo_waitpid() here for now.
10030 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
10033 Remove non-wroking code that crept into rev 1.55
10036 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
10038 * INSTALL, configure, configure.in, script.c, sudoreplay.c:
10039 First pass at zlib support for transcript data files
10043 remove vestiges of ZLDFLAGS
10047 Add missing variable declaration for when TIOCSCTTY is not defined.
10048 Need to include sys/termio.h for TIOCSCTTY on some systems.
10052 when resuming command, send SIGCONT to its pgrp not just pid
10056 remove unused variable
10060 include selinux.h for is_selinux_enabled() proto
10064 Don't use log_error() in the child process.
10068 Do I/O in parent instead of child since the parent can have both
10069 /dev/tty as well as the pty fds open. The child just sets things up
10070 and waits for its grandchild and writes the signal description to
10071 the pty master if the command was killed by a signal.
10074 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
10076 * missing.h, sudo.h:
10077 Move two struct forward declarations from sudo.h to missing.h
10081 Make comment at the top of script_exec() match reality.
10085 if neither stdin nor stdout is a tty, check stderr
10089 Add back dependecy of gram.h on gram.y
10093 Make transcript mode work as long as we can figure out our tty, even
10094 if it is not stdin. We'd like to use /dev/tty but that won't be
10095 valid after the setsid().
10098 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
10100 * config.h.in, configure, configure.in, pty.c:
10101 Add support for IRIX-style dynamic ptys
10104 * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
10105 Move alloc.c protos into alloc.h
10109 Move prototypes for missing libc functions to missing.h
10112 * Makefile.in, sudo.h, sudoreplay.c:
10113 Move prototypes for missing libc functions to missing.h
10116 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
10118 * config.h.in, configure, configure.in:
10119 Disable transcript support if no tcsetpgrp until we support older
10120 BSD-style job control.
10123 * configure, configure.in, pty.c, script.c:
10124 Break out pty code into pty.c
10127 * compat.h, config.h.in, configure, configure.in:
10128 add killpg macro if no killpg function
10131 * config.h.in, configure, configure.in, script.c:
10132 Push ptem and ldterm for STERAMS-based systems when allocating a
10136 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
10139 Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
10143 Call tcgetpgrp() in the parent, not the child and have the child
10144 spin until it is granted. Fixes a race on darwin.
10148 Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
10152 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
10155 In script mode, if the command is killed by a signal, print the
10156 signal description as well as a core dump notification like the
10160 * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
10162 Add check for strsignal() and a simple implementation if it is not
10163 there but sys_siglist is
10167 Add missing WUNTRACED and store the signal that stopped the
10168 grandchild in suspended, not signo.
10176 Associate the grandchild's pgrp with the tty instead of the child's
10177 and just get suspend notifications via SIGCHLD instead of directly.
10178 This fixes a hang with programs that try to set terminal attributes
10179 and is more consistent with how the shell handles things.
10182 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
10185 Move setpgid() of child into the parent side of the fork() where it
10189 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
10196 Run command in its own pgrp (like the shell does) for easier
10197 signalling. No need to relay SIGINT or SIGQUIT to parent, just send
10198 to grandchild. Don't want grandchild stopped events in the child
10199 (only termination). Flush output after suspending grandchild before
10204 Back out revision 1.34; the problem lies elsewhere.
10208 Don't set stdout to blocking mode when flushing remaining output.
10209 It can cause us to hang when trying to exit. Need to investigate
10214 Handle SIGTTOU and remove some debugging.
10218 Back out revision 1.10 as the signal that interrupts us may be
10219 SIGTTOU or SIGTTIN which the caller must handle.
10223 Apparently we need to send SIGSTOP to the command as well as ourself
10224 when we get SIGTSTP, the kernel doesn't automatically stop the
10229 Use an extra process to act as the glue bewteen the sessions
10230 associated with the user's controlling tty (what the shell uses) and
10231 the tty that sudo is using to do its logging. Basically, this means
10232 that if we get, e.g. SIGTSTP from the process sudo is running, we
10233 relay the signal to the parent so it's shell can do the job control.
10237 Handle getting/setting terminal attributes when the fd is in non-
10241 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
10243 * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
10244 Add support for pausing and changing the speed in interactive mode.
10248 Already define O_NOCTTY in compat.h, don't need it here
10251 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
10257 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
10260 Always update the stashed mtime of the temp file instead of using
10261 what we have for the original because the time resolution of the
10262 filesystem the temporary is on may not match that of the filesystem
10263 that holds the original. Should fix bz #371 found by Philippe Levan.
10267 Use cbreak mode instead of raw mode and add signal handlers to
10268 restore the tty on interrupt.
10271 * script.c, sudo.h, term.c:
10272 Retain NL to NLCR conversion on the real tty and skip it on the pty
10273 we allocate. That way, if stdout is not a pty there are no extra
10278 Fix log_output(); just pass in a string and a length.
10281 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
10284 do not use errno when complaining out lack of a tty
10287 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
10289 * Makefile.in, sudoreplay.c, term.c:
10290 Instead of messing with line endings, just set terminal to raw mode
10295 When copying the terminal attributes to the pty, be sure not to set
10296 ONLCR. This prevents extra carriage returns from ending up in the
10297 script output file.
10301 Convert a do {} while into a while
10305 Use if then instead of test && when installing binaries that may not
10310 Add O_NOCTTY when opening a tty device. Explicitly disconnect from
10311 old tty before associatng with new one.
10314 * script.c, selinux.c, sudo.c, sudo.h:
10315 First cut at refactoring some of the selinux code so it can be used
10316 in conjunction with sudo's transcript support.
10319 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
10321 * aclocal.m4, configure, configure.in:
10322 Fix default case of transcript_enabled being unset.
10325 * script.c, sudoreplay.c:
10326 Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
10329 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
10330 Hook up --disable-transcript and --enable-transcript=DIR
10333 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
10335 * aclocal.m4, configure, configure.in, pathnames.h.in:
10336 _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
10337 transcript=DIR option to specify the directory
10340 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
10344 * configure, configure.in, sudoers.man.pl, sudoers.pod:
10345 Substitute in default value for secure_path
10349 Mention that the password must be followed by a newline with the -S
10353 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
10356 Go back to dropping out of the select() loop when the process dies;
10357 Linux ptys apparently don't behave the same as BSD in regards to
10358 select(). No need to flush remaining output to the transcript, only
10359 to stdout. Add back code to check the master pty for additional data
10360 when we exit the main select loop.
10363 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
10366 Add getline.o to COMMON_OBJS
10370 sudoreplay depends on libsudo.a
10374 More pwutil.o into COMMON_OBJS
10377 * pwutil.c, testsudoers.c, tsgetgrpw.c:
10378 Remove my_* redirection in pwutil.c for testsudoers and just use the
10379 normal libc get{pw,gr}* names.
10382 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
10383 More time and date examples
10386 * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
10387 Move nanosleep() emulation into its own file Check librt.a for
10388 nanosleep if we don't find it in libc
10391 * Makefile.in, configure, configure.in:
10392 Build libsudo with the common bits and link things against that.
10400 Keep reading from the pty master -> log file until read returns <=
10401 0. Do our best to write everything to stdout when flushing any
10406 Use unbuffered I/O when writing to stdout and make sure we write the
10410 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
10413 Only use max_wait if it is non-zero
10416 * getdate.c, getdate.y, getline.c:
10421 Fix nanosleep emulation
10425 Fix comment after #endif
10429 Add protos for missing libc bits
10432 * configure, configure.in:
10433 add missing line continuation char
10436 * config.h.in, configure, configure.in, getline.c:
10437 Implement getline() in terms of fgetln() if we have it.
10441 Print year when formatting log line
10445 Document cwd, attempt to document time/date formats.
10449 Fix getline return value check.
10452 * Makefile.in, config.h.in, configure, configure.in, getline.c,
10454 Use getline() if the system has it, else use provide our own for
10459 Refactor code to update output and timing files.
10462 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
10465 Make sudo_getln() behave more like glibc getline.
10469 When flushing remaining output, also update timing file.
10473 Use get_timestr() and make the -l output look like the regular sudo
10477 * logging.c, sudo.h, timestr.c:
10478 Make get_timestr() take a time_t so we can use it properly in
10483 Create session dir earlier now that we update the seq number early.
10486 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
10489 Use fromdate and todate as the keywords instead of from and to; the
10490 short forms will still be accepted.
10494 Fix reading long liensin sudo_getln()
10497 * script.c, sudoreplay.c:
10498 Log the cwd in the script log file. Add sudo_getln() to read
10499 arbitrarily long lines.
10502 * Makefile.in, logging.c, sudo.h, timestr.c:
10503 Move get_timestr() into its own source file so sudoreplay can use
10507 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
10510 Add to and from perdicates (date ranges); needs documentation
10513 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
10515 * Makefile.in, getdate.c, getdate.y:
10516 Fix warning and add generated getdate.c
10519 * Makefile.in, getdate.y:
10520 Add getdate.y to be used for sudoreplay date parsing.
10523 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
10526 Check more than just the first character of a predicate
10529 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
10530 Add examples, sort predicates
10533 * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
10535 Implement search expressions in sudoreplay similar in concept to
10536 what find or tcpdump uses. TODO: date ranges
10539 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
10542 Remove vhangup as it was hanging up the wrong tty. Should really
10543 vhangup in the child after it as set its tty.
10547 Fix cut at documenting transcript support.
10551 ID= -> TSID= for transcript ID
10554 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
10557 Move fast_glob description to where it belongs in sorted order
10560 * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
10561 parse.c, parse.h, sudo.c:
10562 Rename script -> transcript
10565 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
10568 Add timeradd and timersub for those without them
10572 Sanity check sessid before using it.
10576 Only set the session id if we are running a command or editing a
10581 Actually. qsort is fine since most versions fal back to a cheaper
10582 sort when the number of elements to sort is small (like in our
10586 * config.h.in, configure, configure.in, script.c:
10587 Check for dup2 and use dup instead if we don't have it.
10590 * script.c, sudo.c, sudo.h:
10591 Move the code to dup2 the script fds to low numbered descriptors
10592 into script_duplow() and fix the fd sorting.
10595 * script.c, sudo.c, sudo.h:
10596 Move script_setup() back to immediately before we drop privs and
10597 call the new script_nextid() in its place, which will set
10598 sudo_user.sessid for the logging functions.
10601 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
10608 remove unused variable
10611 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
10613 * logging.c, script.c, sudo.c, sudo.h:
10614 Log the session ID, if there is one. Currently logs ID=XXXXXX,
10615 perhaps should be SESSIONID or SESSID.
10618 * Makefile.in, configure, configure.in, sudoreplay.cat,
10619 sudoreplay.man.in, sudoreplay.pod:
10620 Add sudoreplay docs
10624 add -V (version) flag
10631 * script.c, sudoreplay.c:
10632 Use base36 number for the ID and store script files with paths like
10633 /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
10634 (2,176,782,336) unique IDs.
10637 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
10639 * config.h.in, configure.in:
10640 Add check for regcomp
10644 Add support for selecting by pattern and tty when listing.
10647 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
10650 The beginnings of a list mode.
10653 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
10659 * Makefile.in, config.h.in, configure.in:
10660 Add scaffolding for building sudoreplay
10664 include error.h first arg to nanotime is const
10668 Initial cut at sudoreplay; replay a sudo session.
10671 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
10674 Fix wait() usage and use correct wait status.
10677 * sudo.c, sudo.h, tgetpass.c:
10678 Add protos for term_* to sudo.h
10682 Fix detection of the child process exiting. Since the child is in
10683 its own session we should only ever get SIGCHLD for that process but
10684 better safe than sorry.
10688 Add UNIX98 pty support.
10691 * configure, configure.in, script.c:
10692 Add UNIX98 pty support.
10695 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
10698 For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
10703 Set PAM_RUSER and PAM_RHOST early so they can be used during
10704 authentication. Based on a patch from Jamie Beverly.
10708 Close dir before returning if strlcpy() reports overflow. From
10712 * config.h.in, configure, configure.in, script.c:
10713 On Linux, the openpty proto libes in pty.h
10717 Call vhangup on exit if the system has it Use setpgrp() if no
10721 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
10723 * config.h.in, configure, configure.in:
10724 Add checks for revoke and vhangup if we don't have openpty
10728 Session logging guts that got forgotten in the previous commit.
10731 * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
10732 configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
10733 gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
10735 First cut at session logging for sudo. Still need to write
10736 get_pty() for Unix 98 and old-style BSD ptys. Also needs
10737 documentation and general cleanup.
10740 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
10742 * sudo.c, sudo_edit.c:
10743 Fix a bug introduced with def_closefrom. The value of def_closefrom
10744 already includes the +1.
10747 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
10750 Generate sudo distributions with pax in ustar mode. No longer need
10751 to use a temp file or have the source dir name match the version.
10754 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
10757 Fix expansion of %h in #include names. Fixes bugzilla 363
10760 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
10763 If no arg assume def_data.in
10766 * README, WHATSNEW:
10768 [f5ad45f69f05] [SUDO_1_7_2]
10774 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
10776 * sudoers.cat, sudoers.man.in, sudoers.pod:
10777 Add missing single quotes around a colon in Runas_Spec definition.
10781 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
10783 * sudo.man.in, sudoers.man.in:
10788 In rbrepair, re-color the root or the first non-block node we find
10789 to be black. Re-coloring the root is probably not needed but won't
10793 * sudo.cat, sudoers.cat:
10797 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
10800 When repairing the tree, don't touch the root node.
10803 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
10806 Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
10807 Reported by Josef Schmid.
10810 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
10813 Document that we accept env_pam-style environment files
10817 Adapt to accept pam_env-style /etc/environment which allows shell-
10818 style lines such as: export EDITOR="/usr/bin/vi"
10822 Make it clear that env_delete only works when !env_reset. From Lo??c
10826 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
10828 * sudo.pod, sudoers.pod:
10829 Add non-unix group bits, adapted from Quest
10833 build the .cat page in the current working dir, not the src dir
10837 Return EINVAL in setenv() if var is NULL or the empty string to
10838 match glibc behavior.
10841 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
10843 * configure, configure.in:
10844 Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
10847 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
10849 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
10850 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
10854 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
10857 Document --with-libvas and --with-libvas-rpath
10860 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
10862 * ldap.c, sudoers.ldap.pod:
10863 For netscape-derived LDAP SDKs the cert and key paths may be a
10864 directory or a file. However, version 5.0 of the SDK only seems to
10865 support using a directory. If ldapssl_clientauth_init fails and the
10866 cert or key paths look like they could be files, strip off the last
10867 path element and try again.
10871 Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
10874 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
10876 * configure, configure.in, match.c, sudo.c, vasgroups.c:
10877 Update non-Unix group support from Quest, as reworked by me.
10885 Add support for escaped hex chars in names, e.g. \x20 for space.
10888 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
10890 * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
10891 auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
10892 fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
10893 logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
10894 set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
10895 sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
10896 tgetpass.c, toke.l, visudo.c:
10897 Update copyright years.
10900 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
10902 * interfaces.c, lbuf.c:
10903 Minor fixes for Minix-3
10906 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
10909 Handle getgroups() returning 0. Also add missing check for
10913 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
10915 * Makefile.in, config.h.in, configure, configure.in, sudo.c,
10916 version.h, visudo.c:
10917 Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
10920 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
10923 Remove group setting code in setusercontext case, we will do it
10924 ourselves later on in runas_setup. Set the gid after
10925 initgroups/setgroups is called, since on Mac OS X it seems to change
10929 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
10931 * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
10933 Initial bits of non-unix group support using Quest Authentication
10938 Accept %:foo as a non-Unix group
10942 Allow user/group to be double quoted in the case of non-Unix groups
10943 which contain spaces.
10946 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
10949 Don't allow the user to specify the default runas user if their
10950 sudoers entry only allows them to run as a group.
10953 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
10956 Must call audit_success before we change uids.
10959 * logging.c, set_perms.c, sudo.h, testsudoers.c:
10960 Add option for set_perm to not exit on failure and use this in the
10965 In -l mode, if the user is only allowed to run as a group, display
10966 the user's name, not root's before the allowed group.
10970 Fix -g mode, broken by rev 1.503 which had the side effect of
10971 setting the runas user to root unilaterally.
10974 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
10977 When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
10981 Only cache by the method we fetched for pwd and grp lookups.
10982 Previously we cached both by namd and id but this can cause problems
10983 for entries that share the same id. Also add more info in the error
10984 message in case the insert fails (which should now be impossible).
10987 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
10990 Add a clarification from Nick Sieger
10993 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
10996 Inline the setting of the environment string.
10999 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
11002 setenv(3) in Linux treats a NUL value as the empty string setenv(3)
11003 in BSD doesn't return an error if the name has '=' in it, it just
11004 treats the '=' as end of string.
11007 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
11010 Not all systems have d_namlen
11013 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
11016 Fix up some pod2html issues.
11019 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
11022 Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
11027 Ignore files ending in '~' in sudo.d (emacs backup files)
11031 Ignore files ending in '~' in sudo.d (emacs backup files)
11034 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
11036 * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
11037 For #includedir, ignore any file containing a dot
11040 * Makefile.in, version.h:
11044 * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
11045 sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
11047 Implement #includedir directive. Files in an includedir are not
11048 edited by visudo unless they contain a syntax error.
11053 [8741ed61a78b] [SUDO_1_7_1]
11056 Forgot umask_override
11063 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
11066 Rewind stream if we fdopen sudoers since it may not be at the
11067 beginning. Set the keepopen flag on already-open files too so the
11068 lexer doesn't close them out from under us.
11072 Print the proper file name when there is a parse error in an include
11076 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
11082 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
11084 * configure, configure.in:
11085 Fix a warning when --without-ldap is specified.
11088 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
11090 * alias.c, parse.h, visudo.c:
11091 Store aliases that we remove during check_aliases in a freelist and
11092 free them at the end so we don't leak memory.
11095 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
11098 Check aliases in -c mode too.
11101 * alias.c, parse.h, visudo.c:
11102 Make alias_remove return the alias struct instead of freeing it
11103 directly. Fixes a use after free in alias_remove_recursive, the only
11107 * alias.c, match.c, parse.c, parse.h, visudo.c:
11108 Rename find_alias -> alias_find for consistency.
11111 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
11114 When checking for unused aliases, recurse if the alias points to
11118 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
11121 Back out rev 1.105 for now. Real ldapux_client.conf support will be
11122 done later after some refactoring.
11125 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
11128 Treat ldap_hostport the same as "host" for ldapux.
11131 * configure, configure.in:
11132 Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
11133 Fixes compilation with ldapux.
11136 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
11142 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
11145 remove errant carriage returns
11149 fix K&R compilation
11152 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
11153 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
11157 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
11160 Add missing HAVE_BSM_AUDIT
11168 Mention --with-netsvc
11171 * sudoers.ldap.pod:
11172 Document netsvc.conf support
11175 * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
11177 Add support for AIX netsvc.conf (like nsswitch.conf).
11180 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
11182 * config.h.in, configure, configure.in, env.c:
11183 Add --enable-env-debug flag to enable environment sanity checks.
11186 * sudoers.ldap.pod, sudoers.pod:
11187 Work around some pod2html issue.
11190 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
11193 Only sync environ for putenv, setenv, and unsetenv. We need to make
11194 sure that sudo_putenv and sudo_setenv only modify env.envp, not
11198 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
11201 Really fix UNSETENV_VOID
11205 Fix unsetenv when UNSETENV_VOID
11208 * aclocal.m4, configure:
11209 Fix SUDO_FUNC_PUTENV_CONST
11213 tivoli-based ldap does not have ldapssl_err2string
11220 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
11222 * config.h.in, configure, configure.in, ldap.c:
11223 Add support for Tivoli-based LDAP start TLS as seen in AIX.
11228 Add sanity checks for setenv/unsetenv
11232 Include bsm_audit.h in the tarball
11235 * Makefile.in, version.h:
11236 bump version for sudo 1.7.1
11239 * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
11240 env.c, ldap.c, sudo.h:
11241 Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
11242 provide our own setenv/unsetenv/putenv that operates on own env
11243 pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
11246 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
11249 Make "sudoedit -h" work as expected
11253 Make sure def_prompt is always defined. This is a workaround for
11254 pam configs that prompt for a password in the session but don't have
11255 an auth line. A better fix is to expand the sudo prompt earlier and
11256 set def_prompt to that when initializing.
11260 Mention that the helper for -A may be graphical.
11264 Document what happens if there is no tty.
11276 Fix "sudo -k" with no other args
11279 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
11281 * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
11282 Allow the -k flag to be specified in conjunction with a command or
11283 another option that may require authentication.
11286 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
11288 * configure, configure.in:
11289 Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
11293 Parallel make fix. From Diego E. 'Flameeyes'
11296 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
11298 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
11299 Implement umask_override
11306 * sudoers.pod, toke.l, visudo.c:
11307 Implement %h escape in sudoers include filenames.
11311 Need to include compat.h
11314 * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
11315 Make audit_success and audit_failure generic functions in
11316 preparation for integrating linux audit support.
11320 remove duplicate include
11323 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
11326 Add missing include
11330 May need to update the runas user after parsing command-based
11334 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
11337 Add missing pair of braces introduced with character class support.
11340 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
11342 * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
11343 Rename pwstars to pwfeedback
11346 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
11348 * bsm_audit.c, bsm_audit.h:
11349 Add const to make MacOS happy.
11352 * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
11353 configure.in, sudo.c:
11354 Add bsm audit support from Christian S.J. Peron
11358 This is new code, no DARPA notice.
11361 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
11363 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
11364 Rename simple_glob -> fast_glob
11371 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
11372 Add simple_glob option to use fnmatch() instead of glob(). This is
11373 useful when you need to specify patterns that reference network file
11385 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
11388 Delete any pwstars we wrote after the user hits return. That way
11389 there is no record on screen as to the user's password length.
11392 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
11395 Move terminal setting bits from tgetpass.c to term.c
11398 * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
11400 Add pwstars sudoers option that causes sudo to print a star every
11401 time the user presses a key.
11404 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
11407 Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
11410 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
11413 For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
11414 indicate no limit. From Mark Janssen.
11417 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
11420 Comments that begin with #- should not be parsed as uids.
11423 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
11426 Do not try to set the close on exec flag if we didn't actually open
11430 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
11434 [e11f0e4c1bdd] [SUDO_1_7_0]
11436 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
11442 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
11445 Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
11449 * configure, configure.in:
11450 Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
11451 as it cannot generate shared objects.
11454 * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
11455 K&R compilation fixes
11459 Use tq_foreach_fwd when checking pseudo-commands to make it clear
11460 that we are not short-circuiting on last match. When pwcheck is
11461 'all', initialize nopass to TRUE and override it with the first non-
11465 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
11468 Do not short circuit pseudo commands when we get a match since,
11469 depending on the settings, we may need to examine all commands for
11473 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
11475 * sudoers.cat, sudoers.man.in:
11480 hostnames may also contain wildcards
11484 remove stamp-* files and linux core files in clean target
11487 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
11489 * auth/sudo_auth.h, config.h.in, configure, configure.in:
11490 Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
11493 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
11495 * configure, configure.in:
11496 correctly enable SIA on Digital UNIX
11507 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
11509 * check.c, sudo.h, tgetpass.c:
11510 Even if neither stdin nor stdout are ttys we may still have /dev/tty
11514 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
11516 * sudoers.cat, sudoers.man.in:
11521 fix typos; Markus Lude
11533 Fix matching of a line that only consists of a comment char
11536 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
11539 MacOS pam will retry conversation function if it fails so just treat
11540 ^C as an empty password.
11544 When checking for alias use, also check defaults bindings.
11552 Replace my rbdelete with Emin's version (which actually works ;-)
11555 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
11562 malloc options in devel mode for visudo too
11565 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
11568 fix compilation on non-C99; from Theo
11576 when destroying an alias, free the correct data pointer
11579 * auth/sudo_auth.h:
11580 add proto for aixauth_cleanup; from Dale King
11583 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
11585 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
11590 * sudo.pod, sudoers.pod, visudo.pod:
11591 standardize on the term 'option' for command line options (not flag)
11594 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
11597 Add note on configuring HP-UX pam
11600 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
11603 Move tty checks into check_user() so we only do them if we actually
11608 Don't error out if no tty or askpass unless we actually need to
11612 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
11618 * pathnames.h.in, sudo.c:
11619 s/overriden/overridden/; from Tobias Stoeckmann
11622 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
11624 * WHATSNEW, visudo.c:
11625 check sudoers owner and mode in strict mode
11632 * sudo.man.in, sudoers.man.in, visudo.man.in:
11633 Update copyright years.
11636 * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
11637 auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
11638 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
11639 closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
11640 gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
11641 interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
11642 parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
11643 sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
11644 testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
11645 visudo.pod, zero_bytes.c:
11646 Update copyright years.
11649 * emul/charclass.h, fnmatch.c, glob.c:
11653 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
11656 The loop in fill_cmnd() was going one byte too far past the end,
11657 resulting in a NUL being written immediately after the buffer end.
11660 * UPGRADE, WHATSNEW:
11661 add sections on tgetpass changes
11665 Treat EOF w/o newline as an error.
11668 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
11671 Fix "sudo -v" when NOPASSWD is set.
11674 * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
11676 No longer treat an empty password at the prompt as special. To quit
11677 out of sudo you now need to hit ^C at the password prompt.
11680 * sudoers.cat, sudoers.man.in:
11684 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
11685 Sudo will now refuse to run if no tty is present unless the new
11686 visiblepw sudoers flag is set.
11689 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
11692 just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
11697 fix fallback value for RLIM_SAVED_MAX
11700 * auth/aix_auth.c, auth/sudo_auth.h:
11701 Move clearing of AUTHSTATE into aixauth_cleanup.
11704 * auth/aix_auth.c, env.c:
11705 Unset AUTHSTATE after calling authenticate() as it may not be
11706 correct for the user we are running the command as.
11710 Add isblank() function for systems without it. Needed for POSIX
11711 character class matching in fnmatch.c and glob.c.
11714 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
11717 expound on sudo and cd
11720 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
11726 * sudoers.cat, sudoers.man.in:
11731 mention defauts parse order
11734 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
11736 * Makefile.in, aclocal.m4, compat.h, configure:
11737 Add isblank() function for systems without it. Needed for POSIX
11738 character class matching in fnmatch.c and glob.c.
11742 add emul/charclass.h to HDRS
11745 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
11751 * defaults.c, parse.c, testsudoers.c, visudo.c:
11752 Move update_defaults into defaults.c and call it properly from
11753 visudo and testsudoers.
11756 * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
11758 use zero_bytes() instead of memset() for consistency
11761 * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
11763 Zero out sigaction_t before use in case it has non-standard entries.
11771 Short circuit glob() checks if basename(pattern) !=
11772 basename(command). Refactor code that checks for a command in a
11773 directory and use it in the glob case if the resolved pattern ends
11777 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
11779 * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
11780 Defer setting runas defaults until after runaspw/gr is setup.
11783 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
11785 * match.c, sudo.c, testsudoers.c:
11786 Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
11787 systems do not include space for the NUL in the size. Also manually
11788 NUL-terminate buffer from gethostname() since POSIX is wishy-washy
11792 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
11794 * sudo.c, sudoers.pod:
11795 When setting the umask, use the union of the user's umask and the
11796 default value set in sudoers so that we never lower the user's umask
11797 when running a command.
11801 Don't try to read from a zero-length sudoers file. Remove the bogus
11802 Solaris work-around for EAGAIN. Since we now use fgetc() it should
11806 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
11809 In update_defaults() check the return value of user*_matches against
11810 ALLOW so we don't inadvertantly match on UNSPEC.
11813 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
11815 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
11816 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
11817 regen man pages; no more hyphenation
11821 Don't error out on a zero-length sudoers file. With the advent of
11822 #include the user could create a situation where sudo is unusable.
11825 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
11827 * auth/kerb5.c, config.h.in, configure, configure.in:
11828 Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
11829 krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
11830 all. Add configure tests to handle all the cases.
11833 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
11840 document sudoers_locale
11843 * sudo.pod, sudo_edit.c:
11844 add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
11849 In fill_cmnd(), collapse any escaped sudo-specific characters.
11850 Allows character classes to be used in pathnames.
11853 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
11856 fix typo in non-C89 function declaration
11860 Mention POSIX characters classes now that out fnmatch() and glob()
11864 * sample.sudoers, sudoers.pod:
11865 Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
11870 use __signed char if we are going to assign a negative value since
11871 on Power, char is unsigned by default
11874 * config.h.in, configure, configure.in:
11875 Add tests for __signed char and signed char.
11879 Fix AIX limit setting. getuserattr() returns values in disk blocks
11880 rather than bytes. The default hard stack size in newer AIX is
11881 RLIM_SAVED_MAX. From Dale King.
11884 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
11886 * emul/charclass.h, fnmatch.c, glob.c:
11887 Add character class support to included glob(3) and fnmatch(3).
11890 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
11893 Remove UCB advertising clause and some compatibility defines.
11896 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
11899 Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
11900 or sudo. This allows one to set EDITOR to sudoedit without getting
11901 into an infinite loop of sudoedit running itself until the path gets
11905 * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
11906 Add sudoers_locale Defaults option to override the default sudoers
11910 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
11913 Set locale to system default except for during sudoers parse.
11916 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
11919 Redo change in 1.34 to use pointer arithmetic.
11922 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
11925 Fix a dereference (read) of a freed pointer. Reported by Patrick
11929 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
11932 Set locale to "C" to avoid interpretation issues with character
11933 ranges in sudoers. May want to make the locale a sudoers option in
11937 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
11940 we no longer use setproctitle
11947 * LICENSE, mkstemp.c:
11948 Use my replacement mkstemp() from the mktemp package.
11951 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
11954 regen with yacc skeleton bug fixed
11958 Remove duplicate "as root". From Martin Toft.
11961 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
11963 * pwutil.c, sudo.c, sudo.h, testsudoers.c:
11964 Flesh out the fake passwd entry used for running commands as a uid
11965 not listed in the passwd database. Fixes an issue with some PAM
11969 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
11972 Error out in -i mode if the user has no shell. This can happen when
11973 running commands as a uid with no password entry.
11976 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
11979 Better fix for line continuation inside double quotes. Now accepts
11980 whitespace between the backslash and the newline like the main
11984 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
11987 Fix line continuation in strings. It was only being honored if
11988 preceded by whitespace.
11991 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
11993 * config.h.in, configure, configure.in, logging.c:
11994 Replace the double fork with a fork + daemonize.
11997 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
12000 The -i flag should imply env_reset. This got broken in sudo 1.6.9.
12003 * logging.c, sudo.c, sudo_edit.c, visudo.c:
12004 Change how the mailer is waited for. Instead of having a SIGCHLD
12005 handler, use the double fork trick to orphan the child that opens
12006 the pipe to sendmail. Fixes a problem running su on some Linux
12010 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
12012 * configure, configure.in:
12013 Fix configure test for dirfd() on Linux where DIR is opaque.
12016 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
12019 Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
12020 this problem we'll need to revisit this again.
12023 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
12026 Ignore SIGPIPE instead of blocking it when piping to the mailer. If
12027 we only block the signal it may be delivered later when we unblock.
12028 Also, there is no need to block SIGCHLD since we no longer do the
12029 double fork. The normal SIGCHLD handler is sufficient.
12032 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
12034 * configure, configure.in:
12035 Add description for NO_PAM_SESSION, from a redhat patch.
12038 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
12040 * sudo.cat, sudo.man.in, sudo.pod:
12041 Fix typos in -i usage
12044 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
12046 * configure, configure.in:
12047 Redo the test for dgettext() in a way that hopefully will work
12048 around the libintl_dgettext() undefined problem.
12051 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
12053 * schema.ActiveDirectory:
12054 change filename in comment
12057 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
12059 * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
12061 Reference schema.ActiveDirectory
12064 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
12066 * schema.OpenLDAP, schema.iPlanet:
12067 Mark sudoRunAs as deprecated.
12070 * schema.ActiveDirectory:
12071 add sudoRunAsUser and sudoRunAsGroup
12074 * schema.ActiveDirectory:
12075 Active Directory schema by Chantal Paradis and Eric Paquet
12078 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
12081 remove an XXX that was fixed
12089 Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
12090 fixes a problem where the tag value printed was influenced by
12091 defaults set in the first pass through the parser.
12094 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
12096 * Makefile.in, sudo.psf:
12097 No point in packaging the TODO file
12104 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
12106 * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
12107 sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
12108 Add env_file Defaults option that is similar to /etc/environment on
12112 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
12114 * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
12115 sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
12116 version.h, visudo.cat, visudo.man.in:
12117 change version to 1.7.0
12121 initial valgrind pass done
12124 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
12127 Fix typo/think in sudo_ldap_read_secret() when storing the secret.
12130 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
12133 define LDAPS_PORT if the system headers do not
12136 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
12139 Fix another memory leak in init_parser().
12142 * configure, configure.in:
12143 There was a missing space before the ldap libs in SUDO_LIBS for some
12147 * alias.c, gram.c, gram.y, toke.c, toke.l:
12148 Clean up some memory leaks pointed out by valgrind.
12151 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
12154 fix "sudo -s" broken by mode/flags breakout
12157 * configure, configure.in:
12158 remove duplicate check for dgettext
12161 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
12164 Fall back to default stanza if no user-specific limit is found.
12167 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
12170 include stdint.h if present
12174 Use LLONG_MAX, not the old QUAD_MAX
12177 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
12179 * sudoers.ldap.pod:
12183 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
12189 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
12192 remove useless cast
12195 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
12206 Split MODE_* defines into primary and flags.
12209 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
12212 It turns out the logic for getting AIX limits is more convoluted
12213 than I realized and differs depending on whether the soft and/or
12214 hard limits are defined.
12217 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
12219 * Makefile.in, configure, configure.in:
12220 Back out AIX-specific change to set the sudo_noexec path to the .a
12221 file, we do really want to use the .so file. Since libtool doesn't
12222 do that correctly, just install the .so file ourselves in the
12227 If the file given to install is a path, only use the basename of the
12228 file when building the destination path.
12231 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
12234 parse_args() cleanup: Sort command line options in the getopt()
12235 switch The -U option requires a parameter Normalize a few ISSET
12236 calls Split mode into mode and flags and retire the now-obsolete
12240 * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
12242 Add -n (non-interactive) flag.
12246 Move version printing, etc. into a separate function.
12250 Don't try to cleanup nsswitch if it has not been initialized.
12253 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
12256 Block SIGPIPE in send_mail() so sudo is not killed by a problem
12257 executing the mailer.
12260 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
12262 * configure, configure.in:
12263 AIX shared libs end in .a, not .so.
12266 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
12269 Preserve HOME by default too. Matches documentation and previous
12273 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
12276 Use getopt() to parse the command line. We need to be able to
12277 intersperse env variables and options yet still honor "--"" which
12278 complicates things slightly.
12281 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
12287 * acsite.m4, configure, ltmain.sh:
12288 update to libtool-1.5.26
12291 * config.guess, config.sub:
12292 update from libtool-1.5.26 distribution
12296 attempt to fix compilation errors on AIX
12300 fix typo in last commit
12304 Add WHATSNEW file to the distribution
12308 use warningx instead of fprintf(stderr, ...)
12312 add DEBUG to list2tq
12323 * Makefile.in, aix.c, config.h.in, configure, configure.in,
12324 set_perms.c, sudo.h:
12325 Add aix_setlimits() to set resource limits on AIX using a
12326 combination of getuserattr() and setrlimit(). Currently untested.
12329 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
12331 * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
12332 sudoers.man.in, sudoers.pod:
12333 Add mailfrom Defaults option that sets the value of the From: field
12334 in the warning/error mail. If unset the login name of the invoking
12339 store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
12343 When adding a default, only call list2tq() once to do the list to tq
12344 conversion. It is not legal to call list2tq multiple times on the
12345 same list since list2tq consumes and modifies the list argument.
12348 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
12349 comment out XXXs for now
12356 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
12359 Error out if both -A and -S are specified Error out if -A is
12360 specified but no askpass is configured
12363 * configure, configure.in:
12364 we are not going to ship a sudo-specific askpass
12367 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
12370 fix definition of TGP_ASKPASS
12373 * def_data.c, def_data.in:
12374 make askpass boolean-capable
12378 document --with-askpass
12381 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
12382 sudoers.man.in, visudo.cat:
12386 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
12388 * sudo.pod, sudo_usage.h.in, sudoers.pod:
12389 document -A and askpass
12392 * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
12393 def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
12394 sudo_usage.h.in, tgetpass.c:
12395 Add support for running a helper program to read the password when
12396 no tty is present (or when specified with the -A flag). TODO: docs.
12399 * def_data.c, def_data.in:
12400 add missing printf format to SELinux role and type strings
12403 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
12405 * INSTALL, configure, configure.in:
12406 Disable use of gss_krb5_ccache_name() by default and add
12407 --enable-gss-krb5-ccache-name configure option to enable it. It
12408 seems that gss_krb5_ccache_name() doesn't work properly with some
12409 combinations of Heimdal and OpenLDAP.
12412 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
12415 Ignore setexeccon() failing in permissive mode. Also add a call to
12416 setkeycreatecon() (though this is probably insufficient). From Dan
12421 Only set std_prompt for the PAM_PROMPT_* cases. The conversation
12422 function may be called for non-password reading purposes so we must
12423 be careful not to use def_prompt in cases where it may not be set.
12426 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
12429 Don't free the new tty context, we need to keep it around when we
12430 restore the tty context after the command completes
12433 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
12439 * sudo.man.pl, sudo.pod:
12440 Only put login_cap(3) in SEE ALSO section if we have login.conf
12444 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
12446 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
12447 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
12452 Substitute in comment characters for lines partaining to login.conf,
12453 BSD auth and SELinux and only enable them if pertinent.
12457 Substitute in comment characters for lines partaining to login.conf,
12458 BSD auth and SELinux and only enable them if pertinent.
12462 Substitute in comment characters for lines partaining to login.conf,
12463 BSD auth and SELinux and only enable them if pertinent.
12467 Substitute in comment characters for lines partaining to login.conf,
12468 BSD auth and SELinux and only enable them if pertinent.
12471 * Makefile.in, configure, configure.in:
12472 Substitute in comment characters for lines partaining to login.conf,
12473 BSD auth and SELinux and only enable them if pertinent.
12476 * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
12477 Remove the =cut on the first line (above the copyright notice) to
12478 quiet pod2man. Also remove the hackery in the FILES section and
12479 just deal with the fact that there will a newline between each
12483 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
12486 run sudo.man.pl when generating sudo.man.in
12489 * configure, configure.in, sudo.man.pl:
12490 comment out SELinux manual bits unless --with-selinux was specified
12494 document role and type defaults for SELinux
12497 * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
12498 Document "sudo -ll" and make "sudo -l -l" be equivalent.
12501 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
12503 * configure, configure.in:
12504 Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
12505 Debian GNU/kFreeBSD.
12508 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
12511 Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
12512 verify_krb_v5_tgt()
12515 * logging.c, logging.h, sudo.c:
12516 Remove dependence on VALIDATE_NOT_OK in logging functions. Split
12517 log_auth() into log_allowed() and log_denial() Replace mail_auth()
12518 with should_mail() and a call to send_mail()
12521 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
12524 Add debugging so we can tell if the krb5 ccache is accessible
12528 mention --with-selinux
12531 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
12541 * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
12542 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
12543 testsudoers.c, toke.c, toke.l:
12544 Add support for SELinux RBAC. Sudoers entries may specify a role
12545 and type. There are also role and type defaults that may be used.
12546 To make sure a transition occurs, when using RBAC commands are
12547 executed via the new sesh binary. Based on initial changes from Dan
12552 Add support for SELinux RBAC. Sudoers entries may specify a role
12553 and type. There are also role and type defaults that may be used.
12554 To make sure a transition occurs, when using RBAC commands are
12555 executed via the new sesh binary. Based on initial changes from Dan
12559 * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
12560 def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
12561 pathnames.h.in, selinux.c:
12562 Add support for SELinux RBAC. Sudoers entries may specify a role
12563 and type. There are also role and type defaults that may be used.
12564 To make sure a transition occurs, when using RBAC commands are
12565 executed via the new sesh binary. Based on initial changes from Dan
12569 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
12571 * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
12572 Add long list (sudo -ll) support for printing verbose LDAP and
12573 sudoers file entries. Still need to update manual.
12576 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
12578 * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
12579 Unify the -l output for file and ldap based sudoers and use lbufs
12580 for both. The ldap output does not currently include options that
12581 cannot be represented as tags. This will be remedied in a long list
12582 output mode to come.
12585 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
12588 Use a specific error message for errno == EAGAIN when setuid() et al
12589 fails. On Linux systems setuid() will fail with errno set to EAGAIN
12590 if changing to the new uid would result in a resource limit
12595 Unlimit nproc on Linux systems where calling the setuid() family of
12596 syscalls causes the nroc resource limit to be checked. The limits
12597 will be reset by pam_limits.so when PAM is used. In the non-PAM
12598 case the nproc limit will remain unlimited but there doesn't seem to
12599 be a way around that other than having sudo parse
12600 /etc/security/limits.conf directly.
12603 * env.c, sudo.c, sudo.pod:
12604 Only read /etc/environment on Linux and AIX
12607 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
12609 * configure, configure.in:
12610 Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
12611 ldap.conf and ldap.secret paths from going into config.h. Avoid
12612 single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
12613 since in some versions of bash they will end up literally in the
12617 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
12620 mention --with-nsswitch=no
12623 * configure, configure.in:
12624 ldap_ssl.h depends on ldap.h being included first
12627 * config.h.in, configure, configure.in, ldap.c:
12628 Include ldap_ssl.h if we can find it. Needed for the
12629 ldapssl_set_strength defines on HP-UX at least.
12632 * sudoers.ldap.pod:
12640 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
12641 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
12646 Use 78n line length when formatting cat pages.
12650 Remove redundant info that is now in sudoers.ldap.pod
12653 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
12655 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
12656 Reorganize the first section a bit. Substitute the proper path for
12660 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
12661 Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
12662 schema into EXAMPLES
12665 * configure, configure.in:
12666 Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
12670 * configure, configure.in:
12671 substitute for sudoers.ldap.man
12675 Fix cut & pasto introduced when adding sudoers.ldap man page.
12678 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
12679 Fill in some of the missing pieces. Still needs some reorganization
12683 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
12685 * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
12687 Beginnings of a sudoers.ldap man page. Currently, much of the
12688 information is adapted from README.LDAP.
12691 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
12694 When copying gr_mem we must guarantee that the storage space for
12695 gr_mem is properly aligned. The simplest way to do this is to
12696 simply store gr_mem directly after struct group. This is not a
12697 problem for gr_passwd or gr_name as they are simple strings.
12701 Fix a typo/thinko in one of the calls to
12702 sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
12705 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
12707 * config.h.in, configure, configure.in, ldap.c:
12708 include <mps/ldap_ssl.h> in ldap.c if available
12711 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
12714 Make sure we define SIZE_MAX for yacc's skeleton.c
12718 Use TCSAFLUSH when restoring terminal settings (and echo) to
12719 guarantee that any pending output is discarded
12722 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
12725 no longer need to specify SETENV when user has sudo ALL
12729 sync user_args size calculation with sudo.c Add -g group option,
12730 renaming old -g to -G Add set_runasgr() and set_runaspw() and use
12735 Make set_runaspw static void
12738 * testsudoers.c, visudo.c:
12739 g/c set_runaspw stub
12742 * configure, configure.in:
12743 Don't add -llber twice.
12746 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
12752 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
12758 * configure, configure.in:
12759 Fix check that determines whether -llber is required.
12762 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
12763 For netscape-based LDAP, use ldapssl_set_strength() to implement the
12764 checkpeer ldap.conf option.
12768 Delay krb5_cc_initialize() until we actually need to use the cred
12769 cache, which is what krb5_verify_user() does. Better cleanup on
12773 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
12776 Rewrite verify_krb_v5_tgt() based on what heimdal's
12777 krb5_verify_user() does.
12780 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
12783 The U suffix on constants is an ANSI feature
12786 * configure, configure.in:
12787 Add check for ber_set_option() in -llber
12790 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
12793 default if no nsswitch.conf is files only
12796 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
12799 don't tell people to mail aaron about LDAP stuff
12803 timelimit and bind_timelimit
12811 Move ldap.secret reading into a separate function.
12815 user_runas -> runas_pw
12818 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
12824 * check.c, sudo.pod, sudoers.pod:
12825 Add and document the %p escape in the password prompt. Based on a
12826 patch from Patrick Schoenfeld.
12830 Check strlcpy() return values.
12834 refactor ldap binding code into sudo_ldap_bind_s()
12838 Make it clear that host and uri can take multiple parameters. URI is
12839 now supported for more than just openldap nsswitch.conf does't
12844 comment cleanup and update (c) year
12847 * parse.c, sudo_nss.c:
12848 Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
12849 This should make it possible to build an LDAP-only sudo binary.
12852 * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
12853 Improve chaining of multiple sudoers sources by passing in the
12854 previous return value to the next in the chain
12858 Free up parser data structures in sudo_file_close().
12862 Free up parser data structures in sudo_file_close().
12866 Parse uri ourself if no ldap_initialize() is present Use
12867 ldap_create() instead of deprecated ldap_init() Use
12868 ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
12871 * config.h.in, configure, configure.in:
12872 Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
12876 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
12878 * config.h.in, configure, configure.in:
12879 add check for ldap_create
12882 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
12884 * config.h.in, configure, configure.in, ldap.c:
12885 Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
12886 dn using the mechanism appropriate for the LDAP SDK in use. Use
12887 ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
12888 ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
12895 * config.h.in, configure.in:
12896 fix typo in mtim_getnsec
12899 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
12901 * config.h.in, configure, configure.in:
12902 add check for st__tim in struct stat as used by SCO
12906 use ldap_search_ext_s instead of deprecated ldap_search_s
12909 * Makefile.in, TODO, sudo.cat, sudo.man.in:
12910 add sudo_nss.h to HDRS
12914 Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
12918 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
12921 Use ldap_get_values_len()/ldap_value_free_len() instead of the
12922 deprecated ldap_get_values()/ldap_value_free().
12933 * gettime.c, sudo.c:
12934 Remove some already fixed XXXs
12938 Same return value as non-existent sudoers if LDAP was unable to
12943 mention /etc/environment
12946 * README.LDAP, UPGRADE, WHATSNEW:
12947 Update to reflect recent developments.
12951 Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
12955 When building up a query don't list groups in the aux group vector
12956 that are the same as the passwd file group. On most systems the
12957 first gid in the group vector is the same as the passwd entry gid.
12961 Define LDAPNOINIT before calling ldap_init(), etc. to disable user
12962 ldaprc and system defaults that could affect how LDAP works.
12965 * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
12966 sudo_nss.c, sudo_nss.h:
12967 Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
12968 to specify nsswitch.conf path or disable it. If --with-nsswitch=no
12969 but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
12970 file and --with-ldap-secret-file
12974 Honor def_ignore_local_sudoers
12977 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
12980 no longer need to check def_ignore_local_sudoers here
12984 Refactor group vector resetting into a function and also call it
12985 from display_cmnd. Stop after the first sucessful match in
12986 display_cmnd. Print a newline between each display_privs method.
12990 fix double free introduced in rev 1.218
12994 belt and suspenders; zero out result after freeing it
12997 * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
12998 Refactor line reading into a separate function, sudo_parseln(),
12999 which removes comments, leading/trailing whitespace and newlines.
13000 May want to rethink the use of sudo_parseln() for /etc/ldap.secret
13004 Make the inability to read the sudoers file a non-fatal error if
13005 there are other sudoers sources available. sudoers_file_lookup now
13006 returns "not OK" if sudoers was not present
13010 make it clear that the global options are from LDAP
13014 allocate proper amount of space for error string
13017 * sudo_nss.c, sudo_nss.h:
13018 actual sudo nss code
13021 * ldap.c, parse.c, sudo.c, sudo.h:
13022 nss-ify display_privs and display_cmnd.
13025 * defaults.c, parse.c, testsudoers.c, visudo.c:
13026 move update_defaults() to parse.c
13029 * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
13030 Use nsswitch to hide some sudoers vs. ldap implementation details
13031 and reduce the number of #ifdef LDAP TODO: fix display routines and
13035 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
13037 * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
13038 First cut at nsswitch.conf support. Further reorganizaton and
13039 related changes are forthcoming.
13042 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
13044 * env.c, pathnames.h.in, sudo.c, sudo.h:
13045 Add support for reading and /etc/environment file. Still needs to
13046 be documented and should probably only applies to OSes that have it
13047 (AIX and Linux, maybe others).
13054 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
13060 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
13067 Add an example sudoRole, clarify netscape vs. openldap a bit more
13071 Be clear on what is OpenLDAP vs. Netscape-derived
13074 * config.h.in, configure, configure.in, ldap.c:
13075 Use ldapssl_init() for ldaps support instead of trying to do it
13076 manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
13077 and tls_key for cert7.db and key3.db respectively. Don't print
13078 debugging info for options that are not set. Add warning if
13079 start_tls specified when not supported.
13083 fix compilation on solaris
13087 add missing .h and .c files for missing lib objs
13090 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
13093 fix LDAP_OPT_NETWORK_TIMEOUT setting
13097 fix compilation on Solaris
13100 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
13102 * configure, configure.in:
13107 try to clear up which variables are for OpenLDAP and which are for
13108 netscape-derived SDKs
13111 * config.h.in, configure, configure.in, ldap.c:
13112 Add support for "ssl on" in both netscape and openldap flavors. Only
13113 the OpenLDAP flavor has been tested.
13116 * logging.c, sudo.c, sudo.h:
13117 Call cleanup() before exit in log_error() instead of calling
13118 sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
13125 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
13127 * logging.c, sudo.c, sudo.h:
13128 Better ldap cleanup.
13132 Distinguish between LDAP conf settings that are connection-specific
13133 (which take an ld pointer) and those that are default settings
13137 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
13140 Improved warnings on error.
13144 Make ldap config table driven and set the config *after* we open the
13148 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
13151 fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
13154 * configure, configure.in:
13155 some operating systems need to link with -lkrb5support when using
13159 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
13165 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
13169 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
13175 * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
13176 add -g support for LDAP
13179 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
13181 * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
13182 The -i and -s flags can now take an optional command.
13185 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
13187 * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
13189 Add passprompt_override flag to sudoers that will cause the prompt
13190 to be overridden in all cases. This flag is also set when the user
13191 specifies the -p flag.
13195 Move setting of login class until after sudoers has been parsed. Set
13196 NewArgv[0] for -i after runas_pw has been set.
13199 * configure, configure.in:
13200 Move the dgettext check.
13203 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
13205 * auth/pam.c, config.h.in, configure, configure.in:
13206 Add basic support for looking up the string "Password: " in the PAM
13207 localized text db. This allows us to determine whether the PAM
13208 prompt is the default "Password: " one even if it has been
13211 TODO: concatenate non-std PAM prompts and user-specified sudo
13215 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
13217 * Makefile.in, config.h.in, configure, configure.in, parse.c,
13218 set_perms.c, sudo.c, sudo.h:
13219 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
13223 * acsite.m4, configure, interfaces.c, memrchr.c:
13224 Fix typos; Martynas Venckus
13227 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
13230 Don't assume runas_pw is set; it may not be in the -g case.
13233 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
13235 * logging.c, set_perms.c:
13236 Set aux group vector for PERM_RUNAS and restore group vector for
13237 PERM_ROOT if we previously changed it. Stash the runas group vector
13238 so we don't have to call initgroups more than once. Also add no-op
13239 check to check_perms.
13242 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
13244 * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
13245 ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
13246 pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
13247 sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
13248 testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
13249 Add support for runas groups. This allows the user to run a command
13250 with a different effective group. If the -g option is specified
13251 without -u the command will be run as the current user (only the
13252 group will change). the -g and -u options may be used together.
13253 TODO: implement runas group for ldap improve runas group
13254 documentation add testsudoers support
13257 * configure, configure.in:
13258 fix setting of mandir
13261 * sudo.pod, sudoers.pod:
13262 document that ALL implies SETENV
13266 s/setenv_ok/setenv_implied/g
13270 hostname_matches() returns TRUE on match in sudo 1.7.
13274 use strcmp, not strcasecmp when comparing ALL
13278 Make sudo ALL imply setenv. Note that unlike with file-based
13279 sudoers this does affect all the commands in the sudoRole.
13282 * gram.c, gram.y, parse.c, parse.h:
13283 sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
13284 it is not passed on to other commands in the list.
13288 Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
13289 sudo_getpwuid() instead of getpwuid().
13292 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
13295 Expand on the dangers of not using visudo to edit sudoers.
13298 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
13301 Don't quote *?[]! on output since the lexer does not strip off the
13302 backslash when reading those in.
13305 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
13308 expand "u_foo" types to "unsigned foo" to avoid compatibility
13312 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
13315 Refactor log line generation in to new_logline().
13318 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
13324 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
13326 * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
13328 Add configure check for struct in6_addr instead of relying on
13329 AF_INET6 since some systems define AF_INET6 but do not include IPv6
13333 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
13335 * configure, configure.in:
13336 Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
13340 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
13342 * configure, configure.in:
13343 POSIX states that struct timespec be declared in time.h so check
13344 there regardless of the value of TIME_WITH_SYS_TIME.
13347 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
13350 Instead of defining a macro to call the appropriate method for
13351 turning on/off echo, just define tc[gs]etattr() and the related
13352 defines that use the correct terminal ioctls if needed. Also go back
13353 to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
13356 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
13366 * INSTALL, auth/pam.c, config.h.in, configure.in:
13367 Add --disable-pam-session configure option to disable calling
13368 pam_{open,close}_session. May work around bugs in some PAM
13372 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
13379 Avoid printing the prompt if we are already backgrounded. E.g. if
13380 the user runs "sudo foo &" from the shell. In this case, the call
13381 to tcsetattr() will cause SIGTTOU to be delivered.
13384 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
13386 * def_data.c, def_data.h, def_data.in:
13387 Reorder things such that the definition of env_reset come right
13388 before the env variable lists.
13392 Shrink type and seqno in struct alias from int to u_short
13395 * alias.c, match.c, parse.c, parse.h:
13396 Add a sequence number in the aliases for loop detection. If we find
13397 an alias with the seqno already set to the current (global) value we
13398 know we've visited it before so ignore it.
13401 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
13403 * TODO, auth/pam.c, sudo.c, sudo.h:
13404 PAM wants the full tty path so add user_ttypath which holds the full
13405 path to the tty or is NULL if no tty was present.
13409 Set PAM_RHOST to work around a bug in Solaris 7 and lower that
13413 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
13419 * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
13420 parse.h, testsudoers.c, visudo.c:
13424 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
13427 remove some useless casts
13431 pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
13432 predates the final C99 spec and the standard specifies that it shall
13433 include stdint.h anyway
13436 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
13438 * Makefile.in, alloca.c, configure.in:
13439 Since we ship with a pre-generated parser there is no need to ship a
13440 bogus alloca implementation.
13448 remove initial setting of CHECKSIA, we require that it be unset if
13461 only do SIA checks on Digital Unix
13464 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
13466 * sudoers.cat, sudoers.man.in:
13475 Remove call to krb5_cc_register() as it is not needed for modern
13483 * aclocal.m4, configure.in:
13484 New method for setting the default authentication type and avoiding
13485 conflicts in auth types.
13488 * match.c, parse.c, testsudoers.c:
13489 Each entry in a cmndlist now has an associated runaslist so no need
13490 to keep track of the most recent non-NULL one.
13493 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
13496 back out partial ldaps support mistakenly committed
13500 Add support for unix groups and netgroups in sudoRunas
13503 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
13506 Fix sudoedit of a non-existent file. From Tilo Stritzky.
13509 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
13516 update --passprompt escape info
13520 remove now-bogus comment and update copyright date
13524 Fix up use of with_passwd
13527 * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
13528 Update to autoconf-2.61 andf libtool-1.5.24
13532 "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
13535 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
13542 move tags and runaslist propagation to be earlier
13546 If -f flag given use the permissions of the original file as a
13551 prevent a double free() when re-initing the parser
13554 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
13560 * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
13561 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
13562 auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
13563 configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
13564 parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
13565 sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
13566 Remove support for compilers that don't support void *
13573 * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
13574 parse.c, parse.h, testsudoers.c, visudo.c:
13575 Move list manipulation macros to list.h and create C versions of the
13576 more complex ones in list.c. The names have been down-cased so they
13577 appear more like normal functions.
13581 Fix cmp command when regenerating parser. Make gram.o the first
13582 dependency for all programs so gram.h will be generated before
13583 anything that needs it.
13587 Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
13590 * match.c, parse.c, testsudoers.c:
13591 Use LH_FOREACH_REV when checking permission and short-circuit on the
13592 first non-UNSPEC hit we get for the command. This means that
13593 instead of cycling through the all the parsed sudoers entries we
13594 start at the end and work backwards and quit after the first
13595 positive or negative match.
13602 * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
13603 Change list head macros to take a pointer, not a struct.
13611 Propagate the runasspec from one command to the next in a cmndspec.
13614 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
13617 Replace has_meta() with a macro that calls strpbrk().
13623 * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
13624 testsudoers.c, visudo.c:
13625 Use a list head struct when storing the semi-circular lists and
13626 convert to tail queues in the process. This will allow us to
13627 reverse foreach loops more easily and it makes it clearer which
13628 functions expect a list as opposed to a single member.
13630 Add macros for manipulating lists. Some of these should become
13633 When freeing up a list, just pop off the last item in the queue
13634 instead of going from head to tail. This is simpler since we don't
13635 have to stash a pointer to the next member, we always just use the
13636 last one in the queue until the queue is empty.
13638 Rename match functions that take a list to have list in the name.
13639 Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
13643 Fix pasto, append "!" not negated (which is an int) for sudo -l
13648 Remove the dependency of gram .h on gram.y, the .c dependency is
13649 enough. Only move y.tab.h to gram.h if it is different; avoids
13650 needless rebuilding.
13653 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
13656 Defaults lines may be associated with lists of users, hosts,
13657 commands and runas users, not just single entries.
13660 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
13663 Revert the "cmp" portion of the last diff, it doesn't make sense.
13667 Remove *.lo for clean: When generating the parser, only move the
13668 generated files into place if they differ from the existing ones.
13671 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
13674 Replace IPV6 regexp with a much simpler (readable) one and add an
13675 extra check when it matches to make sure we have a valid address.
13679 Fix thinko introduced when merging IPV6 support.
13682 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
13684 * HISTORY, LICENSE:
13693 mention #uid vs. comment pitfall
13697 Merge in a patch from the libtool cvs that fixes a problem with the
13698 latest autoconf. From Stepan Kasal.
13702 Back out he XOR swap trick, it is slower than a temp variable on
13711 Convert the tail queue to a semi-circle queue and use the XOR swap
13712 trick to swap the prev pointers during append.
13715 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
13718 remove useless statement
13722 Refactor #include parsing into a separate function and return
13723 unparsed chars (such as newline or comment) back to the lexer.
13726 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
13729 mention better uid support
13733 Users may now consist of a uid.
13736 * gram.c, gram.h, toke.c:
13741 Use lbuf_append_quoted() for sudo -l output to quote characters that
13742 would require quoting in sudoers.
13746 Add lbuf_append_quoted() which takes a set of characters which
13747 should be quoted with a backslash when displayed.
13751 Require that the first character after a comment not be a digit or a
13752 dash. This allows us to remove the GOTRUNAS state and treat
13753 uid/gids similar to other words. It also means that we can now
13754 specify uids in User_Lists and a User_Spec may now contain a uid.
13758 Replace RUNAS token with '(' and ')' tokens to make the runas
13759 portion of the grammar more natural.
13763 The BUGS file is history
13766 * Makefile.in, README:
13767 The BUGS file is history
13770 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
13773 Allow comments after a RunasAlias as long as the character after the
13774 pound sign isn't a digit or a dash.
13778 Glob support was back-ported to 1.6.9
13781 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
13784 remove sudo_usage.h in distclean
13788 If a Defaults value contains a blank, double-quote the string.
13792 Properly deal with Defaults double-quoted strings that span multiple
13793 lines using the line continuation char. Previously, the entire
13794 thing, including the continuation char, newline, and spaces was
13799 Be consistent when using single quotes and backticks.
13802 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
13804 * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
13805 sudo.c, sudo_usage.h.in:
13806 Add new linebuf code to do appends of dynamically allocated strings
13807 and word-wrapped output. Currently used for sudo's usage() and sudo
13808 -l output. Sudo usage strings are now in sudo_usage.h which is
13809 generated at configure time.
13812 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
13814 * parse.c, sudo.c, sudo.h:
13815 Fix line wrapping in usage() and use the actual tty width instead of
13819 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
13826 Mentioned Chris Jepeway's parser and also the new one that is in
13830 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
13832 * sudo.pod, visudo.pod:
13833 For the options list, add flag args where appropriate and increase
13834 the indent level so there is room for them.
13837 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
13840 Fix some spacing in "sudo -l" and add a comment about some bogosity
13841 in the line wrapping.
13844 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13849 * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
13850 def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
13851 parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
13852 testsudoers.c, toke.c, toke.l:
13853 Remove monitor support until there is a versino of systrace that
13854 uses a lookaside buffer (or we have a better mechanism to use).
13857 * config.h.in, configure, configure.in, sudo.c:
13858 use getaddrinfo() instead of gethostbyname() if it is available
13861 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
13864 Deal with OSes where sizeof(gid_t) < sizeof(int).
13868 repair non-getifaddrs() code after ipv6 integration
13872 If we can open sudoers but fail to read the first byte, close the
13873 file stream before trying again.
13876 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
13882 * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
13883 Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
13886 * sudo.pod, sudoers.pod, visudo.pod:
13887 Add some missing markup Update copyright
13890 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
13892 * configure, configure.in:
13893 fix sudo_noexec extension which got broken in the libtool update
13896 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
13899 explicitly specify -Tascii to nroff
13902 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
13905 remove an ANSI-ism that crept in
13908 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
13911 Adjust list indents Prevent -- from being turned into an em dash Use
13912 a list for the environment instead of a literal paragraph
13916 Use a list for the environment instead of an indented literal
13921 Adjust list indentation
13928 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
13931 mention that when specifying a uid for the -u option the shell may
13932 require that the # be escaped
13935 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
13938 Fix off by one in group matching.
13941 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
13944 Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
13947 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
13949 * configure, configure.in:
13950 Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
13951 -lgssapi_krb5 case.
13954 * aclocal.m4, configure, configure.in:
13955 Fix link tests such that new gcc doesn't optimize away the test.
13958 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
13960 * sudo.pod, sudoers.pod, visudo.pod:
13961 add missing over/back
13964 * sudo.pod, sudoers.pod, visudo.pod:
13965 Change FILES section to use =item
13969 Add back allocation of the env struct in rebuild_env but save a copy
13970 of the old pointer and free it before returning.
13974 Don't init the private environment in rebuild_env() since it may
13975 have already been done implicitly sudo_setenv/sudo_unsetenv.
13977 Multiply length by sizeof(char *) in memcpy/memmove when copying the
13978 environment so we copy the full thing.
13980 Add missing set of parens so we deref the right pointer in
13981 sudo_unsetenv when searching for a matching variable.
13984 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
13986 * sudo.pod, sudoers.pod, visudo.pod:
13987 Use file markup for paths in the FILES section
13990 * sudo.pod, sudoers.pod, visudo.pod:
13991 Don't capitalize sudo/visudo
13995 Sort sudoers options; based on a diff from Igor Sobrado.
13998 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
14000 * sudo.pod, sudoers.pod, visudo.pod:
14001 Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
14002 latter confuses pod2man. The Makefile rules for the .man.in file
14003 will add @mansectsu@ and @mansectform@ back in after pod2man is done
14007 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
14009 * LICENSE, Makefile.in, license.pod:
14010 Move license info to pod format
14013 * configure, configure.in, sudoers.pod:
14014 Substitute value of path_info into sudoers man page.
14018 remove features that were back-ported to 1.6.9
14021 * sudo.c, sudo.pod, visudo.c, visudo.pod:
14022 Sort SYNOPSIS and sync usage. From Igor Sobrado.
14026 Only need sudo_setenv/sudo_unsetenv if we are going to use
14027 ldap_sasl_interactive_bind_s() but don't have
14028 gss_krb5_ccache_name().
14032 rebuild without branch info
14036 Add ChangeLog target
14040 Run cleanup code if the user hits ^C at the password prompt.
14044 Some versions of pam_lastlog have a bug that will cause a crash if
14045 PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
14049 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
14052 ChageLog not Changelog
14060 CHANGE -> Changelog
14067 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
14069 * config.h.in, configure, configure.in, ldap.c:
14070 Add configure hooks for gss_krb5_ccache_name() and the gssapi
14074 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
14077 rebuild_env() and insert_env_vars() no longer return environment
14078 pointer, they set environ directly.
14080 No longer need to pass around an envp pointer since we just operate
14083 Add dosync argument to insert_env() that indicates whether it should
14084 reset environ when realloc()ing env.envp.
14086 Use an initial size of 128 for the environment.
14090 Split sudo_setenv() into an external version and a version only for
14091 use by rebuild_env().
14094 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
14097 Add support for using gss_krb5_ccache_name() instead of setting
14098 KRB5CCNAME. Also use sudo_unsetenv() in the non-
14099 gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
14100 original environment. TODO: configure setup for
14101 gss_krb5_ccache_name()
14108 * README.LDAP, ldap.c:
14109 Add support for sasl_secprops in ldap.conf
14113 Add sudo_unsetenv() and refactor private env syncing code into
14117 * README.LDAP, ldap.c:
14118 The ldap.conf variable is sasl_auth_id not sasl_authid.
14121 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
14123 * ldap.c, sudo.c, sudo.h:
14124 Add support for krb5_ccname in ldap.conf. If specified, it will
14125 override the default value of KRB5CCNAME in the environment for the
14126 duration of the call to ldap_sasl_interactive_bind_s().
14130 Remove format_env() Add sudo_setenv() to replace most format_env() +
14131 insert_env() combinations. insert_env() no longer takes a struct
14136 Fix use_sasl vs. rootuse_sasl logic.
14139 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
14140 Add support for SASL auth when connecting to an LDAP server. Adapted
14141 from a diff by Tom McLaughlin.
14144 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
14146 * configure, configure.in:
14147 Only enable AIX or BSD auth if no other exclusive auth method has
14148 been chosen. Allows people to e.g., use PAM on AIX without adding
14149 --without-aixauth. A better solution is needed to deal with default
14150 authentication since if a non-exclusive method is chosen we will
14151 still get an error.
14154 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
14156 * HISTORY, Makefile.in, history.pod:
14157 Generate HISTORY from history.pod (which is also used for web pages)
14160 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
14162 * sudo.man.in, sudoers.man.in:
14167 Better explanation of environment handling in the sudo man page.
14171 Defer setting user-specified env vars until after authentication.
14175 honor def_default_path for PATH set on the command line
14178 * env.c, sudo.c, sudo.pod, sudoers.pod:
14179 Allow user to set environment variables on the command line as long
14180 as they are allowed by env_keep and env_check. Ie: apply the same
14181 restrictions as normal environment variables. TODO: deal with
14185 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
14187 * sudo.c, sudo_edit.c:
14188 Call rebuild_env() in call cases. Pass original envp to sudo_edit().
14189 Don't allow -E or env var setting in sudoedit mode. More accurate
14190 usage() when called as sudoedit.
14198 add -c option to sudoedit synopsis
14206 Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
14207 value from {user,host,runas,cmnd}_matches(). Rename *matches
14208 variables -> *match. Purely cosmetic.
14212 Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
14220 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
14223 Make pwcheck local to the pwflag block. Use pwcheck even if user
14224 didn't match since Defaults options may still apply.
14228 Do not update timestamp if user not validated by sudoers.
14232 for PERM_RUNAS, set the egid to the runas user's gid and restore to
14233 the user's original in PERM_ROOT
14236 * logging.c, mon_systrace.c, set_perms.c, sudo.h:
14237 PERM_FULL_ROOT is now no different than PERM_ROOT so remove
14242 don't check timestamp mtime if we are just going to remove it
14246 Move sudoers defaults parameters into their own section.
14250 Reduce a level of indent by a few placed continue statements.
14254 Make matching but negated commands/hosts/runas entries override a
14255 previous match as expected. Also reduce some levels of indent by a
14256 few placed continue statements.
14259 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
14262 Print default runas in "sudo -l" if sudoers don't specify one.
14266 Less hacky way of testing whether the domain was set.
14269 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
14272 Mention pam-devel and openldap-devel for Linux
14275 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
14281 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
14284 fix typo in Solaris project support
14292 Make -- on the command line match the manual page. The implied shell
14293 case has been simplified as a result.
14296 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
14299 add simplistic support for sudoRunas; note that if a sudoers entry
14300 contains multiple Runas users, all will apply to the sudoRole
14304 honor SETENV and NOSETENV tags
14307 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
14310 Redo setting of user_args. We now build up a private copy of argv
14311 first and then replace the NULs?with spaces.
14315 getcwd() returns NULL on failure, not 0 on success
14319 allow chunksiz to reach 1 before erroring out
14322 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
14327 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
14329 * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
14330 logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
14332 Add support for setting environment variables on the command line.
14333 This is only allowed if the setenv sudoers options is enabled or if
14334 the command is prefixed with the SETENV tag.
14338 replace Aaron's email address with the sudo-workers list
14345 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
14347 * schema.OpenLDAP, schema.iPlanet:
14348 Break schema out into separate files.
14351 * Makefile.in, README.LDAP:
14352 Break schema out into separate files.
14355 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
14358 free message if set by authenticate()
14362 deal with NULL gr_mem
14365 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
14372 add template for HAVE_PROJECT_H
14379 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
14382 mention --with-project
14385 * config.h.in, configure.in, sudo.c:
14386 Add Solaris 10 "project" support. From Michael Brantley.
14398 Fix preservation of LDFLAGS in the LDAP case.
14402 Remove dependecy on NULL
14409 * aclocal.m4, configure.in:
14410 Can't use the regular autoconf fnmatch() check since we need
14411 FNM_CASEFOLD so go back to our custom one.
14415 Fix preserving of variables in env_keep.
14423 expand upon env resetting and mention that it began in 1.6.9 not
14428 Update descriptions of env_keep and env_check to match current
14432 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
14435 Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
14436 LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
14439 * env.c, logging.c:
14440 Treat USERNAME environemnt variable like LOGNAME/USER
14444 Don't need to populate keepenv table with the contents of the
14449 Don't force sudo into the C locale.
14453 Make env_check apply when env_reset it true. Environment variables
14454 are passed through unless they contain '/' or '%'. There is no need
14455 to have a variable in both env_check and env_keep.
14458 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
14461 Remove an duplicate lock_file() call and add a comment.
14465 Add sudo 1.6.9 upgrade note.
14468 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
14471 Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
14472 small. From Klaus Wagner.
14475 * logging.c, sudo.h:
14476 Redo the long syslog line splitting based on a patch from Eygene
14477 Ryabinkin. Include memrchr() for systems without it.
14481 Redo the long syslog line splitting based on a patch from Eygene
14482 Ryabinkin. Include memrchr() for systems without it.
14485 * Makefile.in, config.h.in, configure, configure.in:
14486 Redo the long syslog line splitting based on a patch from Eygene
14487 Ryabinkin. Include memrchr() for systems without it.
14491 Since we need to be able to convert timespec to timeval for utimes()
14492 the last 3 digits in the tv_nsec are not significant. This makes the
14493 sudoedit file date comparison work again.
14496 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
14498 * aclocal.m4, configure, configure.in:
14499 Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
14500 This deals with exclusive authentication methods in a simple way.
14503 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
14506 mkstemp.c is BSD code too.
14509 * sudo.pod, sudoers.pod, visudo.pod:
14510 No commercial support for now.
14513 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
14516 cleanenv() is no more.
14519 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
14522 Display branch info in Changelog
14526 Include config.h early so we have it for TIME_WITH_SYS_TIME
14530 Fix Changelog generation and update.
14533 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
14536 Use /proc/self/fd instead of /proc/$$/fd
14538 Move old-style fd closing into closefrom_fallback() and call that if
14539 /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
14542 * auth/kerb5.c, config.h.in, configure.in:
14543 o use krb5_verify_user() if available instead of doing it by hand o
14544 use krb5_init_secure_context() if we have it o pass an encryption
14545 type of 0 to krb5_kt_read_service_key() instead of
14546 ENCTYPE_DES_CBC_MD5 to let kerberos choose.
14550 Check TERM and COLORTERM for '%' and '/' characters. From Debian.
14554 Fix closefrom() substitution in the Makefile
14558 Mention alternate sudo pronunciation.
14561 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
14564 Remove KRB5_KTNAME from environment. Allow COLORTERM.
14568 If we cannot get a valid service key using the default keytab it is
14569 a fatal error. Fixes a bug where sudo could be tricked into
14570 allowing access when it should not by a fake KDC. From Thor Lancelot
14574 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
14576 * aclocal.m4, configure, configure.in:
14577 Update long long checks to use AC_CHECK_TYPES and to cache values.
14580 * aclocal.m4, configure.in:
14581 Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
14582 use AC_REPLACE_FNMATCH since that assumes replacing with GNU
14586 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
14588 * configure, configure.in:
14589 Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
14590 need it for visudo now too.
14593 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
14596 Attempt to clarify the bit talking about network numbers w/o
14601 Clarify timestamp dir ownership sentence.
14604 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
14607 Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
14611 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
14614 -i is also one of the mutually exclusive options to list it in the
14615 warning message. Noted by Chris Pepper.
14618 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
14621 The sudoers variable is env_editor, not enveditor. From Jean-
14625 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
14628 I tracked down the original author so credit him and include his
14632 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
14634 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
14636 Fix typos; from Jason McIntyre.
14640 Restore signal mask before calling reapchild(). Fixes a possible
14641 race condition that could prevent sudo from properly waiting for the
14645 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
14648 Don't declare pw_free() if we are not going to use it.
14652 Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
14653 LDR_PRELOAD64. The 64-bit version is not currently supported.
14654 Remove zero_env() prototype as it no longer exists.
14657 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
14660 Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
14663 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
14666 If the user enters ^C at the password prompt, abort instead of
14667 trying to authenticate with an empty password (which causes an
14671 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
14673 * closefrom.c, config.h.in, configure, configure.in:
14674 Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
14679 pw_free() is only used by sudo_freepwcache() so ifdef it out too.
14682 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
14684 * config.guess, config.sub:
14685 Update to latest versions from cvs.savannah.gnu.org
14688 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
14690 * pwutil.c, sudo_edit.c:
14691 Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
14692 we can close the passwd/group files early.
14695 * config.h.in, configure, configure.in, set_perms.c:
14696 Add seteuid() flavor of set_perms() for systems without setreuid()
14697 or setresuid() that have a working seteuid(). Tested on Darwin.
14700 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
14703 systrace_read() returns ssize_t
14706 * configure, configure.in:
14707 Fix typo, -lldap vs. -ldap; from Tim Knox.
14710 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
14713 Fix typo; Matt Ackeret
14716 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
14719 Print sudoers path in -V mode for root.
14722 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
14725 Do a sub tree search instead of a base search (one level in the tree
14726 only) for sudo right objects. This allows system administrators to
14727 categorize the rights in a tree to make them easier to manage.
14730 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
14736 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
14739 Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
14740 bind_timelimit support; adapted from gentoo.
14743 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
14746 Support comments that start in the middle of a line
14749 * configure, configure.in:
14750 Define LDAP_DEPRECATED until we start using ldap_get_values_len()
14753 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
14756 Silence gcc -Wsign-compare; djm@openbsd.org
14759 * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
14760 cleanup() now takes an int as an arg so it can be used as a signal
14765 Make a copy of the shell field in the passwd struct for NewArgv to
14766 avoid a use after free situation after sudo_endpwent() is called.
14769 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
14771 * config.h.in, configure, configure.in:
14772 Add mkstemp() for those poor souls without it.
14776 Add mkstemp() for those poor souls without it.
14780 Add mkstemp() for those poor souls without it.
14783 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
14786 Add PERL5DB to list of environment variables to remove.
14789 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
14791 * mon_systrace.c, mon_systrace.h:
14792 Instead of calling the check function twice with a state cookie use
14793 separate check/log functions.
14795 Check more ioctl() calls for failure.
14797 systrace_{read,write} now return the number of bytes read/written or
14802 Add more environment variables to remove; from gentoo linux Add some
14803 comments about what bad env variables go to what (more to do)
14806 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
14808 * sudo.c, sudo_edit.c:
14809 Move sudo_end{gr,pw}ent() until just before the exec since they free
14810 up our cached copy of the passwd structs, including sudo_user and
14811 sudo_runas. Fixes a use-after-free bug.
14815 Close all fd's before executing editor.
14819 Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
14823 Fix fd leak when lecture file option is enabled. From Jerry Brown
14826 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
14829 Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
14830 environment variables to remove. From Charles Morris
14833 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
14836 add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
14839 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
14842 add PS4 and SHELLOPTS to initial_badenv_table for bash
14845 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
14848 Fix typo; Toby Peterson
14851 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
14854 Make return buffers static so they don't get clobbered
14857 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
14860 Fix securid5 authentication, was not checking for ACM_OK. Also add
14861 default cases for the two switch()es. Problem noted by ccon at
14865 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
14868 Remove ncat() in favor of just counting bytes and pre-allocating
14872 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
14875 Fix up some comments Add missing fclose() for the rootbinddn case
14879 align struct ldap_config
14883 use LINE_MAX for max conf file line size
14887 add _PATH_LDAP_SECRET
14891 Mention rootbinddn Give example ou=SUDOers container
14894 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
14896 * INSTALL, configure, configure.in, ldap.c:
14897 Support rootbinddn in ldap.conf
14900 * env.c, sudo.pod, sudoers.pod:
14901 Preserve DISPLAY environment variable by default.
14904 * acsite.m4, configure:
14905 set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
14908 * acsite.m4, configure:
14909 set need_version=no for all cases; this is safe for LD_PRELOAD
14916 * configure, configure.in:
14921 Fix call to pam_end() when pam_open_session() fails.
14929 rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
14930 ltsugar.m4 ltversion.m4
14933 * config.guess, config.sub, ltmain.sh:
14934 merge in local changes: config.guess: o better openbsd support
14935 config.sub: o hiuxmpp support ltmain.sh o remove requirement that
14936 libs must begin with "lib" o don't print a bunch of crap about
14937 library installs o don't run ldconfig
14940 * config.guess, config.sub, ltmain.sh:
14945 Update with autoupdate and make minor changes for libtool 1.9f
14948 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
14951 don't call sudo_ldap_display_cmnd if ldap not setup
14954 * sudo_edit.c, visudo.c:
14955 Move declatation of struct timespec to its own include files for
14956 systems without it since it needs time_t defined.
14960 Move declatation of struct timespec to its own include files for
14961 systems without it since it needs time_t defined.
14965 Move declatation of struct timespec to its own include files for
14966 systems without it since it needs time_t defined.
14970 Move declatation of struct timespec to its own include files for
14971 systems without it since it needs time_t defined.
14974 * check.c, compat.h:
14975 Move declatation of struct timespec to its own include files for
14976 systems without it since it needs time_t defined.
14980 Don't set safe_cmnd for the "sudo ALL" case.
14983 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
14986 Call pam_open_session() and pam_close_session() to give pam_limits a
14987 chance to run. Idea from Karel Zak.
14990 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
14993 Add explicit cast from mode_t -> u_int in printf to silence warnings
14998 include grp.h to silence a warning on Solaris
15001 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
15004 Fix printing of += and -= defaults.
15007 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
15010 Sanity check number of syscall args with argsize. Not really needed
15011 but a little paranoia never hurts.
15014 * mon_systrace.c, mon_systrace.h:
15015 Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
15016 for systrace lengths (since it uses int)
15019 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
15022 Add some memsets for paranoia Fix namespace collsion w/ error Check
15023 rval of decode_args() and update_env() Remove improper setting of
15027 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
15029 * parse.c, sudo.c, sudo.h:
15030 In -l mode, only check local sudoers file if def_ignore_sudoers is
15031 not set and call LDAP versions from display_privs() and
15032 display_cmnd() instead of directly from main(). Because of this we
15033 need to defer closing the ldap connection until after -l processing
15034 has ocurred and we must pass in the ldap pointer to display_privs()
15035 and display_cmnd().
15039 Reorganize LDAP code to better match normal sudoers parsing.
15040 Instead of storing strings for later printing in -l mode we do
15041 another query since the authenticating user and the user being
15042 listed may not be the same (the new -U flag). Also add support for
15045 There is still a fair bit if duplicated code that can probably be
15049 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
15052 Replace pass variable with do_netgr for better readability.
15060 estrdup, not strdup
15063 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
15066 Add macro to test if the tag changed to improve readability.
15070 Avoid printing defaults header if there are no defaults to print...
15074 Fix a warning on systems without strlcpy().
15078 Use macros where possible for sudo_grdup() like sudo_pwdup().
15081 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
15084 It is possible for tv_usec to hold >= 1000000 usecs so add in
15088 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
15091 The component in krb5_principal_get_comp_string() should be 1, not 0
15092 for Heimdal. From Alex Plotnick.
15095 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
15097 * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
15098 interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
15099 redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
15100 Add efree() for consistency with emalloc() et al. Allows us to rely
15101 on C89 behavior (free(NULL) is valid) even on K&R.
15105 Move initgroups() for -U option into display_privs() so group
15106 matching in sudoers works correctly.
15109 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
15112 Removed duplicate call to ldap_unbind_s introduced along with
15117 Add missing space in Defaults printing
15120 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
15123 Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
15127 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
15130 Zero old pw_passwd before replacing with version from shadow file.
15133 * configure, configure.in:
15134 Only attempt shadow password detection if PAM is not being used Add
15135 shadow_* variables to make shadow password detection more generic.
15139 Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
15142 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
15145 use a non-breaking space to avoid a double space after e.g.
15149 commna, not colon after e.g.
15152 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
15155 Add __ variants of the exec functions. GNU libc at least uses
15156 __execve() internally.
15160 Match reality a bit more.
15164 Missed piece from rev. 1.6, fix sudo_getpwnam() too.
15168 Store shadow password after making a local copy of struct passwd in
15169 case normal and shadow routines use the same internal buffer in
15173 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
15175 * alloc.c, logging.c:
15176 Make varargs usage consistent with the rest of the code.
15179 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
15182 Wrap more of the exec family since on Linux the others do not appear
15183 to go through the normal execve() path.
15187 make print_unused static like proto says
15191 silence a warning on K&R systems
15194 * alias.c, error.c:
15195 make this build in K&R land
15199 make this build in K&R land
15202 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
15208 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
15211 return(foo) not return foo optimize _atobool() slightly
15219 Reformat to match the rest of sudo's code.
15223 I am the primary author
15226 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
15228 * Makefile.in, README, RUNSON:
15229 The RUNSON file is toast--it confused too many people and really
15230 isn't needed in a configure-oriented world.
15234 alternate -> alternative
15238 Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
15243 Allow leading blanks before Defaults and Foo_Alias definitions
15247 fix rules to build toke.o and gram.o in devel mode
15250 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
15253 env_keep overrides set_logname
15257 Fix disabling set_logname and make env_keep override set_logname.
15260 * compat.h, config.h.in, configure, configure.in:
15261 No longer need memmove()
15265 Just clean the environment once. This assumes that any further
15266 setenv/putenv will be able to handle the fact that we replaced
15267 environ with our own malloc'd copy but all the implementations I've
15271 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
15274 In -i mode, base the value of insert_env()'s dupcheck flag on
15275 DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
15278 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
15281 Move setting of user_path, user_shell, user_prompt and prev_user
15282 into init_vars() since user_shell at least is needed there.
15285 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
15292 Fix some printf format mismatches on error.
15296 Fix some printf format mismatches on error.
15299 * configure, gram.c, toke.c:
15303 * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
15304 auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
15305 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
15306 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
15307 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
15308 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
15309 emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
15310 getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
15311 interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
15312 parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
15313 snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
15314 sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
15315 testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
15316 visudo.pod, zero_bytes.c:
15317 Update copyright years.
15320 * Makefile.binary.in:
15321 Update copyright years.
15325 Update copyright years.
15328 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
15333 What's new in sudo 1.7, based on the 1.7 CHANGES entries.
15336 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
15338 * compat.h, logging.h, sudo.h:
15339 Add __printflike and use it with gcc to warn about printf-like
15343 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
15345 * CHANGES, ChangeLog:
15346 Replaced CHANGES file with ChangeLog generated from cvs logs
15350 Use warning/error instead of perror/fatal.
15354 Update OpenBSD section
15358 Add upgrading noted for 1.7
15361 * env.c, sudo.c, sudoers.pod:
15362 Instead of zeroing out the environment, just prune out entries based
15363 on the env_delete and env_check lists. Base building up the new
15364 environment on the current environment and the variables we removed
15368 * config.h.in, configure, configure.in, sudo.c:
15369 Set locale to "C" if locales are supported, just to be safe.
15373 Cast?argument to ctype functions to unsigned char.
15376 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
15379 correct value for DID_USER
15382 * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
15383 #include <compat.h> not "compat.h"
15387 Reset the environment by default.
15391 Alloc an extra slot in NewArgv. Removes the need to malloc an new
15392 vector if execve() fails.
15395 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
15397 * INSTALL, config.h.in, configure, configure.in, sudo.c:
15398 Use execve(2) and wrap the command in sh if we get ENOEXEC.
15401 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
15404 Only include time.h on systems that lack struct timespec which gets
15405 defind in compat.h (using time_t).
15409 Include time.h for time_t in compat.h for systems w/o struct
15413 * compat.h, config.h.in, configure, configure.in:
15414 use bcopy on systems w/o memmove
15418 __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
15423 Add explicit rule to build sudo_noexec.lo
15426 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
15428 * INSTALL.configure, Makefile.in:
15429 No longer depend on VPATH; pointed out a bunch of missed
15434 Help for PAM when account section is missing
15438 Give user a clue when there is a missing "account" section in the
15443 Better error handling.
15446 * config.h.in, configure, configure.in:
15447 Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
15448 possible. Silences a warning about isblank() on linux.
15452 Fix typo (missing comma) that caused an incorrect number of args to
15453 be passed to log_error().
15456 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
15459 Don't try to destroy a tree we didn't create.
15462 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
15464 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
15465 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
15466 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
15467 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
15468 compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
15469 fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
15470 goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
15471 match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
15472 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
15473 strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
15474 tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
15475 Add __unused to rcsids
15478 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
15480 * configure, configure.in:
15481 Fix error message when mixing invalid auth types
15485 PAM, AIX auth, BSD auth and login_cap are now on by default if the
15489 * auth/sudo_auth.h, config.h.in:
15490 s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
15494 Better checking for conflicting authentication methods Display the
15495 authentication methods used at the end of configure Rename --with-
15496 authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
15497 --with-pam, --with-logincap by default on systems that support them
15498 unless disabled. Add OSMAJOR variable that replaces old OSREV; now
15499 OSREV has full version number
15502 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
15504 * def_data.c, def_data.in, sudo.c, sudoers.pod:
15508 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
15511 Replace: test -n "$FOO" || FOO="bar"
15513 With: : ${FOO='bar'}
15516 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
15518 * pwutil.c, testsudoers.c, tsgetgrpw.c:
15519 Use function pointers to only call private passwd/group routines
15520 when using a nonstandard passwd/group file.
15523 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
15530 Can't use strtok() since it doesn't handle empty fields so add
15531 getpwent()/getgrent() functions and call those.
15534 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
15537 Fix dummied out toke.c and gram.c dependencies.
15541 Rename PARSESRCS -> GENERATED since it is only used in the clean
15542 target Add devdir variable and use it to specify the path to parser
15551 Add a devdir variables that defaults to $(srcdir) and is set to . if
15552 --devel was specified. Allows for proper dependecies building the
15557 Add support for custom passwd/group files.
15561 Build private copy of pwutil.o for testsudoers with MYPW defined so
15562 it uses our own passwd/group routines.
15566 Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
15567 stubs instead. We can now just use the caching sudo_*{pw,gr}*
15568 functions in pwutil.c Add comment about wanting to call
15569 sudo_endpwent/sudo_endgrent in cleanup()
15573 Remove caching; we will just use what is in pwutil.c Use global
15574 buffers for passwd/group structs Rename functions from sudo_* to
15578 * logging.c, sudo.c:
15579 g/c pwcache_init/pwcache_destroy
15583 Undo last commit and add sudo_setspent and sudo_endspent instead.
15586 * getspwuid.c, pwutil.c:
15587 Move all but the shadow stuff from getspwuid.c to pwutil.c and
15588 pwcache_get and pwcache_put as they are no longer needed. Also add
15589 preprocessor magic to use private versions of the passwd and group
15590 routines if MYPW is defined (for use by testsudoers).
15594 zero out struct passwd/group before filling it in so if there are
15595 fields we don't handle they end up as 0.
15598 * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
15603 Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
15608 Passwd and group lookup routines for testsudoers that support
15609 alternate passwd and group files.
15612 * getspwuid.c, pwutil.c:
15613 Split off pw/gr cache and dup code into its own file. This allows
15614 visudo and testsudoers to use the pw/gr cache too.
15617 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
15620 Print Defaults info in "sudo -l" output and wrap lines based on the
15624 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
15626 * match.c, testsudoers.c, visudo.c:
15627 Only check group vector in usergr_matches() if we are matching the
15628 invoking or list user. Always check the group members, even if
15629 there was a group vector.
15632 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
15634 * LICENSE, Makefile.in, fnmatch.3:
15635 No longer bundle fnmatch.3
15642 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
15649 Sort command line options
15652 * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
15653 sudo.pod, sudoers.pod:
15654 Add closefrom sudoers option to start closing at a point other than
15655 3. Add closefrom_override sudoers option and -C sudo flag to allow
15656 the user to specify a different closefrom starting point.
15660 Add _PATH_DEVNULL for those without it.
15664 no more UCB strcasecmp
15668 replace BSD licensed one with version derived from pdksh
15671 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
15678 Make sure stdin, stdout and stderr are open and dup them to
15682 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
15684 * ldap.c, mon_systrace.c, sudo.c, sudo.h:
15685 add sudo_ldap_close
15688 * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
15689 Use TIME_WITH_SYS_TIME
15692 * config.h.in, configure, configure.in:
15693 Add TIME_WITH_SYS_TIME_H
15696 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
15699 Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
15700 unconditionally on darwin. From Toby Peterson.
15704 Check rbinsert() return value. In the case of faked up entries
15705 there is usually a negative response cached that we need to
15708 In pwfree() don't try to zero out a NULL pw_passwd pointer.
15712 Use the double fork trick to avoid the monitor process being waited
15713 for by the main program run through sudo.
15716 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
15719 Call initgroups() in -U mode so group matches work normally.
15722 * def_data.h, mkdefaults:
15723 Don't print a trailing comma for the last entry in enum def_tupple
15726 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
15728 * sudoers.cat, sudoers.man.in, sudoers.pod:
15729 Mention values when lecture, listpw and verifypw are used in boolean
15733 * def_data.c, def_data.in:
15734 verifypw when used in a boolean TRUE context should be "all", not
15738 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
15740 * def_data.in, defaults.c:
15741 Allow tuples that can be used as booleans to be used as boolean
15742 TRUE. In this case the 2nd possible value of the tuple is used for
15746 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
15748 * configure, configure.in:
15749 Correct the test for 2-parameter timespecsub
15753 Add strub struct definitions for passwd, timeval and timespec
15756 * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
15757 Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
15758 and fix a typo in the gettimeofday check.
15761 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
15763 * match.c, testsudoers.c:
15764 Deal with user_stat being NULL as it is for visudo and testsudoers.
15767 * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
15768 Add -U option to use in conjunction with -l instead of -u. Add
15769 support for "sudo -l command" to test a specific command.
15772 * gram.c, gram.y, sudo.c:
15773 Set safe_cmnd after sudoers_lookup() if it has not been set.
15774 Previously it was set by sudo "ALL" in the parser but at that point
15775 the fully-qualified pathname has not yet been found.
15778 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
15780 * parse.c, testsudoers.c:
15781 Correctly handle multiple privileges per userspec and runas
15785 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
15788 Zero out sd_un for each entry in sudo_defs_table in init_defaults.
15791 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
15794 make per-command defaults work with sudoedit
15797 * ldap.c, parse.c, sudo.c, sudo.h:
15798 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
15799 Instead, we just set the approriate defaults variable.
15802 * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
15803 Document per-command Defaults.
15806 * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
15807 sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
15808 Add support for command-specific Defaults entries. E.g.
15809 Defaults!/usr/bin/vi noexec
15812 * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
15813 Change an occurence of user_matches() -> runas_matches() missed
15814 previously runas_matches(), host_matches() and cmnd_matches() only
15815 really need to pass in a list of members. user_matches() still
15816 needs to pass in a passwd struct because of "sudo -l"
15820 Check def_authenticate, def_noexec and def_monitor when setting
15821 return flags. XXX May be better to just set the defaults directly
15822 and get rid of those flags.
15825 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
15826 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
15827 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
15828 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
15829 defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
15830 getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
15831 gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
15832 mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
15833 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
15834 sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
15835 visudo.c, zero_bytes.c:
15836 Use: #include <config.h> Not: #include "config.h" That way we get
15837 the correct config.h when build dir != src dir
15841 Back out part of rev 1.263; fix -I order
15845 More robust parsing if #include; could be much better still.
15848 * sudo_edit.c, visudo.c:
15849 Make arg splitting in visudo and sudoedit consistent.
15852 * Makefile.in, alias.c, gram.c, gram.y, parse.h:
15853 Split alias routines out into their own file.
15857 __attribute__ is already defined in compat.h
15861 quit() should not be __noreturn__ as it is non-void on some
15865 * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
15866 Add local error/warning functions like err/warn but that call an
15867 additional cleanup routine in the error case. This means we no
15868 longer need to compile a special version of alloc.o for visudo.
15872 Clarify comments about the data structures
15875 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
15878 Add support for VISUAL and EDITOR containing command line args. If
15879 env_editor is not set any args in VISUAL and EDITOR are ignored.
15880 Arguments are also now supported in def_editor.
15883 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
15886 alias_matches() is no more
15894 When regenerating the parser, don't replace gram.h unless it has
15899 remove Makefile.binary for distclean
15903 Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
15904 sure we can't overflow new_env.
15908 paranoia when stripping trailing slashes from tempdir.
15912 Set user_ngroups to 0 if getgroups() returns an error.
15915 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
15917 * config.h.in, configure, configure.in, sudo.c:
15918 Add configure check for getgroups()
15922 Use supplementary group vector in struct sudo_user.
15926 Only do string comparisons on the group members if there is no
15927 supplemental group list.
15935 On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
15936 chop off any trailing slashes we see and add an explicit one.
15940 remove bogus XXX comment
15944 Get rid of alias_matches and correctly fall through to the non-alias
15945 cases when there is no alias with the specified name.
15949 Cache non-existent passwd/group entries too.
15960 * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
15961 mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
15962 Implement group caching and use the passwd and group caches
15966 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
15969 Properly negate the return value of alias_matches() when
15974 Make hostname_matches() return TRUE for a match, else FALSE like the
15979 Add missing dependencies on gram.h
15983 Use runas_matches in alias_matches() now that we have it.
15986 * parse.c, parse.h:
15987 Expand aliases in "sudo -l" mode
15991 Use ALIAS for the member type when storing an alias instead of
15992 HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
15993 more generic type. Expand runas_matches instead of calling
15994 user_matches() inside of it since user_matches() looks up
15995 USERALIASes, not RUNASALIASes.
15998 * CHANGES, getspwuid.c:
15999 Paranoia; zero out pw_passwd before freeing passwd entry.
16002 * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
16003 configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
16004 error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
16005 sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
16006 Add local error/warning functions like err/warn but that call an
16007 additional cleanup routine in the error case. This means we no
16008 longer need to compile a special version of alloc.o for visudo.
16012 Use userpw_matches() to compare usernames, not strcmp(), since the
16013 latter checks for "#uid".
16016 * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
16017 Cache passwd db entries in 2 reb-black trees; one indexed by uid,
16018 the other by user name. The data returned from the cache should be
16019 considered read-only and is destroyed by sudo_endpwent().
16027 missing free in alias_destroy
16031 Can't use rbapply() for rbdestroy since the destructor is passed a
16032 data pointer, not a node pointer.
16035 * getspwuid.c, logging.c, sudo.c, sudo.h:
16036 Create and use private versions of setpwent() and endpwent() that
16037 set/end the shadow password file too.
16040 * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
16041 Store aliases in a red-black tree.
16044 * Makefile.in, redblack.c, redblack.h:
16045 red-black tree implementation
16049 Edit all sudoers file if there were unused or undefined aliases and
16050 we are in strict mode.
16053 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
16055 * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
16056 find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
16057 Bring back the "secure_path" Defaults option now that Defaults take
16058 effect before the path is searched.
16061 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
16063 * logging.c, parse.c:
16064 A user can always list their own entries, even with -u. Better error
16065 message when failing to list another user's entries.
16068 * parse.c, sudo.c, sudo.h:
16069 The syntax to list another user's entries is now "-u otheruser -l".
16070 Only root or users with sudo "ALL" may list other user's entries.
16073 * sudo.cat, sudo.man.in, sudo.pod:
16074 Update env variable info in SECURITY NOTES
16082 strip exported bash functions from the environment.
16085 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
16088 Only reset sudo_user.pw based on SUDO_USER environment variables for
16089 real commands and sudoedit. This avoids a confusing message when a
16090 user tries "sudo -l" or "sudo -v" and is denied.
16093 * gram.c, gram.y, parse.h:
16094 Extend LIST_APPEND to deal with appending lists too
16097 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
16100 Convert some bitwise AND to ISSET
16103 * lex.yy.c, toke.c:
16104 toke.c replaces lex.yy.c
16112 new parser fixes most of the outstanding bugs
16120 Rework for the new parser. Now checks for unused aliases in sudoers.
16124 Rewrite for the new parser. Now supports a -d flag (dump) and adds
16125 a -h flag (host). It now defaults to the local hostname unless
16126 otherwise specified.
16130 Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
16134 Update for new parse. We now call find_path() *after* we have
16135 updated the global defaults based on sudoers. Also adds support for
16136 listing other user's privs if you are root.
16140 Working LDAP support; also remove a now-unneeded rewind().
16143 * logging.c, logging.h:
16144 Add NO_STDERR flag.
16148 Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
16149 udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
16150 connecto to LDAP, apply the default options, find the command in the
16151 user's path, and then check whether the user is allowed to run it.
16152 The important thing here is that the default runas user may be
16153 specified as a default option and that needs to be set before we
16154 search for the command.
16158 Add casts to unsigned char for isspace() to quiet a gcc warning.
16162 Add prototype for update_defaults()
16166 Don't warn about line numbers now that we operate on a set of data
16167 structures (or LDAP) and not a file.
16171 No long use lsearch()
16175 Update for new and changed file names.
16179 no more BSD lsearch.c
16183 foo_matches() routines now live in match.c Added user_matches(),
16184 runas_matches(), host_matches(), cmnd_matches() and alias_matches()
16185 that operate on the parsed sudoers file.
16188 * parse.lex, toke.l:
16189 Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
16190 WORD no longer needs to exclude '@' kill yywrap()
16193 * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
16195 Rewritten parser that converts sudoers into a set of data
16196 structures. This eliminates ordering issues and makes it possible to
16197 apply sudoers Defaults entries before searching for the command.
16200 * configure.in, emul/search.h, lsearch.c:
16201 We won't be using lsearch() any longer.
16205 sudo should not send mail if someone who runs 'sudo -l' has no
16209 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
16215 Update warnings to match new visudo
16219 The new parser doesn't have the old ordering constraints.
16223 Document that -l now takes an optional username argument
16226 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
16233 If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
16234 a compilation problem with Solaris 9's native LDAP.
16236 Set FLAG_MONITOR when needed.
16239 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
16242 Call sudo_goodpath() *after* changing the cwd to match the traced
16243 process. Fixes relative paths.
16246 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
16249 Kill set_perms() stub--it is no longer needed.
16252 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
16254 * sudoers.cat, sudoers.man.in, sudoers.pod:
16255 stay_setuid now requires set_reuid() or setresuid()
16258 * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
16259 configure.in, set_perms.c, sudo.c, sudo.h:
16260 Kill use of POSIX saved uids; they aren't worth bothering with.
16263 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
16266 remove call to issetugid()
16269 * sudoers.cat, sudoers.man.in, sudoers.pod:
16270 Remove warning about wildcards. Now that we use glob() the bug is
16275 Use glob(3) instead of fnmatch(3) for matching pathnames and stat
16276 each result that matches the basename of the user's command. This
16277 makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
16278 /usr/bin/blah. Fixes bug #143.
16281 * config.h.in, configure, configure.in:
16282 Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
16286 * config.h.in, configure, configure.in:
16287 Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
16295 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
16300 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
16304 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
16307 Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
16308 means we are out of space in the stack gap...
16316 Take a stab at ldap sudoers support here.
16319 * mon_systrace.c, mon_systrace.h:
16320 Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
16321 doesn't cause reboot to inadvertanly kill itself.
16325 put "monitor" in the proctitle, not "systrace"
16329 When modifying the environment, don't replace envp when we can get
16330 away with just rewriting pointers in the traced process.
16333 * mon_systrace.c, mon_systrace.h:
16334 Add environment updating via STRIOCINJECT (if available).
16337 * sudoers.cat, sudoers.man.in:
16341 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
16348 Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
16352 Include file is now mon_systrace.h
16355 * Makefile.in, configure, configure.in, def_data.c, def_data.h,
16356 def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
16357 sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
16358 No longer call it tracing, it is now "monitoring" which should be
16359 more a obvious name to non-hackers.
16362 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
16364 * mon_systrace.c, mon_systrace.h:
16368 * mon_systrace.c, mon_systrace.h:
16369 No need to include syscall.h, use 1024 as the max # of entries (the
16370 max that systrace(4) allows).
16372 Only need to use SYSTR_POLICY_ASSIGN once
16374 Change check_syscall() -> find_handler() and have it return the
16375 handler instead of just running it. We need this since handler now
16376 have two parts: one part that generates and answer and another that
16377 gets called after the answer is accepted (to do logging).
16379 Add some missing check_exec for emul execv
16382 * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
16387 Add missing HAVE_LINUX_SYSTRACE_H
16391 add trace_systrace.o dependency
16394 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
16396 * configure, configure.in:
16397 Also look for systrace.h in /usr/include/linux
16400 * mon_systrace.c, mon_systrace.h:
16401 Move all struct defs and prototypes into trace_systrace.h and mark
16402 all but systace_attach() static.
16405 * mon_systrace.c, mon_systrace.h:
16406 Add support for tracing emulations. At the moment, all emulations
16407 are compiled in. It might make sense to #ifdef them in the future,
16408 though this impeeds readability.
16411 * Makefile.in, configure, configure.in:
16412 rename systrace.c -> trace_systrace.c
16415 * parse.yacc, sudo.tab.c:
16416 Allow this to build with a K&R compiler again
16423 * compat.h, sudo.c, visudo.c:
16424 Use __attribute__((__noreturn__))
16428 Exit() takes a negative value to indicate it was not called via
16432 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
16437 * Makefile.in, visudo.c:
16438 Define Err() and Errx() that are like err() and errx() but call
16439 Exit() instead of exit(). Build private copy of alloc.o for visudo
16440 that calls Err() and Errx().
16443 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
16445 * lex.yy.c, sudo.tab.c:
16454 Overhaul visudo for editing multiple files: o visudo has been
16455 broken out into functions (more work needed here) o each file is
16456 now edited before sudoers is re-parsed o if a #include line is
16457 added that file will be edited too
16459 TODO: o cleanup temp files when exiting via err() or errx() o
16460 continue breaking things out into separate functions
16463 * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
16464 Add keepopen arg to open_sudoers that open_sudoers can use to
16465 indicate to the caller that the fd should not be closed when it is
16466 done with it. To be used by visudo to keep locked fds from being
16467 closed prematurely (and thus losing the lock).
16470 * parse.yacc, sudo.c:
16471 Add errorfile global that contains the name of the file that caused
16476 return COMMENT to yacc grammar for a #include line
16480 Remove us of unput() in favor of yyless() which is cheaper.
16484 Allow an empty sudoers file.
16487 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
16490 Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
16493 * lex.yy.c, sudo.tab.c:
16498 Do signal setup before calling edit_sudoers(). Don't shadow the
16503 If a sudoers file includes other files, edit those too. Does not yes
16504 deal with creating the new includes files itself.
16508 init_parser now takes a path
16511 * parse.c, parse.h, parse.lex, parse.yacc:
16512 More scaffolding for dealing with multiple sudoers files: o
16513 init_parser() now takes a path used to populate the sudoers global
16514 o the sudoers global is used to print the correct file in yyerror()
16515 o when switching to a new sudoers file, perserve old file name and
16519 * Makefile.in, pathnames.h.in:
16520 Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
16521 multiple sudoers files.
16525 Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
16526 we start at the right file position when reading include files.
16538 Add max depth of 128 for the include stack to avoid loops.
16540 Since yyerror() doesn't stop parsing, pass return values back to
16541 yylex and call yyterminate() on error.
16544 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
16551 Mention PREVENTING SHELL ESCAPES section of sudoers man page
16554 * lex.yy.c, sudo.tab.c:
16559 Add support for #include in sudoers (visudo support TBD)
16563 make yyerror()'s argument const
16566 * testsudoers.c, visudo.c:
16567 Add open_sudoers() stubs.
16571 Rename check_sudoers() open_sudoers() and make it return a FILE *
16574 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
16576 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
16581 * Makefile.in, sudo.psf:
16582 Better HP-UX depot construction
16585 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
16588 o Made children global so check_exec() can lookup a child. o
16589 Replaced uid in struct childinfo with struct passwd * (for runas) o
16590 new_child() now takes a parent pid so the runas info can be
16591 inherited o Added find_child() to lookup a child by its pid o
16592 update_child() now fills in a struct passwd o Converted the big
16593 if/else mess in set_policy to a switch o Syscalls that change uid
16594 are now "ask" so we get SYSTR_MSG_UGID events
16598 Add flag to sudo_pwdup that indicates whether or not to lookup the
16599 shadow password. Will be used to a struct passwd that has the
16600 shadow password already filled in.
16604 add missing increment of addr in read_string()
16608 Remove bogus call to update_child() and some cosmetic fixes
16612 Don't leak /dev/systrace fd to tracee Make initialized global for
16613 simplicity If STRIOCATTACH returns EBUSY we are already being traced
16614 Check for user_args == NULL in setproctitle() call Add missing calls
16619 g/c sudo_pwdup proto
16622 * Makefile.in, sudo.psf:
16623 Add target for building a depot file
16630 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
16632 * lex.yy.c, sudo.tab.c, sudo.tab.h:
16637 document --with-systrace
16640 * config.h.in, configure, configure.in:
16641 Add check for setproctitle
16645 pass struct str_msg_ask in to syscall checker so it can set the
16650 systrace(4) support for sudo. On systems with the systrace(4)
16651 kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
16652 intercept exec calls and check the exec args against the sudoers
16653 file. In other words, sudo can now control subcommands and shell
16658 Call systrace_attach() if FLAG_TRACE is set.
16661 * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
16662 Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
16666 Don't close sudoers_fp, keep it open and set close on exec flag
16670 * def_data.c, def_data.h, def_data.in:
16679 SunOS /bin/sh blows up with configure
16682 * configure, configure.in:
16683 Include sys/param.h before systrace.h
16695 line up options in --help
16698 * config.h.in, configure.in:
16699 Add --with-systrace
16702 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
16708 * aclocal.m4, configure.in:
16709 make this work with autoconf-2.59
16712 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
16715 Simplify logic around open & stat of files and do sanity on edited
16716 file even if we lack fstat (still racable but worth doing).
16719 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
16727 [b84ebfaf1552] [SUDO_1_6_8p1]
16730 more changes for 1.6.8p1
16737 * CHANGES, sudo_edit.c:
16738 Add sanity check so we don't try to edit something other than a
16742 2004-09-15 Aaron Spangler <aaron777@gmail.com>
16749 document --with-ldap-conf-file
16752 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
16754 * CHANGES, ins_csops.h:
16755 political correctness strikes again
16762 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
16764 * Makefile.binary.in, Makefile.in:
16765 Install sudoedit man link
16769 Update PAM note and mention where HP-UX users can download gcc
16774 libtool wants to install stuff from .libs so fake one up for binary
16778 * Makefile.binary.in:
16779 rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
16783 Deal with "uname -m" having slashes in it rm -f old sudoedit link
16784 instead of using ln -f
16787 * Makefile.binary, Makefile.binary.in:
16788 Makefile.binary -> Makefile.binary.in for config.status substitution
16789 Add support for installing noexec bits
16793 Copy noexec bits into binary dists too No longer use my old arch
16794 script for making binary dists
16798 Install sudoedit link.
16801 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
16804 avoid __P so there is no need for compat.h to be included
16808 Don't use HAVE_UTIME_H before including config.h.
16811 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
16814 Fix Solatis futimes macro
16817 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
16820 Rename ots -> omtim for improved readability.
16823 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
16826 Redo changes in revision 1.7. Don't really need to keep the temp
16827 file open; re-opening it with the invoking user's euid is
16835 * sudo.cat, sudo.man.in:
16840 back out revision 1.70; it is no long applicable
16844 Let the loader initialize nep
16847 * config.h.in, configure, configure.in:
16848 Removed unneed check for fchown Add check for gettimeofday Move
16849 autoheader template stuff into separate AH_TEMPLATE lines
16852 * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
16853 Use timespec throughout.
16861 function to return the current time in a struct timespec
16865 Not a darpa-sponsored file.
16868 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
16870 * compat.h, config.h.in, configure, configure.in:
16871 Add a check for struct timespec and provide it for those without.
16874 * config.h.in, configure, configure.in, sudo_edit.c:
16875 Add checks for st_mtim and st_mtimespec and add macros for pulling
16876 the mtime sec and nsec out of struct stat. These are used in
16877 sudo_edit() to better tell whether or not the file has changed.
16880 * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
16881 Add an extra param to touch() for nsec
16885 Call mkstemp() as the in invoking user so we don't have to chown the
16886 file later. Only touch() the temp file if we can do it via the file
16887 descriptor. Don't check for modification of the temp file if we lack
16888 fstat(). Catch errors read()ing the temp file.
16892 If path is NULL and fd == -1 return -1.
16896 closefrom() is overkill, the only extra fds are the ones we opened
16897 so just close those in the child.
16900 * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
16901 configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
16903 Use utimes() and futimes() instead of utime() in touch(), emulating
16904 as needed. Not all systems are able to support setting the times of
16905 an fd so touch() takes both an fd and a file name as arguments.
16908 2004-09-07 Aaron Spangler <aaron777@gmail.com>
16914 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
16916 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
16921 * sudo.pod, sudoers.pod, visudo.pod:
16922 Add SUPPORT section and re-order some of the sections to match the
16923 order we use in OpenBSD.
16926 2004-09-06 Aaron Spangler <aaron777@gmail.com>
16929 Openldap ~/.ldaprc fix
16932 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
16935 Talk about how the editor must write its changes to the original
16936 file and not just use rename(2).
16944 Keep the temp file open instead of re-opening after the editor has
16949 Update for current redhat/fedora core.
16952 2004-09-03 Aaron Spangler <aaron777@gmail.com>
16958 2004-09-02 Aaron Spangler <aaron777@gmail.com>
16961 config tls_* options
16964 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
16966 * configure, configure.in:
16967 No need for -lcrypt when using pam.
16970 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
16976 2004-08-27 Aaron Spangler <aaron777@gmail.com>
16978 * configure.in, ldap.c, pathnames.h.in:
16979 Allow --with-ldap-conf-file option to override LDAP_CONF
16983 cleanup debug message
16986 2004-08-26 Aaron Spangler <aaron777@gmail.com>
16992 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
16994 * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
16995 Add cmnd_base to struct sudo_user and set it in init_vars(). Add
16996 cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
16997 longer use gross statics in command_matches(). Also rename some
16998 variables for improved clarity.
17001 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
17004 document HP's crippled compiler deficiency.
17008 Fix some thinkos in --with-editor and --with-env-editor
17009 descriptions. Noticed by Norihiko Murase.
17012 * configure, configure.in:
17013 --with-noexec takes an optional PATH argument.
17017 document --with-noexec
17020 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
17024 [f2503bd13373] [SUDO_1_6_8]
17027 Better warning message when sudoedit is unable to write to the
17031 * sudo.cat, sudo.man.in:
17036 Don't italicize the string "sudoedit"
17039 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
17045 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
17052 Reset used_runas to FALSE when re-intializing the parser.
17055 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
17058 Correct OpenBSD mips support
17065 2004-08-07 Aaron Spangler <aaron777@gmail.com>
17068 More behavior notes
17072 Updates on current behavior
17075 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
17078 =back does not take an indentlevel (makes no difference to formatted
17083 =back does not take an indentlevel (makes no difference to formatted
17092 Consistency. Use same error for bad -u #uid when targetpw is set as
17093 we do when a bad -u username is specified.
17097 Add checksum idea from Steve Mancini
17100 * sudoers.cat, sudoers.man.in:
17104 * sudo.cat, sudo.man.in:
17108 * sudo.pod, sudoers.pod:
17109 Document the restriction on uids specified via -u when targetpw is
17114 Error out when targetpw is enabled and sudo is run with -u #uid but
17115 #uid does not exist in the passwd database. We can't do target
17116 authentication when the target is not in passwd!
17119 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
17124 Some more todo for the next release.
17128 Make it clear that PAM should be used for DCE support when possible.
17132 o Document problems with wildcards and relative paths. o Make the
17133 order requirements more prominent. o Change a "set" to "reset" for
17137 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
17140 Mention --with-secure-path, not SECURE_PATH.
17143 2004-08-03 Aaron Spangler <aaron777@gmail.com>
17146 reflect changes to parse.c
17149 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
17155 * parse.c, parse.h, testsudoers.c, visudo.c:
17156 Don't pass user_cmnd and user_args to command_matches(), just use
17157 the globals there. Since we keep state with statics anyway it is
17158 misleading to pretend that passing in different cmnd and cmnd_args
17163 Don't pass user_cmnd and user_args to command_matches(), just use
17164 the globals there. Since we keep state with statics anyway it is
17165 misleading to pretend that passing in different cmnd and cmnd_args
17170 Fix a bug introduced in rev. 1.149. When checking for pseudo-
17171 commands check for a '/' anywhere in cmnd, not just the first
17175 2004-07-31 Aaron Spangler <aaron777@gmail.com>
17177 * sudo.man.in, sudo.pod:
17178 Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
17181 * sudoers.man.in, sudoers.pod:
17182 Add ignore_local_sudoers
17186 Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
17190 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
17196 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
17203 Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
17204 PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
17207 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
17213 2004-07-08 Aaron Spangler <aaron777@gmail.com>
17216 Better debugging of ALL command
17219 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
17222 When matching for "sudoedit" in sudoers check both the command the
17223 user typed *and* the command that is listed in the sudoers entry.
17226 2004-07-04 Aaron Spangler <aaron777@gmail.com>
17229 Added !command feature
17232 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
17235 Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
17238 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
17241 License is ISC-style, not BSD-style
17248 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
17250 * sudo.cat, sudo.man.in:
17255 o Update some out of date bits to reality o Change the shell promt
17256 in examples to bourne-shell style o Clarify some details o Add a
17257 CAVEAT about "sudo cd /foo"
17261 Don't ask for a password if invoking user == target user.
17268 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
17270 * sudoers.cat, sudoers.man.in:
17275 Expand on NOEXEC a little.
17282 * visudo.cat, visudo.man.in:
17291 Add a check in visudo for runas_default being set after it has
17295 * CHANGES, parse.yacc, visudo.c:
17296 Add a check in visudo for runas_default being set after it has
17305 Add a MATCHED macro for testing whether foo_matches has been set to
17306 TRUE or FALSE. This is more readable than checking for >=0 or < 0.
17307 Doesn't change the actual code generated.
17310 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
17321 Correct description of where Defaults specs should go.
17325 Correct description of where Defaults specs should go.
17328 * testsudoers.c, visudo.c:
17348 * auth/bsdauth.c, auth/kerb5.c:
17352 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
17358 * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
17359 Remove trailing spaces, no actual code changes.
17363 Remove trailing spaces, no actual code changes.
17366 * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
17367 Remove trailing spaces, no actual code changes.
17371 Remove trailing spaces, no actual code changes.
17375 Remove trailing spaces, no actual code changes.
17378 * compat.h, defaults.c, env.c:
17379 Remove trailing spaces, no actual code changes.
17383 Remove trailing spaces, no actual code changes.
17391 Fix a >=0 that should be <0 that was improperly converted when
17396 Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
17397 NOMATCH when resetting it.
17401 Fix pastos introduced in SETNMATCH addition.
17404 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
17407 Update for configure changes
17415 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
17416 these in parse.yacc. Also in parse.yacc initialize the *_matches
17417 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
17418 when setting *_matches to a value that may be
17419 NOMATCH/UNSPEC/TRUE/FALSE.
17423 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
17424 these in parse.yacc. Also in parse.yacc initialize the *_matches
17425 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
17426 when setting *_matches to a value that may be
17427 NOMATCH/UNSPEC/TRUE/FALSE.
17431 Initialize runas to -2, not -1 since we need to be able to
17432 distinguish between the initialized value and the value of a non-
17433 match when passing along the runas value to multiple commands.
17435 The result of this is that an unmatched runas is now set to -1, not
17436 0. This is required now that parse.c treats a FALSE value for runas
17437 as being explicitly denied.
17440 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
17442 * sudo.c, visudo.c:
17443 Error out if argc < 1.
17447 Error out if argc < 1.
17450 * configure, configure.in:
17451 Add tests for what libs we need to link with for ldap and for
17452 whether or not lber.h needs to be explicitly included.
17455 2004-06-03 Aaron Spangler <aaron777@gmail.com>
17458 Solaris native LDAP build fix
17461 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
17464 Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
17469 Add prototype for sudo_ldap_list_matches
17472 * configure, configure.in:
17473 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
17474 version too. Added check for dd_fd in `DIR' if no dirfd is found;
17475 this is now used to confitionally define the dirfd macro in
17480 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
17481 version too. Added check for dd_fd in `DIR' if no dirfd is found;
17482 this is now used to confitionally define the dirfd macro in
17487 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
17488 version too. Added check for dd_fd in `DIR' if no dirfd is found;
17489 this is now used to confitionally define the dirfd macro in
17494 Only check /proc/$$/fd if we have the dirfd function/macro.
17497 * compat.h, config.h.in, configure, configure.in:
17498 Add a check for a dirfd() function (like Linux) and add a dirfd
17499 macro in compat.h if there is no dirfd() function or macro.
17502 * closefrom.c, getcwd.c:
17503 dirfd() is now defined in compat.h as needed.
17507 Clarify closefrom() note.
17511 When checking for a command in the directory, only copy the base dir
17516 If there is a /proc/$$/fd directory, behave like the Solaris
17517 closefrom() and only close the descriptors listed therein.
17521 compat.h guarantees INT_MAX is defined.
17525 Add definitions of OPEN_MAX and INT_MAX for those without it and
17526 remove definition of RLIM_INFINITY (now unused).
17529 * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
17530 sudo.c, sudo.h, visudo.c:
17531 Use PATH_MAX, not MAXPATHLEN since the former is standardized.
17534 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
17541 Add some entries that were mailed in a while ago
17545 o sysconf returns a long, not an int. o check for negative return
17546 value from sysconf/getdtablesize and use OPEN_MAX in this case. o
17547 define OPEN_MAX to 256 for those without it (a fair guess...)
17550 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
17553 Mention change in parse order for RunAs entries.
17560 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
17562 * INSTALL, README.LDAP, config.h.in, configure.in:
17563 o --with-ldap now takes an optional dir as a parameter o added
17564 check for ldap_initialize() and start_tls_s()
17568 Fix some typos, word choice and formatting issues.
17571 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
17574 Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
17575 read/write as it is simpler.
17578 * configure, configure.in:
17579 Remove hack overriding cross-compiler check. It should no longer be
17584 Remove select() compat bits since we no longer use select().
17587 * CHANGES, tgetpass.c:
17588 Use alarm() instead of select() for the timeout for systems that
17589 don't fully/properly implement select().
17592 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
17603 Deal with systems that have no way of setting the effective uid such
17607 * configure, configure.in:
17608 Define NO_SAVED_IDS if we don't find seteuid()
17611 * config.h.in, configure, configure.in:
17612 Add back check for setreuid() since NSK doesn't have it.
17615 * sudoers.cat, sudoers.man.in:
17628 In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
17629 explicitly denied and the command matched. This fixes a long-
17630 standing bug and makes: foo machine = (ALL) /usr/bin/blah
17631 foo machine = (!bar) /usr/bin/blah
17633 equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
17637 Clarify mail_noperm
17640 2004-05-20 Aaron Spangler <aaron777@gmail.com>
17643 Missing DESTDIR in make install for sudo_noexec.la
17646 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
17648 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
17658 Remove fastboot/fasthalt (who still remembers these?) and add a
17659 minimal sudoedit example.
17663 Remove fastboot/fasthalt (who still remembers these?) and add a
17664 minimal sudoedit example.
17667 * UPGRADE, sudo.c, visudo.c:
17668 filesystem -> file system
17672 filesystem -> file system
17675 * CHANGES, INSTALL:
17676 filesystem -> file system
17679 * sudo.pod, sudoers.pod:
17680 Fix some minor typos and formatting goofs
17688 remove my email addr
17691 * sudo.pod, sudoers.pod, visudo.pod:
17692 Use @mansectform@ and @mansectsu@ everywhere Make man page
17693 references links with L<>
17697 Accept quoted globbing characters and pass them verbatim for
17702 Document that /tmp/.odus is gone.
17706 No longer use /tmp/.odus as a possible timestamp dir unless
17707 specifically configured to do so. Instead, if no /var/run exists,
17708 use /var/adm/sudo or /usr/adm/sudo.
17712 No longer use /tmp/.odus as a possible timestamp dir unless
17713 specifically configured to do so. Instead, if no /var/run exists,
17714 use /var/adm/sudo or /usr/adm/sudo.
17718 No longer use /tmp/.odus as a possible timestamp dir unless
17719 specifically configured to do so. Instead, if no /var/run exists,
17720 use /var/adm/sudo or /usr/adm/sudo.
17724 No longer use /tmp/.odus as a possible timestamp dir unless
17725 specifically configured to do so. Instead, if no /var/run exists,
17726 use /var/adm/sudo or /usr/adm/sudo.
17729 * set_perms.c, sudo.c, tgetpass.c, visudo.c:
17730 Preliminary changes to support nsr-tandem-nsk. Based on patches
17735 Preliminary changes to support nsr-tandem-nsk. Based on patches
17739 * check.c, compat.h:
17740 Preliminary changes to support nsr-tandem-nsk. Based on patches
17744 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
17747 There was no 1.6.7p6.
17755 add missing files to DISTFILES
17758 * sudo.cat, sudoers.cat, visudo.cat:
17767 Fix some line wrap and update (c) year
17770 2004-04-28 Aaron Spangler <aaron777@gmail.com>
17776 2004-04-07 Aaron Spangler <aaron777@gmail.com>
17782 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
17789 In Exit() when used as a signal handler, emsg is a pointer so
17790 sizeof() is wrong so make it a #define instead. Also avoid using a
17791 negative exit value. Found by Aaron Campbell
17794 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
17797 Remove bogus sentence about uids in a User_List. Document usernames
17798 vs. uid parsing in a Runas_List.
17801 * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
17802 If the user specified a uid with the -u flag and the uid exists in
17803 the passwd file, set runas_user to the name, not the uid.
17805 When comparing usernames in sudoers, if a name is really a uid
17806 (starts with '#') compare it numerically to pw_uid.
17809 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
17812 krb5_mcc_ops should be const; Johnny C. Lam
17815 2004-02-28 Aaron Spangler <aaron777@gmail.com>
17817 * CHANGES, config.h.in, ldap.c:
17818 Added start_tls support
17821 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
17824 Clean up libtool stuff for 'make distclean' and add def_data.c,
17825 def_data.h to PARSESRCS.
17828 2004-02-14 Aaron Spangler <aaron777@gmail.com>
17830 * strlcat.c, strlcpy.c:
17831 Un-Fix last license munge
17834 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
17840 * CHANGES, RUNSON, TODO:
17844 * lex.yy.c, sudo.tab.c:
17848 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
17849 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
17850 emul/search.h, emul/utime.h:
17851 More to a less restrictive, ISC-style license.
17854 * auth/kerb5.c, auth/pam.c:
17855 More to a less restrictive, ISC-style license.
17858 * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
17859 More to a less restrictive, ISC-style license.
17863 More to a less restrictive, ISC-style license.
17866 * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
17867 More to a less restrictive, ISC-style license.
17870 * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
17871 visudo.man.in, visudo.pod:
17872 More to a less restrictive, ISC-style license.
17876 More to a less restrictive, ISC-style license.
17879 * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
17881 More to a less restrictive, ISC-style license.
17884 * sigaction.c, strerror.c:
17885 More to a less restrictive, ISC-style license.
17888 * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
17890 More to a less restrictive, ISC-style license.
17893 * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
17894 ins_goons.h, insults.h, interfaces.c, interfaces.h:
17895 More to a less restrictive, ISC-style license.
17898 * find_path.c, getprogname.c:
17899 More to a less restrictive, ISC-style license.
17903 More to a less restrictive, ISC-style license.
17907 More to a less restrictive, ISC-style license.
17911 More to a less restrictive, ISC-style license.
17914 * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
17916 More to a less restrictive, ISC-style license.
17919 * utime.c, version.h:
17920 More to a less restrictive, ISC-style license.
17923 * parse.lex, parse.yacc:
17924 More to a less restrictive, ISC-style license.
17928 More to a less restrictive, ISC-style license.
17931 2004-02-13 Aaron Spangler <aaron777@gmail.com>
17934 Merged in LDAP Support
17937 * ldap.c, sudo.c, sudo.h:
17938 Merged in LDAP Support
17941 * def_data.c, def_data.h, def_data.in:
17942 Merged in LDAP Support
17945 * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
17946 Merged in LDAP Support
17949 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
17951 * sudo.h, sudo_noexec.c:
17952 Only do "extern int errno" if errno is not a macro.
17955 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
17958 setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
17959 euid first, then just call setuid(0) to set the real uid too.
17963 Use setresuid() and setreuid() for PERM_RUNAS when appropriate
17964 instead of seteuid() which may not exist.
17967 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
17973 * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
17974 Add --with-pc-insults configure option
17978 Prefer VISUAL over EDITOR like old vipw did.
17981 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
17983 * sudo.man.in, sudoers.man.in:
17988 Add a note that noexec is not a cure-all.
17992 Mention that disabling "root_sudo" is pretty pointless.
17995 * configure, configure.in:
17996 Substitute for root_sudo in sudoers.pod
18000 Add sudoedit to the NAME section
18004 Document that fact that setting ignore_dot in sudoers has no effect
18005 due to the fact that find_path() is called *before* sudoers is read.
18008 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
18011 Do not require _PATH_USRTMP to be set.
18014 * BUGS, CHANGES, TODO:
18023 Clarify that when sudo is run by root with the SUDO_USER variable
18024 set, the sudoers lookup happens for root and not the SUDO_USER user.
18027 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
18029 * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
18030 set_perms.c, sigaction.c, sudo.c, tgetpass.c:
18031 Use the SET, CLR and ISSET macros.
18035 Use the SET, CLR and ISSET macros.
18038 * defaults.c, env.c:
18039 Use the SET, CLR and ISSET macros.
18043 MAIN was replaced with _SUDO_MAIN some time ago.
18047 Don't look at prev_user until after we've parsed sudoers and done
18048 the password check. That way, if sudo/sudoedit is run from a root
18049 process that was invoked by sudo, we check sudoers for root, not the
18050 previous user. This makes sudoedit much more useful and means that
18051 for the sudo case, we get correct logging on who actually ran the
18055 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
18058 Add a comment describing why we need to be notified about our child
18062 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
18064 * def_data.c, def_data.in:
18065 Update the noexec variable descriptions
18068 * sudoers.man.in, sudoers.pod:
18069 noexec now replaces more than just execve()
18073 Alas, all the world does not go through execve(2). Many systems
18074 still have an execv(2) system call, Linux 2.6 provides fexecve(2)
18075 and it is not uncommon for libc to have underscore ('_') versions of
18076 the functions to be used internally by the library. Instead of
18077 stubbing all these out by hand, define a macro and let it do the
18078 work. Extra exec functions pointed out by Reznic Valery.
18081 * sudo.c, sudo_edit.c:
18082 Fix suspending the editor in -e mode. Because we do a fork() first
18083 we need to be notified when the child has been stopped and then send
18084 that same signal to ourself so the shell can do its job control
18089 Use WIFEXITED and WEXITSTATUS macros. If there are systems out
18090 there that want to run sudo that still don't support these we can
18091 try to deal with that later.
18098 * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
18099 Document sudo -e / sudoedit
18102 * configure, configure.in:
18106 * config.h.in, configure.in:
18110 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
18113 Allow non-exclusive flags when invoked as sudoedit. Pretty print the
18114 long usage() line to not wrap (assumes 80 char display)
18117 * Makefile.in, sudo.c:
18118 If sudo is invoked as "sudoedit" the -e flag is implied and no other
18119 flags are permitted.
18123 Add a new flag, -e, that makes it possible to give users the ability
18124 to edit files with the editor of their choice as the invoking user,
18125 not the runas user. Temporary files are used for the actual edit
18126 and the temp file is copied over the original after the editor is
18130 * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
18131 Add a new flag, -e, that makes it possible to give users the ability
18132 to edit files with the editor of their choice as the invoking user,
18133 not the runas user. Temporary files are used for the actual edit
18134 and the temp file is copied over the original after the editor is
18139 If real uid == 0 and the SUDO_USER environment variables is set, use
18140 that to determine the invoking user's true identity. That way the
18141 proper info gets logged by someone who has done "sudo su" but still
18142 uses sudo to as root. We can't do this for non-root users since
18143 that would open up a security hole, though perhaps it would be
18144 acceptable to use getlogin(2) on OSes where this a system call (and
18145 doesn't just look in the utmp file).
18149 Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
18152 * config.h.in, configure, configure.in:
18153 Add check for fchown(2)
18156 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
18159 Back out portions of the -i commit that set NewArgv[0] in
18160 set_runaspw. It is far to late to set NewArgv[0] there and will have
18161 no effect anyway as cmnd and safe_cmnd have already been set.
18164 * visudo.c, visudo.pod:
18165 Prefer VISUAL over EDITOR like old vipw did.
18168 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
18171 In -i mode always set new environment based on the runas user's
18175 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
18177 * sudo.man.in, sudo.pod:
18178 Document the new -i flag and sync SYNOPSIS section with usage() in
18179 sudo.c. Also sort the flags in the OPTIONS section.
18183 o Add -i that acts similar to "su -", based on patches from David J.
18184 MacKenzie o Sort the flags in the usage message
18187 * sudoers.man.in, sudoers.pod:
18188 Add a missing @runas_default@ substitution.
18191 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
18194 Change euid to runas user before calling find_path().
18195 Unfortunately, though runas_user can be modified in sudoers we
18196 haven't parsed sudoers yet.
18199 * sudoers.man.in, sudoers.pod:
18200 Add missing defintion of Parameter_List and use single pipes in the
18201 Defaults EBNF definition.
18205 Fix a bug when set_runaspw() is used as a callback. We don't want
18206 to reset the contents of runas_pw if the user specified a user via
18209 Avoid unnecessary passwd lookups in set_authpw(). In most cases we
18210 already have the info in runas_pw.
18213 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
18216 Add Stan Lee / Uncle Ben quote to the lecture from RedHat
18220 Update sudo_getepw() proto and add one for set_runaspw()
18224 If we can't stat the command as root, try as the runas user instead.
18227 * testsudoers.c, visudo.c:
18228 Add stub set_runaspw() function
18232 Add set_runaspw() function to fill in runas_pw. This will be used
18233 as a callback to update runas_pw when the runas user changes.
18237 PERM_RUNAS -> PERM_FULL_RUNAS
18240 * set_perms.c, sudo.h:
18241 Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
18246 Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
18247 one chunk for easy free()ing. Also change it from static to extern.
18250 * defaults.c, defaults.h:
18251 Add callback support
18255 Add a callback field and use it for runas_default
18258 * def_data.c, def_data.in:
18259 Add a callback field and use it for runas_default
18262 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
18265 Add support for chalnecho and display server responses used by fwtk
18269 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
18271 * sudoers.man.in, sudoers.pod:
18272 ld.so is ld.so.1 on solaris
18275 * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
18276 Use closefrom() instead of doing the equivalent inline.
18280 closefrom(3) for systems w/o it
18283 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
18286 Update from .pod file.
18289 * configure, configure.in:
18290 Substitute noexec_file for the sudoers man page
18293 * sudo.man.in, sudo.pod:
18297 * sudoers.man.in, sudoers.pod:
18301 * auth/pam.c, config.h.in, configure.in:
18302 Move PAM_CONST macro definition from config.h to pam.c where it
18303 belongs. We can't have this in config.h since that gets included too
18307 * auth/pam.c, config.h.in, configure, configure.in:
18308 Some PAM implementations put their headers in /usr/include/pam
18309 instead of /usr/include/security.
18313 I missed changing the EXEC macro -> EXECV here when I changed this
18314 in config.h.in and sudo.c a while ago.
18318 OpenBSD vax/m88k/hppa don't do shared libs
18321 * configure, configure.in:
18322 o merge the hpux case entries into a single entry w/ its own sub-
18323 case statement. o HP-UX >= 11 support getspnam(), use it in
18324 preference to getprpwuid()
18327 * configure, configure.in:
18328 eval $shrext so that it expands nicely on MacOS X
18332 Don't lie about making a module, it does the wrong thing on mach
18336 Remove requirement that libs must begin with "lib". They don't when
18337 we point directly at the lib using LD_PRELOAD or its equivalent.
18341 Disable support for c++, f77 and java. We don't need it, it takes a
18342 lot of time, and it hosed our check for shared lib support.
18350 Call AC_ENABLE_SHARED and check the status of enable_shared to know
18351 when shared libs are available.
18355 Duh, OpenBSD suports shared libs too
18358 * config.h.in, configure.in:
18359 Only OpenPAM and Linux PAM use const qualifiers.
18362 * configure, configure.in:
18363 o No need to check for sed, libtool config does that for us o move
18364 check for --with-noexec until after libtool magic is run so we can
18365 use $can_build_shared and $shrext
18369 Don't print a bunch of crap about library installs since we are not
18370 really installing a library.
18374 Make format_env() varargs Add noexec support for Darwin, MacOS X,
18378 * acsite.m4, ltconfig, ltmain.sh:
18379 Update to libtool 1.5 with local changes: o no ldconfig in the
18380 finish step o assume no libprefix or version is needed
18384 Fix compilation under K&R
18387 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
18394 stub execve() that just returns EACCES; used for noexec
18399 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
18404 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
18408 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
18410 * def_data.c, def_data.h, def_data.in:
18411 Move the environment defaults to the end and shorten a few of the
18415 * configure, configure.in:
18416 no shared libs on ultris or convexos
18419 * Makefile.in, configure, configure.in:
18420 Build sudo_noexec shared object using libtool; could use some
18424 * acsite.m4, ltconfig, ltmain.sh:
18425 libtool scaffolding
18428 * parse.yacc, sudo.tab.c:
18429 Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
18433 * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
18434 parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
18435 update copyright year
18438 * configure, configure.in, defaults.c, env.c, pathnames.h.in:
18439 Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
18440 option. The default value of noexec_file is set to this.
18443 * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
18444 parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
18446 Add support for preloading a shared object containing a dummy
18447 execve() function that just sets error and returns -1. This adds a
18448 "noexec_file" option to load the filename as well as a "noexec" flag
18449 to enable it unconditionally. There is also a NOEXEC tag that can
18450 be attached to specific commands and an EXEC tag to disable it.
18454 add missing newline to usage statement
18457 * config.h.in, sudo.c:
18458 Rename EXEC macro -> EXECV
18462 Don't truncate usernames to 8 characters in the log message.
18465 * check.c, sudoers.man.in, sudoers.pod:
18466 Update copyright year
18469 * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
18471 Add a new option, lecture_file, that can be used to point to a
18472 custom sudo lecture.
18475 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
18477 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
18479 Add a zero_bytes() function to do the equivalent of bzero in such a
18480 way that will heopfully not be optimized away by sneaky compilers.
18484 Add a zero_bytes() function to do the equivalent of bzero in such a
18485 way that will heopfully not be optimized away by sneaky compilers.
18488 * Makefile.in, sudo.h:
18489 Add a zero_bytes() function to do the equivalent of bzero in such a
18490 way that will heopfully not be optimized away by sneaky compilers.
18494 Use #ifdef __STDC__, not #if __STDC__.
18497 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
18500 Always put at least one space between the def_* macro name and its
18504 * configure, configure.in:
18505 Adjust code for --without-lecture to match new values.
18509 regen after pasto fix
18512 * sudoers.man.in, sudoers.pod:
18513 Document that "lecture" has changed from a flag to a tuple.
18516 * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
18517 defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
18518 Add support for tuples in def_data.in; these are implemented as an
18519 enum type. Currently there is only a single tuple enum but in the
18520 future we may have one tuple enum per T_TUPLE entry in def_data.in.
18521 Currently listpw, verifypw and lecture are tuples. This avoids the
18522 need to have two entries (one ival, one str) for pwflags and syslog
18525 lecture is now a tuple with the following values: never, once,
18528 We no longer use both an int and string entry for syslog facilities
18529 and priorities. Instead, there are logfac2str() and logpri2str()
18530 functions that get used when we need to print the string values.
18533 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
18534 auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
18535 check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
18536 logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
18537 sudo.tab.c, visudo.c:
18538 Create def_* macros for each defaults value so we no longer need the
18539 def_{flag,ival,str,list,mode} macros (which have been removed). This
18540 is a step toward more flexible data types in def_data.in.
18547 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
18550 If we are in -k/-K mode, just spew to stderr. It is not unusual for
18551 users to place "sudo -k" in a .logout file which can cause sudo to
18552 be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
18553 Previously, this would result in useless mail and logging.
18556 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
18559 fix pasto in VISUAL description
18562 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
18573 Some OSes (like Solaris) allow export w/ nosuid too
18576 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
18579 We don't use FD_ZERO anymore so just define FD_SET (if not already
18583 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
18586 Fix a core dump on Solaris by preserving the pam_handle_t we used
18587 during authentication for pam_prep_user(). If we didn't
18588 authenticate (ie: ticket still valid), we call pam_init() from
18589 pam_prep_user(). This is something of a hack; it may be better to
18590 change the auth API and add an auth_final() function that acts like
18594 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
18597 Add explicit declaration of printerr variable in function header
18598 (was defaulting to int which is OK but oh so K&R :-). From Theo.
18601 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
18603 * config.h.in, configure.in:
18604 s/HAVE_STOW/USE_STOW/
18608 Also exit waitpid() loop when pid == 0. Fixes a problem where the
18609 sudo process would spin eating up CPU until sendmail finished when
18610 it has to send mail.
18613 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
18616 Remove advertising clause, UCB has disavowed it
18620 Remove advertising clause, UCB has disavowed it
18623 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
18626 Don't assume that getgrnam() calls don't modify contents of struct
18627 passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
18628 Based on a patch from Kirk Webb.
18631 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
18638 darwin has a broken setreuid() in at least some versions
18642 Fix an off by one error when reallocating the environment; Kevin Pye
18645 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
18648 Fix User_Spec definition; SEKINE Tatsuo
18651 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
18654 More info on the early days from Coggs.
18657 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
18660 remove errant semicolon that prevented compilation under heimdal
18663 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
18665 * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
18666 add DARPA credit on affected files
18670 add DARPA credit on affected files
18673 * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
18675 add DARPA credit on affected files
18679 add DARPA credit on affected files
18683 add DARPA credit on affected files
18686 * logging.c, parse.c:
18687 add DARPA credit on affected files
18690 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
18691 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
18692 find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
18694 add DARPA credit on affected files
18697 * auth/kerb5.c, auth/pam.c:
18698 add DARPA credit on affected files
18701 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
18702 auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
18704 add DARPA credit on affected files
18708 add DARPA credit on affected files
18711 * defaults.c, defaults.h:
18712 add DARPA credit on affected files
18716 add DARPA credit on affected files
18719 * Makefile.in, alloc.c, check.c:
18720 add DARPA credit on affected files
18724 slightly different wording for the darpa credit
18727 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
18733 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
18736 Use krb5_princ_component() instead of krb5_princ_realm() for MIT
18737 Kerberos like we did before I messed things up ;-)
18739 Use krb5_principal_get_comp_string() to do the same thing w/
18740 Heimdal. I'm not sure if the component should be 0 or 1 in this
18743 #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
18744 older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
18745 should be a configure check for this I guess.
18748 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
18751 builtin -> built-in; Jason McIntyre
18754 * TROUBLESHOOTING, config.h.in, configure, configure.in:
18755 builtin -> built-in; Jason McIntyre
18759 built in -> built-in; Jason McIntyre
18762 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
18765 checkpoint for 1.6.7p3
18769 Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
18770 Amazingly, sudo source from 1985 is available via groups.google.com
18774 Don't change rl.rlim_max for RLIMIT_CORE. We need only set
18775 rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
18776 RLIMIT_CORE restoration on some OSes.
18779 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
18782 Make this compile on Heimdal and MIT Kerberos 5
18785 * config.h.in, configure, configure.in:
18786 Check for heimdal even if we found krb5-config and define
18791 Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
18792 no longer defined by MIT kerb5 (though it used to be and indeed
18793 remains so in Heimdal).
18796 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
18799 Remove newer stuff that passes multiple (possibly duplicate)
18800 directories to "mkdir -p" since that seems to break on Tru64 Unix at
18801 least. This basically brings back what shipped with sudo 1.6.6.
18804 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
18807 Correct number of args to krb5_principal_get_realm() and fix an
18808 unclosed comment that hid the bug.
18835 * CHANGES, version.h:
18844 use krb5-config to determine Kerberos V details if it exists
18847 * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
18848 auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
18849 find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
18850 testsudoers.c, visudo.c:
18851 Use warn/err and getprogname() throughout. The main exception is
18852 openlog(). Since the admin may be filtering logs based on the
18853 program name in the log files, hard code this to "sudo".
18857 Add getprogname.c and err.c
18864 * config.h.in, configure.in:
18865 Add checks for getprognam(), __progname and err.h
18869 For systems withour err/warn functions.
18873 For systems withour err/warn functions.
18877 For systems neither getprogname() nor __progname; uses Argv[0].
18880 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
18883 checkpoint for 1.6.7p1
18886 * sudo.c, testsudoers.c:
18887 fix strlcpy() rval check (innocuous)
18891 oflow detection in expand_prompt() was faulty (false positives). The
18892 count was based on strlcat() return value which includes the length
18893 of the entire string.
18896 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
18899 checkpoint for the sudo 1.6.7 release
18900 [096bab4da29a] [SUDO_1_6_7]
18903 checkpoint for the sudo 1.6.7 release
18906 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
18909 g/c unused variable
18917 use man sections 8 and 5 for csops
18920 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
18927 Add -lskey or -lopie directly to SUDO_LIBS instead of having
18928 AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
18936 Add --with-blibpath for AIX. An alternate libpath may be specified
18938 -blibpath support can be disabled. Also change conifgure such that
18939 -blibpath is not specified if no -L libpaths were added to
18944 Add --with-blibpath for AIX. An alternate libpath may be specified
18946 -blibpath support can be disabled. Also change conifgure such that
18947 -blibpath is not specified if no -L libpaths were added to
18952 Add --with-blibpath for AIX. An alternate libpath may be specified
18954 -blibpath support can be disabled. Also change conifgure such that
18955 -blibpath is not specified if no -L libpaths were added to
18960 add AIX blibpath support
18963 * INSTALL, configure.in:
18964 --with-skey and --with-opie now take an option directory argument
18965 This obsoletes a --with-csops hack (/tools/cs/skey)
18967 Also remove the remaining direct uses of "echo"
18970 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
18973 Detect KTH Kerberos IV and deal with it. Also make -lroken optional
18974 for KTH Kerberos IV and V.
18978 Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
18979 -R/path/to/dir if $with_rpath) to the specified variable.
18982 * INSTALL, configure.in:
18983 Add -R/path/to/libs for Solaris and SVR4. There is a new configure
18984 option, --with-rpath to control this behavior.
18988 for kerb4 put libdes after libkrb on the link line
18996 fix kerberos lib check when a path is specified
19000 Fix boolean thinko in SIGCHLD reaper and call reapchild after
19001 sending mail instead of doing a conditional sudo_waitpid.
19004 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
19011 replace =DIR with [=DIR] where sensible
19015 o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
19016 detection based on openssh's configure.in
19020 --with-kerb4 and --with-kerb5 now take an optional argument.
19023 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
19026 Kill remaining strcpy(), the programmer's guide says username is 32
19031 trat uid_t as unsigned long for printf and use snprintf, not sprintf
19038 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
19040 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
19041 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
19042 auth/rfc1938.c, auth/sudo_auth.c:
19043 update copyright year
19046 * sudo.man.in, sudoers.man.in, visudo.man.in:
19047 update copyright year
19050 * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
19051 configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
19052 parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
19053 sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
19054 update copyright year
19057 * check.c, env.c, sudo.c:
19058 Cast [ug]ids to unsigned long and printf with %lu
19066 correct error messages for --with-sudoers-{mode,uid,gid}
19070 make the malloc(0) error specific to each function to aid tracking
19075 deal with platforms where size_t is signed and there is no SIZE_MAX
19080 Make this compile w/ Heimdal and fix some gcc warnings.
19084 Use stat_sudoers macro so --with-stow can work
19087 * INSTALL, config.h.in, configure, configure.in:
19088 Add support for --with-stow based on patches from Robert Uhl
19104 use strlcpy, not strncpy
19108 Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
19115 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
19117 * strlcat.c, strlcpy.c:
19118 Make gcc shutup about unused rcsid
19122 Move the n == 0 check for the non-getifaddrs cas
19126 skeychallenge() on NetBSD take a size parameter
19134 put -ldl after -lpam, not before; fixes static linking on Linux
19138 Avoid malloc(0) and fix the loop invariant for the getifaddrs()
19142 * sudo.cat, sudoers.cat, visudo.cat:
19146 * sudo.man.in, sudoers.man.in, visudo.man.in:
19151 Preserve copyright notice from .pod file in .man.in file
19155 Add sudoers(5) to SEE ALSO
19158 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
19165 Don't assume libc can realloc() a NULL string. If malloc/realloc
19166 fails, make sure we just return; yyerror() is not terminal.
19174 simplify fill_args a little and use strlcpy for paranoia
19181 * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
19183 Use strlc{at,py} for paranoia's sake and exit on overflow. In all
19184 cases the strings were either pre-allocated to the correct size of
19185 length checks were done before the copy but a little paranoia can go
19190 Add strlc{at,py} protos
19193 * env.c, interfaces.c:
19202 Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
19203 memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
19207 snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
19212 In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
19215 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
19218 Use snprintf() for paranoia
19222 Use emalloc2 and erealloc3
19226 strlc{at,py} for those w/o it
19229 * strlcat.c, strlcpy.c:
19230 stlc{at,py} for those w/o it.
19233 * config.h.in, configure, configure.in:
19234 Add stlc{at,py} for those w/o it.
19238 Add erealloc3(), a realloc() version of emalloc2().
19241 * interfaces.c, sudo.c:
19242 Use emalloc2() to allocate N things of a certain size.
19246 Add emalloc2() -- like calloc() but w/o the bzero and with
19247 error/oflow checking.
19251 Error out on malloc(0); suggested by theo
19254 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
19256 * configure, configure.in:
19257 fix a typo; David Krause
19260 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
19266 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
19269 Remove DYLD_ from the environment for MacOS X; from bbraun
19272 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
19274 * config.h.in, configure.in:
19275 not not; Anil Madhavapeddy
19278 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
19280 * sudo.pod, sudoers.pod, visudo.pod:
19281 typos; jmc@openbsd.org
19284 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
19287 Add some missing ';' rule terminators that bison warns about.
19291 fix typo I introduced in last merge
19295 regenerate with autoconf 2.57
19299 Add missing "$HOME"
19303 Add some more square backets to make autoconf 2.57 happy
19306 * config.sub, mkinstalldirs:
19307 Updates from autoconf-2.57
19311 Updates from autoconf-2.57
19314 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
19320 * lex.yy.c, sudo.tab.c:
19324 * parse.lex, parse.yacc, sudoers.pod:
19325 Add support for Defaults>RunasUser
19328 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
19331 fclose() yyin after each yyparse() is done and use fopen() instead
19332 of using freopen().
19336 Better fix for sudoers files w/o a newline before EOF. It looks
19337 like the issue is that yyrestart() does not reset the start
19338 condition to INITIAL which is an issue since we parse sudoers
19342 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
19345 Work around what appears to be a flex bug when dealing with files
19346 that lack a final newline before EOF. This adds a rule to match EOF
19347 in the non-initial states which resets the state to INITIAL and
19352 o The parser needs sudoers to end with a newline but some editors
19353 (emacs) may not add one. Check for a missing newline at EOF and
19354 add one if needed. o Set quiet flag during initial sudoers parse (to
19355 get options) o Move yyrestart() call and always use freopen() to
19356 open yyin after initial sudoers parse.
19359 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
19362 Fix pasto/thinko in setresgid()/setregid() usage. Want to set
19363 effective gid, not real gid, when reading sudoers.
19367 don't compile set_perms_posix if we have setreuid or setresuid
19370 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
19372 * sudo.pod, sudoers.pod:
19373 document new prompt escapes
19377 Add %U and %H escapes and redo prompt rewriting. "%%" now gets
19378 collapsed to "%" as was originally intended. This also gets rid of
19379 lastchar (does lookahead instead of lookback) which should simplify
19380 the logic slightly.
19383 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
19386 Write the prompt *after* turning off echo to avoid some password
19387 characters being echoed on heavily-loaded machines with fast
19392 Add support for mipseb; wiz@danbala.tuwien.ac.at
19396 Fix IRIX fallout from name changes in man dir/sect Makefile
19397 variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
19401 Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
19402 the global copy. Problem noted by Peter Pentchev.
19405 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
19412 Add missing yyerror() calls; YYERROR does not seem to call this for
19416 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
19419 fix typo in comment; Pedro Bastos
19422 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
19425 document --disable-setresuid
19428 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
19430 Sprinkle some volatile qualifiers to prevent over-enthusiastic
19431 optimizers from removing memset() calls.
19434 * logging.c, parse.yacc:
19435 minor sign fixes pointed out by gcc -Wsign-compare
19438 * set_perms.c, sudo.c, sudo.h:
19439 Revamp set_perms. We now use a version based on setresuid() or
19440 setreuid() when possible since that allows us to support the
19441 stay_setuid option and we always know exactly what the semantics
19442 will be (various Linux kernels have broken POSIX saved uid support).
19445 * config.h.in, configure:
19446 regen from configure.in
19450 Add checks for setresuid() and a way to disable using it
19454 No long need to emulate set*[ug]id() via setres[ug]id() or
19455 setre[ug]id(). The new set_perms stuff only uses things it knows are
19460 Before exec, restore state of signal handlers to be the same as when
19461 we were initialy invoked instead of just reseting to SIG_DFL. Fixes
19462 a problem when using sudo with nohup. Based on a patch from Paul
19467 o timestamp_uid should be uid_t, not int o clarify error message
19468 when sudo is run by root and no_root_sudo is set
19471 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
19474 update ftp link for bison
19477 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
19480 Error out if setusercontext() fails and the runas user is not root.
19483 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
19490 Fix SecurID API test
19493 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
19500 securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
19501 but I don't see a better way at the moment.
19504 * Makefile.in, auth/securid5.c:
19505 SecurID API version 5 support from Michael Stroucken
19509 Add check for SecurID 5.0 API
19512 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
19515 We actually do still need config.h to get the 'const' definition for
19519 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
19522 regen with autoconf 2.5.3
19526 Don't set sysconfdir to '/etc' if the user has specified a --prefix.
19530 Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
19531 LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
19534 * env.c, sudo.c, sudo.h:
19535 No need for dump_badenv() now that dump_defaults() knows how to dump
19539 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
19545 document timestampowner
19549 Don't call set_perms() when doing timestamp stuff unless
19550 timestamp_uid != 0.
19553 * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
19554 sudo.h, testsudoers.c:
19555 g/c second arg to set_perms--it is no longer used
19558 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
19560 * check.c, set_perms.c, sudo.c, sudo.h:
19561 Add support for non-root timestamp dirs. This allows the timestamp
19562 dir to be shared via NFS (though this is not recommended).
19565 * def_data.c, def_data.h, def_data.in:
19566 Add timestampowner, "Owner of the authentication timestamp dir"
19569 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
19572 Don't try to pre-compute the size of the new envp, just allocate
19573 space up front and realloc as needed. Changes to the new env
19574 pointer must all be made through insert_env() which now keeps track
19575 of spaced used and allocates as needed.
19578 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
19585 Fix two typo/pastos; from jrj@purdue.edu
19588 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
19590 * INSTALL.binary, README:
19592 [a1e33027278c] [SUDO_1_6_6]
19594 * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
19595 visudo.cat, visudo.man.in:
19599 * CHANGES, RUNSON, TODO:
19604 The the loop used to expand %h and %u, the lastchar variable was not
19605 being initialized. This means that if the last char in the prompt
19606 is '%' and the first char is 'h' or 'u' a extra copy of the host or
19607 user name would be copied, for which space had not been allocated.
19610 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
19612 * BUGS, INSTALL, Makefile.in, configure.in, version.h:
19613 crank version to 1.6.6
19617 #undef VOID to get rid of an AFS warning
19621 Use easprintf instead of emalloc + sprintf for some things.
19624 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
19626 * lex.yy.c, sudo.tab.c:
19630 * parse.c, parse.lex, parse.yacc, testsudoers.c:
19631 Remove Chris Jepeway's email address so people don't bug him ;-)
19634 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
19637 Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
19638 endgrent() at the same time.
19641 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
19644 Make it clear which configure options take arguments.
19647 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
19650 HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
19651 RLIM_INFINITY, just pretend it is -1. This works because we only
19652 check for RLIM_INFINITY and do not set anything to that value.
19655 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
19658 Zero and free allocated memory when there is a conversation error.
19662 Use sigaction() not signal()
19666 Mention that some linux kernels have broken POSIX saved ID support
19670 checkpoint for 1.6.5p2
19678 Add --disable-setreuid flag
19682 Document new --disable-setreuid option and change description for
19683 --disable-saved-ids to match new error message.
19687 fatal() now takes an argument that determines whether or not to call
19692 Update for new error messages from set_perms()
19696 Update for new error messages from set_perms()
19699 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
19702 Make this compile w/o warnings
19706 Mention that we can't use pam_acct_mgmt()
19709 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
19710 The user's password was not zeroed after use when AIX
19711 authentication, BSD authentication, FWTK or PAM was in use.
19714 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
19717 Avoid giving PAM a NULL password response, use the empty string
19718 instead. This avoids a log warning when the user hits ^C at the
19719 password prompt when PAM is in use.
19723 Don't check the return value of pam_setcred(). In Linux-PAM 0.75
19724 pam_setcred() returns the last saved return code, not the return
19725 code for the setcred module. Because we haven't called
19726 pam_authenticate(), this is not set and so pam_setcred() returns
19731 Don't need a '/' between $(DESTDIR) and a directory.
19735 Don't need a '/' between $(DESTDIR) and a directory.
19738 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
19745 o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
19746 setreuid() o new NetBSD has a real setreuid() o add check for
19747 freeifaddrs() if getifaddrs() exists.
19750 * config.h.in, interfaces.c:
19751 Older BSDi releases lack freeifaddrs() so add a test for that and if
19752 it is not present just use free().
19755 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
19758 Checkpoint for 1.6.5p1
19762 Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
19763 to normal passwords, not AUTH_FATAL (which just causes an exit).
19767 Don't use memory after it has been freed.
19771 skeyaccess() wants a struct passwd * not a char *; Patch from
19773 [65a1d3806fcd] [SUDO_1_6_5]
19779 * CHANGES, RUNSON, TODO:
19780 checkpoint for sudo 1.6.5
19783 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
19789 * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
19793 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
19799 o when invoking the mailer as root use a hard-coded environment that
19800 doesn't include any info from the user's environment. Basically
19803 o Add support for the NO_ROOT_MAILER compile-time option and run the
19804 mailer as the user and not root if NO_ROOT_MAILER is defined.
19807 * set_perms.c, sudo.h:
19808 Bring back PERM_FULL_USER
19819 * INSTALL, config.h.in, configure.in:
19820 Add --disable-root-mailer option to run the mailer as the user and
19825 checkpoint for 1.6.4p2
19829 Mention the "seteuid(0): Operation not permitted" problem here too
19830 just for good measure.
19833 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
19835 * env.c, getspwuid.c, sudo.c:
19836 The SHELL environment variable was preserved from the user's
19837 environment instead of being reset based on the passwd database when
19838 the "env_reset" option was used. Now it is reset as it should be.
19845 * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
19847 Add a configure option to turn off use of POSIX saved IDs
19855 add --with-efence option
19859 Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
19860 "sudo -l" would not work if always_set_home was set.
19868 Quoted commas were not being treated correctly in command line
19873 o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
19874 Otherwise, the set_home option has no effect.
19876 o Fix use of freed memory when the "fqdn" flag is set. This was
19877 introduced by the fix for the "segv when gethostbynam() fails" bug.
19878 Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
19879 there is no need to check the "fqdn" flag in set_fqdn() itself.
19883 Add 'continue' statements to optimize the switch statement. From
19887 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
19889 * sudoers.cat, sudoers.man.in:
19890 Regen from new sudoers.pod
19891 [6ecc07b3d0e1] [SUDO_1_6_4]
19894 Add caveat about stay_setuid flag
19898 If set_perms == set_perms_posix and the stay_setuid flag is not set,
19899 set all uids to 0 and use set_perms_fallback().
19902 * set_perms.c, sudo.h:
19903 Remove PERM_FULL_USER (which is no longer used) and add
19904 PERM_FULL_ROOT (used when exec'ing the mailer).
19908 Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
19909 never want to run the mailer setuid.
19912 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
19914 * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
19916 Use sudo.ws instead of courtesan.com in URLs
19919 * Makefile.binary, Makefile.in:
19920 Fix mansect substitution
19924 Substitute man sections in Makefile.binary
19928 Sync install targets with Makefile.in and substitute in man
19932 * INSTALL, INSTALL.binary:
19937 Repair bindist target
19944 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
19947 Fix case where neither whoami nor id are found
19950 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
19953 If neither whoami nor id exists, just assume we are root.
19957 Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
19958 on AIX which for some reason isn't pulling in the malloc prototype.
19961 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
19963 * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
19972 Defer assigning new environment until right before the exec.
19976 kill extra blank line
19979 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
19986 Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
19987 compiler doesn't recognise -O2.
19991 Clarify origins of Root Group sudo a bit based on info from
19992 billp@rootgroup.com
19995 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
20002 checkpoint for 1.6.4rc1
20005 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
20008 now generated via autoheader
20016 Move in some stuff that was previously in config.h.
20019 * aclocal.m4, configure.in:
20020 Add info for autoheader.
20023 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
20026 o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
20027 -g to facilitate non-root installs
20031 Add -M option (like -m but only for root) If we can't find "whoami",
20032 use "id" w/ some sed.
20040 allow user to always override mansectsu and mansectform
20043 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
20046 update from autoconf 2.52
20049 * config.guess, config.sub:
20050 Update from autoconf 2.52
20054 regen with autoconf 2.52
20058 o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
20059 mode o Remove compiler-specific checks for HP-UX now that we use
20068 o Add pam_prep_user function to call pam_setcred() for the target
20069 user; on Linux this often sets resource limits. o When calling
20070 pam_end(), try to convert the auth->result to a PAM_FOO value.
20071 This is a hack--we really need to stash the last PAM_FOO value
20072 received and use that instead.
20075 * set_perms.c, sudo.h:
20076 o Add pam_prep_user function to call pam_setcred() for the target
20077 user; on Linux this often sets resource limits.
20081 Fix off by one error in number of bytes allocated via malloc (does
20082 not affected any released version of sudo).
20085 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
20092 Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
20093 requiring that they be quoted.
20096 * sudoers.cat, sudoers.man.in, sudoers.pod:
20097 Mention that no double quotes are needed when
20098 adding/deleting/assigning a single value to a list.
20102 Don't rely on mkdefaults being executable, call perl explicitly.
20110 Remove some XXX that are no longer relevant.
20114 o Roll our own loop instead of using strpbrk() for better
20115 grokability o When adding to a list we must malloc() and use
20116 memcpy(), not strdup() since we must only copy len bytes from str.
20119 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
20129 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
20140 avoid the -g flag unless --with-devel was specified
20144 mkdefaults, def_data.in and sigaction.c were missing from the
20149 def_data.c was missing
20152 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
20155 Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
20156 allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
20164 Add comment for Default section so folks know where it should go.
20167 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
20170 Use TCSETAF, not TCSETA to set terminal in termio case
20173 * sudoers.cat, sudoers.man.in:
20174 regen from sudoers.pod
20178 o Typo, Runas_User_List should be Runas_List o a User_List can not
20179 contain a uid o mention that the Defaults section should come after
20180 Alias definitions but before the user specifications
20183 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
20185 * sudoers.cat, sudoers.man.in:
20190 Fix listpw and verifypw sections, they were not being formatted
20194 * sudoers.cat, sudoers.man.in:
20206 * config.h.in, configure.in:
20207 use AC_SYS_POSIX_TERMIOS instead of rolling our own
20211 Reference sudo.ws not courtesan.com
20215 Add notes on shadow passwords
20219 In list mode (sudo -l), characters escaped with a backslash are
20220 shown verbatim with the backslash.
20224 Add simple examples from OpenBSD (Marc Espie)
20228 Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
20232 minor prettyification
20240 Fix CIDR handling here too.
20244 Apparently a NULL response is OK
20248 Checkpoint for upcoming beta release
20252 Many people believe that adding a runas spec should obviate the need
20253 for the -u flag. It does not.
20257 checkpoint update for upcoming 1.6.4 beta
20261 o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
20262 if HAVE_STRING_H is defined -- this is safe now
20266 Add signals section
20274 Fix check for sigaction_t
20278 XXX - should call find_path() as runas user, not root. Can't do
20279 that until the parser changes though.
20283 If find_path() fails as root, try again as the invoking user (useful
20284 for NFS). Idea from Chip Capelik.
20287 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
20288 Regenerate after pod file changes
20291 * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
20292 sudo.pod, sudoers.pod:
20293 Add new sudoers option "preserve_groups". Previously sudo would not
20294 call initgroups() if the target user was root. Now it always calls
20295 initgroups() unless the -P command line option or the
20296 "preserve_groups" sudoers option is set. Idea from TJ Saunders.
20299 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
20301 * compat.h, config.h.in:
20302 Use new HAVE_SIGACTION_T define
20306 Fix compilation on K&C
20314 Add check for sigaction_t -- IRIX already defines this so don't
20323 need stdlib.h here too
20331 Remove redundant checks for string.h, strings.h and unistd.h
20334 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
20336 Regen from pod files
20343 * configure, lex.yy.c, sudo.tab.c:
20348 Return EINVAL if errnum > sys_nerr
20351 * auth/sudo_auth.h:
20352 o Update copyright year
20355 * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
20356 config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
20358 o Update copyright year
20362 o Don't define STDC_HEADERS unconditionally for IRIX o Update
20370 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
20371 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
20372 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
20373 auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
20374 set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
20376 o Reorder some headers and use STDC_HEADERS define properly o Update
20381 o Reorder some headers and use STDC_HEADERS define properly o Update
20385 * getspwuid.c, goodpath.c, interfaces.c:
20386 o Reorder some headers and use STDC_HEADERS define properly o Update
20391 o Reorder some headers and use STDC_HEADERS define properly o Update
20395 * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
20397 o Reorder some headers and use STDC_HEADERS define properly o Update
20406 flags set in signal handlers should be volatile sig_atomic_t
20409 * config.h.in, configure.in:
20410 Add checks for volatile and sig_atomic_t
20413 * configure, lex.yy.c:
20417 * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
20418 sudo.c, sudoers.pod:
20419 Remove "secure_path" Defaults option since it cannot work with the
20423 * find_path.c, sudo.c:
20424 Unset "secure_path" if user_is_exempt()
20427 * env.c, pathnames.h.in:
20428 o Remove assumption that PATH and TERM are not listed in env_keep o
20429 If no PATH is in the environment use a default value o If TERM is
20430 not set in the non-reset case also give it a default value.
20433 * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
20434 _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
20435 systems that define in paths.h
20438 * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
20439 Add support for skeyaccess(3) if it is present in libskey.
20442 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
20445 Only need to do 'lc = login_getclass(NULL)' if lc == NULL
20449 '\\' is a perfectly legal character to have in a command line
20454 o Defer call to set_fqdn() until it is safe to use log_error() o
20455 Don't print errno string value if gethostbyname fails, it is not
20460 Fix CIDR -> in_addr_t conversion.
20463 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
20466 Remove an extra "User_List" in the User_Spec definition From
20467 ybertrand AT snoopymail.com
20471 Make 'listpw=never' work for users who are not explicitly mentioned
20476 Remove gratuitous '=' in EBNF grammar; era AT iki.fi
20480 Document new list Defaults type and convert env_keep and env_delete
20481 to lists. Document new env_check option.
20484 * lex.yy.c, sudo.tab.c, sudo.tab.h:
20489 Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
20498 Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
20501 * config.h.in, configure.in:
20502 Add check for skeyaccess(3)
20506 Document new -c, -f, and -q options
20510 o Add -f option (alternate sudoers file) o Convert to use getopt(3)
20517 * aclocal.m4, config.h.in, configure.in:
20518 Add check for isblank and a replacement macro if it doesn't exist.
20521 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
20524 In check-only mode, don't create sudoers if it does not already
20529 o Add a new token, DEFVAR, to indicate a Defaults variable name o
20530 Add support for "+=" and "-=" list operators o replace some 1 and 0
20531 with TRUE and FALSE for greater legibility.
20535 o Use exclusive start conditions to remove some ambiguity in the
20536 lexer. Also reorder some things for clarity. o Add support for
20537 "+=" and "-=" list operators. o Use the new DEFVAR token to denote
20538 a Defaults variable name.
20542 Prototype init_envtables()
20546 o Convert environment handling to use lists instead of strings.
20547 This greatly simplifies routines that need to do "foreach" type
20548 operations. o Add new init_envtables() function to set env_check
20549 and env_delete defaults based on initial_badenv_table and
20550 initial_checkenv_table (formerly sudo_badenv_table).
20553 * defaults.c, defaults.h:
20554 o Add a new LIST type and functions to manipulate it. o This is for
20555 use with environment handling variables. o Call new
20556 init_envtables() routine inside init_defaults() to initialize the
20560 * def_data.c, def_data.h, def_data.in:
20561 Convert environment options to use the new LIST type and add a new
20562 one, env_check that only deletes if the sanity check fails.
20566 Add dummy version of init_envtables()
20574 Add check-only mode
20578 Fix generation of entries with NULL descriptions.
20581 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
20584 Use sigaction_t and quiet a gcc warning.
20588 Must reset signal handlers before we exec
20591 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
20593 Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
20594 version needs testing. Set SIGTSTP to SIG_DFL during password entry
20595 so user can suspend us.
20599 Add support for interrupting/suspending tgetpass via keyboard input.
20600 If you suspend sudo from the password prompt and resume it will re-
20605 Don't block keyboard interrupt signals, just set them to SIG_IGN.
20608 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
20611 add back HAVE_SIGACTION
20618 * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
20619 Kill POSIX_SIGNALS define and old signal support now that we emulate
20620 POSIX ones Also be sure to correctly initialize struct sigaction.
20624 Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
20628 Add scaffolding for POSIX signal emulation
20632 o Add missing ';' so this compiles o Can't use NULL since we don't
20637 Emulate sigaction() using sigvec()
20640 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
20643 Document new behavior of negative values of timestamp_timeout Fix a
20648 Add security note about command not being logged after 'sudo su' and
20653 Mention that -V prints default values when run as root, including
20654 the list of environment variables to clear.
20658 Run pod2man with --quotes=none to avoid stupid quoting of C<>
20662 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
20664 * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
20665 Add mail_badpass option Also modify mail_always behavior to also
20666 send mail when the password is wrong
20669 * env.c, sudo.c, sudo.h:
20670 Dump default bad env table when 'sudo -V' is run by root.
20674 document env_delete
20678 Add support for '*' in env_keep when not resetting the environment
20679 (ie: the normal case).
20683 Add env_delete variable that lets the user replace/add to the
20684 bad_env_table. Allow '*' wildcard in env_keep entries.
20687 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
20690 Force umask to 022 to guarantee sane directory permissions.
20693 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
20696 add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
20700 fix breakage in last commit
20704 acsite.m4 -> aclocal.m4
20708 fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
20712 regenerated from def_data.in
20715 * check.c, defaults.c, defaults.h:
20716 Add new T_UINT type that most things use instead of T_INT If
20717 timestamp_timeout is < 0 then treat the ticket as never expiring (to
20718 be expired manually by the user).
20722 change most T_INT -> T_UINT
20726 fix warning when no args
20730 Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
20731 we are a signal handler. We no longer print the signal number but
20732 the user can just check the exit value for that.
20735 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
20738 when setting up pipes in child process check for case where stdin ==
20742 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
20745 Ignore editor exit value since XPG4 says vi's exit value is the
20746 count of editing errors made (failed searches, etc).
20749 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
20756 sco now is identified by config.guess as *-sco-*
20760 Check for getspnam() in -lgen if not in -lc for UnixWare.
20763 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
20765 * sudoers.pod, visudo.pod:
20766 "upper case" -> "uppercase"
20770 fix typos and grammar; pjanzen@foatdi.harvard.edu
20773 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
20776 Missing word (specify); krapht@secureops.com
20779 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
20782 If we fail to lookup a login class, apply the default one.
20786 In log_error() free message, not logline unconditionally, then free
20787 logline if it is not the same as message. No function change but
20788 this mirrors how they are allocated.
20791 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
20798 remove some backslash quotes that are unneeded
20802 o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
20803 instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
20804 can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
20805 to AC_DEFINE things manually.
20808 * config.guess, config.sub:
20809 Updated from autoconf-2.50
20812 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
20815 Update mailing list section. We use mailman now, not majordomo.
20818 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
20820 * getspwuid.c, logging.c, sudo.c:
20821 Use setpwent()/endpwent() + all the shadow variants to make sure we
20822 don't inadvertantly leak an fd to the child. Apparently Linux's
20823 shadow routines leave the fd open even if you don't call setspent().
20824 Reported by mike@gistnet.com; different patch used.
20827 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
20834 select() may return EAGAIN. If so, continue like we do for EINTR.
20838 Fix a non-exploitable buffer overflow in the word splitting code.
20839 This should really be rewritten.
20847 Tell people to look in sample.syslog.conf for examples, not FAQ
20851 Update list of env vars that are cleared
20855 remove struct env_table decl since that stuff has all moved to env.c
20858 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
20861 Fix a pasto in flock-style unlocking and include <sys/file.h> for
20862 flock on older systems; twetzel@gwdg.de
20866 regen to get NeXT lockf/flock fix
20870 force NeXT to use flock since lockf is broken
20873 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
20876 Use stashed user_gid when checking against exempt gid since sudo
20877 sets its gid to a a value that makes sudoers readable. Previously
20878 if you used gid 0 as the exempt group everyone would be exempt. From
20879 Paul Kranenburg <pk@cs.few.eur.nl>
20882 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
20889 #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
20890 some types (such as ssize_t) therein.
20893 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
20896 Fix negation of paths in a boolean context. Problem found by
20900 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
20906 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
20909 SA_RESETHAND means the opposite of what I was thinking--oops To
20910 block all signals in old-style signals use ~0, not 0xffffffff
20913 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
20916 coerce difference of pointers to int when used in a string length
20917 printf format; deraadt@openbsd.org
20920 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
20923 Block all signals in Exit() to avoid a signal race. There is still
20924 a tiny window but I'm not going to worry about it.
20927 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
20930 glibc uses the LANGUAGE env var so clear that too; Solar Designer
20934 Regenerate with a fix to flex.skl that preserves errno from
20935 clobbering by isatty().
20938 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
20940 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
20941 auth/sia.c, auth/sudo_auth.c:
20942 Some defaults I_ defines got renamed.
20945 * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
20946 defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
20947 set_perms.c, sudo.c, sudo.tab.c:
20948 Move defaults info into its own files from which we generate .h and
20949 .c files. This makes adding or rearranging variables much simpler.
20952 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
20954 * configure, configure.in:
20955 fix typo in last commit
20958 * compat.h, config.h.in, configure, configure.in:
20959 Add check + emulation for setegid (like seteuid).
20963 Make env_keep override badenv_table as documented Fix traversal of
20964 badenv_table (broken in last commit)
20967 * set_perms.c, sudo.c, sudo.h:
20968 Don't try and build saved uid version of set_perms on systems w/o
20969 them. Rename set_perms_saved_uid() -> set_perms_posix() Make
20970 set_perms_setreuid simply be set_perms_fallback() and simply include
20971 the appropriate function at compile time (setreuid() vs. setuid()).
20974 * sudoers.cat, sudoers.man.in, sudoers.pod:
20975 PATH is also preserved when env_reset is in effect
20978 * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
20979 configure.in, defaults.c, defaults.h, env.c, find_path.c,
20980 getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
20981 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
20982 visudo.c, visudo.cat, visudo.man.in:
20983 New Defaults options: o stay_setuid - sudo will remain setuid if
20984 system has saved uids or setreuid(2) o env_reset - reset the
20985 environment to a sane default o env_keep - preserve environment
20986 variables that would otherwise be cleared
20988 No longer use getenv/putenv/setenv functions--do environment munging
20989 by hand. Potentially dangerous environment variables can be cleared
20990 only if they contain '/' pr '%' characters to protect buggy
20991 programs. Moved environment routines into env.c (new file)
20995 Clear up --without-passwd description
20998 * putenv.c, sudo_setenv.c:
20999 We now build up a new environment from scratch and assign it to
21003 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
21005 * sudo.pod, visudo.pod:
21006 Grammatical fixes from Paul Janzen
21009 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
21012 If there was a syntax error and the user just wants to quit, unlink
21013 sudoers if it is zero length.
21017 'Q' means ignore parse error, not 'q'
21021 Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
21025 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
21028 Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
21031 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
21033 * config.guess, config.sub:
21034 Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
21037 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
21039 * sudo.c, visudo.c:
21040 Use exit(127), not exit(-1)
21043 * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
21044 Move set_perms() to its own file and use POSIX saved uid or
21045 setreuid() if available.
21047 Added stay_setuid option for systems that have libraries that
21048 perform extra paranoia checks in system libraries for setuid
21049 programs (ie: anything with issetugid(2)).
21053 strip more bits from the environment and add a facility for
21054 stripping things only if they contain '/' or '%' to address printf
21055 format string vulnerabilities in other programs.
21058 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
21065 For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
21074 Check for strcasecmp(3) in -lc89 for NCR Unix
21077 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
21080 Define HAVE_INNETGR #ifdef HAVE__INNETGR
21087 * compat.h, config.h.in, configure.in:
21088 Add check for _innetgr(3) since NCR systems have that instead of
21092 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
21095 check return value of creadcfg() call sd_close() after sd_auth()
21096 store username in sd->username so we don't rely on the USER env
21100 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
21103 document --with-bsdauth
21111 --with-bsdauth assumes --with-logincap
21114 * auth/bsdauth.c, auth/fwtk.c:
21115 When prompting for a response to a challenge, if the user just hits
21116 return then reprompt with echo turned on.
21119 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
21122 Remove debugging code that should not have been committed, oops.
21126 Use lower-level routines and get the password ourselves. Checks for
21127 a challenge and if there is one echo is not turned off.
21130 * auth/pam.c, auth/sudo_auth.h:
21131 minor housekeeping, no real code changes
21134 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
21137 Fix a coredump in the logging functions if gethostname(2) fails by
21138 deferring the call to log_error() until things are better setup.
21140 Fix return value of set_loginclass() in non-BSD-auth case.
21142 Hard-code 'sudo' in the usage message so we can fit more options on
21147 Fix errant ';' (typo) that broken MSG_ONLY
21150 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
21152 * sudo.cat, sudo.man.in:
21160 * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
21161 configure, configure.in, getspwuid.c, sudo.c:
21162 Add support for BSD authentication.
21165 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
21168 Fix typo; from sato@complex.eng.hokudai.ac.jp
21171 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
21174 Mention negating umask
21178 Allow user to specify umask of 0777 (same as !umask)
21181 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
21183 * sudo.pod, visudo.pod:
21184 Fix a typo and give a URL for the sudo history.
21187 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
21189 * defaults.c, sudo.pod:
21190 fix typos; pepper@reppep.com
21193 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
21195 * sudo.c, sudo.h, sudo_setenv.c:
21196 sudo_setenv() now exits on memory alloc failure instead of returning
21200 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
21203 Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
21204 and possibly others.
21208 Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
21209 that "%m" won't be expanded but we don't use that anyway since the
21210 logging routines may splat to stderr as well.
21213 * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
21215 Add always_set_home variable
21218 * configure, configure.in:
21219 Have to hard code default values in help since the defaults are set
21220 _after_ the help stuff.
21223 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
21225 * lex.yy.c, parse.lex:
21226 Allow special characters (including '#') to be embedded in pathnames
21227 if quoted by a '\\'. The quoted chars will be dealt with by
21228 fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
21231 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
21234 Better path searching for programs we need.
21238 Add section on "C compiler cannot create executables" errors.
21241 * Makefile.binary, Makefile.in, version.h:
21245 * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
21246 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
21247 visudo.man.in, visudo.pod:
21248 Substitute values from configure into man pages.
21251 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
21254 The listpw and verifypw sudoers options would not take effect
21255 because the value of the default was checked *before* sudoers was
21256 parsed. Instead of passing in the value of PWCHECK_* to
21257 sudoers_lookup(), pass in the arg for def_ival() so the check can be
21258 deferred until after sudoers is parsed.
21261 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
21264 When writing prompt, no need to write the NUL as well;
21268 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
21271 When looking for chown, check in /sbin too
21274 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
21277 Remove extraneous call to init_defaults() and set runas_user to NULL
21278 betweem parses so init_defaults will reset it each time, thus
21279 avoiding a reference to free()d data.
21282 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
21284 * config.h.in, interfaces.c, interfaces.h, sudo.c:
21285 Add support for using getifaddrs() to get the list of ip addr /
21286 netmask pairs. Currently IPv4-only.
21290 Add a missing check for UserEditor == NULL Add missing '+' before
21291 line number when invoking editor to fix a syntax error
21294 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
21297 Call clean_env very early in main() for paranoia's sake. Idea from
21301 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
21304 Update proto for evasprintf and easprintf
21308 Make easprintf() and evasprintf() return an int.
21312 If the targetpw flag is set, use target username as part of the
21313 timestamp path. If tty tickets are in effect cat the tty and the
21314 target username with a ':' as the separator.
21317 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
21320 Backout part of last change; setting PAM_USER to the invoking user
21321 breaks things like targetpw.
21325 set tty and username via pam_set_item
21328 * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
21329 Fix root, runas, and target authentication for non-passwd file auth
21333 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
21335 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
21336 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
21337 Use B<-Z> not C<-Z> for command line flags in all places. This is
21338 more consistent and works around a bug in Pod::Man.
21341 * sudoers.cat, sudoers.man.in, sudoers.pod:
21342 Fix an occurence of 'semicolon' that should be 'colon'
21345 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
21347 * configure, configure.in:
21348 Fix --with-badpri help line
21351 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
21353 * defaults.c, logging.c, sudo.c:
21354 Bracket calls to syslog with an openlog() and closelog() since some
21355 authentication methods (like PAM) may do their own logging via
21356 syslog. Since we don't use syslog much (usually just once per
21357 session) this doesn't really incur a performance penalty. It also
21358 Fixes a SEGV with pam_kafs.
21361 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
21364 Fix -H flag. runas_homedir is only valid after
21365 set_perms(PERM_RUNAS, mode)
21368 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
21371 Clarify the fact that insults are not enabled just by including them
21375 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
21377 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
21379 Regenerated with perl 5.6.0 pod2man
21383 Give date string to pod2man since its default is ugly and it ain't
21388 Do section substitution on the output of pod2man and remove hack
21389 needed for old pod2man.
21392 * sudo.pod, sudoers.pod, visudo.pod:
21393 Put back real man sections, we will do the substitution later.
21396 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
21398 * configure, configure.in:
21399 Don't bother checking for the path to vi if user specified --with-
21403 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
21405 * CHANGES, visudo.c:
21406 Visudo now does its own fork/exec instead of calling system(3).
21409 * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
21410 sudoers.pod, visudo.c:
21411 Visudo now checks for the existence of an editor and gives a
21412 sensible error if it does not exist.
21414 The path to the editor for visudo is now a colon-separated list of
21415 allowable editors. If the user has $EDITOR set and it matches one
21416 of the allowed editors that editor will be used. If not, the first
21417 editor in the list that actually exists is used.
21420 * sudo.cat, sudo.man.in, sudo.pod:
21421 Clear up confusion wrt sudo's return value.
21424 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
21427 Strip sudo and visudo for bindist target
21430 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
21431 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
21432 Use @mansectsu@ and @mansectform@ in the man page bodies as well.
21433 [5eb9e60a726f] [SUDO_1_6_3]
21435 * visudo.cat, visudo.man.in, visudo.pod:
21436 Typo: @sysconf@ -> @sysconfdir@
21440 'make dist' should not cause any files to be modified so remove its
21445 Whoops, forgot to add release marker
21448 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
21451 Final change for 1.6.3 (or so I hope)
21454 * sudo.cat, sudoers.cat, visudo.cat:
21455 Use SYSV man sections since BSD systems will have nroff...
21458 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
21460 * parse.yacc, sudo.tab.c:
21461 When checking to see if the host/user matches in a defaults spec,
21462 check against TRUE, not just non-zero since it might be -1.
21465 * configure, configure.in:
21466 OSF/1 puts file formats in section 4, not 5.
21469 * CHANGES, INSTALL, sudo.c:
21470 Make login class support work on BSD/OS
21477 * configure, configure.in:
21478 If there is no inet_addr but there *is* an __inet_addr that's ok
21479 since inet_addr is probably just a macro then. The better thing to
21480 do would be to look for the macro, but this is fine for now.
21483 * configure, configure.in:
21484 Don't use shlicc for BSD/OS 4.x
21487 * Makefile.in, configure, configure.in:
21488 *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
21489 configure variable so we can deal with this. Also, only remove *.man
21490 for 'distclean' not 'clean'.
21494 set_loginclass() should be static like the proto says
21497 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
21500 Add #ifdef __STDC__ around the rangematch function header to avoid
21501 promotion of test to int, thus violating the prototype. Gcc handles
21502 this gracefully but more std ANSI compilers will complain.
21506 Pull in newer fnmatch(3) that supports FNM_CASEFOLD
21509 * aclocal.m4, configure, fnmatch.3, fnmatch.c:
21510 Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
21511 FNM_CASEFOLD in configure
21518 * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
21519 Fully qualified hosts w/ wildcards were not matching the FQHOST
21520 token type. There's really no need for a separate token for fully-
21521 qualified vs. unqualified anymore so FQHOST is now history and
21522 hostname_matches now decides which hostname (short or long) to check
21523 based on whether or not the pattern contains a '.'.
21527 Fully qualified hosts w/ wildcards were not matching the FQHOST
21528 token type. There's really no need for a separate token for fully-
21529 qualified vs. unqualified anymore so FQHOST is now history and
21530 hostname_matches now decides which hostname (short or long) to check
21531 based on whether or not the pattern contains a '.'.
21534 * lex.yy.c, parse.c, parse.lex, parse.yacc:
21535 Fully qualified hosts w/ wildcards were not matching the FQHOST
21536 token type. There's really no need for a separate token for fully-
21537 qualified vs. unqualified anymore so FQHOST is now history and
21538 hostname_matches now decides which hostname (short or long) to check
21539 based on whether or not the pattern contains a '.'.
21542 * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
21543 sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
21544 Add support for wildcards in the hostname.
21548 Add targets for *.man.in, using config.status to generate *.man from
21552 * sudoers.cat, sudoers.man.in, sudoers.pod:
21553 Document set_logname option and enbolden refs to sudo and visudo.
21556 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
21557 sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
21558 visudo.cat, visudo.man.in, visudo.pod:
21559 Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
21560 from Michael D. Marchionna. configure now does substitution on the
21561 man pages, allowing us to fix up the paths and set the section
21562 correctly. Based on an idea from Michael D. Marchionna.
21566 Better fix for handling HP-UX aging info.
21570 Add support for set_logname run-time default
21573 * sudo.man.in, sudoers.man.in, visudo.man.in:
21574 configure does substitution on these to produce *.man
21577 * sudo.man, sudoers.man, visudo.man:
21578 These files now get generated from *.man.in at configure time.
21581 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
21583 * defaults.c, defaults.h:
21584 Add set_logname option so users can turn off setting of LOGNAME/USER
21585 environment variables.
21588 * lsearch.c, parse.c, testsudoers.c:
21592 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
21595 HP-UX adds extra info at the end for password aging so when
21596 comparing the result of crypt to pw_passwd we only compare the first
21597 len(epass) bytes *unless* the user entered an empty string for a
21602 Get rid of grandchild hack, it was causing problems and there is
21603 really no need for it. This fixes a bug where we spin eating up CPU
21604 when the user runs a long-running process like a shell.
21607 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
21610 User can always specify a login class if he/she is already root.
21613 * config.h.in, configure, configure.in, defaults.c, defaults.h,
21615 FreeBSD login class (login.conf) support.
21618 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
21620 * auth/sudo_auth.c:
21621 HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
21624 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
21627 Truncate unencrypted password to 8 chars if encrypted password is
21628 exactly 13 characters (indicateing standard a DES password). Many
21629 versions of crypt() do this for you, but not all (like HP-UX's).
21632 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
21635 Mention that gcc on dynix may have problems
21638 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
21641 Link visudo with NET_LIBS since we now call syslog via defaults.c
21645 Use Argv[0] as the first arg to openlog() since visudo uses this
21649 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
21652 Stash coredumpsize resource limit and retsore it before the exec()
21653 Otherwise the child ends up with a coredumpsize of 0.
21656 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
21658 * sudo.cat, sudo.man, sudo.pod:
21666 * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
21667 auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
21668 Added -S flag (read passwd from stdin) and tgetpass_flags global
21669 that holds flags to be passed in to tgetpass(). Change echo_off
21670 param to tgetpass() into a flags field. There are currently 2
21671 possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
21672 tgetpass(), abstract the echo set/clear via macros and if (flags &
21673 TGP_ECHO) but echo is not set on the terminal, but sure to set it.
21677 Fixed a bug that caused an infinite loop when the password timeout
21681 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
21683 * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
21684 sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
21685 Add rootpw, runaspw, and targetpw options.
21688 * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
21690 enveditor -> env_editor
21693 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
21695 * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
21696 sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
21698 crank versino to 1.6.3
21701 * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
21702 sudoers.pod, visudo.c:
21703 Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
21704 them. This means that visudo will now parse the sudoers file
21705 *before* it is edited so a bogus sudoers file will cause a warning
21706 to go to stderr. Also, visudo checks the variables once--it does not
21707 check them after each editor run since that could be confusing.
21710 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
21716 * check.c, sudo.c, sudo.h:
21717 Move user_is_exempt prototype into sudo.h
21720 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
21722 * configure, configure.in:
21723 Fix thinko, some && should have been || in the last commit
21726 * configure, configure.in:
21727 Don't initialized Makefile variables to be NULL since the user may
21728 want to import variables from their environment.
21731 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
21733 * configure, configure.in:
21737 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
21740 fix a yacc (skeleton.c) warning
21743 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
21745 * INSTALL, RUNSON, configure, configure.in:
21746 Make pam work on HP-UX 11.0;jaearick@colby.edu
21750 recent changes; prepare for 1.6.2p1
21754 Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
21757 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
21760 Regen with yacc that has a memory leak plugged.
21763 * sudoers.cat, sudoers.man, sudoers.pod:
21764 Expanded docs on sudoers 'defaults' options based on INSTALL file
21769 Fix some while lies
21772 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
21775 When making a bindist, link FAQ to TROUBLESHOOTING instead of
21779 * sudoers.cat, sudoers.man, sudoers.pod:
21780 Add netgroup caveat
21781 [28d119f466e3] [SUDO_1_6_2]
21784 Last minute updates
21800 Better detection of PAM errors and fix custom prompts with PAM.
21801 Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
21804 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
21807 Cast ULONG_MAX to unsigned long long when comparing to an unsigned
21811 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
21813 * CHANGES, config.h.in, configure, configure.in, visudo.c:
21814 Fix sudoers locking in visudo. We now lock the sudoers file itself,
21815 not the temp file (since locking the temp file can foul up editors).
21816 The previous locking scheme didn't work because the fd was closed
21820 * config.h.in, configure, configure.in:
21821 Don't need test for ftruncate() any more.
21824 * configure, configure.in:
21825 Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
21826 the unbundled HP-UX cc.
21829 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
21831 * sudoers.cat, sudoers.man, sudoers.pod:
21832 "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
21835 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
21837 * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
21838 parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
21839 version.h, visudo.c:
21840 update copyright year on changed files
21852 Crank version to 1.6.2
21856 Crank version to 1.6.2
21860 When using rlimit check for RLIM_INFINITY When computing the value
21861 of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
21868 * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
21869 sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
21870 Crank version to 1.6.2
21873 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
21874 Add 'shell_noargs' runtime option back in. We have to defer
21875 checking until after the sudoers file has been parsed but since
21876 there are now other options that operate that way this one can too.
21877 Based on a patch from bguillory@email.com.
21880 * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
21881 Add "listpw" and "verifypw" options.
21884 * sudoers.cat, sudoers.man, sudoers.pod:
21885 o Fix some typos/omissions o Add section on verifypw and listpw o
21886 Define how NOPASSWD interacts with the -v and -l flags
21889 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
21891 * configure, configure.in:
21892 For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
21893 -D_HPUX_SOURCE to CPPFLAGS.
21896 * defaults.c, defaults.h:
21897 In struct sudo_defs_types, move the union to the end and don't
21898 initialize the union member since that only works with an ANSI
21899 compiler. We set the value of the union by hand in init_defaults()
21900 anyway. This allows sudo to compile on a K&R compiler again.
21903 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
21905 * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
21906 netgr_matches needs to check shost as well as host since they may be
21911 End on \r as well as \n
21914 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
21917 Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
21918 from 0400 to whatever SUDOERS_MODE is (converting from the old
21919 sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
21920 0400 which should always be the case.
21923 * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
21924 Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
21925 w/o a passwd if there is *any* entry for the user on the host with a
21926 NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
21927 the user on the host w/ the specified runas user have the NOPASSWD
21935 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
21938 Treat EOF at whatnow prompt like 'x' instead of looping.
21941 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
21945 [5836a9452568] [SUDO_1_6_1]
21947 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
21949 * config.h.in, configure, configure.in, sudo.c:
21950 Add check for initgroups() since old SYSV lacks this.
21953 * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
21954 parse.c, testsudoers.c:
21955 o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
21959 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
21961 * auth/sudo_auth.c:
21962 Don't allow insults to be enabled if the insults[] array is empty.
21963 Otherwise there would be division by zero.
21967 Don't allow insults to be enabled if the insults[] array is empty.
21968 Otherwise there would be division by zero.
21972 Don't allow insults to be enabled if the insults[] array is empty.
21973 Otherwise there would be division by zero.
21977 Don't care about USE_INSULTS #define since the insult stuff may be
21978 overridden at runtime.
21981 * auth/sudo_auth.c:
21982 Honor insults flag.
21985 * CHANGES, parse.c:
21986 Don't ask the user for a password if the user is not allowed to run
21987 the command and the authenticate flag (in sudoers) is false.
21990 * CHANGES, RUNSON, lex.yy.c, parse.lex:
21991 o Whenever we get a bare newline we change to the INITIAL state. o
21992 Enter GOTRUNAS when we see Runas_Alias
21994 This allows #uid to work in a RunasAlias.
21997 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
21999 * CHANGES, parse.yacc, sudo.tab.c:
22000 fix parsing of runas lists: o oprunasuser and runaslist now return a
22001 value o in a runasspec, if a runaslist does not return TRUE, set
22002 runas_matches to FALSE. Normally, a runaslist only returns FALSE
22003 for explicitly denied users. o since runaslist does not modify the
22004 stack there is no need for a push/pop in runasalias.
22008 Don't kill the user's tickets until after sudoers has been parsed
22009 since tty_tickets and ticket_dir could be set in sudoers.
22012 * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
22013 configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
22014 sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
22015 crank version to 1.6
22019 add set_fqdn() stub
22022 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
22024 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
22025 sudoers.man, sudoers.pod, visudo.c:
22026 o Kill shell_noargs option, it cannot work since the command needs
22027 to be set before sudoers is parsed. o Fix the "set_home" sudoers
22028 option (only worked at compile time). o Fix "fqdn" sudoers option.
22029 We now set host/shost via set_fqdn which gets called when the
22030 "fqdn" option is set in sudoers. o Move the openlog() to
22031 store_syslogfac() so this gets overridden correctly from the
22036 SecurID support should compile now.
22039 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
22041 * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
22042 visudo.man, visudo.pod:
22043 fix some syntactic goofs
22046 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
22048 * Makefile.in, sudo.html, sudoers.html, visudo.html:
22049 No longer need the .html files as they are generated automatically
22053 * CHANGES, LICENSE:
22054 kill characters that made wml unhappy
22061 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
22064 majordomo@cs.colorado.edu -> majordomo@courtesan.com
22067 * Makefile.in, configure:
22068 Wrap script execution w/ /bin/sh for the benefit of ctm
22071 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
22074 Make the -s flag be exclusive too. Also reorder the flags in the
22075 exclusive usage message so they are alphabetical.
22078 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
22081 make pam errors other than PAM_PERM_DENIED fatal
22089 make it clear that /etc/pam.d/sudo is required on linux
22093 fix a warning on redhat and spew an error if pam_authenticate()
22094 returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
22097 * sudo.cat, sudo.html, sudo.man, sudo.pod:
22098 Be very clear that the password required is the user's not root's
22101 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
22104 add sample.syslog.conf to DISTFILES and BINFILES
22107 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
22110 updates from Brian Jackson + some formatting
22113 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
22115 * INSTALL.binary, Makefile.binary, README, RUNSON:
22116 o One RUNSon update o Changes for automating real binary releases
22123 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
22126 talk about run-time options in addition to compile-time options
22127 [1eb813ff0a9a] [SUDO_1_6_0]
22134 need sys/time.h if HAVE_SETRLIMIT
22137 * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
22138 sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
22139 get rid of references to sudo-bugs. Now mention the web site or the
22144 repair pod2html damage
22148 Update for 1.6 release
22151 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
22152 Add warning about using ALL in a command context.
22155 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
22158 Call yyrestart() on a parse error to reset the lexer state.
22161 * lex.yy.c, parse.lex:
22162 Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
22163 since it might not get called in yywrap if we get a parse error
22164 (and we only reread the file on error anyway).
22167 * lex.yy.c, parse.lex:
22168 Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
22169 might still exist. Call yyrestart() instead of using the deprecated
22173 * lex.yy.c, parse.lex:
22174 flex doesn't need %N table size declarations
22177 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
22178 Mention what characters need to be escaped in names.
22181 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
22188 clarify Mac OS X entry
22196 o Use AC_MSG_ERROR throughout o Check syslog configure options for
22200 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
22203 Fix printing of type T_MODE in dump_defaults()
22207 missing sys/types.h
22211 Break out options that may be overridden at run time into their own
22212 section. Add a not about Max OS X and correct some lies.
22215 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
22217 * CHANGES, config.h.in, configure, configure.in, sudo.c:
22218 o Now use getrlimit to find the highest fd when closing all non-std
22219 fd's o Turn off core dumps via setrlimit for the sake of paranoia
22226 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
22233 When read()'ing, do a single character at a time to be sure we don't
22234 go oast the newline.
22238 For the sudo_root option, check against user_uid, not getuid() since
22239 at this point, ruid == euid == 0.
22247 Fix compilation problem when --with-logging=file was specified.
22248 This means that syslog is now required to build sudo but that should
22249 not be a problem. If it is it can be fixed trivially with a
22250 configure check for syslog() or syslog.h.
22254 Make this work again for things like "sudo echo hi | more" where the
22255 tty gets put into character at a time mode. We read until we read
22256 end of line or we run out of space (similar to fgets(3)).
22259 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
22261 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
22262 change ital to bold
22269 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
22272 Error out if syslog parameters are given without a value. For
22273 Ultrix or 4.2BSD "syslog" is allowed without a value since there are
22274 no facilities in the 4.2BSD syslog.
22277 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
22280 Ignore the syslog facility for systems w/ old syslog like Ultrix.
22284 people with "." early in their path can have problems running sudo
22285 from the build dir ;-)
22288 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
22290 * sudo.cat, sudo.html, sudo.man, sudo.pod:
22291 Remove -r realm option
22294 * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
22295 configure.in, sudo.c:
22296 New krb5 code from Frank Cusack <fcusack@iconnet.net>.
22303 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
22306 include <auth.h> to get function prototypes.
22309 * sudo.cat, sudo.html, sudo.man, sudo.pod:
22313 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
22316 in set_perms(), always call setuid(0) before changing the ruid/euid
22317 so we always know it will succeed.
22321 #undef T_FOO to avoid conflicts with system defines (like on
22325 * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
22327 Docuement "Defaults" lines in /etc/sudoers. Still needs some
22328 fleshing out but this is a start.
22331 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
22333 * use strtol, not strtoul since not everyone has not strtoul
22337 use strtol, not strtoul since not everyone has not strtoul
22340 * lex.yy.c, parse.lex:
22341 last {WORD} rule should only apply in the INITIAL state
22344 * lex.yy.c, parse.lex:
22345 o Add support for escaped characters in the WORD macro o Modify
22346 fill() to squash escape chars
22349 * defaults.c, defaults.h:
22350 o Add T_PATH flag to allow simple sanity checks for default values
22351 that are supposed to be pathnames. o Fix a duplicate free when
22352 visudo finds an error.
22355 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
22357 * defaults.c, defaults.h, logging.c:
22358 mail_if_foo -> mail_foo
22361 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
22363 * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
22364 o Add requiretty option o Move O_NOCTTY to compat.h
22368 The exit() in log_error() was mistakenly removed in a previous
22369 version. Put it back...
22372 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
22374 * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
22375 auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
22376 configure, configure.in, defaults.c, defaults.h, find_path.c,
22377 getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
22378 o Change defaults stuff to put the value right in the struct. o
22379 Implement mailer_flags o Store syslog stuff both in int and string
22380 form. Setting the string form magically updates the int version.
22381 o Add boolean attribute to strings where it makes sense to say !foo
22385 add O_NOCTTY when opening /dev/tty just in case
22388 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
22391 cleanup function no longer takes a status arg
22398 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
22400 * TODO, config.h.in, configure, configure.in, logging.c:
22401 Use strftime() instead of ctime() if it is available.
22404 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
22411 update ReliantUNIX entry
22414 * defaults.c, defaults.h, logging.c:
22415 add log_year option
22418 * configure, configure.in:
22419 add --without-sendmail to help output
22422 * configure, configure.in:
22423 enforce an otctal arg for --with-suoders-mode
22426 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
22428 * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
22429 auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
22430 auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
22431 defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
22432 parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
22433 testsudoers.c, version.c, visudo.c:
22434 Add support for "Defaults" line in sudoers to make configuration
22435 variables changable at runtime (and on a global, per-host and per-
22436 user basis). Both the names and the internal representation are
22437 still subject to change. It was necessary to make sudo_user.runas
22438 but a char ** instead of a char * since this value can be changed by
22439 a Defaults line. There is a similar (but more complicated) issue
22440 with sudo_user.prompt but it is handled differently at the moment.
22442 Add a "-L" flag to list the name of options with their descriptions.
22443 This may only be temporary.
22445 Move some prototypes to parse.h
22447 Be much less restrictive on what is allowed for a username.
22450 * sample.syslog.conf:
22454 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
22456 * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
22458 UCB has dropped the advertising clause from their license.
22461 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
22463 * auth/sudo_auth.h:
22464 move dce_verofy proto to correct section
22471 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
22474 Add fnmatch() prototype
22477 * fnmatch.c, parse.c, testsudoers.c:
22478 Move inclusion of emul/fnmatch.h to be after sudo.h for __P
22482 add strcasecmp proto
22485 * auth/sudo_auth.c:
22486 add check for case where there are no auth methods
22489 * configure, configure.in:
22490 Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
22494 * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
22495 include strings.h everywhere we include string.h
22499 nicer output when showing auth methods
22503 Add support for SEND_MAIL_WHEN_NO_HOST
22506 * config.h.in, configure, configure.in:
22507 Add _GNU_SOURCE for Linux
22510 * lex.yy.c, parse.lex:
22511 fix definition of OCTECT
22514 * configure, configure.in:
22515 aix_auth.o not authenticate.o
22518 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
22521 Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
22522 keyboard). Since we run with ruid/euid == 0 the user can't really
22523 signal us in nasty ways.
22527 Don't need to worry about catching too many signals since we do
22528 locking on the tmp file. If a lockfile is really stale, it will be
22529 detected and overwritten.
22532 * INSTALL, Makefile.in:
22533 include auth/API in tarball
22536 * auth/sudo_auth.c:
22537 move memset() of plaintext pw outside of verify loop and only do the
22538 memset if we are *not* in standalone mode.
22541 * auth/sudo_auth.c, auth/sudo_auth.h:
22542 DCE is not a standalone method
22546 fix --enable-noargs-shell
22550 "#ifdef __STDC__" not "#if __STDC__" (I missed one)
22553 * auth/fwtk.c, auth/sia.c:
22554 _cleanup() function returns an int.
22558 there were still some return(0)'s hanging around, make them
22567 add missing semicolon
22570 * auth/sudo_auth.h:
22574 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
22576 * CHANGES, config.h.in, configure, configure.in:
22577 Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
22581 add parse.h to HDRS
22584 * Makefile.in, configure, configure.in:
22585 Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
22586 LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
22587 network libs like -lsocket, -lnsl go in NET_LIBS. This allows
22588 testsudoers to build on Solaris and is a bit cleaner in general.
22592 mention ptmp -> sudoers.tmp
22595 * config.h.in, configure, configure.in:
22596 Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
22604 Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
22605 return a value more like a system function
22617 update based on what is in the man page
22620 * parse.yacc, sudo.tab.c:
22621 minor change to first line printed in -l mode
22624 * sudo.cat, sudo.html, sudo.man, sudo.pod:
22625 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
22626 standard and add "EXAMPLES" section
22629 * visudo.cat, visudo.html, visudo.man, visudo.pod:
22630 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
22634 * logging.c, parse.c, sudo.h:
22638 * lex.yy.c, parse.lex:
22639 make an OCTET really be limited to 0-255
22643 mention timestamp changes
22650 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
22651 new sudoers(8) man page
22654 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
22657 Update comments about syslog name tables
22660 * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
22661 strcasecmp.c, sudo.tab.c:
22662 include strcasecmp() for those without it
22666 Use the : operator some more and fix a typo
22670 update the history of sudo
22673 * parse.c, parse.lex, testsudoers.c:
22674 CIDR-style netmask support
22681 * sudo.tab.c, sudo.tab.h:
22682 these should be generated with byacc, not bison
22689 * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
22690 In "sudo -l" mode, the type of the stored (expanded) alias was not
22691 stored with the contents. This could lead to incorrect output if
22692 the sudoers file had different alias types with the same name.
22693 Normal parsing (ie: not in '-l' mode) is unaffected.
22696 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
22698 * configure, configure.in:
22699 define _XOPEN_SOURCE to get at crypt() proto on some systems
22702 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
22709 don't need limits.h
22713 kill bogus reference to vfprintf
22716 * sample.sudoers, sudoers:
22721 Add some const in the K&R defs. This is safe since we define const
22722 away if the compiler doesn't grok it.
22725 * aclocal.m4, configure:
22726 Better test for working long long support. Ultrix compiler supports
22727 basic long long but not all operations on them.
22730 * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
22731 snprintf.c, sudo.c:
22732 Add check for LONG_IS_QUAD #undef MAXINT before including
22733 hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
22734 in snprintf.c and use LONG_IS_QUAD
22737 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
22739 * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
22741 UCB-derived snprintf + asprintf support. Supports quads if the
22742 compiler does. No floating point yet, perhaps later...
22745 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
22747 * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
22748 goodpath.c, logging.c, parse.c, sudo.c:
22749 Run most of the code as root, not the invoking user. It doesn't
22750 really gain us anything to run as the user since an attacker can
22751 just have an setuid(0) in their egg. Running as root solves
22752 potential problems wrt signalling.
22759 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
22761 * logging.c, sudo.c:
22762 Don't wait for child to finish in log_error(), let the signal
22763 handler get it if we are still running, else let init reap it for
22764 us. The extra time it takes to wait lets the user know that mail is
22767 Install SIGCHLD handler in main() and for POSIX signals, block
22772 * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
22773 parse.yacc, sudo.c, sudo.h:
22774 sudoers_lookup() now returns a bitmap instead of an int. This makes
22775 it possible to express things like "failed to validate because user
22776 not listed for this host". Some thigns that were previously
22777 VALIDATE_FOO are now FLAG_FOO. This may change later on.
22779 Reorganized code in log_auth() and sudo.c to deal with above
22782 Safer versions of push/pushcp with in the do { ... } while (0) style
22784 parse.yacc now saves info on the stack to allow parse.c to determine
22785 if a user was listed, but not for the host he/she tried to run on.
22787 Added --with-mail-if-no-host option
22790 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
22792 * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
22793 visudo.man, visudo.pod:
22794 o NewArgv and NewArgc don't need to be externally visible. o If
22795 pedantic > 1, it is a parse error. o Add -s (strict) option to
22796 visudo which sets pedantic to 2.
22799 * HISTORY, INSTALL:
22800 Just have sudo-bugs contact info in one place
22803 * sudo.cat, sudo.html, sudo.man, sudo.pod:
22807 * Makefile.in, configure, configure.in:
22808 Add testsudoers to default build target if --with-devel Don't clean
22809 generated parser files unless "distclean".
22812 * parse.yacc, sudo.tab.c:
22813 In pedantic mode we need to save *all* the aliases, not just those
22814 that match, or we get spurious warnings.
22818 reference samples.sylog.conf
22821 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
22823 * sample.syslog.conf:
22824 Sample entries for syslog.conf
22831 * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
22832 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
22833 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
22834 auth/sudo_auth.c, auth/sudo_auth.h:
22835 In struct sudo_auth, turn need_root and configured into flags and
22836 add a flag to specify an auth method is running alone (the only
22837 one). Pass auth methods their sudo_auth pointer, not the data
22838 pointer. This allows us to get at the flags and tell if we are the
22839 only auth method. That, in turn, allows the method to be able to
22840 decide what should/should not be a fatal error. Currently only
22841 rfc1938 uses it this way, which allows us to kill the OTP_ONLY
22842 define and te hackery that went with it. With access to the
22843 sudo_auth struct, methods can also get at a string holding their
22844 cannonical name (useful in error messages).
22847 * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
22848 getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
22850 o --with-otp deprecated, use --without-passwd instead o real
22851 dependencies in the Makefile o --with-devel option to enable yacc,
22852 lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
22853 back to being a token, not a string but don't leak memory o rename
22854 hsotspec -> host in parse.yacc
22857 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
22863 * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
22865 o Digital UNIX needs to check for *snprintf() before -ldb is added
22866 to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
22867 for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
22868 functions in snprintf.c to fix -Wall o Add missing includes to fix
22872 * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
22873 configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
22875 o Add a "pedentic" flag to the parser. This makes sudo warn in
22876 cases where an alias may be used before it is defined. Only turned
22877 on for visudo and testsudoers. o Add --disable-authentication option
22878 that makes sudo not require authentication by default. The PASSWD
22879 tag can be used to require authentication for an entry. We no
22880 longer overload --without-passwd.
22883 * lex.yy.c, parse.lex:
22884 Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
22885 username can contain just about anything so be very permissive. Also
22886 drop the unused \. punctuation.
22889 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
22891 * parse.yacc, sudo.tab.c:
22892 o add a 'val' element to aliasinfo struct and move -> parse.h o
22893 find_alias() now returns an aliasinfo * instead of boolean o
22894 add_alias() now takes a value parameter to store in the
22895 aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
22896 return: 1) positive match 0) negative match (due to '!')
22897 -1) no match This means setting $$ explicitly in all cases, which I
22898 should have done in the first place. It also means that we always
22899 store a value that is != -1 and when we see a '!' we can set
22900 *_matches to !rv if rv != -1. The upshot of all of this is that '!'
22901 now works the way it should in lists and some of the rules are more
22902 uniform and sensible.
22906 add parse.h dependency
22910 kill unused *_matched macros
22914 Allow a list of users as the first thing in a user spec, not just a
22915 single entry. This makes things more uniform, though it does allow
22916 you to write user specs that are hard to read.
22928 fix check for crypt() in libufc
22931 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
22934 sudo-users list now exists
22937 * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
22941 * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
22942 config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
22943 version.c, visudo.c:
22944 o Move lock_file() and touch() into fileops.c so visudo can use them
22945 o Visudo now locks the sudoers temp file instead of bailing when the
22946 temp file already exists. This fixes the problem of stale temp
22947 files but it does *require* that you not try to put the temp file in
22948 a world-writable directory. This shoud not be an issue as the temp
22949 file should live in the same dir as sudoers. o Visudo now only
22950 installs the temp file as sudoers if it changed.
22953 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
22959 * config.h.in, configure, configure.in, logging.c:
22963 * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
22964 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
22965 o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
22966 temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
22967 -> _PATH_SUDOERS_TMP
22970 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
22972 * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
22973 o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
22974 root sudo -V config reporting
22977 * configure, configure.in:
22978 aix_auth.o not authenticate.o
22982 Add --with-goodpri and --with-badpri configure options to specify
22983 the syslog priority to use.
22986 * INSTALL, configure, configure.in, logging.h:
22987 Add --with-goodpri and --with-badpri configure options to specify
22988 the syslog priority to use.
22992 kill crufty AIX stuff
22996 Sigh, some versions of make (like Solaris's) don't deal with $< like
22997 I would expect. Both GNU and BSD makes get this right but... So, we
22998 just expand $< inline at the cost of some ugliness.
23002 If the invoking user is root, sudo will now print configure info in
23003 -V mode. Currently just prints logging info, to be expanded later.
23006 * logging.c, logging.h, sudo.c, sudo.h:
23007 o new defines for syslog facility and priority o use new
23008 print_version() functino for -V mode
23012 Don't need version.c
23015 * aclocal.m4, config.h.in, configure, configure.in:
23016 Add check for syslog facilities and priorities tables in syslog.h
23020 o authenticate -> aix_auth o add version.c
23023 * auth/sudo_auth.c:
23024 Missed a prompt -> user_prompt conversion
23027 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
23030 sudo should lock its logfile
23033 * parse.yacc, sudo.tab.c:
23034 o Add '!' correctly when expanding Aliases. o Add shortcut macros
23035 for append() to make things more readable. o The separator in
23036 append() is now a string instead of a char. o In append(), only
23037 prepend the separator if the last char is not a '!'. This is a
23038 hack but it greatly simplifies '!' handling. o In -l mode, Runas
23039 lists and NOPASSWD/PASSWD tags are now inherited across entries in
23040 a list (matches current behavior). o Fix formatting in -l mode such
23041 that items in a list are separated by a space. Greatlt improves
23042 readability. o Space for name field in struct aliasinfo is now
23043 allocated dyanically instead of using a (big) buffer. o In
23044 add_alias(), only search the list once (lsearch instead of lfind +
23048 * lex.yy.c, sudo.tab.c, sudo.tab.h:
23052 * configure, configure.in:
23053 Solais pam doesn't require anye xtra setup
23057 o Simpler '!' support now that the lexer deals with multiple !'s for
23058 us. o In the case of opFOO, have FOO give a boolean return value and
23059 set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
23060 it gets fill()'d in parse.lex--fixes a small memory leak. In the
23061 long run it may be better to just fix parse.lex and make ALL back
23062 into a token. However, having it be a string is useful since it
23063 can be easily passed back to the parent rule if we so desire.
23067 o Remove some unnecessary backslashes o collapse multiple !'s by
23068 using !+ and checking if yyleng is even or odd. this allows us to
23069 simplify ! handling in parse.yacc
23073 -u flag was being ignored
23076 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
23083 work around pod2man stupididy
23087 correct dependencies for .cat
23090 * sudo.cat, sudo.man, visudo.cat, visudo.man:
23094 * sudo.pod, visudo.pod:
23095 Add copyright Update to reality
23098 * parse.c, sudo.c, sudo.h:
23099 rename validate() to the more descriptive sudoers_lookup()
23106 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
23112 * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
23113 configure, configure.in, sudo.c:
23118 add 4th term to license similar to term 5 in the apache license
23121 * emul/search.h, emul/utime.h:
23122 add 4th term to license similar to term 5 in the apache license
23125 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
23126 auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
23127 auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
23128 auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
23129 logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
23130 pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
23131 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
23133 add 4th term to license similar to term 5 in the apache license
23136 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
23137 add 4th term to license similar to term 5 in the apache license
23140 * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
23141 getspwuid.c, goodpath.c:
23142 add 4th term to license similar to term 5 in the apache license
23145 * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
23146 insults.h, logging.c, sudo.c, sudo.h:
23147 there was a 1995 release too
23150 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
23157 Use dirs instead of files for timestamp. This allows tty and non-
23158 tty schemes to coexist reasonably. Note, however, that when you
23159 update a tty ticket, the mtime on the user dir gets updated as well.
23162 * configure, configure.in:
23163 Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
23164 when linking test program, not just -lprot. Also add check for
23165 getspnam(). The SCO docs indicate that /etc/shadow can be used but
23169 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
23172 first cut at auth API description
23175 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
23177 * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
23178 auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
23180 auth API change. There is now an init method that gets run before
23181 the main loop. This allows auth routines to differentiate between
23182 initialization that happens once vs. setup that needs to run each
23183 time through the loop.
23186 * auth/kerb5.c, logging.c:
23187 use easprintf() and evasprintf()
23191 add easprintf() and evasprintf(), error checking versions of
23192 asprintf() and vasprintf()
23196 remove 2 items. One done, one won't do.
23199 * lex.yy.c, sudo.tab.c:
23203 * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
23204 visudo.html, visudo.man:
23213 o Document -K flag and update meaning of -k flag. o BSD-style
23214 copyright o Document clearing of BIND resolver environment variables
23215 o Clarify bit about shared libs o suggest rc files create /tmp/.odus
23216 if your OS gives away files
23224 BSD-style copyright
23228 o BSD copyright o no need to block signals, we now do that in main()
23232 * testsudoers.c, visudo.c:
23233 o BSD-style copyright o Use "struct sudo_user" instead of old
23234 globals. o some cometic cleanup
23238 BSD-style copyright
23242 o BSD copyright o logging and parser bits moved to their own .h
23243 files o new "struct sudo_user" to encapsulate many of the old
23248 o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
23249 logging routines o simplified flow of control o BIND resolver
23250 additions to badenv_table
23254 BSD-style copyright
23258 Now compiles on more K&R compilers
23262 BSD-style copyright, cosmetic changes
23266 BSD-style copyright
23269 * parse.c, parse.h, parse.lex, parse.yacc:
23270 BSD-style copyright. Move parser-specific defines and structs into
23271 parse.h + other cosmetic changes
23275 defines for logging routines
23278 * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
23279 BSD-style copyright, cosmetic changes
23282 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
23284 BSD-style copyright
23288 o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
23289 kill --disable-tgetpass o add --without-passwd o changes to fill in
23290 AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
23291 v?asprintf() o replace --with-AuthSRV with --with-fwtk
23295 BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
23296 HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
23297 HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
23301 BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
23305 BSD-style copyright
23309 no more --with-getpass
23313 Take out things I've done...
23321 --with-getpass no longer exists
23325 BSD-style copyright. Update to reflect reality wrt new files and
23330 Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
23335 Update history a bit
23338 * COPYING, LICENSE:
23339 Now distributed under a BSD-style license
23342 * auth/sudo_auth.c:
23343 o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
23344 options. o skey/opie replaced by rfc1938 code o new struct sudo_user
23348 * auth/pam.c, auth/sia.c:
23349 BSD-style copyright and use new log functions
23353 o BSD-style copyright o Use new log functiongs o Use asprintf() and
23354 snprintf() where sensible.
23358 Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
23359 done more reasonably--better sanity checks and tty-based stamps are
23360 now done as files in a directory with the same name as the invoking
23361 user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
23362 to mix tty and non-tty based ticket schemes but this may change in
23363 the future (it requires sudo to use a directory instead of a file in
23364 the non-tty case). Also, ``sudo -k'' now sets the ticket back to
23365 the epoch and ``sudo -K'' really deletes the file. That way you
23366 don't get the lecture again just because you killed your ticket in
23367 .logout. BSD-style copyright now.
23371 o rewritten logging routines. log_error() now takes printf-style
23372 varargs and log_auth() for the return value of validate(). o BSD-
23376 * auth.c, check_sia.c, dce_pwent.c, secureware.c:
23377 superceded by new auth API
23381 BSD-style copyright
23385 Use snprintf() where it makes sense and add a BSD-style copyright
23388 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
23389 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
23390 BSD-style copyright
23393 * emul/utime.h, utime.c:
23394 BSD-style copyright
23398 this has been rewritten so use my BSD-style copyright
23401 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
23404 include malloc.h if no stdlib.h
23408 KTH snprintf()/asprintf() for systems w/o them
23412 strerror() for systems w/o it
23415 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
23421 * parse.c, parse.lex, parse.yacc:
23422 Add contribution info in the main comment
23425 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
23428 remove missed ref to PAM_nullpw
23431 * auth/sudo_auth.h:
23436 more or less complete now--still untested
23439 * auth/afs.c, auth/pam.c:
23440 don't use user_name macro, it will go away
23443 * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
23444 combine skey/opie code into rfc1938.c
23447 * auth/dce.c, auth/sudo_auth.h:
23448 DCE authentication method; basically unchanged from dce_pwent.c
23451 * auth/aix_auth.c, auth/sudo_auth.h:
23452 AIX authenticate() support. Could probably be much better
23456 Fix an uninitialized variable and some cleanup. Now works (tested)
23459 * auth/sia.c, auth/sudo_auth.h:
23460 SIA support for digital unix
23464 don't use prompt global, it will go away
23467 * auth/secureware.c:
23468 correct copyright years
23471 * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
23472 auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
23473 auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
23474 New authentication API and methods
23477 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
23484 only save an entry if user_matches && host_matches, even if the
23485 stack is empty (fix for previous commit)
23493 1) Always save an entry on the stack if it is empty. This fixes the
23494 -l and -v flags that were broken by earlier parser changes.
23496 2) In a Runas list, don't negate FALSE -> TRUE since that would make
23497 !foo match any time the user specified a runas user (via -u) other
23502 interfaces and num_interfaces are now auto, not extern
23505 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
23508 use a static global to keep stae about empty passwords
23512 make PASSWORD_NOT_CORRECT logging consistent with other modules
23515 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
23518 PAM prompt code was wrong, looks like we have to kludge it after
23523 In the PAM code, when a user hits return at the first password
23524 prompt, exit without a warning just like the normal auth code
23527 * configure, configure.in:
23528 kludge around cross-compiler false positives
23531 * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
23532 New (correct) PAM code Tgetpass now takes an echo flag for use with
23533 PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
23534 useless umask setting Change error from BAD_ALLOCATION ->
23535 BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
23540 Some -Wall and kill some trailing spaces
23544 define -D__EXTENSIONS__ for solaris so we get crypt() proto
23547 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
23553 * INSTALL, config.h.in, configure, configure.in:
23554 for kerberos V < version, fall back on old kerb4 auth code
23558 clarify some things
23561 * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
23565 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
23568 mention why DONT_LEAK_PATH_INFO is not the default
23571 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
23574 Fix open(2) return value checking, was NULL for fopen, should be -1
23583 better wording for solaris pam notice
23587 document recent changes
23591 Update shadow password section
23595 move authentication code from check.c to auth.c
23598 * Makefile.in, check.c, sudo.h:
23599 move authentication code to auth.c
23602 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
23604 * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
23605 getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
23606 logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
23607 sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
23609 Move interface-related defines to interfaces.h so we don't have to
23610 include <netinet/in.h> everywhere.
23613 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
23615 * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
23616 parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
23617 o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
23618 turns out the old DES crypt does the right thing with passwords
23619 longert than 8 characters. o Fix common typo (necesary ->
23620 necessary) o Update TODO list
23623 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
23626 set $LOGNAME when we set $USER
23629 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
23632 add comment about digital unix and interfaces.c warning with gcc
23635 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
23638 use modern paths and give examples for some of the new parser
23642 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
23648 * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
23649 getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
23650 parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
23651 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
23652 Function names should be flush with the start of the line so they
23653 can be found trivially in an editor and with grep
23656 * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
23657 sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
23658 free(3) is already void, no need to cast it
23661 * logging.c, sudo.c, sudo.h:
23662 catch case where cmnd_safe is not set (this should not be possible)
23665 * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
23666 testsudoers.c, visudo.c:
23667 Stash the "safe" path (ie: the one listed in sudoers) to the command
23668 instead of stashing the struct stat. Should be safer.
23671 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
23673 * INSTALL, Makefile.in, UPGRADE:
23674 notes on updating from an earlier release
23681 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
23683 * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
23684 sudoers.man, sudoers.pod:
23685 You can now specifiy a host list instead of just a host or alias.
23686 Ie: user = host1,host2,ALIAS,!host3 my_command now works.
23693 * parse.yacc, sudo.tab.c:
23694 Move the push from the beginning of cmndspec to the end. This means
23695 we no longer have to do a push at the end of privilege, just reset
23699 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
23700 runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
23701 use "!" most everywhere
23704 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
23707 modernize paths and update su example based on sample.sudoers one
23711 New runas semantics
23714 * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
23716 In estrdup(), do the malloc ourselves so we don't need to rely on
23717 the system strdup(3) which may or may not exist. There is now no
23718 need to provide strdup() for those w/o it. Also, the prototype for
23719 estrdup() was wrong, it returns char * and its param is const.
23727 buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
23730 * CHANGES, TODO, parse.yacc, sudo.tab.c:
23731 It is now possible to use the '!' operator in a runas list as well
23732 as in a Cmnd_Alias, Host_Alias and User_Alias.
23735 * logging.c, sudo.h:
23736 Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
23740 Definitions of *_matched were wrong--user top, not top-2 as
23744 * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
23745 Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
23746 command but the NOPASSWD flag was set. Make runasspec, runaslist,
23747 runasuser, and nopasswd typeless in parse.yacc Add support for '!'
23748 in the runas list Fix double printing of '%' and '+' for groups and
23749 netgroups respectively Add *_matched macros (no need for local stack
23750 variable). Should only be used directly after a pop (since top must
23754 * aclocal.m4, configure.in:
23755 Add copyright, somewhat silly
23758 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
23760 * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
23761 compat.h, config.h.in, configure, configure.in, dce_pwent.c,
23762 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
23763 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
23764 lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
23765 putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
23766 sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
23767 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
23769 Crank version to 1.6 and combine copyright statements
23773 Use ! not ^ to do negation
23776 * lex.yy.c, sudo.tab.c:
23780 * parse.lex, parse.yacc:
23781 Make runas and NOPASSWD tags persistent across entris in a command
23782 list. Add a PASSWD tag to reverse NOPASSWD. When you override a
23783 runas or *PASSWD tag the value given becomes the new default for the
23784 rest of the command list.
23787 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
23791 [a1ae9d4a7d54] [SUDO_1_5_9]
23794 Shift return value of system(3) by 8 to get real exit value and if
23795 it is not 1 or 0 print the retval along with the error message.
23798 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
23801 testsudoers needs LIBOBJS too
23804 * parse.c, parse.yacc, sudo.tab.c:
23805 Fix another parser bug. For a sudoers entry like this: millert
23806 ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
23814 * parse.yacc, sudo.tab.c:
23815 Save entries that match a ! command on the matching stack too
23819 Make sudo's usage info better when mutually exclusive args are given
23820 and don't rely on argument order to detect this; nick@zeta.org.au
23823 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
23825 * CHANGES, Makefile.in, RUNSON:
23833 * parse.yacc, sudo.tab.c:
23834 Fix off by one error introduced in *alloc changes
23837 * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
23838 check_sia.c, compat.h, config.h.in, configure, configure.in,
23839 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
23840 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
23841 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
23842 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
23843 sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
23844 sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
23845 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
23849 * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
23850 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
23851 putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
23852 sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
23853 Use emalloc/erealloc/estrdup
23857 error checking memory allocation routines
23860 * parse.yacc, sudo.tab.c:
23861 Still not right, this fixes it for real
23864 * parse.yacc, sudo.tab.c:
23865 Fix for previous commit
23868 * CHANGES, INSTALL, parse.yacc:
23869 Fix a parser bug that was exposed when mixing different runas specs
23870 and ! commands. For example: millert ALL=(daemon)
23871 /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
23872 as well as daemon when it should just allow daemon. The problem was
23873 that comma-separated commands in a list shared the same entry on the
23874 matching stack. Now they get their own entry iff there is a full
23875 match. It may be better to just make the runas spec persistent
23876 across all commands in a list like the user and host entries of the
23877 matching stack. However, since that is a fairly major change it
23878 should gets its own minor rev increase.
23881 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
23883 * check.c, config.h.in:
23884 Simplify PAM code and fix a PAM-related warning on Linux
23887 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
23901 * check.c, configure.in:
23902 new pam code that works on solaris, should work on linux too;
23906 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
23913 only include strings.h if there is no string.h
23916 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
23919 Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
23922 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
23925 shost must be set before log functions are called #ifdef HOST_IN_LOG
23928 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
23930 * CHANGES, lex.yy.c, parse.lex:
23931 Fix a bug wrt quoting characters in command args. Stop processing
23932 an arg when you hit a backslash so the quoted-character detection
23936 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
23939 include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
23942 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
23944 * configure, configure.in:
23945 add missing case statement so --without-sendmail works
23948 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
23954 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
23956 * configure, configure.in:
23957 only search for -lsun in irix <= 4.x
23960 * configure, configure.in:
23961 back out last configure.in change now that I've hacked autoconf to
23962 fix the real problem and add a missing newline
23970 add def of dirfd() for those without it
23973 * configure, configure.in:
23974 When falling back to checking for socket() when linking with
23975 "-lsocket -lnsl" check for main() instead since autoconf has already
23976 cached the results of checking for socket() in -lsocket. This is
23977 really an autoconf bug as it should use the extra libs as part of
23978 the cache variable name.
23985 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
23988 fix occurrence of $with_timeout that should be
23989 $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
23993 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
23995 * sudo.cat, sudo.html, sudo.man, sudo.pod:
23996 fix grammar; espie@openbsd.org
23997 [7031d9dfbc3e] [SUDO_1_5_8]
23999 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
24001 * parse.yacc, sudo.c, testsudoers.c:
24002 add cast for strdup in places it does not have it
24005 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
24007 * configure, configure.in:
24008 define for_BSD_TYPES irix
24011 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
24013 * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
24014 Make it clear that it is the user's password, not root's, that we
24019 If the user enters an empty password and really has no password,
24020 accept the empty password they entered. Perviously, they could
24022 *but* an empty password. Also, add GETPASS macro that calls either
24023 tgetpass() or getpass() depending on how sudo was configured.
24024 Problem noted by jdg@maths.qmw.ac.uk
24027 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
24029 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
24030 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
24031 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
24032 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
24033 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
24034 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
24036 add explicate copyright
24040 mention -lsocket, -lnsl configure changes
24043 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
24046 Don't clobber errno after calling check_sudoers().
24049 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
24051 * configure, configure.in:
24052 When linking with both -lsocket and -lnsl be sure to do so in that
24053 order. Also, when we can't find socket() or inet_addr() and have to
24054 try linking with both libs, issue a warning.
24057 * sudo.cat, sudo.man, sudo.pod:
24058 clarify bad timestamp and fmt
24061 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
24064 be clear that pam is linux-only and add a RUNSON entry
24067 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
24069 * CHANGES, INSTALL, configure, configure.in:
24070 fix and correctly document --with-umask; problem noted by
24074 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
24076 * configure, configure.in:
24077 only use /usr/{man,catman}/local to store man pages if suer didn't
24078 override prefix or mandir
24081 * INSTALL, configure, configure.in:
24082 fix typo, make --with-SecurID take an arg
24085 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
24091 * CHANGES, INSTALL, check.c, configure, configure.in:
24092 FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
24095 * configure, configure.in:
24096 better fix for the problem of unresolved symbols in -lnsl or
24100 * configure, configure.in:
24101 when checking for functions in -lnsl and -lsocket link with both of
24102 them to avoid unresolved symbols on some weirdo systems
24105 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
24107 * BUGS, CHANGES, RUNSON, TODO:
24108 old changes that didn't make it into RCS before the RCS->CVS switch
24111 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
24113 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
24114 configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
24115 getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
24116 ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
24117 lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
24118 secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
24119 sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
24132 * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
24133 config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
24134 find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
24135 ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
24136 logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
24137 secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
24138 sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
24139 utime.c, version.h, visudo.c, visudo.cat, visudo.man:
24140 crank version and regen files
24144 kill rcs goop in update_version and fix now that version is a const
24147 * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
24148 sudo.c, sudo.h, sudo.pod:
24149 kerb5 support from fcusack@iconnet.net
24152 * realpath.c, sudo_realpath.c:
24153 we no longer use realpath
24157 replaced by find_path.c
24161 all options are now configure flags
24169 superceded by getcwd.c
24173 superceded by tgetpass.c
24177 superceded by RUNSON
24181 No longer used now that we have configure options for everything.
24185 regen based on configure.in
24188 * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
24189 sudoers.man, visudo.cat, visudo.html, visudo.man:
24190 regen based on sudo.pod, sudoers.pod, and visudo.pod
24193 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
24196 fix tty tickets in remove_timestamp (didn't use ':')
24199 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
24202 close sock when we are done with it
24205 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
24208 never say "error on line -1"
24211 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
24214 check for -lnsl before -lsocket
24218 quote '[', ']' used in ranges correctly
24221 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
24224 add missing NO_ROOT_SUDO noted by drno@tsd.edu
24227 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
24234 more info for 1.5.7
24242 make increases of cm_list_size and ga_list_size be similar to
24243 increases of stacksize (ie: >= not > in initial compare).
24247 when we get a syntax error, report it for the previous line since
24248 that's generally where the error occurred.
24251 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
24253 * config.h.in, configure.in, interfaces.c:
24254 add back check for sys/sockio.h but only use it if SIOCGIFCONF is
24256 [d197f31fd1e4] [SUDO_1_5_7]
24259 define BSD_COMP for svr4
24262 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
24263 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
24264 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
24265 testsudoers.c, tgetpass.c, utime.c, visudo.c:
24270 kill check for sockio,h
24274 no more HAVE_SYS_SOCKIO_H
24277 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
24278 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
24279 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
24280 testsudoers.c, tgetpass.c, utime.c, visudo.c:
24284 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
24287 add missing inform_user()
24290 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
24293 return NOT_FOUND if given fully qualified path and it does not exist
24294 previously it would perror(ENOENT) which bypasses the option to not
24299 for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
24303 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
24306 tty tickets are user:tty now
24310 when using tty tickets make it user:tty not user.tty as a username
24311 could have a '.' in it
24314 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
24317 add "ignoring foo found in ." for auth successful case
24320 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
24323 add missing printf param
24326 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
24328 * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
24329 go back to printing "command not found" unless --disable-path-info
24330 specified. Also, tell user when we ignore '.' in their path and it
24331 would have been used but for --with-ignore-dot.
24335 Only one space after a colon, not two, in printf's
24338 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
24341 document setting $USER
24345 fix bugs with prompt expansion
24349 set $USER for root too
24352 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
24359 HP-UX's iscomsec is in -lsec, not libc
24363 remove some entries in the OS case statement that did nothing
24367 add "cd" section and flush out syslog section
24371 no more sudo-lex.yy.c
24375 add custom prompt support
24379 kill perror("malloc") since we already have a good error messages
24380 pw_ent -> pw for brevity
24384 kill perror("malloc") since we already have a good error messages
24385 pw_ent -> pw for brevity set $USER if -u specified
24389 kill perror("malloc") since we already have a good error messages
24393 kill perror("malloc") since we already have a good error messages
24394 pw_ent -> pw for brevity when checking if %group matches, look up
24395 user in password file so that %groups works in a RunAs spec.
24399 kill perror("malloc") since we already have a good error messages
24402 * check.c, getspwuid.c, interfaces.c:
24403 kill perror("malloc") since we already have a good error messages
24404 pw_ent -> pw for brevity
24407 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
24410 the prompt is expanded before tgetpass is called
24414 tgetpass now has the same args as getpass again
24418 add iscomsec, issecure support
24422 we now expand any %h or %u in the prompt before passing to tgetpass
24426 add check for syslog(3) in -lsocket, -lnsl, -linet
24430 add HAVE_ISCOMSEC and HAVE_ISSECURE
24434 add check for iscomsec in HP-UX
24438 check for issecure if we have getpwanam on SunOS some options are
24439 incompatible with DUNIX SIA check for dispcrypt on DUNIX
24442 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
24449 add back support for non-dispcrypt based checking for older DUNIX
24457 SIA becomes the default on Digital UNIX now havbe --disable-sia to
24462 move local includes after system ones
24465 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
24467 * check.c, check_sia.c, sudo.h:
24468 add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
24473 fix while loop in sia_attempt_auth() that checks the password. Only
24474 the first iteration was working.
24477 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
24480 don't trust UID_MAX or MAXUID
24491 * getspwuid.c, secureware.c:
24492 init crypt_type to INT_MAX since it is legal to be negative in DUNX
24497 for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
24498 -ldb since DUNX < 4.0 lacks it
24501 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
24503 * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
24504 secureware.c, sudo.c, tgetpass.c:
24505 getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
24506 minutes if the shadow files don't exist).
24509 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
24512 updated --with-editor blurb
24516 tell how to put sudoers in a different dir
24520 add missing quotes around $with_editor
24524 typo in --with-editor bits
24528 I don't expect it to work on Solaris
24532 add back security/pam_misc.h
24535 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
24538 remove dunix note since configure checks for this now
24542 add check for broken dunix prot.h (4.0 < 4.0D is bad)
24545 * getspwuid.c, secureware.c, tgetpass.c:
24546 new dunix shadow code, use dispcrypt(3)
24554 call initprivs() if we have it for getprpwuid later on
24558 clean pathnames.h too
24562 quote "Sorry, try again." with [] since it has a comma in it set
24563 LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
24564 getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
24569 update Digital UNIX note about acl.h
24574 --without-root-sudo -> --disable-root-sudo some reordering
24581 * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
24589 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
24592 when checking for -lsocket, -lnsl, and -linet, check for the
24593 specific functions we need from them.
24596 * config.h.in, sudo.h:
24597 move Syslog_* defs into sudo.h
24600 * Makefile.in, sudo.h:
24601 added check_secureware
24605 finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
24609 don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
24610 defined. configure now does that for us
24614 move some --with options around change a bunch of echo's to
24615 AC_MSG_CHECKING, AC_MSG_RESULT pairs
24619 change $with_foo-bar -> $with_foo_bar kill extra " that caused a
24620 syntax error add some echo verbage
24623 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
24626 moved SecureWare stuff into secureware.c
24634 update url to solaris gcc bins
24638 change option formatter and flesh out someentries
24641 * TROUBLESHOOTING, sudo.pod, visudo.pod:
24642 environmental variable -> environment variable
24646 everything is now done via configure
24654 passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
24658 SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
24662 merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
24663 sudoers_mode from configure
24667 SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
24668 the Makefile, not config.h
24672 document all --with/--enable options
24675 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
24678 options.h is no more
24682 assimilated options.h
24686 moved options from options.h to configure
24689 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
24690 logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
24691 sudo_setenv.c, visudo.c:
24695 * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
24696 remove references to options.h
24699 * dce_pwent.c, interfaces.c, sudo.c:
24704 if select return < -1 still prompt for pw
24708 convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
24713 FAST_MATCH is no longer an optino
24717 remove_timestamp() if timestamp is preposterous
24721 convert more options to --with/--enable
24724 * INSTALL, aclocal.m4:
24729 convert more options into --with and --enable
24733 catch EINTR in select and restart
24740 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
24743 UMASK -> SUDO_UMASK.
24746 * check.c, logging.c:
24747 time.h, not sys/time.h
24750 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
24753 MAILER -> _PATH_SENDMAIL
24756 * INSTALL, configure.in:
24757 no more --with-C2, now it is --disable-shadow
24760 * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
24761 getspwuid.c, sudo.c, tgetpass.c:
24762 new shadow password scheme. Always include shadow support if the
24763 platform supports it and the user did not disable it via configure
24766 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
24769 --with-getpass -> --{enable,disable}-tgetpass
24773 pathnames.h -> pathnames.h.in
24781 move pam_conv to be static to auth function remove pam_misc.h
24782 (solaris doesn't have one)
24786 _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
24790 munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
24794 convert to pathnames.h.in
24797 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
24800 fix typo in sysv4 matching case /.
24803 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
24806 pam stuff needs to run as root, not user, for shadow passwords
24809 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
24811 * BUGS, INSTALL, README, configure.in:
24815 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
24816 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
24817 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
24818 logging.c, options.h, parse.c, parse.lex, parse.yacc,
24819 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
24820 testsudoers.c, tgetpass.c, utime.c, visudo.c:
24825 user version.h for long message
24829 this is version 1.5.6
24832 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
24835 remove errant backslash
24838 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
24840 * options.h, parse.yacc, pathnames.h.in:
24842 [fdee73255d64] [SUDO_1_5_6]
24844 * BUGS, CHANGES, TODO:
24852 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
24855 kill unused localhost_mask var copy if name to ifr_tmp after we zero
24859 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
24862 Better description of new vs. old sudoers modes fix some typos
24863 better description of /usr/ucb/cc gotchas on slowaris
24871 set NewArgv[0] to user_shell, not basename(user_shell)
24874 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
24877 mention TROUBLESHOOTING more fix some typos
24881 move --enable/--disable to be after --with
24885 document --enable/--disable
24889 document --with-pam
24892 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
24895 Add message for pam users
24906 * check.c, config.h.in, configure.in:
24907 pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
24910 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
24913 add HOST_IN_LOG and WRAP_LOG
24917 add WRAP_LOG and HOST_IN_LOG
24921 add --enable-log-host and --enable-log-wrap
24925 use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
24928 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
24935 include sys/param.h to get howmany macro
24938 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
24940 * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
24944 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
24947 bring in stdio.h for NULL
24951 allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
24955 use HAVE_SET_AUTH_PARAMETERS
24959 add HAVE_SET_AUTH_PARAMETERS
24963 add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
24967 add support for HI-UX/MPP SR220001 02-03 0 SR2201
24971 initialize previfname
24975 Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
24976 it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
24985 don't need special build line for sudo.tab.o
24989 don't clean sudo.tab.[ch]
24993 Sudo should prompt for a password before telling the user that a
24994 command could not be found.
25002 no longer require yacc
25010 y.tab -> sudo.tab include pre-yacc'd parse.yacc
25014 include sudo.tab.h, not y.tab.h don't break out of command args if
25022 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
25031 getcwd(3) from OpenBSD for those without it.
25035 HAVE_GETWD -> HAVE_GETCWD
25039 pretend sunos doesn't have getcwd(3) since it opens a pipe to
25048 remove duplicate include of string.h
25052 call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
25056 add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
25060 add dev_t and ino_t
25063 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
25066 fix OTP_ONLY for opie
25069 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
25071 * testsudoers.c, tgetpass.c:
25072 include stdlib.h for malloc proto
25075 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
25078 make update_version saner
25082 add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
25086 check for waitpid and wait3 or no waitpid
25090 used waitpid or wait3 if we have 'em
25093 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
25096 fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
25099 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
25102 don't need to explicately mention -lsocket -lnsl for sequent
25105 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
25108 dynix should not link with -linet
25111 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
25114 mention that HP-UX doesn't ship with yacc
25117 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
25120 ignore kerberos if we can't get the local realm
25123 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
25125 * BUGS, INSTALL, README, configure.in:
25133 * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
25134 find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
25135 logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
25136 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
25145 don't use popen/pclose. Do it inline.
25156 * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
25157 ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
25162 * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
25167 getwd.c -> getcwd.c
25179 use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
25183 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
25185 * OPTIONS, options.h:
25186 add STUB_LOAD_INTERFACES
25189 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
25190 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
25191 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
25192 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
25193 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
25194 testsudoers.c, tgetpass.c, utime.c, visudo.c:
25199 support *-ccur-sysv4 and fix two typos
25202 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
25205 don't echo about with_logfile and with_timedir
25209 document --with-logfile and --with-timedir
25213 support --with-logfile and --with-timedir
25217 Add --with-logfile and --with-timedir
25221 change size computation of NewArgv for UNICOS
25224 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
25227 treate -*-sysv4* like *-*-svr4
25230 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
25233 fix spacing for --with-authenticate help
25236 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
25237 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
25238 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
25239 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
25240 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
25241 testsudoers.c, tgetpass.c, utime.c, visudo.c:
25246 fix off by one error in push macro
25249 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
25252 removed bogus alloca hack
25256 added AIX 4.x authenticate() support
25260 include alloca.h if using bison and not gcc and it exists. fixes an
25261 alloca problem on hpux 10.x
25265 mention --with-authenticate
25269 added AIX authenticate() support
25273 add HAVE_AUTHENTICATE
25277 dynamically size ifconf buffer
25284 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
25285 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
25286 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
25287 logging.c, options.h, parse.c, parse.lex, parse.yacc,
25288 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
25289 testsudoers.c, tgetpass.c, utime.c, visudo.c:
25297 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
25300 add busy stmp file explanation
25303 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
25306 the name of the cached var that signals whether or not you are cross
25307 compiling changed. It is now ac_cv_prog_cc_cross
25310 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
25313 mention glibc 2.07 is fixed wrt lsearch()\.
25316 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
25318 * sample.sudoers, sudoers.pod:
25319 better example of su but not root su
25322 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
25324 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
25325 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
25326 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
25327 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
25328 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
25329 testsudoers.c, tgetpass.c, utime.c, visudo.c:
25334 correct regexp for updating version
25338 remove bogus flush of stderr spew prompt before turning off echo.
25339 Seems to fix a weird problem where if sudo complained about a bogus
25340 stamp file the user would sometimes not have a chance to enter a
25345 fix bogus flush of stderr
25349 close fd's <=2 not <=3 and move that chunk of code up
25353 support hpux1[0-9] not just hpux10
25356 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
25359 set sudoers_fp to nil after closing
25362 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
25364 * config.guess, config.sub:
25365 updated from autoconf 2.12
25372 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
25375 fix select usage for high fd's (dynamically allocate readfds)
25379 kill extra whitespace
25383 do an initgroups() before running a command, unless the target user
25387 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
25390 tell people to use tabs, not spaces, in syslog.conf
25393 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
25395 * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
25396 parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
25400 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
25401 logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
25405 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
25406 insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
25411 more tweaks to update_version
25415 fixed up update_version rule
25423 removed supe of check.c
25434 * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
25435 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
25436 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
25437 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
25438 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
25439 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
25449 add rules to update version stuff in files so I don't need to do it
25454 sudoers_fp is now extern
25458 in check_sudoers, cache the sudoers file handle in sudoers_fp so we
25459 don't have to open it again in the parse. This may help with weird
25460 solaris problems where EAGAIN sometime occurrs.
25464 sudoers file open is now done only in check_sudoers() so we just do
25465 a rewind() instead of an open. May help people on solaris who were
25469 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
25472 mention that newer glibc is fixed
25475 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
25478 newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
25479 _RLD* instead of _RLD_*
25487 fix that bug for real
25491 document Linux's libc6 brokenness.
25500 [4949a1bbd0a9] [SUDO_1_5_4]
25503 remind people to HUP syslogd
25519 remove author's email addr. people should mail sudo-bugs
25526 * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
25527 find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
25528 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
25529 logging.c, options.h, parse.c, parse.lex, parse.yacc,
25530 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
25531 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
25539 * INSTALL, Makefile.in:
25548 exit(1) if user enters no passwd
25556 commands can start with ./* not just /* -- fixes a serious security
25560 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
25563 Don't set the tty variable to NULL when we lack a tty, leave it as
25567 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
25570 fix usage of (username) in conjunction with , and !
25574 catch the case where the user is not in the passwd file
25578 use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
25583 define tty global to an initial value to avoid dumping core in
25584 logging functions when passwd file is unavailable.
25588 do the set_perms(PERM_USER, sudo_mode) after we have gotten the
25593 talk about problem of ALL
25596 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
25603 fdesc bug is fixed in Open/Net BSD
25607 updates from Nieusma
25610 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
25613 move compat.h after the system includes
25616 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
25619 save errno from being clobbered by wait(). From Theo
25622 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
25625 fix an occurence of setresuid -> setreuid (typo)
25628 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
25631 check for path to strip
25634 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
25637 deal with maxfilelen < 0 case
25644 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
25647 correct error message if mode/owner wrong and not statable by owner
25648 but is statable by root.
25651 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
25653 * config.guess, config.sub:
25657 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
25659 * CHANGES, RUNSON, TODO:
25663 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
25665 * parse.yacc, sudo.h:
25666 command_alias -> generic_alias
25667 [c404ca8c510d] [SUDO_1_5_3]
25670 added Runas_Alias example and fixed syntax errors
25673 * OPTIONS, options.h:
25674 updated MAILSUBJECT
25681 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
25682 configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
25683 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
25684 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
25685 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
25686 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
25691 * BUGS, emul/utime.h:
25696 document Runas_Alias
25704 buffer oflow checking q (uit) -> Q if yyparse() fails drop into
25709 add size params to sprintf
25713 allow trailing space after '\\' but before '\n'
25717 off by one error in path size check
25724 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
25731 now warns if killed by signal ./
25734 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
25737 fix Runas_Alias stuff Alias's in runas list now get expanded (but it
25742 Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
25746 add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
25750 Add Runas_Alias and simplify a rule.
25754 always store User_Alias's since they can be used inside of a runas
25755 list. Sigh. Really need a Runas_Alias instead.
25758 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
25761 deal with case where there is no sudoers file
25764 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
25770 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
25772 * HISTORY, testsudoers.c:
25773 developement -> development
25788 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
25791 removed seteuid() notes
25792 [1010a60f281d] [SUDO_1_5_2]
25794 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
25797 better seteuid() emulatino
25801 added check for seteuid
25808 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
25811 first stab at sequent support
25815 added HAVE_SYS_SELECT_H
25819 sequent -> _SEQUENT_
25823 added seteuid() macro for DYNIX
25827 _AIX -> HAVE_SYS_SELECT_H
25830 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
25832 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
25833 parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
25834 testsudoers.c, tgetpass.c, utime.c, visudo.c:
25838 * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
25839 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
25840 ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
25841 pathnames.h.in, version.h:
25846 added -H and SUDO_PS1
25850 use SUDO_FUNC_FNMATCH
25854 added SUDO_FUNC_FNMATCH
25862 added MODE_RESET_HOME /
25865 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
25879 * compat.h, config.h.in:
25884 added HAVE_OPIE and changed to *_OTP_*
25891 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
25894 moved fclose() in skey stuff.
25897 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
25900 index -> strchr remove unnecesary stuff
25904 now call skeychallenge() to get challenge instead of making one up
25905 ourselves. this way, we get extra goodies in the prompt.
25908 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
25912 [3f5149357e2a] [SUDO_1_5_1]
25915 allow logins to start with a number (YUCK!)
25918 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
25921 added soalris 2.5 vs 2.4 note
25925 DUNIX doesn't need -lnsl
25929 *** empty log message ***
25932 * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
25933 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
25934 ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
25935 options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
25936 strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
25937 utime.c, version.h, visudo.c:
25941 * PORTING, README, RUNSON:
25945 * INSTALL, Makefile.in, TROUBLESHOOTING:
25950 *** empty log message ***
25953 * sudo.pod, visudo.pod:
25957 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
25963 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
25966 added $SUDO_PROMPT support
25969 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
25972 print long skey challemged to stderr, not stdout
25975 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
25985 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
25991 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
25994 use shost, not host for tgetpass
25998 documented %u and %h
26002 documented %u and %h
26009 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
26010 dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
26011 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
26012 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
26013 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
26014 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
26022 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
26024 * Makefile.in, configure.in, version.h:
26029 new tgetpass() params
26033 pass use and host to tgetpass
26037 added %u and %h escapes
26040 * OPTIONS, check.c, options.h:
26045 added cray (unicos) support
26048 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
26050 * OPTIONS, options.h, sudo.c:
26051 added SHELL_SETS_HOME
26054 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
26057 added note about "make install"
26061 changed length/size params from int to size_t
26065 now get CSOPS insults as well by default
26069 use csops insults too by default
26072 * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
26077 added runas_homedir
26093 added "upgrading" notes
26096 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
26099 now do chmod and chown after edit of temp file and before rename
26100 [de174e34faa7] [SUDO_1_5_0]
26102 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
26105 ++version added INSTALL.configure
26108 * configure.in, version.h:
26113 *** empty log message ***
26121 sets $HOME to pw_dir of runas user
26125 document $HOME change
26128 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
26131 fixed up some wording
26134 * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
26135 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
26136 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
26141 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
26142 insults.h, options.h, pathnames.h.in, sudo.h:
26151 name nad type changes
26155 now works with new sudo
26163 some variable name changes + comment headers for functions.
26167 added extra paren's to make compilers happy
26171 *** empty log message ***
26175 now uses init_parser() if not in sudoers and tries "list" or
26176 "validate" scold but don't be nasty.
26180 now can use upper case login names
26184 now uses init_parser()
26192 added info about PASSWORD_TIMEOUT
26195 * INSTALL.configure:
26204 now dynamically allocates memory for the stacks -- no more
26209 -l now explands command aliases
26213 hacks to expand command aliases for `sudo -l'
26217 remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
26221 added struct command_alias
26229 in compar() key should be first arg
26232 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
26239 can now deal with upcase HOST and USER names
26243 don't yell too loudly at non-sudoers if they do "sudo -l"
26254 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
26256 * parse.c, parse.yacc:
26257 added support for new `sudo -l' stuff
26261 now uses list_matches()
26265 added struct sudo_match
26269 now more -lgnumalloc
26272 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
26275 added more paths for chown and whoami
26278 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
26284 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
26287 fixed DUNIX check for shadow pw
26291 now only turn off echo if it is already on. this fixes a race when
26292 you use sudo in a pipelin
26300 changed "test -z $foo && do_this" to if; then construct
26303 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
26306 added missing defines of SHADOW_TYPE
26309 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
26312 protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
26317 added AUTH_CRYPT_C1CRYPT support
26321 no longer return VALIDATE_NOT_OK if there was a runas that didn't
26322 match. Now we can have runas stuff on more than one line.
26325 * getspwuid.c, sudo.c, tgetpass.c:
26326 use SHADOW_TYPE instead of HAVE_C2_SECURITY
26330 got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
26335 removed HAVE_C2_SECURITY added SPW_BSD
26339 use SHADOW_TYPE instead of HAVE_C2_SECURITY
26343 SHADOW_TYPE is always defined so just against its value
26347 added SUDO_CHECK_SHADOW_DUNIX
26350 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
26353 * -> ?* in one example added another instance of (runas) and one of
26357 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
26360 added back check for config.cache from other host type
26364 removed an instance of \"
26372 updated wrt new wildcard matching
26376 new check for shadow passwords if we don't know anything
26380 new SUDO_CHECK_SHADOW_GENERIC
26384 added back check for -lsocket (oops)
26388 better (working) check for shadow passwd type if we know to use C2.
26392 now uses AC_CANONICAL_HOST to figure out os type
26396 added config.{guess,sub}
26400 removed unused stuff to figure out os type
26416 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
26417 pathname. need to check against sudoers_args even if user_args is
26422 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
26423 pathname need to check against sudoers_args even if user_args is nil
26426 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
26429 added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
26433 now takes command line args and uses cmnd_args
26437 fill_args was adding an extra leading space
26440 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
26443 fixed dummy command_matches()
26455 now uses flat args string
26458 * parse.c, parse.lex:
26459 now uses flat arg string
26463 added cmnd_args def
26467 now sets cmnd_args global
26471 cmnd_args is now exported from sudo.[ch]
26474 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
26477 can't rely on cmnd_matches as much as I thought -- added some $$
26478 stuff back in to prevent namespace pollution problems.
26482 Simplified parse rules wrt runas and NOPASSWD (more consistent).
26485 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
26488 NOPASSWD may now have blanks before the ':' '(' only starts a
26489 'runas' if in the initial state to avoid collision with command args
26493 added checks for specific shadow passwd schemes
26497 added routines to check for specific shadow passwd types
26500 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
26503 added support for ncr boxen
26507 added support for detecting ncr boxen
26510 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
26513 added sinix support
26516 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
26519 added info about "config.cache from other other" error.
26523 now makes sure you don't have a config.cache file from another OS
26527 now sets $LIBS when needed to configure links with libs when doing
26528 tests hpux10 now uses SPW_SECUREWARE for C2 added check for
26529 bigcrypt(3) if SPW_SECUREWARE
26537 now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
26545 no more SPW_HPUX10 added HAVE_BIGCRYPT
26549 now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
26553 SPW_SECUREWARE now uses bigcrypt
26556 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
26559 fixed 2 syntax errors
26563 root may now run ALL as ALL
26566 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
26569 fixed a typo/thinko that broke BSD's with sa_len
26572 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
26574 * check.c, configure.in:
26575 updated AFS support
26579 added entry about /usr/ucb/cc
26583 prep no longer holds gcc binaries
26595 AFS allows long passwords
26599 fixed -u user support
26603 sudo -v now groks VALIDATE_OK_NOPASS
26607 fixed no_passwd vs. runas_matched
26611 took out stuff about NFS-mounting since it is no longer an issue
26615 added --with-libraries > --with-libpath --with-incpath
26619 was setting runas_matches to -1 in wrong place
26623 removed usersec.h which is not present in new AFS versions
26627 now deals with timeout <= 0
26635 BSD/OS >= 2.0 now uses shlicc instead of just gcc
26639 fixed backwards compatibility with sudo 1.4 sudoers mode for root
26640 readable/writable filesystems
26644 now gives INSTALL -c flag
26648 slightly simpler initialization of no_passwd and runas_matches
26652 added -u username support
26656 improved --with-libraries support
26659 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
26662 added --with-incpath, --with-libpath, --with-libraries
26666 now initializes some fields that weren't getting set to -1 pretty
26667 gross -- need a rewrite.
26670 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
26677 no longer add -lPW to *_LIBS since we include alloca.c
26681 added HAVE_ALLOCA_H
26696 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
26699 now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
26700 not always set to a valid uid.
26704 fixed entry for SUDO_MODE
26708 Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
26709 being set to -2. Now beat NFS to the punch and set uid to "nobody"
26710 ourselves, preserving group 0 to read sudoers.
26714 moved set_perms(PERM_ROOT) to be before yyparse()
26722 no longer need AC_PROG_INSTALL
26726 always use install-sh to avoid install(1)'s that use get{pw,gr}nam
26730 make clean -> make distclean
26733 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
26736 removed some unnecsary if's
26739 * Makefile.in, version.h:
26743 * parse.c, testsudoers.c:
26744 now includes netgroup.h
26748 removed cats of ioctl to int since they didn't shut up -Wall
26752 explicately cast ioctl() to int since it it not always declared
26756 added declarations for yyparse() and yylex()
26760 fixed an occurence of '==' -> '='
26763 * config.h.in, configure.in:
26764 added check for netgroup.h
26768 fixed 2 compiler warnings
26772 SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
26776 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
26782 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
26785 fixed a formatting thingie
26788 * parse.c, parse.yacc:
26789 fixed -u support with multiple user lists on a line
26793 unixware needs -lgen
26797 updated ftp location
26801 add net_addr/netmask support
26805 added net_addr/mask example
26808 * parse.c, parse.lex:
26809 added support for net_addr/netmask
26812 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
26818 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
26828 * BUGS, TODO, TROUBLESHOOTING:
26833 updated with examples of new stuff
26841 updated wrt -u and NOPASSWD
26845 updated wrt -u and CAVEATS
26848 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
26855 now use :foo: character classes (makes no diff for generated lexer)
26858 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
26861 fixed LONG_SKEY_PROMPT stuff
26864 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
26871 make more like NetBSD one -- now compiles w/o warnings
26875 fixed decls of lsearch()
26878 * config.h.in, configure.in, getspwuid.c:
26883 hpux 10 uses bigcrypt() if C2
26886 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
26889 now always uses fnmatch to match args
26893 back to using stdio instead of raw i/o since that caused some
26897 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
26900 now give usage warning if use -l,-v,-k with args
26903 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
26906 NewArgc is now set to 1 for -l, -v, -k
26910 now sets sudoers to correct group if mode is 0400
26914 updated to version used by inn and bind
26918 now uses -lgnumalloc if it exists
26922 "make install" now sets uid/gid and mode on sudoers if it exists
26926 rmeoved debugging statements
26930 added a missing free()
26934 now uses user_gid instead of getegid (which was wrong anyway) to set
26935 SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
26936 (logging.c depends on args being in the environment)
26940 now uses SUDO_COMMAND envariable to get command args rather than
26941 building it up again.
26949 fixed off by one error in allocation NewArgv
26953 in sudoers, 'command ""' now means command with no args
26957 added check for fnmatch(3) and fnmatch.h
26965 replaced wildcat.* with fnmatch.*
26972 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
26975 now uses fnmatch() instead of wildmat a trailing star (*) by itself
26976 now matches multiple args added support for wildcards in the
26977 pathname in sudoers
26980 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
26983 now includes compat.h and config.h
26987 added HAVE_FNMATCH_H
26991 now checks for alloca() (if needed by bison or dce) and links with
26992 -lPW if it contains alloca() and libv and compiler do not.
26995 * emul/fnmatch.h, fnmatch.3, fnmatch.c:
26999 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
27002 now fixes mode on sudoers if set to 0400 to aid in upgrade
27005 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
27008 fixed pod2man usage
27011 * Makefile.in, configure.in, version.h:
27015 * testsudoers.c, visudo.c:
27016 runas_user is now initialized to "root"
27020 removed PERM_FULL_ROOT
27024 runas_user defaults to "root" so no more need to PERM_RUNAS
27028 will now only running commands as root if there was no runas list
27029 (or if root is in the runas list)
27037 runas_matches is now set to false if we get a negative match
27041 make #uid work + some minor cleanup
27045 added support for NOPASSWD and "runas" from garp@opustel.com /
27049 added support for "runas" from garp@opustel.com replaced
27050 SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
27055 added support for "runas" from garp@opustel.com
27059 added support for NO_PASSWD and runas from garp@opustel.com replaced
27060 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
27065 added support for NO_PASSWD and runas from garp@opustel.com replaced
27066 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
27071 added support for NO_PASSWD and runas from garp@opustel.com
27074 * parse.c, parse.lex:
27075 added support for NO_PASSWD and runas from garp@opustel.com
27079 added support for SUDOERS_WRONG_MODE and "runas"
27083 added --with-CC only link with -lshadow on linux (with shadow pw) if
27084 libc lacks getspnam()
27087 * OPTIONS, options.h:
27088 removed NO_PASSWD since it is not possible to do this in the sudoers
27089 file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
27090 SUDOERS_GID. Added SUDOERS_MODE.
27094 now uses SUDOERS_UID and SUDOERS_GID
27097 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
27103 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
27106 added double quote support
27110 documented double quoting
27113 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
27120 fixed some indentation
27128 added install-dirs .
27131 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
27134 new version from "Jeff A. Earickson" <jaearick@colby.edu>
27137 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
27140 $CSOPS -> $with_csops (whoops, missed one)
27148 FQHOST now has same constraints as non-FQHOST
27152 added note about OS's w/ shadow passwords turned on by default
27155 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
27162 added support for --without-THING sanitized shadow pw situtation by
27168 fixed a typo wrt placement of an end paren
27172 was closing an fd that may not have been opened
27175 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
27177 * OPTIONS, options.h, sudo.c:
27181 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
27184 now always use shadow pw on some arches
27187 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
27190 added pyramid support
27194 no longer check for C2 if alternate passwd method is used no longer
27195 check for some libs twice
27199 moved fqdn stuff into parse.lex (FQHOST)
27207 now define TCSASOFT in necesary
27211 now uses read/write instead of stdio string goop to avoid problems
27215 * OPTIONS, find_path.c, options.h:
27216 -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
27219 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
27222 added note about no shadow auto-detect if using alternate auth
27227 don't check for C2 if AFS or DCE (unless they said --with-C2)
27234 * OPTIONS, find_path.c, options.h:
27238 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
27241 checkdot now works correctly
27244 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
27247 can't have DCE and C2 passwords both...
27250 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
27252 * parse.yacc, sudo.c, sudo.h, visudo.c:
27253 now uses shost even if not FQDN
27257 now looks for skey in /usr/lib and doesn't require libskey to be in
27258 /usr/local/lib just because skey.h is (for my netbsd box :-)
27261 * aclocal.m4, config.h.in, pathnames.h.in:
27262 _SUDO_PATH_ -> _CONFIG_PATH_
27265 * aclocal.m4, sudo.pod:
27266 /var/run/.odus -> /var/run/sudo
27270 now uses _SUDO_PATH_TIMEDIR
27277 * aclocal.m4, configure.in:
27282 added _SUDO_PATH_TIMEDIR
27286 updated wrt /var/run/sudo
27290 added support for shost if FQDN
27293 * parse.yacc, visudo.c:
27294 now uses shost if FQDN
27298 Now use skeylookup() instead off skeychallenge()
27301 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
27304 mail_argv should not contain ALERTMAIL as it includes "-t"
27307 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
27309 * INSTALL, Makefile.in, README, configure.in, version.h:
27314 added more _PASSWD_LEN stuff -- now uses PASS_MAX too
27318 now includes limits.h moved _PASSWD_LEN -> compat.h
27321 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
27339 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
27346 done for 1.4.1 (I hope)
27350 added info on wildcards
27354 added wildcard example
27358 now uses *.pod to build *.man and *.cat & *.html
27362 addedSUDO_PROG_BSHELL !ll
27366 fixed up some formatting
27370 redid section describing sample sudoers stuff
27374 fixed some formatting
27378 now treats "" as bourne shell
27382 TESTOBJS nwo includes wildmat.o
27386 now works with NewArg[cv]
27390 removed an XXX (fixed it in getspwuid.c)
27394 added check for bourne shell
27402 added _SUDO_PATH_BSHELL
27405 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
27408 unixware vi returns 256 instead of 0
27416 fixed up some XXX's. file log format now looks a little more like
27417 real syslog(3) format.
27420 * README, TROUBLESHOOTING:
27421 updated wrt lex/flex
27425 commented out rule to build lex.yy.c from parse.lex since we ship
27426 with a pre-flex'd parser
27429 * parse.c, parse.yacc, visudo.c:
27430 path_matches -> command_matches
27434 eliminated some strcat()'s
27438 no longer checks for lex/flex (now assumes flex)
27442 now checks for $kerb_dir_candidate/krb.h instead of just
27446 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
27449 now use a 'hook' expression instead of an iffy one :-)
27452 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
27455 now works with new sudo arg stuff
27459 fixed dereferencing deadbeef
27463 changed an occurrence of Argv to NewArgv
27467 took out support for quoted commands since there is no need...
27471 fixed a typo in a for() loop
27475 protected against dereferencing rogue pointers
27479 now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
27480 also allows us to eliminate some kludges in parse_args() and
27481 eliminate superfluous code.
27485 no longer uses cmnd_args, now uses NewArgv instead.
27489 added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
27494 added wildmat.c to SRCS & SUDOBJS
27498 COMMAND is now a struct containing the path and args
27502 replaced append() with fill_cmnd() and fill_args. command args from
27503 a sudoers entry are now stored in an arrary for easy matching.
27507 command line args from sudoers file are now in an array like ones
27508 passed in from the command line
27511 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
27514 wildwat stuff now works
27517 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
27524 ++version added wildmat.*
27527 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
27530 added support for quoted commands (w/ or w/o args)
27533 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
27535 * sudo.pod, visudo.pod:
27536 cleaned up formatting
27539 * sudo.pod, visudo.pod:
27543 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
27546 looks reasonable, could be mroe readable
27553 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
27560 updated NO_ROOT_SUDO entry
27563 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
27566 *** empty log message ***
27567 [5b63de579ff7] [SUDO_1_4_0]
27578 AIX aixcrypt.exp now uses $(srcdir)
27582 added entry for anal ansi compilers
27585 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
27588 added info on libcrypt_i for SCO
27592 *** empty log message ***
27607 * INSTALL, OPTIONS, README, config.h.in, configure.in:
27612 ++version and fixed ISC
27615 * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
27616 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
27617 insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
27618 sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
27624 added STUB_LOAD_INTERFACES ++version
27627 * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
27633 added info about fd_set in tgetpass added info on interfaces.c
27636 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
27647 tgetpass.o is now only linked in with sudo (not visudo)
27650 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
27652 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
27658 added copyright notice
27661 * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
27662 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
27663 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
27664 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
27665 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
27670 minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
27674 ISC now gets -lcrypt now check for sys/bsdtypes.h
27678 added check for sys/bsdtypes.h
27681 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
27684 removed debugging stuff (setting freed ptr to NULL)
27696 added section on syslog
27700 added AC_ISC_POSIX for better ISC support
27708 added define for _POSIX_SOURCE
27711 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
27714 fixed check for lsearch()
27717 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
27720 fixed for AIX now deal if num_interfaces == 0 (should not happen)
27723 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
27726 now only define HAVE_LSEARCH if there is a corresponding search.h
27733 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
27736 now define HAVE_LSEARCH if we find lsearch() in libcompat
27740 char * -> const char *
27744 now looks in -lcompat for lsearch()
27748 remove sudo.core visudo.core for clan target
27752 added UID_MAX support in check for MAX_UID_T_LEN
27756 fixed another occurence of sudo_getpwuid.*
27759 * Makefile.in, getspwuid.c:
27760 sudo_getpwuid.c -> getspwuid.c
27767 * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
27768 compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
27769 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
27770 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
27771 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
27772 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
27773 version.h, visudo.c:
27778 added group support
27786 documented group support
27789 * parse.c, parse.lex, parse.yacc, visudo.c:
27790 added group support
27793 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
27796 tkfile was too short and overflowed the kerberos realm
27799 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
27802 now copy command args directly from Argv
27806 replaced code to copy cmnd_args so that is does not use realloc
27807 since most realloc()'s really stink
27810 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
27813 syslog() fixed in hpux 10.01
27816 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
27819 AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
27823 better error if cannot find skey incs or libs
27827 now use a temp file for determining max len of uid_t in string form.
27828 the old hacky way broke on netbsd
27832 added set of parens and a space
27835 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
27838 fixes from Jeff Earickson <jaearick@colby.edu> ,
27846 fixed up testsudoers target
27850 DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
27851 SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
27855 LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
27859 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
27862 fix for C2 on hpux 10 now uses -linet if it exists
27866 LONG_SKEY_PROMPT is less of a klusge /
27870 fixed typos w/ dce stuff
27877 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
27880 amended section on combining authentication mechanisms
27884 minor updates for 1.3.6
27888 added 2 more entries
27900 rewrote for sudo 1.3.6
27907 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
27909 * find_path.c, getspwuid.c, sudo.c:
27910 added explict casts for strdup since many includes don't prototype
27915 removed prototype for sudo_getpwuid() since convex C compiler choked
27920 added prototype for sudo_getpwuid()
27924 now compiles on strict ANSI compilers
27928 added LONG_SKEY_PROMPT support
27932 added extra $'s for make to eat up, yum.
27935 * OPTIONS, options.h:
27936 added LONG_SKEY_PROMPT
27939 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
27942 s/key support now works with normal s/key as well as logdaemon
27945 * OPTIONS, options.h:
27950 set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
27954 added DCE note added more AIX notes
27958 now include pthread.h for DCE support
27962 dce_pwent() is ok after all .,
27966 now uses SYSLOG() macro that equates to either syslog() or
27971 minor formatting changes. renamed check() to somthing less generic
27974 * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
27976 now uses user_pw_ent and simple macros to get at the contents
27979 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
27982 simpler dec unix C2 support
27986 now sets crypt_type for DEC unix C2
27989 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
27992 added csops paths for skey
27996 now includes string.h for strdup() prototype
28004 now includes skey.h
28012 moved a lot of the shadow passwd crap to sudo_getpwuid()
28016 now uses sudo_pw_ent
28020 now uses sudo_pw_ent
28024 now sets sudo_pw_ent
28032 moved dce stuff into compat.h
28035 * logging.c, sudo.h:
28036 now uses sudo_pw_ent
28040 added sudo_getpwuid.c
28048 now uses sudo_pw_ent
28051 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
28054 fixed exempt_group stuff for OS's that don't put base gid in group
28059 S/Key support now works with sunos4 shadow passwords
28066 * config.h.in, configure.in:
28075 first stab at dce support
28079 now smells like sudo
28087 skey'd sudo now works w/ normal password as well
28090 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
28092 * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
28093 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
28094 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
28095 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
28096 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
28097 version.h, visudo.c:
28098 updated version number
28102 updated to reflect version change
28106 --with options now line up ++version
28110 removed unecesary S/Key stuff
28114 fixed S/Key support
28118 -I stuff now goes in CPPFLAGS
28130 fixed description of EXEMPTGROUP
28134 more people use _RLD_ than just alphas...
28138 replaced $man_prefix with $mandir
28146 now use more GNU'ish dir names
28150 now set *dir correctly (can override from command line)
28154 now deal with situations where we getwd() fails
28157 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
28160 added etc_dir, bin_dir, sbin_dir
28168 now ship a flex-generated lex.yy.c
28172 now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
28176 _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
28180 no more error for redefining SUDOERS_OWNER
28184 expanded SUDOERS_OWNER section
28187 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
28190 now warn if chown(2) failed
28194 better default warning for NO_SUDOERS_FILE
28198 added missing set_perms() no more cryptic message if the sudoers
28199 file is zero length, now just give a parse error
28203 better diagnostics if NO_SUDOERS_FILE
28207 check_sudoers() now catches sudoers files that are not readable (but
28211 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
28214 now add -D__STDC__ for convex cc (not gcc)
28218 MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
28222 now uses exec_prefix & prefix from configure
28225 * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
28226 parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
28228 options.h is now <> instead of "" so shadow build trees can have a
28229 custom copy of options.h
28233 user_is_exempt() is no longer a hack, it now uses getgrnam()
28237 EXEMPTGROUP is now "sudo"
28241 MAN_POSTINSTALL now contains a leading space
28245 removed leading tab if @MAN_POSTINSTALL@ not defined now removes
28246 testsudoers in clean:
28250 includes pwd.h to get _PASSWD_LEN definition
28253 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
28256 unset the KRB_CONF envariable if using kerberos so we don't get
28257 spoofed into using a bogus server
28260 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
28263 now explicately initialize match[] tp be FALSE
28266 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
28269 removed unused variable now passes -Wall
28273 yyerror and dumpaliases are now void's now passes -Wall
28277 added prototype for yyerror
28280 * check.c, logging.c, parse.c:
28285 rmeoved unused cruft now passes -Wall
28289 fixed headers that moved to emul dir
28293 fixed deref of nil pointer if no args
28296 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
28299 added a caveat to FQDN section
28302 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
28305 more $srcdir support for install targets
28308 * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
28309 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
28310 don't include malloc.h if we include stdlib.h
28314 local search.h now lives in emul
28317 * check.c, utime.c:
28318 local utime.h now lives in emul dir
28322 local search.h now lives in emul
28326 added support for building in other than the sourcedir
28329 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
28332 annotated CSOPS_INSULTS option
28336 updated shadow passwords blurb
28340 if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
28341 passes along foo as the arguments
28344 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
28347 collapsed pathname and dir sections into one -- its now less
28352 fixed spacing quoting [,:\\=] now works correctly append() and
28353 fill() now take args to make the above work
28357 fixed a typo that caused commands with no tty on fd 0 but a tty on
28358 fd 1 to erroneously have "none" as their tty
28361 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
28364 timestampfile is now a global static removed decl of timestampfile
28365 in remove_timestamp since we can just use the global one
28369 created touch() to update timestamps added USE_TTY_TICKETS support
28374 added _S_IFDIR and S_ISDIR
28377 * OPTIONS, options.h:
28378 added USE_TTY_TICKETS
28382 removed const from casts for lsearch() & lfind() to placate irix 4.x
28386 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
28389 now only strip '/dev/' off of a tty if it starts with '/dev/'
28397 AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
28402 fixed incorrect #ifdef termio uses "unsigned short" not int for
28406 * parse.lex, parse.yacc:
28407 fixed a spelling error
28414 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
28421 added dotcat() to cat 2 strings w/ a dot effeciently now that we
28422 dynamically allocate strings they need to be free()'d
28426 dynamically allocates space for strings
28430 no more MAXCOMMANDLENGTH
28437 * logging.c, sudo.c:
28438 moved tty stuff into sudo.c
28441 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
28444 fixed a logic bug. Was denying a command if user gave command line
28445 args but there were none in the sudoers file which is wrong.
28449 MAXCOMMMANDLEN dropped down to 1K
28453 return foo; -> return(foo);
28457 fixed netgr_matches() prototype
28461 added support for escaping "termination" characters
28465 buf is now of size MAXPATHLEN+1 since it never holds command args
28473 fixed negation problem (doh!)
28477 fixed 2nd parameter to lfind()
28481 now do bounds checking in fill() and append()
28485 include netdb.h as we should added a missing void cast added
28486 SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
28487 realloc actually moved the string instead of shrinking it
28491 updated with examples of new features
28495 now set errno to EACCES if not a regular file or not executable
28499 if given a fully-qualified or relative path we now check it with
28500 sudo_goodpath() and error out with the appropriate error message if
28501 the file does not exist or is not executable
28504 * emul/search.h, lsearch.c:
28505 now use correct args for lfind
28513 added in CSOps insults
28525 increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
28529 added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
28533 fixed -k load_interfaces() now gets called if FQDN is set
28534 -p now works with -s
28538 don't try to stat() "pseudo commands" like "validate"
28542 added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
28546 added SecurID support added other insults to --with-csops
28554 added clobber target added ins_csops.h now gets CFLAGS from
28559 relaxed SUDO_FULL_VOID
28563 function comment blocks are now in same style as rest of code
28567 added support for command line args in /etc/sudoers
28571 updated to have command args in the sudoers file
28575 added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
28578 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
28581 PATH renamed to COMMAND
28585 it is now a parse error for directories to have args attached to
28590 now say command args if telling user to buzz off
28594 -s no longer indicates end of args sped up loading on cmnd_args in
28599 removed an unreachable statement
28603 made more efficient by pulling out the terminators when in GOTCMND
28604 state and making them their own rule
28607 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
28610 removed MAXLOGLEN since it is no longer used
28614 now allows command args
28618 now groks command arguments
28622 now sets tty correctly when piped input
28626 fixed loading of cmnd_args (was including command name too)
28630 fixed a core dump due to incorrect if construct
28633 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
28636 only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
28640 fixed check for ISC
28644 now sets cmnd_args used by log_error() and that will be used by the
28645 parse to check against command args
28653 now dynamically allocate logline since we can guess at its size
28656 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
28659 cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
28660 "register" since the compiler knows more than I do now do a
28661 "basename" of the tty
28664 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
28671 added shell extern changed MODE_* to be bit masks to allow for
28672 several options together
28676 added -s (shell) option made MODE_* masks so we can do bitwise & and
28677 | to see if multiple flags are set.
28681 added securid support
28684 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
28687 removed a bunch of unnecesary strncpy()'s and replaced with strcat()
28690 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
28692 * Makefile.in, version.h:
28696 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
28699 fixed free() of an uninitialized pointer (yuck)
28703 added netgr_matches
28707 cleaned up netgr_matches
28710 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
28716 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
28719 now installs sudoers.man -- really should clean this up though.
28723 added sudoers.cat and sudoers.man
28727 pulled out stuff on the sudoers file format into a separate man page
28735 fixed up my email address
28739 added checks for innetgr and getdomainname
28743 added dummy netgr_matches function
28747 added netgr_matches
28750 * parse.lex, parse.yacc:
28751 added NETGROUP support
28755 added HAVE_INNETGR & HAVE_GETDOMAINNAME
28758 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
28761 rewrote clean_env() that has rm_env() builtin
28764 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
28767 now cast uid to long in sprintf
28771 added _INSULTS suffix to HAL & GOONS end
28775 added _INSULTS suffix to HAL & GOONS
28778 * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
28779 converted to new scheme of insult "unions" end
28783 now uses MAX_UID_T_LEN
28787 added SUDO_UID_T_LEN !l
28791 added MAX_UID_T_LEN
28795 now use MAX_UID_T_LEN
28799 added check for max len of uid_t fixed sco vs. isc check
28802 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
28813 hack to check for sco
28817 removed #include <net/route.h> since it was hosing some OS's
28820 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
28823 fixed prreadlink() prototype
28827 added parens in #if's
28835 moved SPW_* to config.h.in
28839 added a set of parens
28847 added SPW_* reordered error codes
28851 moved SPW_* to sudo.h
28854 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
28857 SPW_AUTH -> SPW_SECUREWARE
28861 GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
28869 SPW_AUTH -> SPW_SECUREWARE
28873 now uses SHADOW_TYPE to make shadow pw support more readable and
28874 modular. It's a start...
28878 added autodetection of shadow passwords
28882 now uses SHADOW_TYPE define
28886 added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
28890 added SUDO_CHECK_SHADOW
28893 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
28896 define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
28897 memmove() since we dno longer use it...
28905 added BROKEN_SYSLOG support
28909 added BROKEN_SYSLOG
28913 now only bitch it timestamp > time_now + 2 * timeout to allow for a
28914 machine udpating its time from a server
28918 added 2 security notes updated Nieusma's email addr
28922 changed a memmove() to memcpy() since we don't have to worry about
28923 overlapping segments.
28926 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
28929 cleanup up the loop when interfaces are groped in so that it is
28933 * Makefile.in, version.h:
28937 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
28943 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
28946 fixed permissions check on /tmp/.odus
28949 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
28952 fixed some comments
28956 now checks owner & mode of timedir also checks for bogus dates on
28961 updated TIMEOUT info
28964 * logging.c, sudo.h:
28965 added BAD_STAMPDIR and BAD_STAMPFILE
28969 added definition of S_IRWXU
28976 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
28979 added #ifdef to make it compile on strange arches
28982 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
28985 fixed check for fulkl void impl.
28989 added mssing "static"
28993 replaced #elif with #else #if constructs for ancient C compilers
28997 updated irix c2 & kerb5 info
29001 added shadow pw support for irix
29004 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
29011 last changes for sudo 1.3.3
29015 now calls SUDO_SOCK_SA_LEN
29023 added SUDO_SOCK_SA_LEN
29027 now works with ip implementations that use sa_len in sockaddr
29031 added note about buggy AIX compiler
29035 now include sys/time.h for AIX
29038 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
29045 now works for ISC and others. yay.
29048 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
29050 * Makefile.in, version.h:
29054 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
29057 fixed test for full void impl
29061 now check to see that st_dev is non-zero before assuming that we are
29065 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
29067 * aclocal.m4, configure.in:
29068 SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
29071 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
29074 fixed include file order for SUDO_FUNC_UTIME_POSIX
29078 added cast for ttyname()
29086 now deal correctly with all known variation of utime() -- yippe
29090 added SUDO_FUNC_UTIME_POSIX
29094 added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
29098 added HAVE_UTIME_POSIX
29106 no longer assume !HAVE_UTIME_NULL means old BSD utime()
29110 fixed fascist C compiler warning
29114 now set strioctl.ic_timout in STRSET() now initialize num_interfaces
29115 to 0 (just to be anal)
29118 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
29121 increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
29129 reworked the ISC code
29132 * Makefile.in, version.h:
29137 now expect old-style utime(3) if utime() can't take NULL as an arg
29141 added check for utime.h
29149 added CPPFLAGS STATIC_FLAGS -> LDFLAGS
29153 now search for kerb libs and includes
29157 added support for utime(2)'s that can't take a NULL parameter
29161 moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
29165 added utime(s) stuff
29173 added HAVE_UTIME and HAVE_UTIME_NULL
29176 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
29179 now use HAVE_UTIME_NULL
29182 * emul/utime.h, utime.c:
29187 need to setuid(0) to make kerb4 stuff work.
29191 no more special case for kerberos
29195 took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
29200 no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
29205 now use private ticket file for kerberos support to avoid trouncing
29209 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
29212 added SPOOF_ATTEMPT & cmnd_st
29216 added anti-spoofing support
29220 now use global cmnd_st
29224 added SPOOF_ATTEMPT suypport
29227 * testsudoers.c, visudo.c:
29228 added void casts where appropriate
29232 fixed up spacing and added void casts where appropriate
29236 fixed problem with "-p prompt" but no args
29239 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
29242 added BUGS and annotated -l description
29246 validate() now takes a flag
29250 validate() now takes a flag added -l
29254 added support for -l
29258 validate() now takes a flag that says whether or not to check the
29262 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
29265 now deals with Argv == 1
29273 added prompt support reworked parse_args()
29285 now use BUFSIZ as length of kerb password added kpass so pass is
29286 always a char * now use prompt global when asking for a password
29290 now use BUFSIZ as _PASSWD_LEN if using kerberos
29297 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
29300 only look for -lufc or -lcrypt if crypt() not in libc
29304 don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
29305 (unknown user) silently fail
29313 HAVE_KERBEROS -> HAVE_KERB4
29317 removed debugging printf
29321 KERBEROS -> KERB4 added checks for setreuid & setresuid
29325 HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
29329 added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
29330 with setresuid if applic
29334 HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
29335 no setreuid() or a broken one
29338 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
29341 added kerberos support
29345 added HAVE_KERBEROS
29349 added KERBEROS support (long passwords)
29353 added kerberos support
29356 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
29359 added MODE_BACKGROUND
29363 escaped dashes added -b option
29371 added crypt() for osf/1 3.x enhanced secuiry
29375 now check for -lcrypt
29379 added ENXIO like EADDRNOTAVAIL
29382 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
29385 now emulate getwd(), not getcwd()
29389 getcwd() -> getwd()
29396 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
29398 * ins_2001.h, ins_classic.h, ins_goons.h:
29403 broke out insults into separate include files
29406 * OPTIONS, options.h:
29411 added ins_2001.h ins_classic.h ins_goons.h
29414 * Makefile.in, version.h:
29419 moved signal handler setup to setup_signals()
29423 added load_interfaces()
29427 moved load_interfaces to interfaces.c
29434 * OPTIONS, options.h:
29439 now uses clearaliases variable
29447 added interfaces.[co]
29451 now uses ip addrs and netmasks via load_interfaces()
29455 now remove IFS instead of setting to "sane" value
29458 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
29464 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
29467 sudo_goodpath.c-> goodpath.c
29471 added Andy's new ISC changes
29474 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
29477 added a sentence to SECURE_PATH info
29492 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
29498 * Makefile.in, version.h:
29503 sendmail is now looked for in
\17/usr/ucblib
29519 added unixware case
29523 user_is_exempt is no longer hidden
29531 isc and riscos changes
29535 added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
29539 fixed a typo and added testsudoers stuff
29546 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
29549 applied fixed patch from Chris
29552 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
29559 added a set of braces for bison
29563 merged in Chris' changes to dekludge the parser.
29567 send_mail() was calling find_path() which is wrong since find_path()
29568 stores cmnd in a static var. Anyhow, it doesn't make much sense
29569 since MAILER should always be fully qualified
29572 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
29575 added User_Alias stuff
29579 SUDO_NEXT now looks for /usr/lib/NextStep/software_version
29583 added DEC UNIX 3.0 w/ gcc
29587 Exit was being used in places where exit should be used
29591 added "User alias specification"
29595 fixed probs caused by making nslots and naliases a size_t
29599 added KSR, upped rev to 1.3.1b2
29602 * logging.c, parse.yacc:
29607 void * -> VOID * naliases and nslots are now size_t to appease
29608 lsearch on 64-bit machines
29611 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
29614 did a bunch of things and added a bunch :-)
29622 closer to BSD manpage style
29626 closer to standard BSD man format
29629 * compat.h, config.h.in, emul/search.h, insults.h, options.h,
29630 pathnames.h.in, sudo.h, version.h:
29635 removed crufty #defines that are no longer used
29643 updated based on sudo changes
29647 now allow ALL keyword in User_Aliases now allow ALL keyword as well
29656 now sets SUDO_COMMAND and SUDO_GID envariables.
29660 fixed bug with full void impl check
29664 fixed User_Alias supoprt
29668 added stubs for User_Alias support
29672 now sets removes # bogus interfaces from num_interfaces
29676 added User_Alias support
29679 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
29682 removed extraneous TODO
29685 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
29688 ntwk_matches -> addr_matches
29692 ntwk_matches -> addr_matches
29696 ntwk_matches -> addr_matches now use inet_addr() not inet_network()
29697 (which expects octet boundaries) fixes for OSF (sizeof(int) !=
29702 took out debugging info
29706 OS was being set to unknown before non-uname based host checks.
29707 This caused no checks to happen since $OS was not zero-length.
29711 fixed loading of interfaces struct still has debugging info in
29719 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
29730 removed extraneous extern decl of "top
29738 removed parser_cleanup (no need for it now)
29742 now calls reset_aliases() directly
29745 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
29748 added a sentence to SECURE_PATH description
29752 fixed my stupid bug where I used NAMLEN on something I wanted to
29753 just get the name from. argh.
29756 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
29759 fixed argument order of memmove() that i hosed when converting from
29764 finally fixed DISTFILES line
29772 added missing files to DISTFILES
29776 SUPPORTED -> RUNSON
29779 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
29786 updated for pl5b1 release
29794 fixed bug where if you hit return at first sudo prompt it would
29795 still log as a failure
29803 better test for bogus void * implementation
29807 added PASSWORDS_NOT_CORRECT
29811 added PASSWORDS_NOT_CORRECT stuff]
29815 added PASSWORDS_NOT_CORRECT
29823 removed some unused vars and fixed up uid2str
29830 * getcwd.c, getwd.c:
29834 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
29837 fixed a typo I introduced in the last checkin :-(
29841 can't have #ifdef's where N is defined so just do this the broken
29846 better hack from Chris (but still a hack)
29850 stupid hack for broken aix lex
29854 now includes compat.h
\ 6
29858 now includes fcntl.h
29862 added FD_SET and FD_ZERO for 4.2BSD
29866 dirty hack to fix parser bug. i don't really like this but it works
29871 uid2str is now static like the prototype says
29874 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
29876 * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
29885 check_sudoers now returns an error code and sudo calls inform_user
29886 and log_error based on the return value.
29889 * logging.c, sudo.h:
29890 added entries for new errors
29894 now set uid to that of SUDOERS_OWNER while parsing sudoers file
29898 took out testsudoers
\ 6
29902 now explicately checks that it is setuid root
29906 If a user has no passwd entry sudo would segv (writing to a garbage
29907 pointer). Now allocate space before writing :-)
29911 reordered AC_CHECK_FUNCS
29918 * tgetpass.c, visudo.c:
29923 bzero -> memset when a parse error is logged the line number of the
29924 error is now logged too
29928 added Sunos to blurb about c2 security
29932 added a SUN4 define for C2 security
29936 bcopy -> memmove bzero -> memset
29940 bcopy -> memmove char * -> VOID *
29944 added support for sunos with C2 security
29947 * OPTIONS, options.h:
29952 _PATH_SUDO_LOGFILE now set based on configure
29956 added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
29960 added _SUDO_PATH_LOGFILE
29964 added SUDO_LOGFILE to find where to put sudo.log added
29965 SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
29966 SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
29969 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
29976 now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
29977 to work around a problem is trusted hpux shadow passwords. yuck.
29981 backed out a change in malloc/realloc
29985 now include stdlib.h
29989 now do an freopen() of the stmp file so that yyin will always point
29990 to the same thing. This is important for flex since we are doing a
29995 replaced yywrap() with parser_cleanup() since yywrap() needs to be
29996 in parse.lex to be able to use YY_NEW_FILE. sigh.
30000 now have a rule that matches anything that doesn't match an
30001 explicite rule. well, you know what i mean (. matches anything not
30002 yet matched). However, this means that there is input still queued
30003 up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
30004 into parse.lex and it calls parser_cleanup() which is most of the
30012 * getcwd.c, getwd.c:
30013 moved compat.h to be the last include file
30017 fixed type of aliascmp() args
30025 added casts to lfind and lsearch args for irix
30029 bsdinstall -> install-sh
30033 added info about make realclean
30037 updated VERSION added dependencies for visudo.cat
30049 now there is a real visudo.man and visudo.cat
30053 took out visudo stuff
30060 * parse.c, parse.lex, parse.yacc:
30069 updated Nieusma & Hieb email addresses
30073 updated to include options.h and OPTIONS
30081 eliminated bug #1 (yay)
30085 sunos no longer gets linked statically
30088 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
30091 prototype now uses __P()
30095 make fill() non-ansi
30099 made -v (validate) work
30107 don't check for execute/statable if fq or relative path given
30115 now include ctype.h for islower and tolower macros
30119 moved _S_IFMT & _S_ISREG to compat.h
30123 moved a set of parens
30127 now include compat.h
30135 now cast malloc & realloc return vals added search for HAVE_LSEARCH
30136 now use strcmp if no strcasecmp available
30144 removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
30145 HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
30149 added _S_IFMT, _S_IFREG, and S_ISREG
30153 took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
30154 to most SUDO_* macros
30162 various 1.x ro 2.x autoconf changes now check for strcasecmp now use
30163 AC_INSTALL_PROG instead of custom one added check for fully woorking
30164 void implementation
30168 added lsearch & search.h visudo links into $(LIBOBJS)
30172 partial 1.x to 2.x changes added SUDO_FULL_VOID
30176 whatnow_help was prototyped to be static be was not declared as
30181 autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
30182 for dirent/dir/ndir.h
30186 now use groovy gnu autoconf macro AC_HEADER_DIRENT
30189 * getcwd.c, getwd.c:
30190 MAXPATHLEN -> MAXPATHLEN+1
30193 * emul/search.h, lsearch.c:
30197 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
30200 eliminated bison warnings
30208 now iincludes signal.h
30212 only clear data structures on a parse error
30216 whatnow() now gives help on invalid input
30220 added a whatnow() function (sort of like mh)
30224 kill_aliases -> reset_aliases yywrap() now cleans up by calling
30225 reset_aliases() and clearing top took reset stuff out of yyerror()
30226 since it doesn't beling there (and doesn't work anyway). errorlineno
30227 is now initially set to -1 so we can set it to the first error that
30228 occurrs (it was getting set to the last)
30236 rewrote from scratch based on 4.3BSD vipw.c
30239 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
30246 no more sudo_realpath() and find_path() changed params
30250 find_path() changed since no more realpath()
30254 on error, errorlineno is set to the line where the error occurred
30255 added kill_aliases() to free the aliases struct now clean up in
30256 yyerror() so we can reparse cleanly
30259 * options.h, parse.c:
30260 no more USE_REALPATH
30264 changed to use new find_path()
30268 removed all the realpath() stuff
30272 sudo_realpath.c -> sudo_goodpath.c
30276 now works correctly with utk parser
30284 eliminated a compiler warning
30288 elinated compiler warning
30292 added sudo_goodpath()
30296 added prototype for sudo_goodpath
30300 added support for /sys/dir.h
30304 USE_REALPATH turned off
30308 added calls to sudo_goodpath()
30312 added check for dirent.h
30316 added HAVE_DIRENT_H
30320 added in linux shadow pass stuff
\ 6
30323 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
30326 added back host, user, cmnd, parse_error
30330 added in utk changes plus some minor cosmetic changes
30333 * sudo.c, sudo_realpath.c:
30334 added void casts for printf's
30338 added a define of USE_REALPATH
30342 there is no more visudoers/Makefile
30346 added in utk changes (visudo is now built from the toplevel)
30350 added (void) casts to printf's
30353 * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
30354 merged in utk changes
30357 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
30360 now check to see that what we are trying to run is a file (or a link
30361 to a file, we do a stat(2) so there is no diff)
30364 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
30371 aclocal.m4 -> acsite.m4 make realclean updated for new autoconf
\ 6
30375 added myself as maintainer
30378 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
30381 changed setegid -> setgid
30384 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
30387 fixed the test for irix 5.x to skip bad libs
30391 now initialize OS and OSREV
30394 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
30401 AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
30405 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
30408 use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
30409 thing wrt yyrestart (grrrr)
30412 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
30415 added visudoers/compat.h to DISTFILES
30423 added ocmnd declaration adjusted for find_path()'s new parameters
30427 added ocmnd extern adjusted find_path() prototype
30431 cmndcmp() now takes 3 arguments and checks against the qualified as
30432 well as the unqualified pathname. more code that should use
30433 cmndcmp() but did not, now does
30441 changed to use new find_path() parameter passing
30445 find_path() now takes 2 copyout parameters (one for the qualified
30446 pathname and one for the unqualified pathname). The third parameter
30451 no longer munge pathnames.h
30455 changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
30456 as a result, pathnames.h does not need to be run through configure
30457 and the user can override the configured values easily.
30461 added _SUDO_PATH_* entries
30465 _PATH* -> _SUDO_PATH_*
30469 updated DISTFILES and HDRS .o's now depend on config.h
30472 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
30475 removed extraneous #endif
30483 added SUDO_PROG_MV added riscos and isc os types took out
30484 -DSHORT_MESSAGE from --with-csops since it is now the default
30488 move the include of id.h to compat.h now includes options.h
30492 moved compatibility #defines to compat.h
30500 move __P to compat.h
30503 * getcwd.c, getwd.c, putenv.c:
30504 now includes compat.h
30511 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
30514 pull user-configurable stuff out and put in options.h
30517 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
30519 * parse.lex, parse.yacc, visudo.c:
30520 now includes options.h
30523 * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
30525 now includes options.h
30529 added visudoers/options.h
30532 * OPTIONS, options.h:
30537 added OPTIONS and options.h
30541 changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
30545 changed PASSWORD_TIMEOUT to minutes
30548 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
30551 now only do Editor +line_num if line_num != 0
30554 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
30557 now use mv if rename(2) fails
30568 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
30571 fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
30574 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
30577 added mips & isc support
30581 added support for non-root owned sudoers file
30585 added exempt group support
30589 added set_perms() support added SUDOERS_OWNER so can have non-root
30590 own sudoers file added exempt group support added isc support
30594 now copy sudoers to temp file via read/write (not stdio) now chown
30595 new sudoers file to SUDOERS_OWNER
30598 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
30609 fixed typo added set_perms support added skey support added
30610 seteuid()/setegid() emulation for AIX
30614 be_* -> setperms() now check to make sure sudoers file is owned by
30615 root nread/write by only root
30618 * logging.c, parse.c:
30623 be_* -> set_perms() added skey support
30626 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
30636 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
30646 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
30652 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
30667 now bail if ARgv[1] > MAXPATHLEN
30671 added function check for tcgetattr(3)
30675 only define HAVE_TERMIOS_H if you have tcgetattr(3)
30679 added check for tcgetattr
30682 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
30688 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
30691 now only include unistd.h for linux
30694 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
30697 added visudo.8 generation
30701 added -Wl,-bI:./aixcrypt.exp to aix flags
30704 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
30715 added mailing list info
30719 now use sudolineno instead of yylineno fixed bison warnings
30723 now use -no_library_replacement for osf don't make a static binary
30728 added string.h/strings.h inclusion
30736 added inclusion of string.h/strings.h
30740 fixed uname | sed (needed to quote the '[')
30744 replaced yylineno with sudolineno fixed bison syntax errors
30748 changed yylineno to sudolineno since yylineno cannot be counted
30757 added code to support command listings
30761 added code for -l flag
30765 fixed typo added info for -l flag
30769 AC_SSIZE_T -> SUDO_SSIZE_T
30784 * find_path.c, sudo_realpath.c:
30785 readlink() is now declared as returning ssize~_t
30789 added -laud for OSF c2
30792 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
30794 * Makefile.in, visudo.c:
30795 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
30798 * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
30799 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
30802 * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
30803 parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
30804 sudo_setenv.c, tgetpass.c, version.h:
30805 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
30808 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
30819 added host to alertmail messages
30827 fixed logging problem where mail would not say which user it was
30831 added -laud for gcc if osf & c2
30835 moved set_auth_parameters to sudo.c
30839 added set_auth_parameters for osf
30843 cleaned up -static stuff
30855 changed setenv() to sudo_setenv()
30871 added osf auth support & removed some extra spaces
30874 * INSTALL, SUPPORTED:
30878 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
30881 added 2 suggestions
30885 removed README.v1.3.1 and added VERSION stuff
30892 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
30903 mention HISTPRY file
30907 use sizeof instead of a constant in 1 place
30926 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
30930 [7dfbb4a810bb] [SUDO_1_3_1]
30937 added unistd.h include
30940 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
30943 added sys/time.h for AIX
30946 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
30949 added check for -lsocket and sys/sockio.h
30953 took out libshadow check and added in sys/sockio.h check
30957 now include sockio.h instead of ioctl.h if it exists "sudo -" now
30958 gets a better error message
30962 now has a dir and subnet entry
30965 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
30976 added network and ip addresses to man page
30980 no error if can't get interfaces or netmask since networking may not
30985 nwo check for interfaces == NULL
30989 fixed a bug that caused directory specs in a Cmnd_Alias to fail if
30990 the last entry in the spec failed (ie: it was only looking at the
30991 last entry). CLeaned things up by adding the cmndcmp() function--all
30999 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
31002 now do two passes to skip bogus interfaces (lo0, etc)
31005 * parse.lex, parse.yacc, visudo.c:
31006 added include of netinet/in.h
31009 * logging.c, sudo_realpath.c, sudo_setenv.c:
31010 added ninclude of netinet/in.h
31013 * check.c, find_path.c, getcwd.c, getwd.c:
31014 added include of netinet/in.h
31022 added interfaces global
31026 now uses new interfaces global
31030 now ip addresses are gleaned fw/o dns
31033 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
31036 added load_ip_addrs() to load the ip_addrs global var
31040 added hostcmp() to compare hostnames, ip addrs, and network addrs
31044 added ip_addrs def added load_ip_addrs prototype
31047 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
31054 removed multiple entries in DISTFILES
31058 ansified the !STDC_HEADERS decls
31061 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
31062 don't do malloc decl if gnuc
31066 can't use getopt(3) since it munges args to the command to be run as
31067 root don't do malloc decl if gnuc
31070 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
31071 sudo_realpath.c, sudo_setenv.c:
31072 ansi-fied !STDC_HEADER function prottypes
31075 * getcwd.c, getwd.c:
31076 added missing paren
31080 added putenv.c to DISTFILES
31084 added params to func decls when STDC_HEADERS is not defined now can
31085 count on putenv() being there
31089 took out errno decl since sudo.h does it for us fixed up a next cc
31090 warning added params to func decls when STDC_HEADERS is not defined
31094 took out environ extern added local declaratio of putenv() if local
31098 * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
31099 added params to func decls when STDC_HEADERS is not defined
31103 added memcpy check check to see that ansi vs bsd macros are ntot
31104 already defiend before defining (ie: avoid redefinition)
31108 removed fluff setenv check plus check w/ replace for putenv if also
31116 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
31123 rm'd s realp[ath added sudo_realpath and sudo_setenv
31127 now use sudo_setenvc
31131 added puteenv and setenv, removed realpath
31135 added putenv & setenv
31146 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
31149 added MAN_POSTINSTALL and /usr/share/catman for irix
31153 added MAN_POSTINSTALL
31161 added SUDO_* plus new options
31169 took out shadow lib
31177 now use yyrestart() if flex now reset yylineno to 0
31181 support for installing a cat page instead of a man page if no nroff
31185 now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
31186 to determine whether or not to install a cat or man page
31194 not set ret to MODE_RUN initially
31198 made command (and therefor cmnd dynamically allocated)
31210 changed bufs from MAXPATHLEN to MAXPATHLEN+1
31214 added MODE_ removed validate_only and added remove_timestamp()
31218 usage() now takes an int (exit value) added parse_args() to parse
31219 command line arguments moved call to find_path() from load_globals
31220 to new function load_cmnd() removed validate_only global -- now use
31221 the concept of "modes" added -h and -k options
31225 no longer use global validate_only now checks for command called
31226 "validate" removed check for non-fully qualified commands since that
31227 is done by find_path
31231 changed MAXPATHLEN r to MAXPATHLEN+1
31235 fixed off by one error with MAXPATHLEN and fixed a comment
31239 check_timestamp no longer runs reminder(), it is implied in the
31240 return val added remove_timestamp()
31247 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
31261 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
31264 moved send_mail to after syslog
31268 now set SUDO_ envariables
31271 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
31278 now print error if chdir fails
31285 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
31292 no more static binaries for aix
31295 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
31302 took out stuff not needed for sudo now does be_root/be_user itself
31303 now uses cwd global
31310 * logging.c, sudo.c:
31311 be_root/be_user is now down in sudo_realpath()
31314 * logging.c, sudo.h:
31315 now works with 4.2BSD syslog (blech)
31319 now use sudo_realpath()
31323 took out realpth() stuff since we now use sudo_realpath()
31327 ultrix enhanced sec
31331 added ultrix enhanced sec.
31339 ultrix enhanced security suport
31343 added sudo_realpath.c
31351 increased passwd len to 24 for c2 security
31358 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
31361 now use user global var
31368 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
31375 user is now a char * added epasswd
31379 added tzset() to load_globals added epasswd (encrypted password)
31380 global made user dynamically allocated
31392 cleaned up encrypted passwd grab somewhat
31408 can now log to both syslog & a file
31432 removed AFS stuff :-)
31436 include sys/select for AIX
31447 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
31449 * CHANGES, SUPPORTED:
31454 can now have MAILER undefined
31458 new sub-note about MAILER
31462 added blurb about password timeout
31470 took out duplicate define of _CONVEX_SOURCE
31482 added a goto if fgets fails
31486 use __hpux not hpux convex c2 stuff
31490 use __hpux not hpux
31498 define ansi-ish cpp os defines if non-ansi are defined for hpux &
31503 updated to say we support sonvex C2
31507 added convex c2 support
31510 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
31513 no more ioctl never returns NULL uses fgets() and select() to
31517 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
31520 things were testing -n "$GCC" instead of -z "$GCC"
31524 now works + uses fgets()
31527 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
31530 select doesn't seem to recognize a single '\n' as input waiting so
31531 we can;t use it, sigh.
31534 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
31537 updated tgetpass() blurb
31541 added --with-getpass
31545 added tgetpass stuff
31556 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
31563 added USE_GETPASS && HAVE_C2_SECURITY
31567 fixed a test aded --with-C2 and --with-tgetpass
31575 took out tgetpass.*
31582 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
31585 no termio(s) for ultrix since it is broken
31589 added a space (yeah, anal)
31592 * realpath.c, sudo_realpath.c:
31593 fixed it (duh, rtfm)
31596 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
31599 took out bsd signal stuff for irix
31607 don't define BSD signals for irix
31618 * realpath.c, sudo_realpath.c:
31619 took out unneeded code by changing where a strings was terminated
31622 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
31624 * realpath.c, sudo_realpath.c:
31625 fix bug where /dirname would return NULL
31629 move __P to config.h
31632 * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
31633 added errno definition
31648 * realpath.c, sudo_realpath.c:
31649 now works if no fchdir
31653 define SA_RESETHAND to null if not defined
31657 added check & replace
31661 took out -static for nextstep -- it doesn't work
31664 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
31667 moved #endif to where it belongs
31675 now checks for strdup realpath getcwd bzero
31683 added posic signals
31691 added posix signals
31695 removed BROKEN_GETPASS added new srcs toreplace missing functions
31699 added posix signal stuff
31711 now uses posix signals
31715 updated sto reflect major changes
31723 uses sysconf() if available
31727 added PASSWORD_TIMEOUT + prototypes for new functions
31730 * realpath.c, sudo_realpath.c:
31731 for those w/o this in libc
31734 * getcwd.c, getwd.c:
31739 rewrote to use realpath(3) - nis now all my code
31743 added HAVE_REALPATH
31751 added LIBOBJS use tgetpass.c
31754 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
31768 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
31779 added check for getwd
31783 replace strdup & realpath & getcwd if missing
31791 added SUDO_PROG_PWD
31798 * realpath.c, sudo_realpath.c:
31802 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
31805 quoted quare brackets
31808 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
31811 no need to strdup() a constant
31826 * parse.c, sudo.c, sudo.h:
31827 added validate_only stuff
31830 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
31837 $OSREV is now an int
31840 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
31843 added mtxinu to caser
31851 now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
31855 changed mail_argv[] def now use EXEC() macro
31859 took out crypt() definition
31867 always look for -lnsl
31875 SHORT_MESSAGE is now the default
31883 added missing AC_DEFINE(SVR4) for solaris
31887 documented the -v flag
31899 added LIBSHADOW undef
31903 nwo set OS to be lowercase
31906 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
31909 now use SUDO_OSTYPE to set $OS
31913 now use uname to determine os
31917 added prototypes & moved sig handler around
31924 * check.c, logging.c, sudo.c:
31933 nwo use _BSD_SIGNALS not _BSD_COMPAT
31944 * parse.lex, parse.yacc:
31945 moved config.h to top of includes
31948 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
31951 now don't bitch if get EACCESS (treat like EPERM)
31955 added -v flag and usage()
31963 cast Argv to a const for exec added -v flag
31967 mail_argv is now a const
31971 only set RETSIGTYPE if it is not set already
31975 now defines & STDC_HEADERS for Irix
31982 * insults.h, sudo.h:
31983 prevent multiple inclusion
31990 * parse.lex, parse.yacc:
31991 now includes config.h
31995 now talks about sunos 4.x
31999 calls to Exit now pass an arg
32002 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
32005 signal handler now takes an int argument
32013 ok, the getcwd() is now *really* done as the user
32017 changed AIX STATIC_FLAGS
32021 solaris now defines SVR4
32025 added cwd and fixed stupid core dump that makes no sense. sigh.
32029 moved getcwd stuff into load_globals
32033 took out externs that are in suod.h
32037 moved cwd into load_globals
32045 fixed make distclean & realclean
32053 added solaris changes
32057 added solaris changes, need to rework
32061 cleaned up for solaris
32065 reinstall reapchild signal handler for non-bsd signals
32069 took out getdtablesize() emulation for HP-UX (no longer needed)
32073 support for HAVE_SYSCONF
32077 added <fcntl.h> for solaris & reorg'd the includes + minor prettying
32085 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
32088 now tells you what os you are running /.
32095 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
32110 uid seinitialized to -2
32113 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
32116 now removes LIBPATH for AIX
32119 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
32122 now uses ufc if it finds it
32125 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
32128 no longer define yyval & yylval since yacc does it
32132 now defines yylval as extenr
32136 BROKEN_GETPASS is now an OPTION
32140 took out BROKEN_GETPASS
32144 took out big comment
32152 took out README.beta
32160 now reference SUPPORTED .,
32164 now check for convex OR __convex__
32168 now check for convex or __convex__
32180 now use _S_* stat stuff to be ansi-like
32184 updated for configure directions
32188 distclean now removes config.h and pathnames.h
32207 * config.h.in, pathnames.h.in:
32208 added copyright header
32211 * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
32212 parse.yacc, sudo.c, sudo.h:
32217 udpated to use configure + pathnames.h
32224 * Makefile.in, config.h.in, configure.in:
32229 now works with configure
32232 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
32233 updated to work with configure + pathnames.h
32240 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
32243 updated gnu general licence to versio 2
32246 * config.h.in, pathnames.h.in:
32251 changed to work with configure
32254 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
32256 * Makefile.in, aclocal.m4, configure.in:
32261 now uses defines used by configure
32264 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
32267 sudo won't bitch about EPERM now, for real
32270 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
32273 renamed exec_argv to eliminate a libc name clash with ksros
32280 * logging.c, sudo.c, sudo.h:
32297 added UMASK and mode_t declaration
32305 now opens log file with mode 077
32309 saved current umask ans restores it
32313 added MAXLOGFILELEN
32317 split long log lines. FOr syslog, split into multiple entries, for
32318 a log file, indent the extra for readability
32321 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
32328 MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
32331 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
32334 added input from Brett M Hogden <hogden@rge.com>
32337 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
32340 added rmenv() to remove stuff from environ. can now uses execvp()
32341 OR execve() becuase of this.
32345 now uses execvp() OR execve()
32361 moved some func decls out of sudo.h and into sudo.c as statics /.
32372 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
32378 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
32393 added sample.sudoers note
32400 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
32407 took out SAVED_UID garbage
32408 [b7c2d3469661] [SUDO_1_3_0]
32427 more verbose error if mailer not found
32431 now do getpwent as root for soem shadow password systems (bsdi)
32434 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
32437 took out SAVED_UID garbade
32441 took out SAVED_UID garbage since it don't work
32444 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
32451 added a missing space :-)
32455 took out multimax cruft
32467 fixed a typo + indentation
32470 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
32473 took outumoved some defines to the config file ,. ,.
32485 added HAS_SAVED_UID
32492 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
32498 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
32504 * check.c, logging.c, parse.c, sudo.c, sudo.h:
32505 now is only root when abs necesary
32512 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
32527 now removed _RLD_* for alphas
32531 updated for new config scheme
32535 more verbose eror messages
32538 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
32545 define __svr4__ for SOLARIS
32549 added svr4 junk for shadow pws for solaris 2.x
32553 took out setuid(0) and setreuid(udi) garbage. Its not needed since
32554 we start out setuid with the correct perms.
32557 * check.c, sudo.c, sudo.h:
32561 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
32564 revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
32569 now uses ENV_EDITOR if you want to use the EDITOR envar
32573 now uses ENV_EDITOR if you want to use the EDITOR envar >> .
32576 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
32579 rewrote most of this
32583 minor update + spell fix
32587 added all options that are in the Makefile
32591 now use USE_TERMIO #define for sgi & hpux
32598 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
32600 * check.c, find_path.c:
32601 always include strings.h
32609 sgi has vi in /usr/bin too
32616 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
32619 sue /usr/bin/vi on some systems
32623 fixed warning (include strings.h)
32627 added John_Rouillard@dl5000.bc.edu's changes (new features)
32631 changes from John_Rouillard@dl5000.bc.edu
32638 * check.c, find_path.c, parse.c, sudo.c:
32639 added patches from John_Rouillard directory spec
32643 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
32646 added flush for hpux
32649 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
32652 no longer assume malloc returns a char *
32656 alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
32657 gets removed correctly
32661 added STD_HEADERS macro
32665 now uses STD_HEADERS macor for ansi
32669 now uses STD_HEADERS macro
32673 niceties for C compiler bitches -- no real change
32676 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
32679 now doesn't fclose a file never opened.
32682 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
32689 added error stuff added me in there...
32697 added blurb about reading stuff
32705 corrected somments and removed newlines
32717 added dec syslog note
32721 added real stuff in there
32732 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
32739 updated with changes
32750 * CHANGES, COPYING, INSTALL, README, TODO:
32755 updated version number and took out jeff's old addr since it is no
32759 * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
32761 updated version number and took out jeff's email (since it is
32765 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
32771 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
32774 now return NULL instead pf
\b\bof exiting for nopn
\b\bn-fatal errors
32777 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
32784 now sudo.h gets included first
32787 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
32798 hpux 9 fix, removes SHLIB_PATH linux patch
32805 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
32808 stat now ignores EINVAL
32811 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
32813 * find_path.c, sudo.c:
32814 now declare strdup as extern
32817 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
32820 reformatted with indent + by hand
32823 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
32824 used indent to "fix" coding style
32828 now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
32829 move the code that does this into the loop body. makes it messier
32833 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
32836 redid the fix for non-executable files in an easier to read way plus
32837 some minor aethetic changes
32841 fixed bug with non-executable tings of same name in path introduced
32842 by checkig errno after stat(2).
32845 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
32848 fixed off by one error
32852 now handles decending below '/' correctly
32856 now actually builds Envp instead of munging envp
32859 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
32862 now includes sys/param.h
32866 now includes sys/param.h
32870 fixed ifndef -> ifdef
32874 make more like find_path.c
32878 rewritten by millert
32882 fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
32883 about new defines in the comment
32891 added delc for clean_envp() and Envp
32895 now rips LD_* env vars out of envp and passed sanitized Envp to exec
32903 ENOTDIR is ok now too (in case part of the path is bogus)
32907 now works correctly (ttaltotal rewrite)
32911 now includes sys/param.h didn't match trailing / -- fix from
32915 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
32918 moved around the #ifndef _AIX
32921 * check.c, logging.c, parse.c:
32925 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
32931 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
32934 now works if you do sudo bin/test
32941 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
32951 * parse.lex, parse.yacc:
32955 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
32962 now spews error if exec fails and exits with -1
32970 now only execs files with (an) executable bit set.
32977 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>