1 2012-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
4 Added tag SUDO_1_8_4p4 for changeset 11a942f61d47
5 [4a20e5e9af5d] [tip] <1.8>
7 * NEWS, configure, configure.in:
8 Update for sudo 1.8.4p4
9 [11a942f61d47] [SUDO_1_8_4p4] <1.8>
11 * plugins/sudoers/parse.c:
12 Fix bogus int -> bool conversion; tags can have a value of -1.
16 Fix application of debian-specific sudoers mods when building
21 Added tag SUDO_1_8_4p3 for changeset 3093c8558862
24 * NEWS, configure, configure.in:
25 Update for sudo 1.8.4p3
26 [3093c8558862] [SUDO_1_8_4p3] <1.8>
28 * plugins/sudoers/env.c:
29 matches_env_check() returns int, not boolean
33 Simply move the free of ki_proc outside the realloc() loop.
37 Bring back the erealloc() for the ENOMEM loop and just zero the
38 pointer after we free it.
41 * doc/visudo.cat, doc/visudo.man.in:
46 Don't try to erealloc() a potentially freed pointer; Mateusz Guzik
49 2012-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
51 * src/exec_pty.c, src/ttyname.c:
52 Fix format string warning on Solaris with gcc 3.4.3.
56 Honor LDFLAGS when linking sesh; from Vita Cizek
60 Include alloc.h for estrdup() prototype; from Vita Cizek
63 2012-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
69 2012-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
71 * configure, configure.in:
72 Add check for variadic macro support in cpp.
75 2012-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
77 * doc/visudo.pod, plugins/sudoers/visudo.c:
78 Check the owner and mode in -c (check) mode unless the -f option is
79 specified. Previously, the owner and mode were checked on the main
80 sudoers file when the -s (strict) option was given, but this was not
84 * config.h.in, configure, configure.in, src/ttyname.c:
85 Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some
86 versions of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
89 2012-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
92 Added tag SUDO_1_8_4p2 for changeset db564e1c02cf
95 * NEWS, configure, configure.in:
96 bump version to 1.8.4p2
97 [db564e1c02cf] [SUDO_1_8_4p2] <1.8>
100 Fix typo in safe_close() made while converting to debug framework
101 that prevented it from actually closing anything.
104 * common/Makefile.in, compat/Makefile.in, doc/Makefile.in,
106 We need sysconfdir in compat/Makfile to get the proper sudo.conf
107 path. Add standard prefix and foodir expansion in all Makefiles to
108 avoid this problem in the future.
111 2012-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
113 * plugins/sudoers/ldap.c:
114 When adding gids to the LDAP filter, only add the primary gid once.
115 This is consistent with the space computation/allocation. From Eric
119 * doc/TROUBLESHOOTING:
120 Add entry for AIX enhanced RBAC config.
124 Target Mac OS X 10.5 when building packages.
127 2012-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
130 Added tag SUDO_1_8_4p1 for changeset aeb6b9701150
135 [aeb6b9701150] [SUDO_1_8_4p1] <1.8>
137 * configure, configure.in:
138 bump version to 1.8.4p1
141 * Fix the description of noexec.
144 * The "op" parameter to set_default() must be int, not bool since it
145 is set to '+' or '-' for list add and subtract.
148 * Make sure sudoers is writable before calling ed script.
151 2012-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
154 Added tag SUDO_1_8_4 for changeset 7b0b7dfc84c7
157 * Update contributors. Now includes translators and authors of compat
159 [7b0b7dfc84c7] [SUDO_1_8_4] <1.8>
161 2012-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
167 * Build flat packages, not package bundles, on Mac OS X.
170 2012-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
172 * Sync with translationproject.org
175 * configure, configure.in:
176 Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS
180 Move macos section to be with the other OS-specific sections.
183 * Add Mac OS X support, printing the latest chunk of the NEWS file and
184 the license text in the installer.
187 * Add explicit file modes that match those used by "make install"
190 * Sync with upstream for Mac OS X fixes.
193 * Got back to using "install-sh -M" for files installed as non-
194 readable by owner. This fixes "make install" as non-root for
198 2012-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
200 * Sync with translationproject.org
204 Use -m not -M for install-sh for everything except setuid. Install
205 locale .mo files mode 0444, not 0644. If timedir parent doesn't
206 exist, use default dir mode, not 0700.
209 2012-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
211 * Re-sync with upstream; no longer need a local patch.
214 * Add support for building Mac OS X packages.
220 * No longer need to define _PATH_SUDO_CONF here.
223 * Fix noexec for Mac OS X.
226 2012-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
228 * Move _PATH_SUDO_CONF override to common to match sudo_conf.c
231 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
232 fix version in .pot files
235 * More complete fix for LDR_PRELOAD on AIX. The addition of
236 set_perm(PERM_ROOT) before calling the nss open functions (needed to
237 avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective
238 and then real uid to 0 for PERM_ROOT works around the issue.
241 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
245 * Set real uid to root before calling sudo_edit() or run_command() so
246 that the monitor process is owned by root and not by the user.
247 Otherwise, on AIX at least, the monitor process shows up in ps as
248 belonging to the user (and can be killed by the user).
251 * For PERM_ROOT when using setreuid(), only set the euid to 0 prior to
252 the call to setuid(0) if the current euid is non-zero. This
253 effectively restores the state of things prior to rev 7bfeb629fccb.
254 Fixes a problem on AIX where LDR_PRELOAD was not being honored for
255 the command being executed.
258 * configure, configure.in:
259 Make a copy of the struct passwd in exec_setup() to make sure
260 nothing in the policy init modifies it.
263 2012-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
265 * doc/sudo.cat, doc/sudo.man.in, doc/sudoers.cat, doc/sudoers.man.in:
272 * g/c now-unused debug subsystems
275 * Enumerate the debug subsystems used by sudo and sudoers.
278 2012-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
280 * NEWS, doc/sudo.cat, doc/sudo.man.in:
281 Normally, sudo disables core dumps while it is running. This
282 behavior can now be modified at run time with a line in sudo.conf
283 like "Set disable_coredumps false"
287 Mention Spanish translation
290 * Make sure we don't try to fall back to using the conversation
291 function for debugging in the main sudo process if we are unable to
295 * Add sudo Spanish translation from translationproject.org
298 * Better debug subsystem usage
301 * Remove duplicate function prototypes
304 2012-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
306 * configure, configure.in:
307 Error out if user specified --with-pam but we can't find the headers
308 or library. Also throw an error if the headers are present but the
309 library is not and vice versa.
312 2012-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
314 * Fix the sudoers permission check when the expected sudoers mode is
318 2012-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
320 * configure, configure.in:
321 Verify that we can link executables built with -D_FORTIFY_SOURCE
325 * Fix potential off-by-one when making a copy of the environment for
326 LD_PRELOAD insertion. Fixes bug #534
329 * configure, configure.in:
330 Add rudimentary check for _FORTIFY_SOURCE support by checking for
331 __sprintf_chk, one of the functions used by gcc to support it.
334 * configure, configure.in:
335 Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves.
338 2012-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
340 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
344 2012-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
346 * The change in 4fe0f357d34b that caused to exit when the monitor dies
347 created a race condition between the monitor exiting and the status
348 being read. All we really want to do is make sure that select()
349 notifies us that there is a status change when the monitor dies
350 unexpectedly so shutdown the socketpair connected to the monitor for
351 writing when it dies. That way we can still read the status that is
352 pending on the socket and select() on Linux will tell us that the fd
356 * Refactor disable_execute() and my_execve() into exec_common.c for
357 use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of
358 disabling exec in exec_setup(), disable it immediately before
359 executing the command. Adapted from a diff by Arno Schuring.
362 2012-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
364 * configure, configure.in:
365 Add custom version of AC_CHECK_LIB that uses the extra libs in the
366 cache value name. With this we no longer need to rely on a modified
370 2012-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
372 * configure, configure.in:
373 Better handling of network functions that need -lsocket -lnsl
376 * When setting up the execution environment, set groups before
377 gid/egid like sudo 1.7 did.
380 * configure, configure.in:
381 Remove "WARNING: unable to find foo() trying -lsocket -lnsl"
384 * For "sudo -g" prepend the specified group ID to the beginning of the
385 groups list. This matches BSD convention where the effective gid is
386 the first entry in the group list. This is required on newer
387 FreeBSD where the effective gid is not tracked separately and thus
388 setgroups() changes the egid if this convention is not followed.
392 2012-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
394 * configure, configure.in:
395 Fix sh warning; use "test" instead of "["
398 * When not logging I/O, use a signal handler that only forwards
399 SIGINT, SIGQUIT and SIGHUP when they are user-generated signals.
400 Fixes a race in the non-I/O logging path where the command may
401 receive two keyboard-generated signals; one from the kernel and one
402 from the sudo process.
405 * Back out change that put the command in its own pgrp when not
406 logging I/O. It causes problems with pipelines.
409 * configure, configure.in:
410 Only run compat regress tests on compat objects we actually build.
411 Fixes "make check" in the compat dir for systems that don't
412 implement character classes in fnmatch() or glob(). Bug #531
415 2012-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
417 * Update po files from translationproject.org
420 2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
422 * Include parent directories in case they don't already exist. This
423 fixes a directory permissions problem with the AIX package when the
424 /usr/local directories don't already exist.
427 * sync with git version
433 * Move tty name lookup code to its own file.
436 2012-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
439 Update with latest sudo 1.8.4 changes.
442 * configure, configure.in:
443 Remove obsolete template for HAVE_TIMESPEC
446 * Add a check for devname() returning a fully-qualified pathname. None
447 of the devname() implementations do this today but you never know
448 when this might change.
451 2012-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
453 * For "visudo -c" also list include files that were checked when
457 * The device name returned by devname() does not include the /dev/
458 prefix so we need to add it ourselves. Also add debug warning if
459 KERN_PROC sysctl fails or devname() can't resolve the tty device to
463 * The result of writev() is never checked so just cast to NULL.
466 * Update Esperanto, Finnish, Polish and Ukrainian translations from
467 translationproject.org.
470 2012-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
472 * configure, configure.in:
473 Add support for determining tty via sysctl on other BSD variants.
476 * configure, configure.in:
477 Only check for struct kinfo_proc.ki_tdev on systems that support
481 * For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on
482 ttyname() of std{in,out,err}.
485 2012-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
487 * configure, configure.in:
488 On newer FreeBSD we can get the parent's tty name via sysctl().
494 * Silence a gcc warning.
497 * Need to include gettext.h and sudo_debug.h; from John Hein
500 * Initialize the debug framework from the I/O plugin too.
503 * Enable debugging via sudo.conf.
506 * Use SUDO_DEBUG_ALIAS for alias checking functions.
509 * configure, configure.in:
510 More complete test for getaddrinfo() that doesn't rely on the
511 network libraries already being added to LIBS.
514 2012-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
519 * configure, configure.in:
520 Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least.
523 * Include errno.h and missing.h
526 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
527 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
528 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
529 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
536 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
541 Update copyright year.
545 Update for sudo 1.8.4
548 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
552 * Enable debugging via sudo.conf.
555 * Allow "visudo -c" to work when we only have read-only access to the
556 sudoers include files.
559 * Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add
560 HISTORY section in sudo that points to HISTORY file.
563 * Document Debug setting in sudo.conf and debug_flags in plugin.
566 * Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a
567 bug where a pattern like "/usr/*" include /usr/bin/ in the results,
568 which would be incorrectly be interpreted as if the sudoers file had
569 specified a directory. From Vitezslav Cizek.
572 * INSTALL, configure, configure.in:
573 Add --enable-kerb5-instance configure option to allow people using
574 Kerberos V authentication to use a custom instance. Adapted from a
575 diff by Michael E Burr.
578 * Remove -D debug_level option.
581 * Update copyright year.
584 2012-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
586 * parse_error is now bool, not int
589 * Print a more sensible error if yyparse() returns non-zero but
590 yyerror() was not called.
593 * Replace y.tab.c with the correct filename in #line directives.
596 * configure, configure.in:
597 Bump version to 1.8.4
600 * When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2}
601 if the main process's fds 0-2 are not hooked up to a tty. Adapted
602 from a diff by Zdenek Behan.
605 * When not logging I/O, put command in its own pgrp and make that the
606 controlling pgrp if the command is in the foreground. Fixes a race
607 in the non-I/O logging path where the command may receive two
608 keyboard-generated signals; one from the kernel and one from the
612 * Quiet a bogus gcc warning.
615 * Fix warnings related to sudo.conf accessors.
618 * Separate sudo.conf parsing from plugin loading and move the parse
619 functions into the common lib so that visudo, etc. can use them.
622 * Remove support for noexec_file in sudoers and the plugin API
625 * Don't dump interfaces if there are none.
628 * Add missing %s printf escape to the group_plugin, iolog_dir and
629 iolog_file descriptions.
632 * Fix typo in visiblepw description; from Joel Pickett
635 * configure, configure.in, plugins/sudoers/login_class.c:
636 When running a login shell with a login_class specified, use
637 LOGIN_SETENV instead of rolling our own login.conf setenv support
638 since FreeBSD's login.conf has more than just setenv capabilities.
639 This requires us to swap the plugin-provided envp for the global
640 environ before calling setusercontext() and then stash the resulting
641 environ pointer back into the command details, which is kind of a
645 * If srcdir is "." just use the basename of the yacc/lex file when
646 generating the C version. This matches the generated files
647 currently in the repo.
650 * Clean up the DEVEL noise
653 * Handle different Unix domain socket (actually socketpair) semantics
654 in BSD vs. Linux. In BSD if one end of the socketpair goes away
655 select() returns the fd as readable and the read will fail with
656 ECONNRESET. This doesn't appear to happen on Linux so if we notice
657 that the monitor process has died when I/O logging is enabled,
658 behave like the command has exited. This means we log the wait
659 status of the monitor, not the command, but there is nothing else we
660 can do at that point. This should only be an issue if SIGKILL is
661 sent to the monitor process.
664 * Catch common signals in the monitor process so they get passed to
665 the command. Fixes a problem when the entire login session is
666 killed when ssh is disconnected or the terminal window is closed.
667 Previously, the monitor would exit and plugin's close method would
671 * INSTALL, configure, configure.in:
672 Mention how to configure pam_hpsec on HP-UX to play nicely with
676 * Escape values in the search expression as per RFC 4515.
679 * No need for install target to depend explicitly on install-dirs, the
680 install-foo targets all depend on it.
686 * configure, configure.in:
687 Add support for setenv entries in login.conf. We can't use
688 LOGIN_SETENV since the plugin sets up the envp the command is
689 executed with. Also regen the Makefile.in files while here. Fixes
693 * configure, configure.in:
694 Add getaddrinfo() for those without it, written by Russ Allbery
697 * Restore PACKAGE_TARNAME, it is used in docdir
700 * SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to
704 * Remove duplicate return statements.
707 * emove inaccurate comment
710 * Fetch the login class for the user we authenticate specifically when
711 using BSD authentication. That user may have a different login
712 class than what we will use to run the command. When setting the
713 login class for the command, use the target user's struct passwd,
714 not the invoking user's. Fixes bug 526
717 * configure, configure.in:
718 Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1"
721 * Fix "make check" fallout from the sudo_conv changes in sudo_debug.
724 * configure, configure.in:
725 Use stdbool.h instead of rolling our own TRUE/FALSE macros.
728 * configure, configure.in:
729 Add stdbool.h for systems without it.
732 * configure, configure.in:
733 No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default
734 includes have unistd.h in them. Add check for socklen_t for
735 upcoming getaddrinfo compat.
738 * configure, configure.in:
739 Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of
740 HAVE_TIMESPEC and HAVE_IN6_ADDR respectively.
743 * No longer need to include time.h here as missing.h does not use
747 * Fix mode on sudoers as needed when the -f option is not specified.
750 * Add Serbian translation for sudo from translationproject.org
753 * No longer pass debug_file to plugin, plugins must now use
757 * Build PIE executables for newer Debian and Ubuntu
760 * Include time.h for ctime() prototype.
763 * Do not close error pipe or debug fd via closefrom() as we need them
764 to report an exec error should one occur.
767 * Document that a sudoUser may now be a group ID.
770 * Add support for permitting access by group ID in addition to group
774 * Older Netscape LDAP SDKs don't prototype ldapssl_set_strength()
777 * Replace UCB fnmatch.c with a non-recursive version written by
781 * Fix typo, return_debug vs. debug_return
784 * Update Japanese sudoers translation from translationproject.org
787 * Make the env_reset descriptions consistent.
790 * configure, configure.in:
791 Do multiple expansion when expanding paths to the noexec file, sesh
792 and the plugin directory. Adapted from a diff by Mike Frysinger
798 * Add ignore file; from Mike Frysinger
801 * no longer save old Makefile.in to .old
808 Update to libtool 2.4.2
811 * Bump grammar version for #include and #includedir relative path
815 * Add support for relative paths in #include and #includedir
818 * Fix install-plugin when shared objects are unsupported or disabled.
821 * Don't write to sbp if it is NULL
825 If LINGUAS is set, only install matching .mo files
828 * Fix non-dynamic (no dlopen) sudo build.
831 * configure, configure.in:
832 Don't error out if the user specified --disable-shared
835 * Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to
839 * Make sudo_goodpath() return value bolean
842 * INSTALL, configure, configure.in, plugins/sudoers/auth/securid.c:
843 Remove obsolete securid auth method.
846 * Prefix authentication functions with a "sudo_" prefix to avoid
850 * INSTALL, configure, configure.in, plugins/sudoers/auth/kerb4.c:
851 Remove the old Kerberos IV support
854 * Don't print garbage at the end of the custom lecture.
857 * Add lexer tracing as debug@parser
860 * Add devdir before srcdir in include path and fix up dependecies
861 accordingly and add better devdir support to mkdep.pl. We also need
862 to #include <gram.h> not "gram.h" and <def_data.h> and not
863 "def_data.h" when generating the parser in a build dir.
866 * Mark libexec files as optional. If we build without shared object
867 support, libexec is not used.
870 * Change Debug sudo.conf setting to take a program name as the first
871 argument. In the future, this will allow visudo and sudoreplay to
872 use their own Debug entries.
875 * fix sudo_debug_printf priority
878 * add missing debug_return_int
881 * Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR
884 * Add missing word in HOME security note.
887 * Prevent "testsudoers -d username" from trying to malloc(0).
890 * Tests for empty sudoers (should parse OK) and syntax errors within a
891 line (should report correct line number) both with and without the
895 * Print line number when there is a parser error.
898 * Keep track of the last token returned. On error, if the last token
899 was COMMENT, decrement sudolineno since the error most likely
900 occurred on the preceding line. Previously we always uses
901 sudolineno-1 which will give the wrong line number for errors within
906 update with sudo 1.8.3p1 info
909 * Fix crash when "sudo -g group -i" is run. Fixes bug 521
912 * Make alias_remove_recursive() return TRUE/FALSE as its callers
913 expect and remove two unused arguments. Fixes bug 519.
916 * Add regress test for bugzilla 519
919 * Disable warning/error wrapping in regress tests.
923 Do compile-po as part of sync-po so that the .mo files get rebuild
924 automatically when we sync with translationproject.org
927 * check_addr needs to link with the network libraries on Solaris
930 * When matching a RunasAlias for a runas group, pass the alias in as
931 the group_list, not the user_list. From Daniel Kopecek.
934 * We need to init the auth system regardless of whether we need a
935 password since we will be closing the PAM session in the monitor
936 process. Fixes a crash in the monitor on Solaris; bugzilla #518
939 * Get rid of done: label. If the child exits we still need to close
940 the pty, update utmp and restore the SELinux tty context.
943 * Add debug_decl/debug_return (almost) everywhere. Remove old
944 sudo_debug() and convert users to sudo_debug_printf().
947 * Wrap error/errorx and warning/warningx functions with debug
948 statements. Disable wrapping for standalone sudoers programs as well
949 as memory allocation functions (to avoid infinite recursion).
952 * README, configure, configure.in:
953 Add checks for __func__ and __FUNCTION__ and mention that we now
954 require a cpp that supports variadic macros.
957 * New debug framework for sudo and plugins using /etc/sudo.conf that
958 also supports function call tracing.
961 2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
964 Added tag SUDO_1_8_3 for changeset 82bec4d3a203
967 * Update Japanese sudoers translation from translationproject.org
968 [82bec4d3a203] [SUDO_1_8_3] <1.8>
970 2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
972 * configure, configure.in:
973 Override and ignore the --disable-static option. Sudo already runs
974 libtool with -tag=disable-static where applicable and we need non-
975 PIC objects to build the executables.
978 2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
984 * plugins/sudoers/po/sudoers.pot:
988 * Ignore set_logname (which is now the default) for sudoedit since we
989 want the LOGNAME, USER and USERNAME environment variables to refer
990 to the calling user since that is who the editor runs as. This
991 allows the editor to find the user's startup files. Fixes bugzilla
995 * Instead of trying to grow the buffer in make_grlist_item(), simply
996 increase the total length, free the old buffer and allocate a new
997 one. This is less error prone and saves us from having to adjust
998 all the pointers in the buffer. This code path is only taken when
999 there are groups longer than the length of the user field in struct
1000 utmp or utmpx, which should be quite rare.
1001 [cb7c5ac834b5] <1.8>
1003 * Add Italian translation for sudo from translationproject.org
1004 [c7876fccbc38] <1.8>
1007 Japanese translation for sudo and sudoers from
1008 translationproject.org
1009 [9945a3ef7ff7] <1.8>
1011 2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
1013 * sudoreplay depends on timestr.lo too; from Mike Frysinger
1014 [ad9ae493205f] <1.8>
1016 2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
1018 * plugins/sudoers/po/sudoers.pot:
1019 Regen sudoers pot file.
1020 [2c4d99361994] <1.8>
1023 Update with latest sudo 1.8.3 news
1024 [4e7f59d339d4] <1.8>
1026 * ldap_start_tls_s() on Debian (at least) sets the effective and saved
1027 uids to the same value as the real uid. This prevents sudo from
1028 setting the uid or gid later on. As a workaround, we now set perms
1029 to root during sudoers_policy_open().
1030 [eb4c4f15833a] <1.8>
1032 * Better warning message on setuid() failure for the setreuid()
1033 version of set_perms().
1034 [308c72f601e4] <1.8>
1036 2011-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
1039 Combine new translations in NEWS item
1040 [0aa07471a5e6] <1.8>
1042 2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
1044 * Delref auth_pw at the end of check_user() instead of getting a ref
1046 [1c882f2fb46c] <1.8>
1048 * Make sudo_auth_{init,cleanup} return TRUE on success and check for
1049 sudo_auth_init() return value in check_user().
1050 [573bf35ecac9] <1.8>
1052 * Do not return without restoring permissions.
1053 [2444a0b96469] <1.8>
1055 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1057 [d286bce8dbb1] <1.8>
1060 Update for latest release candidate
1061 [63d184ba6263] <1.8>
1063 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1065 [ac3ec1315df7] <1.8>
1067 * Modify the authentication API such that the init and cleanup
1068 functions are always called, regardless of whether or not we are
1069 going to verify a password. This is needed for proper PAM session
1071 [ea281ca46d94] <1.8>
1073 * Add missing dependency for getspwgen other depends.
1074 [9c124272910d] <1.8>
1076 * Fix a PAM_USER mismatch in session open/close. We update PAM_USER
1077 to the target user immediately before setting resource limits, which
1078 is after the monitor process has forked (so it has the old value).
1079 Also, if the user did not authenticate, there is no pamh in the
1080 monitor so we need to init pam here too. This means we end up
1081 calling pam_start() twice, which should be fixed, but at least the
1082 session is always properly closed now.
1083 [d0866ee5f190] <1.8>
1085 * Add check for old being NULL in utmp_setid(); from Steven McDonald
1086 [30cc283ac2b4] <1.8>
1088 2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
1090 * If the invoking user cannot be resolved by uid fake the struct
1091 passwd and store it in the cache so we can delref it on exit.
1092 [19d44f44d45d] <1.8>
1094 2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
1096 * Don't error out if the group plugin cannot be loaded, just warn.
1097 [e91d9912c9a0] <1.8>
1099 2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
1101 * Quiet a false positive found by several static analysis tools. These
1102 tools don't know that log_error() does not return (it longjmps to
1103 error_jmp which returns to the sudo front-end).
1104 [3cc319e31ed6] <1.8>
1106 2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
1108 * Add Italian translation for sudo from translationproject.org Regen
1110 [c0b27f9d7e57] <1.8>
1113 Added tag SUDO_1_8_2 for changeset 3682e51af1d0
1114 [f0be566e9ea2] <1.8>
1116 2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
1118 * Update to current reality and add bit about ssh auth
1119 [48dcb86ce9be] <1.8>
1121 * Make "verbose" static; fixes a namespace clash with
1122 pam_ssh_agent_auth (and it doesn't need to be extern these days).
1123 [b60fdd82de94] <1.8>
1125 * configure, configure.in:
1126 FreeBSD has libutil.h not util.h
1127 [c03b121e0193] <1.8>
1129 * configure, configure.in:
1130 Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD
1131 [002e3e0bb173] <1.8>
1133 * Update po files from translationproject.org
1134 [2b36af902213] <1.8>
1136 2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
1139 Mention DEREF support
1140 [dfeb152f1686] <1.8>
1142 * plugins/sudoers/po/sudoers.pot:
1144 [1fba22e927a3] <1.8>
1146 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
1147 Add support for DEREF in ldap.conf.
1148 [fe1cf6ad0add] <1.8>
1151 install target should depend on ChangeLog too, not just install-doc
1152 [f54e2ab633b8] <1.8>
1154 * NEWS, configure.in, doc/sudoers.cat, doc/sudoers.man.in:
1155 Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
1156 [44a25099594e] <1.8>
1158 * configure.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1160 [e14ee85cf49b] <1.8>
1162 * configure, configure.in:
1163 Fix some square brackets in case statements that needed to be
1164 doubled up. While here, use $OSMAJOR when it makes sense.
1165 [853c6e5f994c] <1.8>
1167 * Fix a crash in make_grlist_item() on 64-bit machines with strict
1169 [e877c89ae32f] <1.8>
1171 * Remove list_options() function that is no longer used now that "sudo
1173 [f31543c80b98] <1.8>
1175 * configure, configure.in:
1176 Error message if user tries --with-CC
1177 [0ed7558b8924] <1.8>
1179 * configure, configure.in:
1180 Check for -libmldap too when looking for ldap libs, which is the
1181 Tivoli Directory Server client library.
1182 [831e32d1453c] <1.8>
1184 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1185 regen pot files for 1.8.3
1186 [df2fb085cff2] <1.8>
1188 * NEWS, configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
1189 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
1190 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
1191 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
1193 Update for version 1.8.3
1194 [38cf153add0a] <1.8>
1196 2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
1198 * Honor NOPASSWD tag for denied commands too.
1199 [f473c443ad54] <1.8>
1201 * INSTALL, configure, configure.in:
1202 Remove --with-CC option; it doesn't work correctly now that we use
1203 libtool. Users can get the same effect by setting the CC
1204 environment variable when running configure.
1205 [4f04869d74fd] <1.8>
1207 2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
1209 * configure, configure.in:
1210 Assume all modern systems support fstat(2).
1211 [0422b19dced3] <1.8>
1213 2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
1215 * configure, configure.in:
1216 Add configure test for missing errno declaration and only declare it
1217 ourselves if it is missing.
1218 [6d26974f7e16] <1.8>
1220 * Include errno.h before sudo.h to avoid conflicting with the system
1221 definition of errno.
1222 [8000bdc0968f] <1.8>
1224 2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
1226 * Only print individual check status when there is a failure.
1227 [bbdd669e7615] <1.8>
1229 * Add calls to setprogname() for test programs.
1230 [c721f3466a3a] <1.8>
1232 * configure, configure.in:
1233 Add -Wall and -Werror after all tests so they don't cause failures.
1234 [20d75ce40086] <1.8>
1236 * Actually run check_addr in the check target
1237 [dcd96ef0dc57] <1.8>
1239 * Split out address matching into its own file and add regression
1241 [863f28589c24] <1.8>
1243 2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
1245 * Fix matching a network number with netmask when the network number
1246 is not the first address in the CIDR block.
1247 [719942c986e9] <1.8>
1249 2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
1251 * Don't assume all editors support the +linenumber command line
1252 argument, use a whitelist of known good editors.
1253 [d8d884af3b05] <1.8>
1255 2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
1257 * Silence compiler warnings on Solaris with gcc 3.4.3
1258 [8047cdb5d6a1] <1.8>
1260 * Fix building on RHEL 3
1261 [6bb0464a7450] <1.8>
1263 * INSTALL, configure, configure.in:
1264 Add --enable-werror configure option.
1265 [aa40fd459836] <1.8>
1267 * setgroups() proto lives in grp.h on RHEL4, perhaps others.
1268 [92f98cbaebf0] <1.8>
1270 * configure, configure.in:
1271 Use PAM by default on AIX 6 and higher.
1272 [7ef53d5ac819] <1.8>
1274 2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
1276 * Add new Esperanto translation from translationproject.org
1277 [109ed683b885] <1.8>
1279 2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
1281 * Quiet an innocuous valgrind warning.
1282 [fc453e49f9dd] <1.8>
1284 2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
1286 * Fix expansion of strftime() escapes in log_dir and add a regress
1287 test that exhibited the problem.
1288 [784e60d21f11] <1.8>
1290 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1291 Fix "make check" return value.
1292 [d3608efd8da6] <1.8>
1294 2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
1296 * plugins/sudoers/po/sudoers.pot:
1298 [3682e51af1d0] [SUDO_1_8_2] <1.8>
1301 Fix logic inversion in pot file up to date check.
1302 [343dbbca9422] <1.8>
1304 * doc/sudo.cat, doc/sudo.man.in, doc/sudoers.cat,
1305 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
1306 doc/visudo.cat, doc/visudo.man.in:
1308 [96234478bde2] <1.8>
1310 2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
1312 * configure, configure.in:
1313 Add caching for gettext() checks.
1314 [4039d21424c3] <1.8>
1316 * configure, configure.in:
1317 Better handling of libintl header and library mismatch.
1318 [cc9faee8e486] <1.8>
1320 2011-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
1324 [73649a44d934] <1.8>
1326 2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
1328 * Also check sudoers gid if sudoers is group writable.
1329 [3d345347f6ac] <1.8>
1332 Update for 1.8.2 final
1333 [441c22fea363] <1.8>
1335 2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
1337 * configure, configure.in:
1338 If dlopen is present but libtool doesn't find it, error out since it
1339 probably means that libtool doesn't support the system.
1340 [6fc7c0de4f6d] <1.8>
1342 * configure args on the command line should override builtin defaults.
1343 Disable NLS for non-Linux/Solaris unless explicitly enabled.
1344 [0ef165f892c2] <1.8>
1346 * Fix loop that calls authenticate(). If there was an error message
1347 from authenticate(), display it.
1348 [f0686011ff2e] <1.8>
1350 2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
1352 * configure, configure.in:
1353 Update to autoconf 2.68 and libtool 2.4
1354 [00df5f3647e1] <1.8>
1356 * Fix typo; OPT should be OTP
1357 [31da1f989740] <1.8>
1359 * Rename libsudoers convenience library to libparsesudoers to avoid
1361 [e9ae9d611dd5] <1.8>
1363 2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
1365 * Add Danish sudoers translation from translationproject.org
1366 [fa9cd9758249] <1.8>
1368 * Add dedicated callback function for runas_default sudoers setting
1369 that only sets runas_pw if no runas user or group was specified by
1371 [3fb4b18525de] <1.8>
1373 2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
1375 * Update Finish, Polish, Russian and Ukrainian translations from
1376 translationproject.org.
1377 [0fcd8f6aff0a] <1.8>
1380 Go back to using a callback for runas_default to keep runas_pw in
1381 sync. This is needed to make per-entry runas_default settings work
1382 with LDAP-based sudoers. Instead of declaring it a callback in
1383 def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
1384 bit naughty, but avoids requiring stub functions in visudo and the
1386 [4e8e70832f06] <1.8>
1388 2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
1390 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1392 [ca5c58c599a6] <1.8>
1395 Add check for out of date message catalogs when doing "make dist".
1396 [36414e5c762b] <1.8>
1398 2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
1400 * configure, configure.in:
1401 Make sure compiler supports static-libgcc before using it.
1402 [6c98e8809291] <1.8>
1404 2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
1406 * Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
1407 [a0a3a3fa6470] <1.8>
1409 2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
1411 * Add new Russian sudo translation from translationproject.org and
1412 rebuild the other translation files.
1413 [e953d7d1ca6d] <1.8>
1415 2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
1417 * Update Finish and Polish translations from translationproject.org
1418 [17e408d73c85] <1.8>
1420 * Go back to escaping the command args for "sudo -i" and "sudo -s"
1421 before calling the plugin. Otherwise, spaces in the command args
1422 are not treated properly. The sudoers plugin will unescape non-
1423 spaces to make matching easier.
1424 [f666191a4e80] <1.8>
1426 2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
1428 * Fix some potential problems found by the clang static analyzer, none
1430 [c1ab4b940980] <1.8>
1432 * Updated Ukranian and Chinese (simplified) po files from
1433 translationproject.org
1434 [792a66672715] <1.8>
1436 2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
1438 * Updated Polish translation from translationproject.org
1439 [5f434cc04482] <1.8>
1441 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1443 [639230dbd741] <1.8>
1445 * Don't try to audit failure if the runas user does not exist. We
1446 don't have the user's command at this point so there is nothing to
1447 audit. Add a NULL check in audit_success() and audit_failure() just
1448 to be on the safe side.
1449 [2bfb96a32b00] <1.8>
1451 * Add -g to CFLAG for PIE builds.
1452 [e4c94977ca4e] <1.8>
1454 2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
1456 * Remove fallback to per-group lookup when matching groups in sudoers.
1457 The sudo front-end will now use getgrouplist() to get the user's
1458 list of groups if getgroups() fails or returns zero groups so we
1459 always have a list of the user's groups. For systems with
1460 mbr_check_membership() which support more that NGROUPS_MAX groups
1461 (Mac OS X), skip the call to getgroups() and use getgrouplist() so
1462 we get all the groups.
1463 [168d6d4a386b] <1.8>
1465 2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
1467 * Fix setgroups() fallback code on EINVAL.
1468 [dd1310945ab3] <1.8>
1470 * Fix two PERM_INITIAL cases that were still using user_gids.
1471 [d497d0d47a23] <1.8>
1473 * Add Polish sudo message catalog
1474 [1a0aa3f9f179] <1.8>
1476 * user_group is no longer used, remove it
1477 [379185a76094] <1.8>
1479 2011-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
1481 * Add Polish translation from translationproject.org
1482 [2e7cdfe4ef41] <1.8>
1484 * Add a wrapper for setgroups() that trims off extra groups and
1485 retries if setgroups() fails. Also add some missing addrefs for
1486 PERM_USER and PERM_FULL_USER.
1487 [bacb4170a510] <1.8>
1489 * configure, configure.in:
1490 Instead of keeping separate groups and gids arrays, create struct
1491 group_info and use it to store both, along with a count for each.
1492 Cache group info on a per-user basis using getgrouplist() to get the
1493 groups. We no longer need special to special case the user or list
1494 user for user_in_group() and thus no longer need to reset the groups
1495 list when listing another user.
1496 [f1d8962821a0] <1.8>
1498 * Don't rely on NULL since we don't include a header for it.
1499 [ed46286f848b] <1.8>
1502 [a38b8fbb0e70] <1.8>
1504 * Do not shadow global sudo_mode with a local variable in set_cmnd()
1505 [8e462ebafea4] <1.8>
1507 2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
1509 * bash 2.x doesd not support the -l flag and exits with an error if it
1510 is specified so use --login instead. This causes an error with bash
1511 1.x (which uses -login instead) but this version is hopefully less
1513 [73020a67b9d5] <1.8>
1515 * Add Polish translation from translationproject.org
1516 [8cac0da9ffb1] <1.8>
1518 2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
1520 * Make error strings translatable.
1521 [d1ff594f27b5] <1.8>
1523 * Only run configure with --with-pam-login for RHEL 5 and above.
1524 [2f1a0ff5230e] <1.8>
1526 * Fix typo in summary
1527 [1e1d7dcae9ab] <1.8>
1529 2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
1531 * Add missing logwrap.c
1532 [abcd28c194d2] <1.8>
1534 * Split out log file word wrap code into its own file and add unit
1535 tests. Fixes an off-by one in the word wrap when the log line
1536 length matches loglinelen.
1537 [0ae1c7aa9ef1] <1.8>
1539 2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
1541 * For SuSE, only use /usr/lib64 as libexec if generating 64-bit
1543 [4448fa1c639f] <1.8>
1545 * Fix build error when --without-noexec configure option is used.
1546 [f6bfd748ae45] <1.8>
1548 * configure, configure.in:
1549 Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX
1551 [9d957ae1840d] <1.8>
1553 2011-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
1555 * NEWS, doc/UPGRADE:
1556 Document group lookup change and possible side effects.
1557 [fe4b2d2701b2] <1.8>
1559 2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
1561 * Resolve the list of gids passed in from the sudo frontend (the
1562 result of getgroups()) to names and store both the group names and
1563 ids in the sudo_user struct. When matching groups in the sudoers
1564 file, match based on the names in the groups list first and only do
1565 a gid-based match when we absolutely have to. By matching on the
1566 group name (as it is listed in sudoers) instead of id (which we
1567 would have to resolve) we save a lot of group lookups for sudoers
1568 files with a lot of groups in them.
1569 [c10d208bd7e5] <1.8>
1571 2011-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
1575 [f6a3aa2edf7a] <1.8>
1577 2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
1579 * Workaround for "sudo -i command" and newer versions of bash which
1580 don't go into login mode when -c is specified unless -l is too.
1581 [381e74d35006] <1.8>
1583 2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
1585 * Rewrite logfile word wrapping code to be more straight-forward and
1586 actually wrap at the correct place.
1587 [8a7862d6a82f] <1.8>
1589 2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
1593 [2456ad2ad3e3] <1.8>
1596 Mention use_pty bug fix
1597 [f4eab5193452] <1.8>
1599 * Set use_pty=true in command details when use_pty is set in sudoers.
1601 [abaafc5793d9] <1.8>
1603 2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
1605 * Sync Chinese (simplified) PO files from translationproject.org
1606 [a4cf84dd9ddf] <1.8>
1608 2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
1610 * Add Danish translation from translationproject.org and add missing
1612 [672b88adcc34] <1.8>
1614 * Makefile.in, configure, configure.in:
1615 No longer need to specify LINGUAS in configure, "make install-nls"
1616 now just installs all the .mo files it finds.
1617 [c226a39ece48] <1.8>
1619 2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
1621 * Build CONTRIBUTORS from newly-added contributors.pod
1622 [b8871dd293ff] <1.8>
1624 * Rework the wording in the leading paragraph
1625 [d8b081dedeb3] <1.8>
1627 2011-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
1629 * Add a CONTRIBUTORS file with the names of folks who have contributed
1630 code or patches to sudo since I started maintaining it (plus the
1632 [8b064e8996af] <1.8>
1634 2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
1636 * Preserve SHELL variable for "sudo -s". Otherwise we can end up with
1637 a situation where the SHELL variable and the actual shell being run
1639 [8f5bb61a8b76] <1.8>
1641 2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
1643 * configure, configure.in:
1644 Only enable Solaris project support when setproject() is present in
1646 [bf370ff3c194] <1.8>
1648 * Explicitly set mode and owner of /etc/sudoers instead of relying on
1649 "cp -p" to work in the postinstall script. On AIX 6.1 at least the
1650 postinstall script runs before the final file permissions are set.
1651 [7a4a87405349] <1.8>
1653 * Refer the user to the "Command Environment" section in description
1654 of sudo's -i option.
1655 [1a063eaf9670] <1.8>
1658 [442c50370c44] <1.8>
1660 * If there is no old dependency for an object file, use the MANIFEST
1662 [d95c77ad283f] <1.8>
1664 * Remove dependency for getgrouplist.lo as we don't ship that source
1666 [bbede77e6256] <1.8>
1668 * Do not declare yyparse() static as the actual function generated by
1670 [8e615bd15a4c] <1.8>
1673 Remove locale files in "make uninstall"
1674 [9791be90d5ac] <1.8>
1676 2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
1679 Add Basque translation and sync Finish and Ukranian translations.
1680 [64af34789164] <1.8>
1683 Update PAM change to reflect latest checkin.
1684 [657cddf2077a] <1.8>
1686 * configure, configure.in:
1687 FreeBSD no longer needs the main sudo binary to link with -lpam now
1688 that plug-ins are loaded with RTLD_GLOBAL.
1689 [573a6f4b29af] <1.8>
1691 * Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
1692 problems with pam modules not having access to symbols provided by
1693 libpam on some platforms. Affects FreeBSD and SLES 10 at least.
1694 [4ec864fdba46] <1.8>
1697 Move xgettext invocation out of update-po target into update-pot
1698 [421ac1a073ea] <1.8>
1700 2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
1702 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1703 Regenerate .pot files for 1.8.2rc2
1704 [d2a891e3d3dd] <1.8>
1707 Move nls targets to the top level Makefile so the paths in the pot
1709 [6c256cb77f78] <1.8>
1713 [17bd04278b04] <1.8>
1715 * Add compiled version of sudo Finish translation
1716 [ff9d20a02aa0] <1.8>
1718 * Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
1720 [60c4f3b3829c] <1.8>
1722 * configure, configure.in:
1723 Add Finish translation from translationproject.org
1724 [ade788a35521] <1.8>
1726 * The group named by exempt_group should not have a % prefix.
1727 [1f74c691c1e1] <1.8>
1729 * Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
1730 [58d36c0e76f9] <1.8>
1732 * Fix compressed io log corruption in background mode by using _exit()
1733 instead of exit() to avoid flushing buffers twice.
1735 Improved background mode support. When not allocating a pty, the
1736 command is run in its own process group. This prevents write access
1737 to the tty. When running in a pty, stdin is not hooked up and we
1738 never read from /dev/tty, which results in similar behavior.
1739 [fe50d6a5c5b9] <1.8>
1741 2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
1743 * Clean up regress files Generate proper dependencies for regress objs
1745 [264196584549] <1.8>
1747 * Add missing dependency for check_fill.o.
1748 [c41f4e6ff078] <1.8>
1750 2011-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
1752 * INSTALL, configure, configure.in:
1753 Add support for --enable-nls[=location]
1754 [0ea8e7bd1739] <1.8>
1756 2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
1759 [fe8bab6403c6] <1.8>
1761 * Quiet gcc warnings.
1762 [aa16d09710a7] <1.8>
1764 * configure, configure.in:
1765 Don't install .mo files if gettext was not found.
1766 [c6b233e829aa] <1.8>
1768 2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
1770 * Always allocate a pty when running a command in the background but
1771 call setsid() after forking to make sure we don't end up with a
1773 [77c6b2923714] <1.8>
1775 * Add missing space between command name and the first command line
1777 [d0a36b9c0f38] <1.8>
1779 * Quiet a compiler warning on some platforms.
1780 [654e76cf0574] <1.8>
1782 * README file that directs people to translationproject.org
1783 [5545e9a5ae37] <1.8>
1785 * Sync translations with TP
1786 [b054ce577022] <1.8>
1789 Add 'sync-po' target to top-level Makefile to rsync the po files
1790 from translationproject.org.
1791 [87a5011b0410] <1.8>
1793 * install nls files from install target
1794 [a3feba9ef323] <1.8>
1797 Include .mo files in sudo binary packags.
1798 [bc3ee7e7fb44] <1.8>
1800 * configure, configure.in:
1801 Add simplified chinese translation
1802 [c22e6842c766] <1.8>
1804 2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
1806 * configure, configure.in:
1807 Add ukranian translation
1808 [0bb9e6437f0f] <1.8>
1810 * refer to siglist.c, not ./siglist.c since not all makes will treat
1811 foo and ./foo the same.
1812 [909051ff6061] <1.8>
1814 * Set def_preserve_groups before searching for the command when the -P
1816 [08e9378f50e4] <1.8>
1819 Add dependency for siglist.lo in compat. This is a generated file
1820 so "make depend" needs to depend on it.
1821 [e6c0daf36af0] <1.8>
1823 * More dependency fixes.
1824 [7fed03624689] <1.8>
1826 * Fix a few dependencies.
1827 [7cb86c721961] <1.8>
1829 * Place compiled mo files in the src dir, not the build dir. When
1830 installing compiled mo files, display a status message.
1831 [b87aa18a9968] <1.8>
1833 2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
1835 * Tivoli Directory Server requires that seconds be present in a
1836 timestamp, even though RFC 4517 states that they are optional.
1837 [47ebf110ea7a] <1.8>
1839 * Add missing bit of copyright
1840 [d05d28a91bc4] <1.8>
1842 * Mention cycle detection warnings
1843 [ee8231aa1aed] <1.8>
1845 * When checking aliases, also check the contents of the alias in case
1846 there are problems with an alias that is referenced inside another.
1847 Replace the self reference check with real alias cycle detection.
1848 [abcfe1bc95d8] <1.8>
1850 * Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
1851 ENOENT in alias_find() and alias_remove() if the entry could not be
1853 [e73d169f4e9b] <1.8>
1855 * Increment alias_seqno before calls to alias_remove_recursive() to
1856 avoid false positives with the alias loop detection. Fixes spurious
1857 warnings about unused aliases when they are nested.
1858 [ac094820ef19] <1.8>
1861 [3721e9654ba6] <1.8>
1863 * Add dependency on convenience libs to binaries
1864 [8a4db8226dfe] <1.8>
1867 mkdep.pl only works when run from the src dir
1868 [2480427a0680] <1.8>
1871 Auto-generate Makefile dependencies with a perl script.
1872 [ef5f56907d97] <1.8>
1874 2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
1876 * If the user specifies a runas group via sudo's -g option that
1877 matches the runas user's group in the passwd database and that group
1878 is not denied in the Runas_Spec, allow it. Thus, if user root's gid
1879 in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
1880 no groups are present in the Runas_Spec.
1881 [942e1e7c5090] <1.8>
1883 2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
1886 Mention what is new in 1.8.2 (for now)
1887 [d44b26eceee5] <1.8>
1889 * Add dependencies on gettext.h
1890 [32c61c6af852] <1.8>
1892 * Fix install-nls target with HP-UX sh when gettext is not present.
1893 [3441cece9638] <1.8>
1895 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
1896 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
1897 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
1898 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
1899 Regen for sudo 1.8.2
1900 [9ea124b542cc] <1.8>
1902 2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
1904 * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1905 regenerate .pot files for lbuf changes
1906 [a8a9cc62c3a5] <1.8>
1908 * configure, configure.in:
1909 Add missing "checking" message for gettext when using the cache.
1910 [4136bc346576] <1.8>
1912 * Add primitive format string support to the lbuf code to make
1913 translations simpler.
1914 [22fc74618d09] <1.8>
1916 * configure, configure.in, plugins/sudoers/po/sudoers.pot,
1918 Bump version to 1.8.2
1919 [999de1ac5b3e] <1.8>
1921 * Add message catalog template files for sudo and the sudoers module.
1922 [6afad75e7afa] <1.8>
1925 Add gettext.h convenience header. This is similar to but distinct
1926 from the one included with the gettext package.
1927 [5ae5a86e0d06] <1.8>
1929 * configure, configure.in:
1930 Add checks for nroff -c and -Tascii flags
1931 [580c21905280] <1.8>
1933 * configure, configure.in:
1934 Add check for HP bundled C Compiler (which cannot create shared
1936 [34f616cbb0f3] <1.8>
1938 * Fix C format warnings.
1939 [f20a43a817f0] <1.8>
1942 [76bf8a4bf075] <1.8>
1944 * Translate help / usage strings.
1945 [16c5b7902d4c] <1.8>
1947 * Set --msgid-bugs-address to the bugzilla url
1948 [3e3cfa7b4ceb] <1.8>
1950 * INSTALL, Makefile.in, README, configure, configure.in:
1951 Add scaffolding to update .po files and install .mo files.
1952 [a51e60b35e47] <1.8>
1954 * Minor warning/error cleanup
1955 [593144ac87ff] <1.8>
1958 Emulate ngettext for the non-nls case
1959 [7cdf82de4dee] <1.8>
1961 * Do not mark untranslatable strings for translation
1962 [088271ed02d0] <1.8>
1964 * Use ROOT_UID not 0.
1965 [f901fa2fdaf2] <1.8>
1967 * Minor warning/error message cleanup
1968 [b99c7ef46236] <1.8>
1970 * cannot -> "unable to" in warning/error messages can't -> "unable to"
1971 in warning/error messages
1972 [5119140fabc7] <1.8>
1974 * configure, configure.in:
1975 FreeBSD needs the main sudo executable to link with -lpam when
1976 loading dynaic pam modules for some reason.
1977 [738b6778a505] <1.8>
1979 * We don't want to translate debugging messages.
1980 [357a575c2dfd] <1.8>
1982 * configure, configure.in:
1983 Add calls to bindtextdomain() and textdomain() Currently there are
1984 two domains, one for the sudo front-end and one for the sudoers
1985 plugin and its associated utilities.
1986 [907f39439d80] <1.8>
1988 * configure, configure.in:
1989 Fix caching of libc gettext check.
1990 [e229c21f412f] <1.8>
1992 * Mark defaults descriptions for translation
1993 [65e03d1f8203] <1.8>
1996 Update for sudo 1.8.1p2
1997 [89c31f2aa11e] <1.8>
1999 * Quiet compiler warning when SELinux is enabled.
2000 [51b1d7c8aa86] <1.8>
2002 * dd missing includes of libintl.h.
2003 [25662143d36d] <1.8>
2005 * Fix gettext marker.
2006 [7618856ba5de] <1.8>
2008 * Include libint.h where needed.
2009 [cc256b297b9d] <1.8>
2011 * Prepare sudoers module messages for translation.
2012 [1b7f0bbaa55f] <1.8>
2014 * Only check gid of sudoers file if it is group-readable.
2015 [f3cae943f35a] <1.8>
2017 * For AIX, keep calling authenticate() until reenter reaches 0.
2018 [e412676bac73] <1.8>
2020 * configure, configure.in:
2021 Cache the status of the initial gettext() check.
2022 [c32281768c0f] <1.8>
2024 * INSTALL, configure, configure.in:
2025 Add --disable-nls flag and improve checks for gettext.
2026 [b39674c1e538] <1.8>
2028 * configure, configure.in:
2029 When building with gcc on HP-UX, use -march=1.1 to produce portable
2030 binaries on a pa-risc2 host. Previously, the +Dportable option was
2031 used for the HP-UX C compiler but gcc always produced native
2033 [41351c23ad41] <1.8>
2035 * Prepare sudo front end messages for translation.
2036 [7807d6f74dac] <1.8>
2038 * configure, configure.in:
2039 Add initial scaffolding to support localization via gettext()
2040 [cdbbff7e6376] <1.8>
2042 2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
2045 update copyright year
2046 [d681661f03cc] <1.8>
2049 No need to include version number at the top of these files.
2050 [7e11f673f773] <1.8>
2053 This is sudo 1.8.1 not 1.8.0
2054 [4d674f230d8a] <1.8>
2056 2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
2058 * Don't let the fnmatch/glob macros expand the function prototype.
2059 [d449e9a8f447] <1.8>
2061 2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
2063 * Resolve namespace collisions on HP-UX ia64 and possibly others by
2064 adding a rpl_ prefix to our fnmatch and glob replacements and
2065 #defining rpl_foo to foo in the header files.
2066 [d23889375b21] <1.8>
2068 2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
2070 * Split ALL, ROLE and TYPE into their own actions. Since you can only
2071 have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
2072 the non-SELinux case. This is safe because the actions are in one
2073 big switch() statement.
2074 [0bd9b7e37ab1] <1.8>
2076 * Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
2077 [8dec97b359e0] <1.8>
2079 * askpass moved from sudoers to sudo.conf in sudo 1.8.0
2080 [1001d87d82ed] <1.8>
2082 * Remove obsolete warning about runas_default and ordering. Move
2083 syslog facility and priority lists into the section where the
2084 relevant options are described.
2085 [1286b9624021] <1.8>
2087 2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
2089 * Fix SIA support; we no longer have access to the real argc and argv
2090 so allocate space for a fake one and use the argv passed to the
2091 plugin with "sudo" for argv[0].
2092 [7c11eeffb91c] <1.8>
2094 * Remove useless realloc when trying to get the buffer size right.
2095 [58128e7f4e28] <1.8>
2097 * Be explicit when setting euid to 0 before call to setreuid(0, 0)
2098 [95769a564ab8] <1.8>
2100 2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
2103 sudo 1.8.1p1 updates
2104 [de3d688b5bb1] <1.8>
2106 * configure, configure.in:
2107 Need to do checks for krb5_verify_user, krb5_init_secure_context and
2108 krb5_get_init_creds_opt_alloc regardless of whether or
2109 notkrb5-config is present.
2110 [456c4a9cd5d6] <1.8>
2112 2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
2114 * Work around weird AIX saved uid semantics on setuid() and
2115 setreuid(). On AIX, setuid() will only set the saved uid if the euid
2117 [5d0a69e9d181] <1.8>
2119 2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
2121 * update copyright year
2122 [fa8da6d55783] <1.8>
2124 * Treat a missing includedir like an empty one and do not return an
2126 [5fd9fe004728] <1.8>
2128 2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
2130 * Fix ARCH setting in cross-compile Solaris packages.
2131 [8ce40940f6c9] <1.8>
2133 * Fix aix version setting.
2134 [02a9e25d46ba] <1.8>
2136 * Remove extraneous parens in LDAP filter when sudoers_search_filter
2137 is enabled that causes a search error. From Matthew Thomas.
2138 [b67be9b51ec6] <1.8>
2140 2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
2142 * Correct sizeof() to fix test failure.
2143 [a11b89fd13f9] <1.8>
2145 * "install" target should depend on "install-dirs". Fixes "make -j"
2146 problem and closes bz #487. From Chris Coleman.
2147 [06ab0558f848] <1.8>
2149 2011-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
2152 Added tag SUDO_1_8_1 for changeset 0ed6281995f0
2153 [543d41a163e9] <1.8>
2155 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
2156 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
2157 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
2158 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
2159 Regen man pages for 1.8.1
2160 [0ed6281995f0] [SUDO_1_8_1] <1.8>
2162 2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
2164 * Add HAVE_RFC1938_SKEYCHALLENGE
2165 [c0d7eb39799d] <1.8>
2167 2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
2169 * Mention plugin loading and libgcc changes
2170 [b74929cba37c] <1.8>
2172 * Load plugins after parsing arguments and potentially printing the
2173 version. That way, an error loading or initializing a plugin
2174 doesn't break "sudo -h" or "sudo -V".
2175 [c1ecb5979cf0] <1.8>
2178 When using a sub-shell to invoke the sub-make, exec make instead of
2179 running it inside the shell to avoid an extra process.
2180 [9439f016c993] <1.8>
2182 * Stop testing unspecified behavior in fnmatch Make glob test more
2184 [87a91d76fbff] <1.8>
2186 * No need to add current dir to include path and having it breaks the
2187 test programs that expect to get the system glob.h and fnmatch.h
2188 [3ae7f9e7b710] <1.8>
2190 * configure, configure.in:
2191 Fix and document --with-plugindir; partially from Diego Elio Petteno
2192 [0220a0c2606f] <1.8>
2194 * Fix fnmatch and glob tests to not use hard-coded flag values in the
2195 input file. Link test programs with libreplace so we get our
2196 replacement verions as needed.
2197 [66bab80241e0] <1.8>
2200 If make in a subdir fails, fail the target in the upper level
2201 Makefile too. Adapted from a patch from Diego Elio Petteno
2202 [bc35b7813507] <1.8>
2204 * configure, configure.in:
2205 Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
2206 has this. Adapted from a patch from Diego Elio Petteno
2207 [bb6228f484b9] <1.8>
2209 * Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
2211 [47e6d5fadc6d] <1.8>
2213 * configure, configure.in:
2214 Fix warnings when -without-skey, --without-opie, --without-kerb4,
2215 --without-kerb5 or --without-SecurID were specified.
2216 [1b75035dd129] <1.8>
2218 * Add plugins/sudoers/sudoers_version.h
2219 [1d470c6033ca] <1.8>
2221 * configure, configure.in:
2222 Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
2223 now include LDFLAGS in the sudoers Makefile.in. Add missing settng
2224 of @LDFLAGS@ in plugin Makefile.in files.
2225 [dd237f43aa12] <1.8>
2227 2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
2229 * Mention %#gid support in User_List and Runas_List
2230 [37e259b9181b] <1.8>
2232 * Keep track of sudoers grammar version and report it in the -V
2234 [0e0b891dd8a4] <1.8>
2236 * Add multiple inclusion guard
2237 [ec6884f51ea8] <1.8>
2239 * configure, configure.in:
2240 The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
2241 LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
2242 set it to -Wc,-static-libgcc if not using GNU ld so we don't
2243 have a dependency on the shared libgcc in sudoers.so.
2244 [28d03f3eb0d2] <1.8>
2246 * Fix typo; from Petr Uzel
2247 [d19b9bd92bd3] <1.8>
2249 2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
2251 * In dump-only mode, use "root" as the default username instead of
2252 "nobody" as the latter may not be available on all systems.
2253 [b304111616dd] <1.8>
2255 2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
2257 * Remove NewArgv/NewArgc, they are no longer needed.
2258 [c0a36a42a68c] <1.8>
2260 * Fix setting of user_args
2261 [529e79ea95d1] <1.8>
2263 * Add '!' token to lex tracing
2264 [aef295d428e7] <1.8>
2266 * Use group bin in test, not wheel as most systems have the bin group
2267 but the same is no longer true of wheel.
2268 [350347f09c1a] <1.8>
2270 * Avoid using pre or post increment in a parameter to a ctype(3)
2271 function as it might be a macro that causes the increment to happen
2273 [8a94ebdd53b8] <1.8>
2275 2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
2277 * Strip off the beta or release candidate version when building AIX
2279 [00ad950764e2] <1.8>
2281 * configure, configure.in:
2282 We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
2283 structure checks for glibc which only has __e_termination visible
2284 when _GNU_SOURCE is *not* defined.
2285 [1d58420a4a4a] <1.8>
2287 * getuserattr(user, ...) will fall back to the "default" entry
2288 automatically, there's no need to check "default" manually.
2289 [cefffa82967d] <1.8>
2291 * Document parser changes.
2292 [5038238f60eb] <1.8>
2294 2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
2297 If there is an existing sudoers file, only install if it passes a
2299 [b1e4c9c56fe0] <1.8>
2301 * Add runasgroup support to testsudoers
2302 [30838590e9de] <1.8>
2304 * For "make check", keep going even if a test fails.
2305 [d3a72f67227e] <1.8>
2307 * More useful exit codes:
2308 * 0 - parsed OK and command matched.
2310 * 2 - command not matched
2311 * 3 - command denied
2312 [59301e0769cd] <1.8>
2314 * Document %#gid, and %:#nonunix_gid syntax.
2315 [39ee15af58e9] <1.8>
2317 * Add support to user_in_group() for treating group names that begin
2319 [0eb19980cf5f] <1.8>
2321 * configure, configure.in:
2322 Add explicit check for struct utmpx.ut_exit.e_termination and struct
2323 utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
2324 ut_exit if we detect one or the other.
2325 [ab5b665fc04b] <1.8>
2327 2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
2329 * Add back missing #include of config.h
2330 [9c82bec81018] <1.8>
2332 * Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
2334 [1ae630470f8a] <1.8>
2336 * Quote first argument to AC_DEFUN(); from Elan Ruusamae
2337 [c467e9e3b399] <1.8>
2339 2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
2341 * add new sudoers tests
2342 [05f2a0924acc] <1.8>
2344 * Add test for a newline in the middle of a string when no line
2345 continuation character is used.
2346 [24b79be5822b] <1.8>
2348 * Use bitwise AND instead of modulus to check for length being odd. A
2349 newline in the middle of a string is an error unless a line
2350 continuation character is used.
2351 [65c468599688] <1.8>
2353 * Move lexer globals initialization into init_lexer.
2354 [07a1171a1853] <1.8>
2356 * Fix a potential crash when a non-regular file is present in an
2357 includedir. Fixes bz #452
2358 [5057cb9516e4] <1.8>
2360 * On some Linux systems, "uname -p" contains detailed processor info
2361 so check "uname -m" first and then "uname -p" if needed. Recognize
2363 [56226c84a060] <1.8>
2365 2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
2367 * Don't need all sudoers.h here.
2368 [43b6ae5999c5] <1.8>
2370 * Print sudo version early, in case policy plugin init fails.
2371 [620f2d0ec4b1] <1.8>
2373 2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
2375 * Update to match change in input.
2376 [69540f84721d] <1.8>
2378 * Make an empty group or netgroup a syntax error.
2379 [4b85bddc494e] <1.8>
2381 * An empty group or netgroup should be a syntax error.
2382 [6ec796972eff] <1.8>
2384 * Check that uids work in per-user and per-runas Defaults Check that
2385 uids and gids work in a Command_Spec
2386 [68cf62353420] <1.8>
2388 * Test empty string in User_Alias and Command_Spec
2389 [017d487c31be] <1.8>
2391 * Allow a group ID in the User_Spec.
2392 [37e0bf69c8d8] <1.8>
2394 * Return an error for the empty string when a word is expected. Allow
2395 an ID for per-user or per-runas Defaults.
2396 [4c9020779582] <1.8>
2398 2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
2400 * Fix printing "User_Alias FOO = ALL"
2401 [97c9fd7caeb7] <1.8>
2403 2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
2405 * Better error message about invalid -C argument
2406 [2301e7a3835b] <1.8>
2409 [c5acde62a309] <1.8>
2411 * Fix placement of equal size ('=') in user specification summary.
2412 [4d0ffef77ae4] <1.8>
2414 2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
2416 * update to match sudoers regress
2417 [0efb8dc9092a] <1.8>
2419 * Restore ability to define TRACELEXER and have trace output go to
2421 [441c8b372217] <1.8>
2423 * Restore old behavior of setting sawspace = TRUE for command line
2424 args when a line continuation character is hit to avoid causing
2425 problems for existing sudoers files.
2426 [963ded6ce070] <1.8>
2428 * Add test for line continuation and aliases
2429 [5703d11a3c46] <1.8>
2431 * Make test output line up nicely for parse vs. toke
2432 [15321ce2d7d9] <1.8>
2434 * plugins/sudoers/regress/testsudoers/test1.ok,
2435 plugins/sudoers/regress/testsudoers/test2.out,
2436 plugins/sudoers/regress/testsudoers/test2.sh,
2437 plugins/sudoers/regress/testsudoers/test3.ok,
2438 plugins/sudoers/regress/testsudoers/test3.sh,
2439 plugins/sudoers/regress/visudo/test1.ok,
2440 plugins/sudoers/regress/visudo/test1.sh:
2441 Move parser tests to sudoers directory and test the tokenizer output
2443 [111c1ccda334] <1.8>
2445 * If we match a rule anchored to the beginning of a line after parsing
2446 a line continuation character, return an ERROR token. It would be
2447 nicer to use REJECT instead but that substantially slows down the
2449 [67e54b14aa9d] <1.8>
2451 * Move LEXTRACE macro to toke.h so we can use it in yyerror().
2452 [e6e04037deed] <1.8>
2454 * Make lex tracing settable at run-time in testsudoers via the -t
2455 flag. Trace output goes to stderr. Will be used by regress tests
2457 [a973f43cc0c2] <1.8>
2459 * Allow whitespace after the modifier in a Defaults entry. E.g.
2460 "Defaults: username set_home"
2461 [bf876c9fc5bb] <1.8>
2463 2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
2465 * Don't set CC when cross-compiling.
2466 [d3c33dcb02f2] <1.8>
2468 * Credit Matthew Thomas for the sudoers_search_filter changes.
2469 [2209b80664af] <1.8>
2471 * Add the .sym files to the MANIFEST
2472 [bb452b28a009] <1.8>
2474 * Update for sudo 1.8.1 beta
2475 [700d42d80e00] <1.8>
2477 * user_shell -> run_shell to avoid confusion with the user's SHELL
2479 [451b96d5f97e] <1.8>
2481 * Save the controlling tty process group before suspending in pty
2482 mode. Previously, we assumed that the child pgrp == child pid
2483 (which is usually, but not always, the case).
2484 [b0841d861191] <1.8>
2486 * Add support for sudoers_search_filter setting in ldap.conf. This
2487 can be used to restrict the set of records returned by the LDAP
2489 [70c5f496e2b3] <1.8>
2491 2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
2493 * configure, configure.in:
2494 Remove the hack to disable -g in CFLAGS unless --with-devel
2495 [9459839f50ba] <1.8>
2497 * The '@' character does not normally need to be quoted.
2498 [e66c4c64e514] <1.8>
2500 * We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
2501 if that whitespace is followed by a comma, we want to treat it as
2502 part of a list and not transition.
2503 [52ae2df9959d] <1.8>
2505 * Add check for whitespace when a User_List is used for a per-user
2507 [44a4db95be86] <1.8>
2509 * Expand quoted name checks to cover recent fixes.
2510 [bd494b5c2bed] <1.8>
2512 * Fix parsing of double-quoted names in Defaults and Aliases which was
2513 broken in 601d97ea8792.
2514 [dfdd58c3eb3b] <1.8>
2516 * toke_util.c lives in $(srcdir) not $(devdir)
2517 [94f8f024782e] <1.8>
2519 2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
2521 * configure, configure.in:
2522 Update version to 1.8.1
2523 [531a7d520f18] <1.8>
2525 * Document major changes in 1.8.1 and add upgrade notes.
2526 [116821646140] <1.8>
2528 * Be careful not to deref user_stat if it is NULL. This cannot
2529 currently happen in sudo but might in other programs using the
2531 [d72a9c7151c4] <1.8>
2533 * configure will not add -O2 to CFLAGS if it is already defined to add
2534 -O2 to the CFLAGS we pass in when PIE is being used.
2535 [2c7fe82be93d] <1.8>
2537 * Warn about the dangers of log_input and mention iolog_file and
2538 iolog_dir in the log_input and log_output descriptions.
2539 [edc6aa59aa45] <1.8>
2541 * sync with git version
2542 [b121cf739c77] <1.8>
2544 * It seems that h comes after i
2545 [99ad15015f05] <1.8>
2547 * Move log_input and log_output to their proper, sorted, location.
2548 Document set_utmp and utmp_runas.
2549 [216ce8b0ae1a] <1.8>
2551 * Save the controlling tty process group before suspending so we can
2552 restore it when we resume. Fixes job control problems on Linux
2553 caused by the previous attemp to fix resuming a shell when I/O
2554 logging not enabled.
2555 [dfe038f733be] <1.8>
2557 * Fix printing of the remainder after a newline. Fixes "sudo -l"
2558 output corruption that could occur in some cases.
2559 [ab2f0a629e0d] <1.8>
2561 * Add support for ut_exit
2562 [7039ec6a73fa] <1.8>
2564 * Add support for controlling whether utmp is updated and which user
2565 is listed in the entry.
2566 [1b008ce71eab] <1.8>
2568 * Fix typo; tupple vs. tuple
2569 [67bb5c67ae3d] <1.8>
2571 * For legacy utmp, strip the /dev/ prefix before trying to determine
2572 slot since the ttys file does not include the /dev/ prefix.
2573 [8f597114381d] <1.8>
2575 * Add check for _PATH_UTMP
2576 [fe7e2456f017] <1.8>
2578 * Adapt check_iolog_path to sessid changes
2579 [3016201869b6] <1.8>
2581 * Redo utmp handling. If no getutent()/getutxent() is available,
2582 assume a ttyslot-based utmp. If getttyent() is available, use that
2583 directly instead of ttyslot() so we don't have to do the stdin dup2
2585 [817490c7c20e] <1.8>
2587 * Move utmp handling into utmp.c
2588 [e4729d9259e9] <1.8>
2590 * Update copyright years.
2591 [1065afc00233] <1.8>
2593 2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
2595 * Add "user_shell" boolean as a way to indicate to the plugin that the
2597 [6e8bc49b7ea7] <1.8>
2599 * Move sessid out of sudo_user.
2600 [00d67d5ba894] <1.8>
2602 * Log the TSID even if it is not a simple session ID.
2603 [490cf0adae29] <1.8>
2605 * Document noexec in sample.sudo.conf and add back noexec_file section
2606 in sudoers with a note that it is deprecated.
2607 [c7a2d8d0c563] <1.8>
2609 * Fix running commands as non-root on systems where setreuid() changes
2610 the saved uid based on the effective uid we are changing to.
2611 [f3b27db56ba6] <1.8>
2613 2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
2615 * Move noexec path into sudo.conf now that sudo itself handles noexec.
2616 Currently can be configured in sudoers too but is now undocumented
2617 and will be removed in a future release.
2618 [9c5f64709994] <1.8>
2620 * Document "Path noexec ..." in sudo.conf. No longer document
2621 noexec_file in sudoers, it will be removed in a future release.
2622 [959fa6b5217b] <1.8>
2624 * Move noexec handling to sudo front-end where it is documented as
2626 [ef6cd4a40c61] <1.8>
2628 * Add support for disabling exec via solaris privileges. Includes
2629 preparation for moving noexec support out of sudoers and into front
2631 [d9c05ba9a24f] <1.8>
2633 * Only export the symbols corresponding to the plugin structs.
2634 [cb07af1d9b39] <1.8>
2636 * Install plugins manually instead of using libtool. This works
2637 around a problem on AIX where libtool will install a .a file
2638 containing the .so file instead of the .so file itself.
2639 [1ccf5af58c05] <1.8>
2642 Move check into its own rule since some versions of make will run
2643 both targets as the default rule.
2644 [7159f37eb552] <1.8>
2646 * Update to libtool 2.2.10
2647 [9e49773b32b7] <1.8>
2649 * In handle_signals(), restart the read() on EINTR to make sure we
2650 keep up with the signal pipe. Don't return -1 on EAGAIN, it just
2651 means we have emptied the pipe.
2652 [dc2926097b2d] <1.8>
2654 * Reorder functions to quiet a compiler warning.
2655 [5201367e5db4] <1.8>
2657 * Use the Sun Studio C compiler on Solaris if possible
2658 [b8d43b423fb9] <1.8>
2660 2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
2662 * Fix default setting of osversion variable.
2663 [e12905851be5] <1.8>
2665 * Make two login_class entris consistent.
2666 [0671d7b204be] <1.8>
2668 * Add support for adding a utmp entry when allocating a new pty.
2669 Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
2670 Currently only creates a new entry if the existing tty has a utmp
2672 [40ff30099e79] <1.8>
2674 * Avoid pulling in headers we don't need on Linux For getutx?id(),
2675 call setutx?ent() first and always call endutx?ent().
2676 [b86f7a13aae9] <1.8>
2678 * Add some more libs to SUDOERS_LIBS instead of relying on them to be
2679 pulled in by SUDO_LIBS.
2680 [bcbd16ec56c6] <1.8>
2682 * Fix return value of "sudo -l command" when command is not allowed,
2683 broken in [c7097ea22111]. The default return value is now TRUE and
2684 a bad: label is used when permission is denied. Also fixed missing
2685 permissions restoration on certain errors. On error()/errorx(), the
2686 password and group files are now closed before returning.
2687 [757c941a47b2] <1.8>
2689 2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
2691 * Fix passing of login class back to sudo front end.
2692 [5e649de6b7f5] <1.8>
2694 * Add --osversion flag to specify OS instead of running "pp
2696 [8a03943ac5e8] <1.8>
2698 * Fix expr usage w/ GNU expr
2699 [bdecfa1f54fc] <1.8>
2701 2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
2703 * Fix exit value for validate and list mode.
2704 [6f8b20199935] <1.8>
2706 * Fix non-interactive mode with sudoers plugin.
2707 [cf5aca4fcbcf] <1.8>
2709 2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
2711 * sudoreplay can now find IDs other than %{seq} and display the
2713 [60396b417633] <1.8>
2715 * Add support for replaying sessions when iolog_file is set to
2716 something other than %{seq}.
2717 [1cd2baa74d56] <1.8>
2719 2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
2721 * If we are killed by a signal, display the name of the signal that
2723 [1b38c4d42282] <1.8>
2725 * Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
2727 [78e97a921104] <1.8>
2729 * Fix bug in skey/opie check that could cause a shell warning.
2730 [f20229a04f30] <1.8>
2732 * No longer need sudo_getepw() stubs.
2733 [795631ac7db0] <1.8>
2735 2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
2737 * Fix exit value of "sudo -l command" in sudoers module.
2738 [4a05d6019b3d] <1.8>
2740 2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
2742 * Use fgets() not fgetln() for portability.
2743 [1f2050745096] <1.8>
2745 * Don't use the beta or release candidate version as the rpm release.
2746 [a5b049477646] <1.8>
2748 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
2751 Adjust ChangeLog rule now that 1.8 is branched
2752 [a994ac361e44] <1.8>
2755 Added tag SUDO_1_8_0 for changeset f6530d56f6ae
2756 [99a2b3801419] <1.8>
2758 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
2760 * configure, configure.in:
2762 [f6530d56f6ae] [SUDO_1_8_0]
2765 update sudo 1.8 section
2768 2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
2770 * plugins/sudoers/regress/testsudoers/test2.sh:
2771 fix test description
2774 * plugins/sudoers/regress/testsudoers/test2.out,
2775 plugins/sudoers/regress/testsudoers/test2.sh,
2776 plugins/sudoers/regress/visudo/test2.out,
2777 plugins/sudoers/regress/visudo/test2.sh:
2778 convert test2 to use testsudoers
2781 * include/sudo_plugin.h, src/sudo_plugin_int.h:
2782 Move struct generic_plugin to sudo_plugin_int.h
2785 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2786 plugins/sudoers/parse.c, plugins/sudoers/parse.h,
2787 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
2788 plugins/sudoers/sudoers.h:
2789 Allow sudoers file name, mode, uid and gid to be specified in the
2790 settings list. The sudo front end does not currently set these but
2794 2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
2796 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
2797 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
2798 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
2799 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
2804 * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
2805 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
2806 src/parse_args.c, src/sudo.h:
2807 add help text to sudo, visudo and sudoreplay for the -h option
2810 2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
2812 * compat/snprintf.c:
2813 avoid using "howmany" for a parameter name since it is a select-
2818 mention group_plugin when describing nonunix_group
2821 * doc/sudo_plugin.pod:
2822 Add missing period at end of sentence
2825 * Makefile.in, doc/Makefile.in, include/Makefile.in,
2826 plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
2827 plugins/sudoers/Makefile.in, src/Makefile.in:
2828 add localstatedir; closes bug 471
2831 * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
2832 src/exec.c, src/exec_pty.c:
2833 The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
2838 add missing AH_TEMPLATE for ENV_RESET
2842 SVR5 systems return non-zero for success on socketpair(), check for
2843 -1 instead. Closes Bug 469
2846 2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
2848 * configure, configure.in:
2852 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
2853 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
2854 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
2855 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
2860 Document that a sudo.conf file with no Pligin lines uses the default
2864 * src/load_plugins.c:
2865 If sudo.conf contains no Plugin lines, use the default sudoers
2866 policy and I/O plugins.
2869 2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
2871 * plugins/sudoers/sudo_nss.c:
2872 Avoid printing empty "Runas and Command-specific defaults for user"
2877 Truncate the buffer at buf.len before printing in the non-wordwrap
2882 Remove extra newline when the tty width is very small or unavailable
2885 2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
2887 * plugins/sudoers/alias.c:
2888 Remove unneeded variable.
2891 2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
2893 * configure, configure.in:
2894 Prefer getutxid over getutid
2897 * plugins/sudoers/boottime.c:
2898 Include utmp.h / utmpx.h before missing.h as apparently including it
2899 afterwards causes a compilation problem on GNU Hurd.
2902 2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
2904 * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
2905 #include "foo.h", not <foo.h> for local includes.
2912 * compat/mksiglist.c:
2916 * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
2917 plugins/sudoers/match.c:
2918 return foo not return(foo)
2921 2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
2924 Remove duplicate FD_SET of signal_pipe[0]
2927 2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
2929 * compat/mksiglist.c:
2930 Use "missing.h" not <missing.h> in generated code.
2933 2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
2935 * aclocal.m4, configure:
2936 fix --with-iologdir=no
2939 * aclocal.m4, configure:
2940 fix typo that broke --with-iologdir
2943 2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
2945 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
2946 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
2947 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
2948 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
2950 Bump version to 1.8.0b4
2957 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2958 Attempt to clarify how users and groups interact in Runas_Specs
2961 * plugins/sudoers/regress/visudo/test2.out,
2962 plugins/sudoers/regress/visudo/test2.sh:
2963 Add test for quoted group that contains escaped double quotes
2966 * src/exec.c, src/exec_pty.c:
2967 Pass SIGUSR1/SIGUSR2 through to the child.
2970 * src/exec_pty.c, src/sudo_exec.h:
2971 Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
2972 SIGUSR2 to indicate whether the child should be continued in the
2973 foreground or background.
2977 Use pid_t not int and check the return value of kill()
2980 2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
2983 Remove obsolete comment
2987 In non-pty mode before continuing the child, make it the foreground
2988 pgrp if possible. Fixes resuming a shell.
2992 If we get a signal other than SIGCHLD in the monitor, pass it
2993 directly to the child.
2996 * src/exec.c, src/exec_pty.c, src/sudo.h:
2997 Save signal state before changing handlers and restore before we
2998 execute the command.
3001 2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
3003 * plugins/sudoers/iolog.c:
3004 Use a char array to map a number to a base36 digit.
3007 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
3008 Be clear about what versions of sudo support new LDAP attributes.
3009 Fix up some formatting of attribute names. Minor other tweaks.
3012 2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
3014 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3015 match quoted strings the same way whether in a Defaults line or as a
3016 user/group/netgroup name. Fixes escaped double quotes in quoted
3017 user/group/netgroup names.
3020 * plugins/sudoers/Makefile.in:
3021 'make check' depends on visudo and testsudoers
3024 * plugins/sudoers/sudoers2ldif:
3025 Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
3028 2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
3031 Mention LDAP attribute compatibility status.
3034 2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
3040 * INSTALL, NEWS, config.h.in, configure, configure.in,
3041 doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
3042 Add --disable-env-reset configure option.
3045 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3046 Document that sudoers_locale also affects logging and email.
3049 * NEWS, config.h.in, configure, configure.in,
3050 plugins/sudoers/logging.c:
3051 Do logging and email sending in the locale specified by the
3052 "sudoers_locale" setting ("C" by default). Email send by sudo
3053 includes MIME headers when the sudoers locale is not "C".
3056 2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
3058 * plugins/sudoers/check.c:
3062 2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
3064 * NEWS, src/parse_args.c, src/sudo.c:
3065 Perform command escaping for "sudo -s" and "sudo -i" after
3066 validating sudoers so the sudoers entries don't need to have all the
3070 2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
3072 * plugins/sudoers/logging.c:
3073 Prepend "list " to the command logged when "sudo -l command" is used
3074 to make it clear that the command was listed, not run.
3077 * plugins/sudoers/parse.c:
3081 * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
3082 common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
3083 compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
3084 compat/nanosleep.c, compat/regress/glob/globtest.c,
3085 compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
3086 compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
3087 plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
3088 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
3089 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
3090 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
3091 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
3092 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
3093 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
3094 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
3095 plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
3096 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
3097 plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
3098 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
3099 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
3100 plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
3101 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
3102 plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
3103 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
3104 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
3105 plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
3106 plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
3107 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
3108 src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
3109 src/sudo_noexec.c, src/tgetpass.c:
3110 standardize on "return foo;" rather than "return(foo);" or "return
3114 * plugins/sudoers/sudoers.c:
3115 Do not reject sudoers file just because it is root-writable.
3118 2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
3124 * plugins/sudoers/sudo_nss.c:
3125 For "sudo -U user -l" if user is not authorized on the host, say so.
3128 * plugins/sudoers/ldap.c:
3129 In sudo_ldap_lookup(), always do the initial sudoers check as the
3130 invoking user. If we are listing another user's privs we will do a
3131 separate lookup using list_pw later.
3134 2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
3137 add parser fill tests
3140 * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
3141 Don't test features not supported by the bundled glob()
3144 * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
3145 compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
3146 doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
3147 doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
3148 doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
3149 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3150 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
3151 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
3152 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
3153 plugins/sudoers/ldap.c, plugins/sudoers/match.c,
3154 plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
3155 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
3156 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
3157 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
3158 plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
3159 Update copyright year to 2011
3162 * plugins/sudoers/sudo_nss.c:
3163 When listing, use separate lbufs for the defaults and the privileges
3164 and only print something if the number of privileges is non-zero.
3165 Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
3168 * plugins/sudoers/ldap.c:
3169 Stash pointer to user group vector in LDAP handle and only reuse the
3170 query if it has not changed. We always allocate a new buffer when
3171 we reset the group vector so a simple pointer check is sufficient.
3174 * plugins/sudoers/sudo_nss.c:
3175 Check initgroups() return value.
3178 * plugins/sudoers/Makefile.in,
3179 plugins/sudoers/regress/parser/check_fill.c:
3180 Add tests for the fill functions in toke_util.c
3183 2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
3185 * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
3193 2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
3196 Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
3199 2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
3202 Add Requires line for audit-libs >= 1.4 for RHEL5+
3206 sync with git version
3209 2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
3211 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3215 2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
3218 Update for sudo 1.7.4p5
3221 * doc/schema.OpenLDAP, doc/schema.iPlanet:
3222 Add sudoNotBefore and sudoNotAfter attributes as optional attributes
3223 to the sudoRole object class. From Andreas Mueller
3226 2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
3229 Mention "sudo -g group" password check fix.
3232 * plugins/sudoers/sudoers.c:
3233 Fix "sudo -g" support in the sudoers module.
3236 * plugins/sudoers/check.c:
3237 If the user is running sudo as himself but as a different group we
3238 need to prompt for a password.
3241 2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
3243 * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
3244 doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
3245 plugins/sudoers/ldap.c:
3246 Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
3247 LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
3248 derived LDAP SDKs but we can pass the timeout parameter to
3249 ldap_search_ext_s() or ldap_search_st() when possible.
3252 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
3256 * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
3257 Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
3258 with OpenLDAP ldap.conf files.
3261 * plugins/sudoers/pwutil.c:
3262 If user has no supplementary groups, fall back on checking the group
3266 2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
3268 * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
3272 * plugins/sudoers/toke.c, plugins/sudoers/toke.h,
3273 plugins/sudoers/toke.l:
3274 Move fill macro to toke.h
3277 * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
3278 plugins/sudoers/toke.h, plugins/sudoers/toke.l,
3279 plugins/sudoers/toke_util.c:
3280 Split tokenizer utility functions out into toke_util.c
3283 * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
3284 plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3288 2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
3294 * plugins/sudoers/Makefile.in:
3295 Add visudo tests to check target
3298 * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
3299 compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
3300 compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
3301 Add my regress tests for fnmatch() and glob() from OpenBSD.
3304 * plugins/sudoers/regress/testsudoers/test1.sh,
3305 plugins/sudoers/regress/visudo/test1.ok,
3306 plugins/sudoers/regress/visudo/test1.sh:
3307 Add regress test for command tags using visudo -c
3310 * plugins/sudoers/Makefile.in,
3311 plugins/sudoers/regress/testsudoers/test1.ok,
3312 plugins/sudoers/regress/testsudoers/test1.sh:
3313 Add support for regress tests using testsudoers
3316 * plugins/sudoers/testsudoers.c:
3317 Need to set user_name explicitly due to internal changes made when
3318 converting sudoers to a plugin.
3321 2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
3323 * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
3324 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
3325 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3326 plugins/sudoers/regress/iolog_path/check_iolog_path.c,
3327 plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
3329 Add regression tests for iolog_path()
3332 * Makefile.in, common/Makefile.in, compat/Makefile.in,
3333 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
3334 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3335 src/Makefile.in, zlib/Makefile.in:
3336 Add support for "make Makefile" to regenerate Makefile from
3340 * plugins/sudoers/iolog_path.c:
3341 Quiest a bogus compiler warning.
3344 2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
3346 * plugins/sudoers/iolog_path.c:
3347 Protect call to setlocale() with HAVE_SETLOCALE
3350 2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
3353 mkstemps.c was renamed mktemp.c
3357 Update from 1.7 branch
3361 Use "mv -f" when regenerating ChangeLog
3364 * plugins/sudoers/match.c:
3365 Fix NULL dereference with "sudo -g group" when the sudoers rule has
3366 no runas user or group listed. Fixes RedHat bug Bug 667103.
3369 2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
3371 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
3372 Correct the default sudo.conf example
3375 2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
3377 * plugins/sudoers/iolog_path.c:
3378 Reset slashp if we allocate a new buffer for strftime()
3381 * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
3382 plugins/sudoers/sudoers.h:
3383 Add extra out parameter to expand_iolog_path() to allow the caller
3384 to split the path into dir and file components if needed.
3387 2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
3389 * plugins/sudoers/iolog.c:
3390 mkdir_iopath() returns size_t now that it uses strlcpy() and not
3394 * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
3395 Trim leading slashes from iolog_file and trailing slashes from
3399 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
3400 plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
3401 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
3402 Pass a single I/O log file name in command_details instead of
3403 separate dir + file parameters.
3406 * plugins/sudoers/sudoreplay.c:
3407 change an error() to errorx()
3410 * plugins/sudoers/iolog.c:
3411 Add missing cwd line to I/O log info file that got dropped when
3412 iolog_deserialize_info() was added
3415 2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
3417 * plugins/sudoers/iolog.c:
3418 Avoid relying on globals filled in by the sudoers policy module for
3419 the sudoers I/O log module. The I/O log open function now pulls the
3420 bits it needs out of user_info and command_info.
3423 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
3424 plugins/sudoers/sudoers.h:
3425 If no iolog file is specified by the policy plugin, use io_nextid()
3426 to determine the next file in the sequence.
3429 2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
3431 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
3432 Document iolog_compress in command_info
3435 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
3436 Add support for the iolog_compress variable in command_info.
3439 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
3440 Add sigsetjmp() calls to all plugin entry points just to be safe.
3443 * src/sudo.c, src/sudo.h:
3444 Don't need iolog variables in struct command_details, they are for
3445 the I/O log plugins to handle.
3448 2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
3450 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3451 Document use of mkdtemp() for iolog path teplates
3454 * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
3455 doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
3456 doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
3457 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
3461 * doc/sudo_plugin.pod, doc/sudoers.pod:
3462 Document iolog_file and supported escape sequences for sudoers.
3463 Clarify that iolog_file can contain directories.
3466 * compat/Makefile.in, configure, configure.in:
3467 Fix building of mkstemps/mkdtemp replacements.
3470 * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
3471 configure.in, include/missing.h:
3472 Provide mkdtemp() for systems without it.
3475 * plugins/sudoers/iolog_path.c:
3479 * plugins/sudoers/iolog.c:
3480 Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
3481 glibc mkdtemp() returns EINVAL.
3484 * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
3485 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
3486 plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
3487 plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
3488 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
3489 Allow sudoers to specify the iolog file in addition to the iolog
3490 dir. Add escape sequence support to iolog file and dir: sequence
3491 number, user, group, runas_user, runas_group, hostname and
3492 command in addition to any escape sequence recognized by
3496 * plugins/sudoers/iolog.c:
3497 Add missing sigsetjmp() call in I/O plugin open function. Fixes a
3498 crash when the I/O plugin calls error(), errorx() or log_error().
3501 2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
3503 * doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
3504 plugins/sudoers/sudoers.c:
3505 Give the policy module fine-grained control over what the I/O plugin
3510 Clear OPOST from c_oflag like we used to. Fixes screen-based
3515 Clarify umask option description. From Reuben Thomas.
3518 2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
3520 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
3521 Pick last match in LDAP sudoers too
3524 * doc/sudo_plugin.pod:
3525 Document iolog_file, iolog_dir and use_pty
3528 * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
3529 plugins/sudoers/sudoers.c:
3530 Adapt plugins to version I/O logging ABI 1.1
3533 * src/exec.c, src/sudo.h:
3534 Add use_pty command_info flag for policies to indicate that a pty
3535 should be allocated even if no I/O logging is performed.
3539 Add remaining plugin convenience functions
3542 * include/sudo_plugin.h, src/sudo.c, src/sudo.h,
3543 src/sudo_plugin_int.h:
3544 Change I/O log API to pass in command info to the I/O log open
3545 function. Add iolog_file and iolog_dir parameters to command info.
3546 This allows the policy plugin to specify the I/O log pathname. Add
3547 convenience functions for calling plugin functions that handle ABI
3548 backwards compatibility.
3555 2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
3557 * configure, configure.in:
3558 Bump version to 1.8.0b3
3561 2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
3564 Remove extraneous newline
3567 2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
3569 * doc/sudoers.pod, plugins/sudoers/def_data.c,
3570 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
3571 plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
3572 Make I/O log dir configurable.
3575 * aclocal.m4, configure, configure.in, doc/sudoers.pod:
3576 Rename io_logdir to iolog_dir
3579 2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
3582 Add missing '*' that prevented the generic ELF case from matching.
3586 If file(1) can't identify the ELF binary type, try readelf(1).
3589 2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
3591 * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
3592 plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
3593 plugins/sudoers/sudoers.c, src/sudo.c:
3594 Use %u to print uid/gid, not %lu and adjust casts to match.
3597 * doc/sudoers.ldap.pod:
3598 Clarify ordering of entries and attributes.
3601 * doc/sudoers.ldap.pod:
3602 Fix typo and editing goof.
3605 * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
3606 doc/sudoers.ldap.pod:
3607 Merge in ordered LDAP entry support from Andreas Mueller.
3610 * plugins/sudoers/ldap.c:
3611 Make sure we don't dereference a NULL handle.
3614 2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
3617 Add support for RHEL 6 file modes that include a trailing dot on
3618 files with an SELinux security context
3621 2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
3624 exec_setup() does not need to setuid(0), the Ubuntu issue was in the
3628 * plugins/sudoers/sudoers.c:
3629 create_admin_success_flag() should use restore_perms() rather than
3630 set_perms() to restore the uid.
3634 In exec_setup() call setuid(0) to make certain the subsequent uid
3635 and gid changes will succeed. Fixes a problem on Ubuntu.
3639 Error out if we cannot change to root's uid so we catch the failure
3643 2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
3646 fix typo; from Michael T Hunter
3649 * plugins/sudoers/match.c:
3650 In sudoedit mode, assume command line arguments are paths and pass
3651 FNM_PATHNAME to fnmatch().
3654 2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
3656 * configure, configure.in:
3657 Add workaround for an error in sys/types.h on HP-UX 11.23 when large
3658 file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
3659 broken bits of the header file.
3663 Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
3667 For Tru64, strip off beta version.
3670 * MANIFEST, plugins/sudoers/testsudoers.c,
3671 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
3672 Avoid conflicts with system definitions in grp.h and pwd.h
3676 Include stdio.h after zlib.h, not before. We need the large file
3677 defines to come first.
3680 2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
3682 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
3687 Don't clean ChangeLog
3690 * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
3691 Add prototype for cleanup()
3694 2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
3696 * plugins/sudoers/group_plugin.c:
3697 Avoid deferencing group_plugin if it is NULL in
3698 group_plugin_query(). This should not happen.
3701 * plugins/sudoers/group_plugin.c:
3702 group plugin init function return TRUE when successful
3705 2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
3707 * plugins/sudoers/ldap.c:
3708 Enlarge the array of entry wrappers int blocks of 100 entries to
3709 save on allocation time. From Andreas Mueller
3712 * plugins/sudoers/ldap.c:
3713 Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
3714 that was mistakenly dropped.
3717 2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
3719 * doc/TROUBLESHOOTING:
3720 Mention that sudo needs "ar" to build.
3723 * configure, configure.in:
3724 Fail with a more useful error if "ar" is not found.
3727 2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
3729 * plugins/sudoers/ldap.c:
3730 Merge in ordered LDAP entry support from Andreas Mueller and add
3731 local changes from the 1.7 branch.
3734 2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
3736 * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
3737 doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
3738 Add timed entry support from Andreas Mueller.
3741 * plugins/sudoers/group_plugin.c:
3742 Don't try to unload if group_plugin is NULL. Don't call dlclose() if
3743 group_handle is NULL
3746 * plugins/sudoers/sudoers.h:
3747 It is now plugin_cleanup(), not cleanup()
3750 * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
3751 Call plugin_cleanup(), not cleanup()
3754 2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
3756 * plugins/sudoers/ldap.c:
3757 Use efree() not free() and remove malloc.h include since we never
3758 directly call malloc() or free().
3761 2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
3764 set PSTAMP for Solaris and move the backend-specific bits to their
3765 own %if [xxx] %endif blocks in %set.
3772 * configure, configure.in:
3773 Only substitute file zlib files when using the builtin zlib
3776 * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
3777 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3778 src/Makefile.in, zlib/Makefile.in:
3779 Give up on using VPATH to find sources as it is implemented
3780 inconsistenly in different versions of make.
3783 * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
3784 plugins/sudoers/gram.c, plugins/sudoers/toke.c:
3785 Include config.h before any other includes to make sure we get the
3786 right value for _FILE_OFFSET_BITS.
3798 g/c unused $(GENERATED)
3801 2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
3803 * plugins/sudoers/group_plugin.c:
3804 Zero out group_plugin on unload just to be safe.
3807 * plugins/sudoers/group_plugin.c:
3808 Unload group plugin if its init function fails.
3812 Only chdir to cwd if it is different from the current cwd or there
3813 is a new root (chroot).
3816 * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
3817 doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
3818 doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
3819 Bump version to 1.8.0b2
3822 2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
3825 Better --enable-zlib description
3829 Use system zlib on Linux Let configure decide on Solaris For all
3830 others, use builtin zlib
3834 Add large file support.
3838 Add large file support.
3841 * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
3842 zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
3843 zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
3844 zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
3845 zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
3846 zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
3847 zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
3848 zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
3849 Add local copy of zlib for systems that lack it.
3852 2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
3855 If perform_io() fails, kill the child before exiting so it doesn't
3856 complain about connection reset. We can get an I/O error if, for
3857 example, and we get EIO reading from stdin.
3860 2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
3862 * plugins/sudoers/sudoers.c, src/sudo.c:
3863 Fix complilation on systems with set_auth_parameters() Sprinkle
3864 volatile to quiet warnings from gcc 2.8.0
3867 * compat/dlfcn.h, compat/dlopen.c:
3868 Avoid potential namespace issues with dlopen() emulation.
3875 * plugins/sudoers/interfaces.c:
3876 Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
3881 Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
3884 * configure, configure.in:
3885 HP-UX 10.20 libc has an incompatible getline
3888 * plugins/sudoers/visudo.c:
3889 Quiet an HP-UX compiler warning.
3892 * configure, configure.in:
3893 Check for vi even with --with-editor specified; the sample plugin
3897 2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
3900 Fix remaining syntax errors.
3904 sudo binary depends on the libtool-generated libs
3907 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
3908 Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
3909 include the local or system dlfcn.h
3913 Don't use run_as_superuser=false on HP-UX
3917 Use memset() instead of zero_bytes() since we don't include
3921 * plugins/sudoers/interfaces.c:
3922 Fix pasto; AF_INET not AF_INET6
3926 Actually call shl_load()
3930 Update from git repo. Debian: version numbers now compliant with
3931 policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
3935 * configure, configure.in:
3936 Fix dlopen() detection for systems where dlopen() is in a separate
3940 * plugins/sudoers/auth/pam.c:
3941 If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
3942 useful message and return AUTH_FATAL so sudo does not keep trying to
3947 sudo_preload_table is an array
3951 Quiet a compiler warning and fix sudo_preload_table external
3956 Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
3959 * plugins/sudoers/group_plugin.c:
3960 Make this compile correctly when no dlopen is available.
3963 2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
3965 * plugins/sudoers/check.c:
3966 Having a timestamp file defined is no longer indicative of tty
3967 tickets being enabled. Check def_tty_tickets directly.
3970 * src/exec_pty.c, src/sudo.h, src/ttysize.c:
3971 Fix TCGETWINSZ compat.
3974 2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
3976 * src/exec_pty.c, src/ttysize.c:
3977 Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
3980 2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
3982 * plugins/sudoers/sudoers.c, src/sudo.c:
3983 Move set_project() from sudoers module into sudo proper.
3986 * configure, configure.in:
3987 Fix typo and regenerate
3990 * plugins/sudoers/ldap.c:
3991 When iterating over returned LDAP entries, keep looking at remaining
3992 matches even if we have a positive match. This catches negative
3993 matches that may exist in other entries and more closely match the
3994 sudoers file behavior.
3998 Add support for multiple package instances on Solaris.
4002 Add missing signal_pipe[0] to fdsr for the non-pty case.
4006 Add --with-project for Solaris
4010 Need ar and ranlib too
4013 2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
4015 * plugins/sudoers/env.c:
4016 Preserve ODMDIR environment variable by default on AIX.
4019 2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
4021 * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
4022 config.h.in, configure, configure.in, plugins/sample/Makefile.in,
4023 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
4024 plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
4025 plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
4027 Add dlopen() emulation for systems without it. For HP-UX 10, emulate
4028 using shl_load(). For others, link sudoers plugin statically and use
4029 a lookup table to emulate dlsym().
4032 2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
4034 * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
4035 compat/nanosleep.c, compat/utimes.c:
4036 When including compat headers, use the compat dir as part of the
4037 path so we are sure to get the correct header.
4040 2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
4042 * plugins/sudoers/linux_audit.c:
4043 Ignore ECONNREFUSED from audit_log_user_command() which will occur
4044 if auditd is not running.
4047 2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
4050 Sync with git version
4053 2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
4055 * common/fileops.c, plugins/sudoers/defaults.c:
4056 Cast isblank argument to unsigned char.
4059 2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
4061 * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
4062 doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
4063 Implement --with-umask-override configure flag.
4066 * plugins/sudoers/env.c:
4067 Take MODE_LOGIN_SHELL into account when initially setting reset_home
4068 instead of special-casing it later.
4071 * plugins/sudoers/sudoers.c:
4072 In login mode, make a copy of the runas user's pw_shell for
4073 NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
4077 * plugins/sudoers/env.c:
4078 Reset HOME for "sudo -i" even if HOME was listed in env_keep.
4082 Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
4086 Reset signal mask at sudo startup time; we need to be able to rely
4087 on normal signal delivery to control the child process.
4090 2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
4093 Use sed instead of expr to split a flag from its argument. Fixes a
4094 problem with expr interpreting its arguments as a flag when they
4099 Do not need sys/time.h after all
4103 Include sys/time.h for utimes() and struct timeval. No longer need
4104 ioctl.h or termios.h
4107 * compat/snprintf.c:
4108 Quiet bogus compiler warnings.
4111 * include/missing.h:
4112 Declare innetgr() for HP-UX which is missing a declaration. Declare
4113 domainname() for HP-UX and Solaris which are missing a declaration.
4116 * plugins/sudoers/bsm_audit.c:
4117 Use __sun for consistency with the rest of the sources.
4120 * plugins/sudoers/group_plugin.c:
4121 Quiet a bogus compiler warning.
4124 * plugins/sudoers/pwutil.c:
4125 Don't try to delref a NULL group.
4128 * common/alloc.c, common/lbuf.c:
4129 Include memory.h on systems that need it.
4132 2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
4135 Quiet gcc warnings on glibc systems that use warn_unused_result for
4139 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4140 sudo_plugin is in section 8; from Ted Percival
4143 * plugins/sudoers/Makefile.in:
4144 testsudoers depends on libsudoers.la, not sudoreplay
4147 2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
4150 Read as many signals on the signal pipe as we can before returning.
4153 * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
4154 Instead of using a array to store received signals, open a pipe and
4155 have the signal handler write the signal number to one end and
4156 select() on the other end. This makes it possible to handle signals
4157 similar to I/O without race conditions.
4160 2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
4162 * doc/visudo.pod, plugins/sudoers/visudo.c:
4163 Make "visudo -c -f -" check the standard input.
4167 set_home and always_set_home have an effect if HOME is present in
4171 * plugins/sudoers/env.c:
4172 Make -H flag work when HOME is listed in env_keep. Also makes
4173 "set_home" and "always_set_home" override override HOME in env_keep.
4176 2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
4178 * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
4179 plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
4180 plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
4181 plugins/sudoers/visudo.c, src/net_ifs.c:
4182 Convert sudoers plugin to use interface list passed in settings.
4185 * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
4186 src/parse_args.c, src/sudo.h:
4187 Query local network interfaces in the main sudo driver and pass to
4188 the plugin as "network_addrs" in the settings list.
4191 * plugins/sudoers/bsm_audit.c:
4192 Solaris BSM audit return EINVAL when auditing is not enabled,
4193 whereas OpenBSM returns ENOSYS.
4196 2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
4199 missing.h should come before most local includes
4202 * plugins/sudoers/sudoreplay.c:
4203 missing.h should come before most local includes
4206 * plugins/sudoers/sudoers.h:
4207 Make local includes consistent; use double quotes for local includes
4208 except for generated ones where we use angle brackets.
4211 * plugins/sudoers/sudoers.c:
4212 Always fill in NewArgv for audit code.
4215 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4216 Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
4219 * common/alloc.c, common/atobool.c, common/fileops.c,
4220 common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
4221 common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
4222 compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
4223 compat/getprogname.c, compat/glob.c, compat/isblank.c,
4224 compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
4225 compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
4226 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
4227 compat/unsetenv.c, compat/utimes.c, include/compat.h,
4228 plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
4229 plugins/sample_group/plugin_test.c,
4230 plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
4231 plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
4232 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
4233 plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
4234 plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
4235 plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
4236 src/sudo_noexec.c, src/ttysize.c:
4237 Make local includes consistent; use double quotes for local includes
4238 except for generated ones where we use angle brackets. Also g/c
4242 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
4244 * plugins/sudoers/match.c:
4245 When matching the runas user and runas group (-u and -g command line
4246 options), keep track of runas group and runas user matches
4247 separately. Only return a positive match if we have a match for
4248 both runas user and runas group (if specified).
4251 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
4253 * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
4254 Add support for multiple URI lines by joining the contents and
4255 passing the result to ldap_initialize.
4258 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
4259 Do not return -1 on error from the display functions; the caller
4260 expects a return value >= 0.
4263 * plugins/sudoers/sudoers.c:
4264 Do not set both MODE_EDIT and MODE_RUN
4267 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
4269 * include/missing.h:
4270 Move includes to the top of the file.
4273 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
4275 * plugins/sudoers/Makefile.in:
4276 Add missing definition of timedir
4279 * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
4280 compat/mksiglist.c, compat/strsignal.c,
4281 plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
4282 Add #include of sys/types.h for .c files that include missing.h to
4283 be sure that size_t and ssize_t are defined.
4286 * plugins/sudoers/Makefile.in:
4287 Install sudoers file from the build dir not hte src dir.
4290 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
4292 * plugins/sudoers/set_perms.c:
4293 If runas_pw changes, reset the stashed runas aux group vector.
4294 Otherwise, if runas_default is set in a per-command Defaults
4295 statement, the command runs with root's aux group vector (i.e. the
4296 one that was used when locating the command).
4299 * plugins/sudoers/Makefile.in:
4300 Add target to generate sudoers file Remove generated sudoers file as
4304 2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
4307 When not logging I/O install a handler for SIGCONT and deliver it to
4308 the command upon resume. Fixes bugzilla #431
4311 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
4313 * plugins/sudoers/sudoers.h:
4314 g/c unused auth_pw extern definition
4317 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
4318 Move get_auth() into check.c where it is actually used.
4321 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
4324 Convert a remaining puts() and putchar() to use the output function.
4327 * plugins/sudoers/plugin_error.c:
4331 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
4333 * plugins/sudoers/env.c:
4334 Set dupcheck to TRUE when setting new HOME value if !env_reset but
4335 always_set_home is true. Prevents a duplicate HOME in the
4336 environment (old value plus the new one) introduced in f421f8827340.
4339 * configure, configure.in, plugins/sudoers/sudoers,
4340 plugins/sudoers/sudoers.in:
4341 Substitute sysconfdir in the installed sudoers file to get the
4342 correct path for sudoers.d.
4345 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
4348 Fix typo that prevented compilation on Irix; Friedrich Haubensak
4351 2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
4353 * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
4354 common/atobool.c, common/fileops.c, common/fmt_string.c,
4355 common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
4356 compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
4357 compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
4358 compat/getprogname.c, compat/glob.c, compat/isblank.c,
4359 compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
4360 compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
4361 compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
4362 compat/unsetenv.c, compat/utimes.c, include/compat.h,
4363 include/missing.h, plugins/sample/sample_plugin.c,
4364 plugins/sample_group/getgrent.c,
4365 plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
4366 plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
4367 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
4368 plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
4369 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
4370 plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
4371 src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
4372 Merge compat.h and missing.h into missing.h
4375 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
4377 * plugins/sudoers/auth/pam.c:
4378 If the user hits ^C while a password is being read, error out before
4379 reading any further passwords in the pam conversation function.
4380 Otherwise, if multiple PAM auth methods are required, the user will
4381 have to hit ^C for each one.
4384 2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
4386 * plugins/sudoers/check.c:
4390 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
4391 Document sudo_conv_t function and sudo_printf_t return values.
4394 * src/conversation.c:
4395 Make _sudo_printf return the number of characters printed on success
4399 2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
4401 * plugins/sudoers/sudoers.c:
4402 sudoers.h includes sudo_plugin.h for us
4405 * common/Makefile.in, common/gettime.c, compat/mkstemps.c,
4406 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
4408 Use gettimeofday() directly instead of via the gettime() wrapper.
4411 * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
4412 compat/strerror.c, config.h.in, configure, configure.in,
4413 include/compat.h, include/missing.h, plugins/sudoers/logging.c,
4414 plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
4415 Remove some obsolete configure tests, ancient Unix systems are no
4419 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
4422 Set pp_kit_version and strip off patch level
4426 Better handling of versions with a patchlevel. For rpm and deb, use
4427 the patchlevel+1 as the release. For AIX, use the patchlevel as the
4428 4th version number. For the rest, just leave the patchlevel in the
4432 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
4434 * plugins/sudoers/auth/sudo_auth.c:
4435 For non-standalone auth methods, stop reading the password if the
4436 user enters ^C at the prompt.
4439 * configure, configure.in, plugins/sudoers/Makefile.in,
4440 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
4441 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
4442 plugins/sudoers/pwutil.c:
4443 No need to look up shadow password unless we are doing password-
4444 style authentication. This moves the shadow password lookup to the
4445 auth functions that need it.
4448 * plugins/sudoers/sudoers.c:
4449 Retain final passwd/group refs until the policy close() function.
4450 Note that this doesn't get called in all cases so putting this in a
4451 cleanup function is probably better.
4454 * plugins/sudoers/check.c:
4458 * plugins/sudoers/check.c:
4459 When removing/resetting the timestamp file ignore the tty ticket
4463 * plugins/sudoers/sudoers.c:
4464 delref sudo_user.pw, runas_pw and runas_gr immediately before we
4468 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
4470 * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
4471 plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
4472 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
4473 Reference count cached passwd and group structs. The cache holds
4474 one reference itself and another is added by sudo_getgr{gid,nam} and
4475 sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
4476 group structs are persistent for now.
4483 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
4485 * plugins/sudoers/check.c:
4486 Do not produce a warning for "sudo -k" if the ticket file does not
4490 * plugins/sudoers/pwutil.c:
4491 Instead of caching struct passwd and struct group in the red-black
4492 tree, store a struct cache_item which includes both the key and
4493 datum. This allows us to user the actual name that was looked up as
4494 the key instead of the contents of struct passwd or struct group.
4495 This matters because the name in the database may not match what we
4496 looked up, due either to case folding or truncation (historically at
4497 8 characters). Also mark the disabled calls to sudo_freepwcache()
4498 and sudo_freegrcache() as broken since we use cached data for things
4499 like set_perms() and the logging functions. Fixing this would
4500 require making a copy of the structs for user and runas or adding a
4501 reference count (better).
4504 * plugins/sudoers/Makefile.in:
4505 Fix path to mkinstalldirs
4508 * plugins/sudoers/check.c, plugins/sudoers/logging.c,
4509 plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
4510 src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
4511 Quiet gcc warnings on glibc systems that use warn_unused_result for
4512 write(2) and others.
4515 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
4517 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4521 * aclocal.m4, configure, configure.in:
4522 Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
4523 back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
4527 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
4529 * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
4530 Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
4531 and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
4534 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
4537 Update to latest version
4540 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
4543 Let pp determine pp_aix_version itself.
4546 * INSTALL, config.h.in, configure, configure.in, mkpkg,
4547 plugins/sudoers/sudoers.c:
4548 Add support for Ubuntu admin flag file and enable it when building
4552 * plugins/sudoers/sudoers, sudo.pp:
4553 Add commented out SuSE-like targetpw settings
4556 * configure, configure.in:
4557 Only try to use +DAportable for non-GCC on hppa
4560 * configure, configure.in:
4561 Prevent configure from adding the -g flag unless in devel mode
4564 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
4567 Go back to sudo-flavor to match existing packages and only use an
4568 underscore for those that need it.
4572 Use sudo_$flavor instead of sudo-$flavor since that causes the least
4573 amount of trouble for the various package managers.
4577 Fix handling of the ldap flavor Remove destdir unless --debug was
4578 specified Make distclean before running configure if there is a
4583 Add back include file.
4587 Pass extra args on to configure on HP-UX, if we don't have the HP C
4588 compiler, disable zlib to prevent gcc from finding it in
4593 Use the HP ANSI C compiler on HP-UX if possible
4596 * plugins/sudoers/sudoreplay.c:
4597 Some getline() implementations (FreeBSD 8.0) do not ignore the
4598 length pointer when the line pointer is NULL as they should.
4601 * plugins/sudoers/sudoreplay.c:
4602 Don't need to check for *cp being non-zero, isdigit() will do that.
4605 * plugins/sudoers/sudoreplay.c:
4606 Add setlocale() so the command line arguments that use floating
4607 point work in different locales. Since sudo now logs the timing
4608 data in the C locale we must Parse the seconds in the timing file
4609 manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
4610 the number of seconds with the user's locale so if the decimal point
4611 is not '.' try using the locale-specific version.
4615 Do I/O logging in the C locale so the floating point numbers in the
4616 timing file are not locale-dependent.
4619 * plugins/sudoers/sudoreplay.c:
4620 Use errorx() not error() for thingsthat don't set errno.
4623 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
4626 Better support for 1.2.3 style versions in Tru64 kits
4630 Add Tru64 kit support
4634 Remove apparently unnecessary use of sudo
4637 * Makefile.in, plugins/sudoers/Makefile.in:
4638 Create timedir as part of install-dirs target.
4642 Handle ENXIO from read/write which can occur when reading/writing a
4643 pty that has gone away.
4646 * plugins/sudoers/pwutil.c:
4647 sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
4651 platform is a pp flag not a variable
4654 * Makefile.in, mkpkg, sudo.pp:
4655 Add simple arg parsing for mkpkg so we can set debug, flavor or
4660 Make rpm backend work on AIX 5.x
4663 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
4665 * plugins/sudoers/sudoers:
4666 Add commented out Defaults entry for log_output
4669 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
4672 Remove sudo docdir completely
4675 * doc/sample.sudo.conf:
4676 Add sample sudo.conf
4679 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
4681 * plugins/sudoers/Makefile.in:
4682 Add PACKAGE_TARNAME for docdir
4685 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
4688 Pass install-sh -b~ here too.
4691 * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
4692 plugins/sudoers/Makefile.in, src/Makefile.in:
4693 Install binary files with -b~ to make a backup. Fixes "text file
4694 busy" error on HP-UX during install.
4698 "mv -f" on HP-UX doesn't unlink the destination first so add an
4699 explicit rm before moving the temporary into place.
4702 * configure, configure.in:
4703 Some more ${foo} -> $(foo) conversion for consistent Makefiles.
4706 * doc/Makefile.in, plugins/sudoers/Makefile.in:
4707 Install sudoers2ldif in the doc dir
4710 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
4713 Add missing include of maillock.h for Solaris
4716 * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE,
4717 doc/sample.syslog.conf, doc/sudoers.cat:
4718 Change the default syslog facility from local2 to authpriv (or auth
4719 if the operating system doesn't support authpriv).
4722 * Makefile.in, sudo.pp:
4723 Install sudoers as /etc/sudoers on RPM and debian systems where the
4724 package manager will not replace a user-modified configuration file.
4725 This fixes upgrades from the vendor sudo packages.
4729 RPM: use %config(noreplace) instead of %config for volatile This
4730 results in the new file being installed with a .rpmnew suffix
4731 instead of the file being replaced and the old one renamed with a
4735 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
4737 * compat/mkstemps.c, plugins/sudoers/boottime.c:
4738 Include time.h for struct timeval
4742 The return value of strsignal() may be const and should be treated
4743 as const regardless.
4746 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4747 Mention that 127.0.0.1 will not match, nor will localhost unless
4748 that is the actual host name.
4751 * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE:
4752 Rename WHATSNEW -> NEWS
4756 Updated pp with latest patches
4763 * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
4764 plugins/sudoers/sudoers:
4765 Add commented out line to add HOME to env_keep and add a warning to
4766 the note about the HOME change in UPGRADE.
4769 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
4771 * plugins/sudoers/sudoreplay.c:
4772 Add LINE_MAX define for those without it.
4775 * INSTALL, WHATSNEW, config.h.in, configure, configure.in,
4776 doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
4777 plugins/sudoers/defaults.c:
4778 The tty_tickets option is now on by default.
4782 Mention that AIX authdb support has been fixed.
4786 setauthdb() only sets the "old" registry if it was set by a previous
4787 call to setauthdb(). To restore the original value, passing NULL
4788 (or an empty string) to setauthdb() is sufficient.
4791 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
4793 * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod,
4794 doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
4795 plugins/sudoers/env.c:
4796 Reset HOME when env_reset is enabled unless it is in env_keep
4799 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4800 The default for set_logname has been "true" for some time now.
4803 * plugins/sudoers/boottime.c:
4804 Add missing include of time.h
4807 * plugins/sudoers/logging.c:
4808 Fix check for dup2() return value.
4811 * plugins/sudoers/env.c:
4812 Add PYTHONUSERBASE to initial_badenv_table
4815 * plugins/sudoers/visudo.c:
4816 Treat an unknown defaults entry as a parse error.
4819 * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
4820 Check return value of setdefs() but don't stop setting defaults if
4821 we hit an unknown one.
4824 * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in,
4825 doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
4826 doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in,
4827 plugins/sudoers/env.c:
4828 If env_reset is enabled, set the MAIL environment variable based on
4829 the target user unless MAIL is explicitly preserved in sudoers.
4832 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
4835 decode debian code names
4842 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
4849 Restore RLIMIT_NPROC after the uid switch if it appears that
4850 runas_setup() did not do it for us. Fixes a bash script problem on
4851 SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
4854 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
4856 * mkpkg, pp, sudo.pp:
4857 Restore the dot removal in the os version reported by polypkg. Adapt
4858 mkpkg and sudo.pp to the change.
4861 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
4864 document --with-pam-login
4867 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4868 The tag is NOSETENV, not UNSETENV. From Petr Uzel.
4871 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
4874 Include flavor in solaris package name
4878 Older shells don't support IFS= so set explictly to space, tab,
4883 Use '=' not '==' in test
4887 Fix typo that prevented debian from matching
4891 Add missing prefix setting for debian
4895 Use tab indents to reduce the chance of problem with <<- Fix the
4896 debian %set section, pp does not set pp_deb_distro Uncomment %sudo
4897 line in sudoers for debian Uncomment some env_keep lines for RHEL,
4898 SLES and debian to more closely match the vendor sudoers files.
4899 Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
4900 debian for ldap flavor
4903 * plugins/sudoers/sudoers:
4904 Add commented out env_keep entries, sample Aliases and a %sudo line
4908 * configure, configure.in:
4909 Move zlib check later on in the script to avoid a strange shell
4914 Remove check for egrep; configure has its own
4917 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
4920 Enable zlib for linux distros
4924 Add ldap flavor to default build
4928 Simplify rpm linux distro settings
4931 * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat:
4932 Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
4936 Fix ChangeLog creation from build dir
4939 * plugins/sudoers/sudoers.c:
4940 Handle getcwd() failure.
4943 * doc/Makefile.in, mkpkg, sudo.pp:
4944 Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
4945 environment variable.
4949 Create sudo group on debian
4953 Add debian 4/5/6 and use the dot when doing version matches
4956 * aclocal.m4, configure:
4957 Use a loop when searching for mv, sendmail and sh
4960 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4961 Remove spurious "and"; from debian
4964 * aclocal.m4, configure, configure.in, doc/sudoers.cat,
4965 doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat,
4966 doc/visudo.man.in, doc/visudo.pod:
4967 Substitute the value of EDITOR into the sudoers and visudo manuals.
4970 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
4972 * mkpkg, pp, sudo.pp:
4973 Initial support for debian 4.0
4977 Some platforms need -fPIE instead of -fpie
4980 * plugins/sudoers/auth/pam.c:
4981 Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
4982 On Linux it causes a DNS lookup via libaudit.
4986 Update MANIFEST to match packaging changes
4990 We now use pp to generate HP-UX packages
4993 * INSTALL.binary, plugins/sudoers/Makefile.binary.in:
4994 Remove vestiges of old binary package bits.
4997 * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in,
4998 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
4999 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
5001 install-man -> install-doc
5004 * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg,
5005 plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp:
5006 Use http://rc.quest.com/topics/polypkg/ for packaging
5010 Just ignore the -c option, it is the default Add support for -d
5014 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
5016 * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c:
5017 Use _PATH_STDPATH instead of _PATH_DEFPATH
5020 * plugins/sudoers/Makefile.in, src/Makefile.in:
5021 Do not strip binaries.
5024 * INSTALL, configure, configure.in:
5025 Add --insults=disabled configure option to allow people to build in
5026 insult support but have the insults disabled unless explicitly
5030 * compat/mkstemps.c:
5031 Add prototype for gettime()
5034 * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c,
5035 plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
5036 plugins/sudoers/sudoers.h:
5037 Add support for a sudo-i pam.d file to be used for "sudo -i".
5038 Adapted from a RedHat patch.
5041 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
5043 * include/missing.h:
5044 Fix mkstemps() prototype
5047 * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c,
5048 config.h.in, configure, configure.in, include/missing.h,
5050 Use mkstemps() instead of mkstemp() in sudoedit. This allows
5051 sudoedit to preserve the file extension (if any) which may be used
5052 by the editor (like emacs) to choose the editing mode.
5055 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
5057 * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
5058 plugins/sudoers/ldap.c:
5059 TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
5060 TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
5061 code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
5062 should avoid disabling TLS_CHECKPEER is possible.
5065 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
5067 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5068 Make sudo_plugin format a bit more like a man page
5071 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5072 Add suport for negated user/host/command lists in a Defaults entry.
5073 E.g. Defaults:!baduser noexec
5076 * Makefile.in, common/Makefile.in, compat/Makefile.in,
5077 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
5078 plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
5080 Add uninstall target
5083 * common/Makefile.in, compat/Makefile.in:
5084 Remove unused AR, SED and RANLIB variables
5088 Do not install sample plugins
5091 2010-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
5093 * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure,
5094 configure.in, plugins/sudoers/env.c:
5095 Now that sudoers is a dynamically loaded module we cannot override
5096 the libc environment functions because the symbols may already have
5097 been resolved via libc. Remove getenv/putenv/setenv/unsetenv
5098 replacements from sudoers and add replacements for setenv/unsetenv
5099 for systems that lack them.
5102 * configure, configure.in, plugins/sudoers/Makefile.in:
5103 Link testsudoers with -ldl when needed
5106 * plugins/sample_group/plugin_test.c:
5107 Remove unused time.h and add limits.h for PATH_MAX
5110 * doc/sudoers.ldap.pod:
5114 2010-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
5116 * plugins/sample_group/plugin_test.c:
5117 Do not depend on strlcpy/strlcat
5120 * plugins/sample_group/plugin_test.c:
5121 Standalone test driver for sudoers group plugin.
5124 2010-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
5126 * plugins/sudoers/group_plugin.c, src/load_plugins.c:
5127 Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging
5131 * plugins/sample_group/sample_group.c:
5132 Fix style nit in function declarations
5135 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
5136 Document group_plugin syntax.
5139 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5140 Document the sudoers group plugin.
5143 * INSTALL, MANIFEST, Makefile.in, config.h.in, configure,
5144 configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h,
5145 plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
5146 plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
5147 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
5148 plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c,
5149 plugins/sudoers/match.c, plugins/sudoers/nonunix.h,
5150 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
5151 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
5152 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c:
5153 Replace built-in non-unix group support with a sudoers group plugin.
5154 Include a sample plugin that can read Unix-format group files.
5157 * configure, configure.in, src/load_plugins.c:
5158 Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage.
5161 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
5163 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
5164 doc/sudoers.man.in, doc/sudoers.pod:
5165 Move sudoers-specific bits out of sudo(8) and into sudoers(5)
5168 * aclocal.m4, configure, configure.in:
5169 Substitute @io_logdir@ for the sudoers I/O log directory.
5172 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
5174 * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
5175 common/atobool.c, common/fileops.c, common/fmt_string.c,
5176 common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
5177 compat/getgrouplist.c, compat/getline.c, compat/glob.c,
5178 compat/snprintf.c, config.h.in, configure, configure.in,
5179 include/fileops.h, plugins/sample/sample_plugin.c,
5180 plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
5181 plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
5182 plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
5183 plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
5184 plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
5185 plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
5186 plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
5187 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
5188 plugins/sudoers/boottime.c, plugins/sudoers/check.c,
5189 plugins/sudoers/defaults.c, plugins/sudoers/env.c,
5190 plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
5191 plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
5192 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
5193 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
5194 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
5195 plugins/sudoers/logging.c, plugins/sudoers/match.c,
5196 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
5197 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
5198 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5199 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
5200 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
5201 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
5202 src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c,
5203 src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
5204 src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
5205 Set usrinfo for AIX Set adminstrative domain for the process when
5206 looking up user's password or group info and when preparing for
5207 execve(). Include strings.h even if string.h exists since they may
5208 define different things. Fixes warnings on AIX and others.
5212 Add a separate all target for AIX make which was using the entire
5213 LHS (not just the first entry) of the first target as the implicit
5217 * plugins/sudoers/env.c:
5218 Do not rely on env.env_len when unsetting a variable, just use the
5222 * plugins/sudoers/env.c:
5223 In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
5226 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
5228 * plugins/sudoers/vasgroups.c:
5229 Use warningx() instead of log_error() since the latter is not
5230 available to visudo or testsudoers. This does mean that they don't
5234 * plugins/sudoers/sudoers.c:
5235 Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
5236 closed the sudoers sources. From Quest sudo.
5239 * plugins/sudoers/pwutil.c:
5240 Ignore case when matching user/group names in the cache. From Quest
5244 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
5246 * config.h.in, configure, configure.in, src/selinux.c:
5247 Add check for setkeycreatecon() when --with-selinux is specified.
5250 * configure, configure.in:
5251 Error out if libaudit.h is missing or ununable when --with-linux-
5255 * doc/HISTORY, doc/history.pod:
5256 Add =head3 entries, mostly for the html version
5259 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
5261 * doc/HISTORY, doc/history.pod:
5262 Mention when LDAP was incorporate.
5265 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
5267 * configure, configure.in:
5268 Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
5269 not covered by _ALL_SOURCE.
5272 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
5274 * plugins/sudoers/iolog.c:
5275 Add a cast to quiet a compiler warning.
5278 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
5279 Quiet a compiler warning.
5282 * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
5283 Call set_fqdn() after sudoers has parsed instead of inline as a
5287 * WHATSNEW, plugins/sudoers/sudoers.c:
5288 Do not call set_fqdn() until sudoers parses (where is gets run as a
5293 mention the change in tty ticket behavior when there is no tty
5296 * plugins/sudoers/check.c:
5297 Do not update tty ticket if there is no tty.
5300 * doc/LICENSE, doc/license.pod:
5301 Update copyright year
5305 Do not rely on BSD make's $>
5308 * configure, configure.in:
5309 Set timedir to /var/db/sudo for darwin to match Apple sudo's
5313 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
5315 * plugins/sudoers/sudoers.h:
5316 Add stub declarations for struct stat and struct timeval
5320 Remove compat/sigaction.c
5323 * config.h.in, configure, configure.in, plugins/sudoers/defaults.c,
5324 plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
5325 Check for zlib.h in addition to libz.
5328 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h,
5330 Move functions and symbols shared between exec.c and exec_pty.c into
5335 Comment out rules to build .man.in and .cat files unless --with-
5340 Comment out rules to build .man.in and .cat files unless --with-
5345 Quote any non-alphanumeric characters other than '_' or '-' when
5346 passing a command to be run via the shell for the -s and -i options.
5350 Add back .man suffix
5353 * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in,
5354 plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
5355 plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
5356 plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
5358 Add Linux audit support.
5361 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
5363 * plugins/sudoers/iolog.c:
5367 * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
5368 plugins/sudoers/sudoreplay.c:
5369 Add -f (filter) option to sudoreplay to allow certain streams to be
5370 replayed and others ignored.
5373 * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
5375 Fix -A flag when askpass is specified in sudo.conf or if sudo
5376 doesn't need to read a password.
5379 * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c,
5380 src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
5384 * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
5385 doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
5386 Add support for multiple sudoers_base entries in ldap.conf. From
5390 * config.h.in, configure, configure.in, plugins/sudoers/logging.c,
5392 remove setsid check, we require a POSIX system
5395 * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c,
5396 src/sudo.c, src/tgetpass.c:
5397 Check for dup2() failure.
5400 * config.h.in, configure, configure.in:
5401 Remove dup2() check, it is not optional.
5404 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
5407 sync with sudo 1.7.3
5411 SunOS does not ship with an ANSI compiler
5415 Update OS specific notes. Delete some really ancient ones and move
5416 older ones to the end of the list.
5420 Sudo can be downloaded from the web site too Mention "OS dependent
5421 notes" section in INSTALL
5424 * src/exec_pty.c, src/selinux.c:
5425 Call selinux_restore_tty() as part of cleanup() so it gets called
5426 from error()/errorx()
5429 * MANIFEST, doc/PORTING:
5430 Remove obsolete porting guide
5433 * plugins/sudoers/interfaces.h, plugins/sudoers/match.c:
5434 Move union sudo_in_addr_un into interfaces.h
5438 Remove useless circular dependencies
5441 * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
5442 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
5443 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
5444 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
5445 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
5446 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
5447 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c:
5448 Convert to ANSI C function declarations
5451 * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c,
5452 common/zero_bytes.c, compat/charclass.h, compat/closefrom.c,
5453 compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c,
5454 compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c,
5455 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
5456 compat/strlcpy.c, compat/timespec.h, compat/utime.h,
5457 compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod,
5458 include/alloc.h, include/error.h, include/lbuf.h, include/list.h,
5459 include/missing.h, pathnames.h.in, plugins/sudoers/alias.c,
5460 plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h,
5461 plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
5462 plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
5463 plugins/sudoers/defaults.h, plugins/sudoers/find_path.c,
5464 plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
5465 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
5466 plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
5467 plugins/sudoers/logging.h, plugins/sudoers/match.c,
5468 plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c,
5469 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
5470 plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
5471 plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
5472 plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
5473 plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c,
5474 src/conversation.c, src/error.c, src/load_plugins.c,
5475 src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c,
5476 src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c:
5477 Update copyright year
5481 Fix commented DEVDOCS when not in devel mode.
5484 * plugins/sudoers/match.c:
5485 Quiet a compiler warning.
5488 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
5489 Quiet a compiler warning.
5492 * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h:
5493 Make all functions in ldap.c static
5496 * doc/schema.ActiveDirectory:
5497 Updates from Alain Roy to provide better examples for importing the
5498 schema and to fix problems caused by Windows validating attributes
5499 which have not yet been added before committing the changes.
5502 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
5504 * configure, configure.in, doc/Makefile.in, doc/sudo.cat,
5505 doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
5506 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
5507 doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
5508 doc/visudo.cat, doc/visudo.man.in:
5509 Leave rules to build .man.in and .cat files uncommented but only
5510 make them part of the "all" rule in devel mode. Generate .cat files
5511 directly from .man.in instead of .man using default values in
5515 * configure, configure.in:
5516 Bump sudo version to 1.8.0b1
5519 * configure, configure.in, src/sudo.c, src/sudo_usage.h.in:
5520 Print configure args with verbose version information.
5523 * TODO, plugins/sudoers/visudo.c:
5524 Remove tfd from struct sudoersfile; it is not used. Add prev pointer
5525 to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
5526 Use tq_append to append sudoers entries to the tail queue.
5529 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
5532 Describe tty timestamp improvements
5535 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5536 A comment character may not be part of a command line argument
5537 unless it is quoted with a backslash. Fixes parsing of:
5538 testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
5542 Make this read a little bit better when passwd_timeout is 0.
5545 * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod:
5546 Attempt to handle a default password prompt timeout of zero more
5550 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5551 Do not override value of keepopen global, instead restore it to the
5552 value we pushed onto the stack when popping.
5555 * plugins/sudoers/Makefile.in:
5556 Add dependency for utility programs on libreplace and libcommon
5559 * compat/sigaction.c, config.h.in, configure.in, include/compat.h,
5560 plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
5561 src/exec.c, src/exec_pty.c, src/tgetpass.c:
5562 Remove sigaction emulation Use SA_INTERRUPT in sa_flags
5565 * MANIFEST, config.h.in, configure, configure.in, include/missing.h:
5566 We don't use getgrouplist() at the moment so there's no need to
5567 provide a compat version.
5574 * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
5575 src/conversation.c, src/sudo.h, src/tgetpass.c:
5576 Fix visiblepw sudoers option; the plugin API portion still needs
5581 Print sudo version as well.
5584 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
5585 Use sudo_printf for I/O log version Clarify policy plugin version
5589 * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
5590 plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c:
5591 Silence some compiler warnings
5594 * src/load_plugins.c, src/tgetpass.c:
5595 Store askpass path in a global instead of uses setenv() which many
5599 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
5601 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
5602 doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5603 plugins/sudoers/check.c, plugins/sudoers/def_data.c,
5604 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
5605 plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c,
5606 plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c,
5608 Move askpass path specification from sudoers to sudo.conf.
5611 * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
5612 Use a flag bit in struct command_details for selinux instead of a
5616 * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
5617 Implement background mode. If I/O logging we use pipes instead of a
5621 * compat/mksiglist.c, compat/strsignal.c, include/compat.h,
5622 src/exec.c, src/exec_pty.c, src/tgetpass.c:
5623 Move compat definition of NSIG to compat.h
5626 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
5627 doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5628 Mention plugins in the sudo manual and add some missing path
5629 substitution in the sudo_plugin manual.
5633 Set _PATH_SUDO_CONF based on $(sysconfdir)
5636 * common/lbuf.c, common/term.c, config.h.in, configure, configure.in,
5637 src/exec.c, src/exec_pty.c, src/ttysize.c:
5638 Require POSIX termios to build sudo
5642 Ignore SIGPIPE for "sudo -S"
5646 Fix uninitialized variable in TGP_ECHO case and print a newline if
5647 the user interrupted password input.
5651 Make TGP_ECHO override TGP_MASK and don't try to restore the
5652 terminal if we didn't modify it.
5655 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5656 include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
5657 src/conversation.c, src/sudo.h, src/tgetpass.c:
5658 Add SUDO_CONV_PROMPT_MASK define which corresponds to the
5659 "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is
5664 Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
5667 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
5669 * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
5670 Add selinux_enabled flag into struct command_details and set it in
5671 command_info_to_details(). Return an error from selinux_setup()
5672 instead of exiting. Call selinux_setup() from exec_setup().
5675 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
5678 Remove commented out copy of old sudo_execve() function.
5681 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
5683 * plugins/sudoers/sudoers.c:
5684 Fix setting selinux type on command line.
5687 * plugins/sudoers/iolog.c:
5688 In sudoers_io_close(), skip NULL io_fds[] elements.
5692 No longer need NGROUPS_MAX define
5695 * compat/nanosleep.c, config.h.in, configure, configure.in,
5696 include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c,
5697 plugins/sudoers/visudo.c, src/sudo_edit.c:
5698 Replace timerfoo macros with timevalfoo since the timer macros are
5699 known to be busted on some systems.
5703 Remove duplicate call to selinux_setup().
5706 * plugins/sudoers/auth/pam.c:
5707 If pam_open_session() fails, pass its status to pam_end.
5710 * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5711 If a file in a #includedir has improper permissions or owner just
5712 skip it. This prevents packages that incorrectly install a file
5713 into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
5714 #includedir files still result in a parse error (for now).
5717 * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
5718 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
5719 plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
5720 Add use_pty sudoers option to force use of a pty even when not
5724 * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
5725 Make env_init() void as it never fails.
5728 * plugins/sudoers/env.c:
5729 No longer use _NSGetEnviron so don't need crt_externs.h
5732 * plugins/sudoers/env.c:
5733 Remove unused VNULL define
5736 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
5738 * plugins/sudoers/iolog.c:
5739 Add #define for maximum session id
5742 * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h:
5743 Split exec.c into exec.c and exec_pty.c
5747 Sync with source file moves.
5750 * src/Makefile.in, src/get_pty.c, src/pty.c:
5751 Rename pty.c -> get_pty.c
5754 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
5756 * plugins/sudoers/iolog.c:
5757 Only use I/O input log file if def_log_input is set and output file
5758 if def_log_output is set.
5761 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
5763 * compat/strsignal.c:
5764 Update copyright year
5771 * plugins/sudoers/sudoers.c:
5772 For sudoedit, make a local copy of editor string si become part of
5773 argv. If no editor environment variable, split def_editor on ':'
5774 since it may be a colon-delimited path.
5778 Remove unneeded endpwent()/endgrent()
5782 Use value of nroff from configure
5786 Add missing const to I/O log action function
5789 * plugins/sudoers/check.c:
5790 Update copyright year and fix whitespace
5793 * configure, configure.in:
5797 * plugins/sudoers/iolog.c:
5798 Remove redundant tty signal blocking in log function.
5801 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
5803 * plugins/sudoers/iolog.c:
5804 Place static keyword where it belongs
5807 * plugins/sudoers/logging.c:
5808 Always use a printf format string for send_mail()
5811 * common/atobool.c, plugins/sudoers/ldap.c:
5812 Extend atobool() so we can use it in the LDAP code.
5815 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
5816 Sudo now stashes tty ctime for tty_tickets on Solaris too.
5819 * plugins/sudoers/boottime.c:
5820 Fix dummy version of get_boottime()
5823 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
5825 * plugins/sudoers/check.c:
5826 Enable tty_is_devpts() support for Solaris with the "devices"
5831 Unbreak the non-io logging case.
5834 * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
5835 Fix symbol name conflict with sudo_printf.
5838 * plugins/sudoers/auth/pam.c:
5839 Fix OpenPAM detection for newer versions.
5842 * plugins/sudoers/vasgroups.c:
5843 Sync with Quest sudo git repo
5846 * aclocal.m4, configure, configure.in:
5847 HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
5848 Add missing template for ENV_DEBUG Adapted from Quest sudo
5852 Fix typos; from Quest Sudo
5855 2010-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
5857 * plugins/sudoers/Makefile.in:
5858 Add back -I$(top_srcdir); we need it for including compat/foo.h
5859 since we cannot rely on "foo.h" being found relative to the source
5860 file when the cwd is different.
5864 Fix a bug where we could treat EAGAIN as a permanent error. Also set
5865 cstat if perform_io() returns an error.
5868 * common/alloc.c, plugins/sudoers/boottime.c,
5869 plugins/sudoers/sudoers.c:
5870 Add casts to quiet compiler warnings.
5873 * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
5874 plugins/sudoers/visudo.c:
5875 Fix typo in ternary operator usage.
5878 2010-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
5880 * INSTALL, configure, configure.in:
5881 Add --enable-warnings and fix typo in SUDO_IO_LOGDIR
5884 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
5885 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
5886 Update docs to match sudoers I/O logging changes
5889 * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in,
5890 pathnames.h.in, plugins/sudoers/def_data.c,
5891 plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
5892 plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
5893 plugins/sudoers/gram.h, plugins/sudoers/gram.y,
5894 plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
5895 plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
5896 plugins/sudoers/sudoreplay.c:
5897 Break sudoers transcript feature up into log_input and log_output.
5900 * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
5901 plugins/sudoers/visudo.c:
5902 Use setprogname() as needed.
5905 * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
5906 Adapt sudoreplay to iolog changes.
5909 2010-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
5911 * plugins/sudoers/iolog.c:
5912 Log all input and output into separate files and store a number on
5913 each timing file line to indicate which file the data is in.
5916 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
5917 plugins/sudoers/sudoers.h:
5918 Make sudoers_io functions static to iolog.c
5921 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
5923 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
5924 src/sudo_usage.h.in:
5925 Completely remove the -L flag from the sudo front end.
5928 * plugins/sudoers/sudoreplay.c:
5929 Fix EAGAIN handling when writing to stdout.
5932 * plugins/sudoers/sudoers.c:
5933 Eliminate unused variables
5936 * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c:
5937 Re-enable cleanup functions in sudoers plugin and sudo driver for
5941 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
5942 plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
5943 plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
5944 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
5945 Use sudo_printf to display verbose version information.
5948 * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
5949 plugins/sudoers/Makefile.in, src/Makefile.in:
5950 Minor Makefile cleanup: fix a typo, change the removal order in the
5951 clean targets, and remove a superfluous include path for the sudoers
5955 * plugins/sudoers/env.c:
5956 Handle duplicate variables in the environment. For unsetenv(), keep
5957 looking even after remove the first instance. For sudo_putenv(),
5958 check for and remove dupes after we replace an existing value.
5961 2010-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
5963 * plugins/sudoers/Makefile.in:
5964 Use explicit path to source file instead of $< for files that live
5965 in devdir and top_srcdir.
5968 * plugins/sudoers/Makefile.in:
5969 Add explicit rules to compile gram.c and toke.c for HP-UX Pevent
5970 ending LIBSUDOERS_OBJS with a backslash
5973 * plugins/sudoers/Makefile.in, src/Makefile.in:
5974 Link libcommon before libreplace since libcommon may use functions
5975 only present in libreplace.
5978 * common/Makefile.in:
5979 Move code common to sudo and the sudoers plugin to a convenience
5980 library, libcommon. Removes the need to make links in the sudoers
5981 plugin dir and reduces re-compilation of duplicate object files.
5984 * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c,
5985 common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c,
5986 common/term.c, common/zero_bytes.c, configure, configure.in,
5987 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
5988 src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c,
5989 src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c,
5991 Move code common to sudo and the sudoers plugin to a convenience
5992 library, libcommon. Removes the need to make links in the sudoers
5993 plugin dir and reduces re-compilation of duplicate object files.
5996 * src/exec.c, src/sudo.c, src/sudo.h:
5997 Rename script_execve to sudo_execve and rename script_foo in exec.c
6000 * MANIFEST, src/Makefile.in, src/exec.c, src/script.c:
6001 rename script.c exec.c and fix up the MANIFEST file
6004 * src/script.c, src/sudo.c, src/sudo.h:
6005 Rename script_setup() to pty_setup() and call from script_execve()
6009 * configure, configure.in:
6010 bump version to 1.8.0a2
6013 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6014 Document init_session
6017 * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
6018 plugins/sudoers/auth/sudo_auth.h:
6019 Clean up the sudoers auth API a bit and update the docs.
6022 * include/sudo_plugin.h, plugins/sudoers/auth/pam.c,
6023 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
6024 plugins/sudoers/sudoers.h, src/script.c, src/sudo.c:
6025 Add init_session function to struct policy_plugin that gets called
6026 before the uid/gid/etc changes. A struct passwd pointer is passed
6027 in,which may be NULL if the user does not exist in the passwd
6028 database.The sudoers module uses init_session to open the pam
6032 2010-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
6034 * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
6035 plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c,
6036 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
6037 Add open/close session to sudo auth, only used by PAM. This allows
6038 us to open (and close) the PAM session from sudoers.
6041 * plugins/sudoers/Makefile.in:
6042 Add explicit rule to build getdate.o for HP-UX make.
6045 * plugins/sudoers/Makefile.in:
6046 Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c
6047 rules as an alternate way to prevent HP-UX make (and others) from
6048 trying to rebuild the parser in non-dev mode.
6051 * plugins/sudoers/sudoers.c:
6052 Re-enable PATH_MAX check for command
6056 For distclean, clean the main directory last since the subdirs need
6057 to be able to run libtool to clean things.
6060 * compat/Makefile.in:
6061 Fix generation of mksiglist.h
6065 Now that we defer sending cstat until the end of script_child() we
6066 cannot reuse cstat when reading command status from parent.
6069 2010-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
6071 * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl,
6072 doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
6073 doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat,
6074 doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
6075 Use numeric registers to handle conditionals instead of trying to do
6076 it all with text processing.
6080 Document per-command SELinux settings
6083 * plugins/sudoers/sudoers.c:
6084 Repair "sudo -l -U username"
6087 * plugins/sudoers/sudoers.c:
6088 Set selinux role and type in command details.
6091 * src/script.c, src/selinux.c, src/sudo.h:
6092 Rework SELinux support.
6095 2010-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
6097 * src/script.c, src/selinux.c, src/sudo.h:
6098 Make SELinux support compile again. Needs more work to be complete.
6101 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
6102 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6103 src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c,
6105 Bring back closefrom settings.
6108 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
6109 plugins/sudoers/sudoers.h:
6110 If running a command or sudoedit in transcript mode, call
6111 io_nextid() before log_allowed() so the session id is logged.
6114 * configure, configure.in:
6115 Use mandoc(1) if nroff(1) is not present.
6119 Use the --file argument to config.status instead of setting
6120 CONFIG_FILES in the environment.
6123 * plugins/sudoers/Makefile.in:
6124 We cannot conditionally update gram.h or the dependency ordering
6125 gets messed up in devel mode.
6128 2010-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
6130 * Makefile.in, compat/Makefile.in, configure, configure.in,
6131 doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
6132 plugins/sudoers/Makefile.in, src/Makefile.in:
6133 Substitute @SHELL@ into Makefiles
6140 * config.guess, config.sub, configure, configure.in:
6141 Update to autoconf 2.65
6145 Fix libtool target (space vs. tabs)
6148 * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c:
6149 Remove use of RETSIGTYPE; all modern systems have signal handlers
6153 * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in,
6154 ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
6155 m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in,
6156 plugins/sudoers/Makefile.in, src/Makefile.in:
6157 Update to libtool-2.2.6b. I haven't made any local modifications
6158 this time, which should be OK since we install sudo_noexec.so by
6162 * compat/Makefile.in, plugins/sample/Makefile.in,
6163 plugins/sudoers/Makefile.in, src/Makefile.in:
6164 Use libtool to clean objects
6167 * include/Makefile.in:
6168 Install sudo_plugin.h as part of "make install" and make other
6169 install targets callable from the top-level Makefile
6172 * configure, configure.in:
6173 regen with autoupdate to eliminate AC_TRY_LINK
6176 * Makefile.in, compat/Makefile.in, configure, configure.in,
6177 doc/Makefile.in, plugins/sample/Makefile.in,
6178 plugins/sudoers/Makefile.in, src/Makefile.in:
6179 Install sudo_plugin.h as part of "make install" and make other
6180 install targets callable from the top-level Makefile
6183 * plugins/sample/sample_plugin.c:
6184 The sample plugin doesn't support being run with no args so return a
6185 usage error in this case.
6188 * plugins/sudoers/iolog.c:
6189 Set close on exec flag for descriptors used for I/O logging so they
6190 are not present in the command being run.
6193 * plugins/sudoers/tsgetgrpw.c:
6194 Set close on exec flag in private versions of setpwent() and
6199 Close the I/O pipes aftering dup2()ing them to std{in,out,err}.
6200 Fixes extra fds being present in the command when it is part of a
6204 * plugins/sudoers/sudoers.c:
6205 Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it
6206 is used when logging). Note that user_ttypath will still be NULL if
6210 * src/script.c, src/sudo.h:
6211 Cosmetic changes: add comments, remove orphaned prototype and
6212 make a global static.
6215 2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
6218 Move check for maxfd == -1 to flush_output where it belongs.
6222 Break out of select loop if all the fds we want to select on are -1.
6226 Avoid possible malloc(0) if plugin returns an empty groups list.
6230 Add debugging info when calling plugin close function
6234 Avoid closing stdin/stdout/stderr when we are piping output.
6238 When execve() of the command fails, it is possible to receive
6239 SIGCHLD before we've read the error status from the pipe. Re-order
6240 things such that we send the final status at the very end and prefer
6241 error status over wait status.
6244 2010-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
6246 * plugins/sudoers/auth/sudo_auth.c:
6247 Fix compilation for non PAM/BSD auth/AIX auth
6250 2010-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
6253 Additional checks to make sure we don't close /dev/tty by mistake.
6254 When flushing, sleep in select as long as we have buffers that need
6259 Now that we can use pipes for stdin/stdout/stderr there is no longer
6260 a need to error out when there is no tty. We just need to make sure
6261 we don't try to use the tty fd if it is -1.
6264 2010-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
6266 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
6267 include/sudo_plugin.h, plugins/sample/sample_plugin.c,
6268 plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c:
6269 Add argc and argv to I/O logger open function.
6272 * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h,
6273 plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
6274 src/parse_args.c, src/sudo.c, src/sudo_edit.c:
6275 Remove check_sudoedit function pointer in struct sudo_policy.
6276 Instead, sudo will set sudoedit=true in the settings array. The
6277 plugin should check for this and modify argv_out as appropriate in
6281 2010-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
6283 * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
6285 If plugin sets "sudoedit=true" in the command info, enable sudoedit
6286 mode even if not invoked as sudoedit. This allows a plugin to
6287 enable sudoedit when the user runs an editor.
6290 2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
6292 * plugins/sudoers/Makefile.in:
6293 gram.h must not depend on gram.y if we want to avoid unnecessary
6294 rebuilding of targets dependent on gram.h when gram.y changes.
6297 * plugins/sample/sample_plugin.c:
6298 Refactor common bits of check_policy and check_edit
6301 * plugins/sample/sample_plugin.c:
6302 Add sudoedit support
6305 2010-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
6307 * plugins/sudoers/Makefile.in:
6308 Rely more on VPATH; fixes a dependency issue with the parser.
6312 Fix typo introduced in last commit
6316 Emulate seteuid using setreuid() or setresuid() as needed. There are
6317 still a few places that call seteuid() directly.
6320 * src/parse_args.c, src/sudo_edit.c:
6321 Attempt to fix building on systems that only have setuid.
6324 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6325 Clarify sudoedit a tad.
6328 2010-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
6331 Fix compilation on HP-UX
6334 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6338 * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
6339 Change how we handle the sudoedit argv. We now require that there
6340 be a "--" in argv to separate the editor and any command line
6341 arguments from the files to be edited.
6344 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
6345 plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
6346 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
6347 src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c,
6348 src/sudo.h, src/sudo_edit.c:
6349 Work in progress support for sudoedit. The actual interface used by
6350 the plugin for sudoedit is likely to change.
6353 * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
6354 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
6355 Make find_path() a little more generic by not checking def_foo
6356 variables inside it. Instead, pass in ignore_dot as a function
6360 * plugins/sudoers/env.c:
6361 Add version of getenv(3) that uses our own environ pointer.
6364 2010-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
6367 Avoid a potential race condition if SIGCHLD is received immediately
6368 before we call select().
6371 * plugins/sudoers/sudoers.c:
6372 Call env_init() before we open the sudoers sources as those may call
6373 our setenv() replacement.
6376 * plugins/sudoers/env.c:
6377 Initialize env_len in env_init()
6380 2010-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
6382 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
6383 Document time stamp shortcomings under SECURITY NOTES Use "time
6384 stamp" instead of timestamp.
6388 Make sed substitution of mansectsu and mansectform global.
6391 * plugins/sudoers/check.c:
6392 If the tty lives on a devpts filesystem, stash the ctime in the tty
6393 ticket file, as it is not updated when the tty is written to. This
6394 helps us determine when a tty has been reused without the user
6395 authenticating again with sudo.
6399 Fix pasto in mulitple signal fix and use _NSIG not NSIG since that
6400 is what our compat checks set.
6403 * configure, configure.in:
6404 Add check for whether sudo need to link with -ldl to get dlopen().
6405 This is a bit of a hack that will get reworked when libtool is
6409 * plugins/sudoers/check.c:
6410 Fix timestamp removal with -k/-K
6413 * plugins/sudoers/Makefile.in:
6414 audit.c is now private to the sudoers plugin
6417 * configure, configure.in:
6418 Link with -lpthread on HP-UX since a plugin may be linked with
6419 -lpthread and dlopen() will fail if the shared object has a
6420 dependency on -lpthread but the main program is not linked with it.
6423 * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c:
6424 Add separate test for getresuid() since HP-UX has setresuid() but no
6429 Remove errant backslash
6433 Fix SIGPIPE handling. Now that we use may use pipes for
6434 stdin/stdout we need to pass any SIGPIPE we receive to the running
6439 Also start the command in the background if stdin is not a tty.
6442 2010-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
6444 * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c:
6445 No need to use pseudo-cbreak mode now that we use pipes when stdout
6446 is not a tty. Instead, check whether stdin is a tty and if not,
6447 delay setting the tty to raw mode until the command tries to access
6448 it itself (and receives SIGTTIN or SIGTTOU).
6452 Use an array for signals received instead of a single variable so we
6453 don't lose any when there are multiple different signals.
6457 Do signal setup after turning off echo, not before. If we are using
6458 a tty but are not the foreground pgrp this will generate SIGTTOU so
6459 we want the default action to be taken (suspend process).
6462 2010-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
6465 Flush the iobufs on suspend or child exit using the same logic as
6466 the main event loop.
6470 Free memory after we are done with it.
6473 2010-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
6476 Quest now sponsors Sudo development
6479 2010-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
6482 Install sudo_plugin man page.
6486 Go back to reseting io_buffer offset and length (and now also the
6487 EOF handling) in the loop we do the FD_SET, not after we drain the
6488 buffer after write() since we don't know what order reads and writes
6493 audit files moved to sudoers plugin directory
6496 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6497 Document plugin_printf and new logging functions.
6501 Add support for logging stdin when it is not a tty. There is still a
6502 bug where "cat | sudo cat" has problems because both cat and sudo
6503 are trying to read from the tty.
6506 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
6507 plugins/sudoers/sudoers.c, src/script.c:
6508 Add separate I/O logging functions for tty in/out and
6509 stdin/stdout/stderr. NOTE: stdin logging does not currently work and
6510 is disabled for now.
6513 2010-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
6515 * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
6516 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
6517 plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
6518 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6519 src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
6520 Add pointer to a printf like function to plugin open functon. This
6521 can be used instead of the conversation function to display info and
6526 Stop if make in a subdir fails
6530 Only set user's tty to blocking mode when doing the final flush.
6531 Flush pipes as well as pty master when the process is done.
6534 2010-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
6536 * plugins/sudoers/ldap.c:
6537 Use print_error() when displaying ldap config info in debugging
6541 * compat/Makefile.in, compat/strdup.c, compat/strndup.c:
6542 No longer need strdup() or strndup() replacements.
6545 * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
6546 plugins/sudoers/sudoers.h:
6547 Add print_error() function that uses the conversation function to
6548 print a variable number of error strings and use it in log_error().
6551 * src/script.c, src/sudo.h, src/term.c:
6552 Do not need the opost flag to term_copy() now that we use pipes for
6553 stdout/stderr when they are not a tty.
6557 Use pipes to the sudo process if stdout or stderr is not a tty.
6558 Still needs some polishing and a decision as to whether it is
6559 desirable to add additonal entry points for logging
6560 stdout/stderr/stdin when they are not ttys. That would allow a
6561 replay program to keep things separate and to know whether the
6562 terminal needs to be in raw mode at replay time.
6565 2010-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
6567 * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
6568 plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
6569 src/audit.c, src/bsm_audit.c, src/bsm_audit.h:
6570 Move audit sources into the sudoers plugin dir; the driver does not
6574 * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c,
6575 compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c,
6576 plugins/sudoers/boottime.c, plugins/sudoers/getdate.c,
6577 plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
6578 plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c,
6579 src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c,
6580 src/term.c, src/ttysize.c:
6581 Use angle brackets when including headers that can only be found
6582 when an -I flag is specified. The files in the compat dir could get
6583 away with double quotes here but I've converted all the source files
6584 to use angle brackets for consistency.
6587 * plugins/sudoers/Makefile.in:
6588 Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat
6589 dir can be found when building outside the source tree.
6592 * plugins/sudoers/Makefile.in:
6593 Clean up links in distclean
6596 * plugins/sudoers/Makefile.in:
6597 Hack around VPATH semantic differences by symlinking files we need
6598 from ../../src into the current directory and build those. A better
6599 fix would be to either make a .a or .la file with those files in it
6600 or simply use a single, flat, Makefile instead of per-subdirs
6604 * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c:
6605 fmt_string is used by the sudoers plugin too so do not include
6606 sudo.h (which is not really needed here anyway)
6609 * compat/Makefile.in, plugins/sample/Makefile.in,
6610 plugins/sudoers/Makefile.in, src/Makefile.in:
6611 Fix building with non-BSD versions of make such as GNU make.
6612 Requires VPATH support, which should be in any non-neolithic make.
6615 * configure, configure.in, plugins/sudoers/Makefile.in,
6616 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
6618 Re-enable bsm audit. Currently auditing is done within the sudoers
6619 plugin itself. If possible, this should really be done in the main
6620 driver but we don't presently have the needed data to do that. This
6621 will be re-evaluated when Linux audit support is added.
6624 * compat/Makefile.in, plugins/sample/Makefile.in,
6625 plugins/sudoers/Makefile.in, src/Makefile.in:
6626 Remove extraneous $srcdir and use more .c.lo and .c.o rules instead
6627 of explicit rules in the dependency.
6630 * plugins/sudoers/visudo.c:
6631 Fix mismerge; alias_remove_recursive() now returns int
6634 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
6636 * plugins/sudoers/visudo.c:
6637 Fix a crash when checking a sudoers file that has aliases that
6638 reference themselves. Based on a diff from David Wood.
6642 Print signal info after restoring the tty mode, not before.
6646 Defer call to alarm() until after we fork the child. Pass correct
6647 pid to terminate_child() If the command exits due to signal, set
6648 alive to false like we do when it exits normally. Add missing
6649 check for errpipe[0] != -1 before using it in FD_ISSET
6652 2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
6654 * plugins/sudoers/boottime.c:
6655 Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h
6658 2010-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
6661 Simplify dependencies by using .c.o and .c.lo rules.
6664 * configure, configure.in, plugins/sudoers/Makefile.in,
6666 Substitute in @PROGS@ into src/Makefile to add sesh
6669 2010-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
6671 * plugins/sudoers/sudoers.c:
6672 Add back calls to log_denial() if sudoers does not allow the
6676 * plugins/sudoers/sudoers.c:
6677 Pass in correct pwflag for list and validate.
6680 * plugins/sudoers/env.c:
6681 Add missing check for NULL in validate_env_vars
6685 Add sudo_noexec.la to "all" target, otherwise it only gets built at
6689 * plugins/sudoers/sudoers.c:
6690 Only set sudo_user.env_vars if the env_add list is empty.
6693 * plugins/sudoers/sudoers.c:
6694 Set sudo_user.env_vars so that environment variables specified on
6695 the command line get logged correctly.
6698 * plugins/sudoers/env.c, plugins/sudoers/logging.c,
6699 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
6700 Re-enable environment files and setting environment variables on the
6704 2010-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
6706 * plugins/sudoers/check.c:
6707 Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime()
6708 a pointer to time_t as tv_sec in struct timeval may be long.
6711 * plugins/sudoers/check.c:
6712 Don't stash ctime in on-disk tty ticket info for now; on many
6713 (most?) systems the ctime is updated when the tty is written to.
6714 Once I have a better idea of what systems do not update ctime on
6715 ttys (and have a way to test for this) the ctime stash will be
6716 conditionally re-enabled.
6719 2010-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
6721 * MANIFEST, Makefile.in:
6722 Add back "dist" target, this time using a MANIFEST file
6726 Remove Makefile in distclean target
6729 * Makefile.in, src/Makefile.in:
6730 Update clean and cleandir targets
6733 * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c,
6735 Move fileops.c defines and prototypes to filesops.h
6738 * plugins/sudoers/check.c:
6739 Lock the tty timestamp when writing. We shouldn't have to lock when
6740 reading since the file is updated via a single write system call.
6743 2010-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
6745 * plugins/sudoers/alias.c, plugins/sudoers/check.c,
6746 plugins/sudoers/defaults.c, plugins/sudoers/find_path.c,
6747 plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c,
6748 plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c,
6749 plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
6750 plugins/sudoers/logging.c, plugins/sudoers/match.c,
6751 plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
6752 plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
6753 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
6754 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
6755 plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c,
6756 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
6757 Convert to ANSI C function declarations
6760 * plugins/sudoers/sudoers.h:
6761 Remove extraneous bits and classify by source file.
6765 Add timercmp macro for systems without it
6768 * plugins/sudoers/boottime.c, plugins/sudoers/check.c,
6769 plugins/sudoers/sudoers.h:
6770 get_boottime() now fills in a timeval struct
6773 * plugins/sudoers/check.c:
6774 Store info from stat(2)ing the tty in the tty ticket when tty
6775 tickets are in use. On most systems, this closes the loophole
6776 whereby a user can log out of a tty, log back in and still have the
6780 * config.h.in, configure.in:
6781 Add timespec2timeval and use it when getting ctime/mtime
6784 2010-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
6786 * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c,
6787 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6788 plugins/sudoers/testsudoers.c:
6789 Convert perm setting to push/pop model; still needs some work Use
6790 the stashed runas groups instead of using getgrouplist() Reset perms
6791 to the initial value on error
6794 * config.h.in, configure.in:
6795 fix ctim_get and mtim_get macros
6798 * config.h.in, configure, configure.in, include/compat.h,
6799 plugins/sudoers/check.c, plugins/sudoers/gettime.c,
6800 plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c:
6801 Use timeval directly instead of converting to timespec when dealing
6802 with file times and time of day.
6805 * plugins/sudoers/Makefile.in:
6806 Don't like sudoreplay with libsudoers.la due to a yacc symbol
6810 2010-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
6812 * configure, configure.in:
6813 Darwin >= 9.x has real setreuid(2)
6816 2010-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
6818 * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
6822 * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
6823 plugins/sudoers/sudoers.h:
6824 Remove remaining references to the environ pointer.
6827 2010-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
6829 * config.h.in, configure, configure.in, plugins/sudoers/env.c:
6830 Don't change the environ directly in the sudoers plugin
6833 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
6835 * plugins/sudoers/sudoers.c:
6839 * plugins/sudoers/alias.c:
6840 Fix use after free in error message when a duplicate alias exists.
6843 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
6845 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
6847 Add a "noninteractive" boolean to the settings passed in to the
6848 plugin's open function that is set when the user specifies the -n
6852 * config.h.in, configure, configure.in, plugins/sudoers/env.c:
6853 Add workaround for the lack of the environ pointer on Mac OS X in
6854 dlopen()ed modules. Use of environ in the sudoers plugin should
6855 ultimately be removed but this will do for the moment.
6858 * plugins/sudoers/visudo.c:
6859 Set errorfile to the sudoers path if we set parse_error manually.
6860 This prevents a NULL dereference in printf() when checking a sudoers
6861 file in strict mode when alias errors are present.
6864 * plugins/sudoers/sudoers.c:
6865 Main sudo no longer print "unable to execute" on exec failure so do
6869 2010-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
6872 Use a pipe to pass back errno to the parent if execve() fails. If we
6873 get an error in script_child(), kill the command and exit.
6876 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
6877 src/parse_args.c, src/sudo.c:
6878 Handle plugin's open function returning -2 (usage error).
6882 If execve() fails, leave it to the plugin to print an error string.
6886 If execve fails in logging mode, pass the errno directly to the
6887 grandparent on the backchannel and exit. The immediate parent will
6888 get SIGCHLD and try to report that status but its parent will no
6889 longer be listening. It would probably be cleaner to pass this over
6890 a pipe in script_child().
6893 * plugins/sudoers/sudoers.c:
6894 Don't override rval with results of check_user() unless it failed.
6897 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
6899 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6904 NULL-terminate env_add
6907 2010-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
6910 Call the I/O log open function before the I/O version function.
6913 * plugins/sudoers/iolog.c:
6914 Remove io_conv and just use sudo_conv
6917 * plugins/sudoers/set_perms.c:
6918 Fix set/restore perms for systems w/o setresuid
6921 2010-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
6923 * plugins/sudoers/check.c, plugins/sudoers/logging.c,
6924 plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
6925 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
6926 Primitive set/restore permissions. Will be replaced by a push/pop
6931 Only need to take action on SIGCHLD in parent if no I/O logger. If
6932 there is an I/O logger we will receive ECONNRESET or EPIPE when we
6933 try to read from the socketpair.
6936 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
6938 * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in,
6939 doc/sudoers.pod, plugins/sudoers/find_path.c:
6940 Merge fb4d571495fa from the 1.7 branch to trunk.
6943 2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
6946 Don't set SA_RESTART when registering SIGALRM handler. Do set
6947 SA_RESTART when registering SIGWINCH handler.
6951 Add dev targets for *.man.in and *.cat that don't specfify the
6956 If log_input or log_output returns false, terminate the command.
6960 Better signal handling. Instead of using a single variable to store
6961 the received signal, use an array so we can't lose a signal when
6962 multiple are sent. Fix process termination by SIGALRM in non-I/O
6963 logger mode. Fix relaying terminal signals to the child in non-I/O
6968 Fix a race between when we get the child pid in the parent and when
6969 the child process exits. The problem exhibited as a hang after a
6970 short-lived process, e.g. "sudo id" when no IO logger was enabled.
6973 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
6975 * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6976 Add a note about the security implications of the fast_glob option.
6979 2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
6981 * config.h.in, configure, configure.in:
6982 Fix up some AC_DEFINE descriptions and regen config.h.in
6985 2010-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
6987 * include/missing.h:
6988 No longer check for strdup or strndup for LIBOBJ replacement.
6992 Avoid installing signal handlers that are io-logger specific. Fixes
6993 job control when no io logger is enabled.
6997 Only regen man pages from pod when configured with --with-devel
7000 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
7002 * Makefile, Makefile.in, configure, configure.in:
7003 Top-level Makefile.in. Nothing is currently substituted but this is
7004 needed for separate build dirs.
7007 * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in,
7008 plugins/sudoers/Makefile.in, src/Makefile.in:
7009 Fix out-of-tree builds
7016 We always install sudoreplay in 1.8
7019 2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
7021 * compat/siglist.in:
7022 SIGPOLL is sometimes the same as SIGIO (like on HP-UX)
7025 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
7027 * configure, configure.in:
7028 No need to provide strdup() or strndup(), sudo uses estrdup() and
7032 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
7034 * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
7035 Free str after using it in the version method. Use sudo_conv, not
7036 io_conv since we don't have the IO conversation function pointer in
7037 the I/O version method anymore now that io_open is delayed.
7040 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
7042 * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
7044 Add license to mksiglist.c and note that the bits from pdksh are
7048 * compat/Makefile.in:
7049 Fix LIBOBJDIR vs. srcdir wrt the siglist bits
7052 * plugins/sudoers/Makefile.in:
7053 Add sudoreplay testsudoers and visudo to clean target
7056 * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
7057 compat/siglist.in, compat/strsignal.c, configure, configure.in,
7058 include/missing.h, src/script.c:
7059 Create our own sys_siglist for systems without it for use by
7063 * compat/Makefile.in:
7064 Remove duplicate $(LIBOBJDIR)
7067 2010-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
7069 * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c:
7070 Main sudo should not block signals; the plugin should do this in
7074 2010-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
7077 Fix a sizeof(ptr) vs. sizeof(*ptr)
7081 Unlike most operating systems, HP-UX select() is not interrupted by
7082 SIGCHLD when the signal is registered with SA_RESTART. If we clear
7083 SA_RESTART when calling sigaction() for SIGCHLD we get the expected
7084 behavior and the code in the select() loops already handles EINTR
7088 * compat/getprogname.c:
7089 progname should be const
7092 * plugins/sudoers/Makefile.in:
7093 Move --tag=disable-static to when we link sudoers.la, not when we
7097 * src/load_plugins.c:
7098 Load the sudoers I/O plugin by default too now that it is hooked up.
7101 2010-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
7104 It looks like AIX doesn't need to push STREAMS modules for ptys.
7107 2010-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
7109 * src/parse_args.c, src/sudo.c:
7110 Delay calling the I/O plugin open function until the policy plugin
7114 2010-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
7116 * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
7117 plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
7118 plugins/sudoers/sudoers.h:
7119 Add back io logging (transcript) support. Currently, the open
7120 function runs too early and it is not possible to use the io module
7121 independently of the policy module.
7124 * plugins/sudoers/set_perms.c:
7125 Comment out dead code; will be removed when set_perms is rewritten.
7128 2010-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
7130 * plugins/sudoers/sudoers.c:
7131 Fix off by one error when allocating user_groups.
7134 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
7136 * configure, configure.in, plugins/sudoers/Makefile.in:
7137 Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris.
7140 * plugins/sudoers/sudoers.c:
7141 Fix typo in preserve groups case
7144 * plugins/sudoers/sudoers.c:
7145 In command_info it is "runas_groups" not "groups".
7149 Fix iteration over runas_groups list.
7152 * configure, configure.in, plugins/sudoers/env.c,
7153 plugins/sudoers/match.c, src/script.c:
7154 Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch.
7157 * compat/getgrouplist.c:
7158 getgrouplist(3) for those without it
7161 * plugins/sudoers/sudoers.c:
7162 Set preserve_groups or groups list in command_info
7166 Fix setting of groups list
7169 * config.h.in, configure, configure.in, include/compat.h,
7171 Add checks for getgrset and getgrouplist and use replacement
7172 getgrouplist if the system doesn't support it.
7176 Pass in preserve_groups when the -P flag is specified as per the
7180 * plugins/sudoers/sudoers.c:
7181 Check preserve_groups and ignore_ticket args with atobool instead of
7182 assuming they are true if present.
7185 2010-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
7187 * plugins/sudoers/Makefile.in, plugins/sudoers/error.c,
7188 plugins/sudoers/plugin_error.c:
7189 Rename plugin-specific error.c to plugin_error.c Wire up visudo,
7190 sudoreplay and testsudoers in the build
7193 * src/Makefile.in, src/term.c:
7194 term.c does not needto include sudo.h
7197 * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
7198 doc/sudo_plugin.pod:
7199 Document the -2 return in the check_policy section too
7202 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
7203 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
7204 src/parse_args.c, src/sudo.c, src/sudo.h:
7205 Fix the -s and -i flags and add support for the "implied_shell"
7206 option. If the user does not specify a command, sudo will now pass
7207 in the path to the user's shell and set impied_shell=true. The
7208 plugin can them either check the command normally or return -2 to
7209 cause sudo to print a usage message and exit.
7212 2010-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
7214 * config.h.in, configure, configure.in, src/load_plugins.c:
7215 Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for
7216 Darwin where libraries end in .dylib but modules end in .so
7219 * plugins/sudoers/parse.c:
7220 Better prefix determination now that we can't rely on len==0 to tell
7221 the beginning on an entry.
7224 * plugins/sudoers/ldap.c:
7225 display_bound_defaults() stub should return 0, not 1 since it is a
7226 count, not a boolean.
7229 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
7230 Document progname in settings
7233 * compat/getprogname.c, include/compat.h,
7234 plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
7235 src/parse_args.c, src/sudo.c:
7236 Rewrite compat/getprogname.c and add setprogname(). The progname is
7237 now passed to the plugin via the settings array.
7240 * configure, configure.in, plugins/sudoers/Makefile.in:
7244 * plugins/sudoers/sudo_nss.c:
7245 Add missing whitespace for Runas and Command-specific defaults
7248 * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
7249 plugins/sudoers/sudo_nss.c:
7250 Use embedded newlines in lbuf instead of multiple calls to
7255 Add support for embedded newlines.
7258 2010-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
7260 * compat/getprogname.c:
7261 If system doesn't support getprogname or __programe and we are
7262 building a shared object don't bother with Argc/Argv, just return
7266 * config.h.in, configure, configure.in, src/load_plugins.c:
7267 Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool
7268 appears to always install a shared object with the .so suffix.
7271 * compat/Makefile.in, configure, configure.in,
7272 plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
7274 Play more nicely with libtool and let it build libreplace (was
7278 * include/missing.h:
7279 Include stdarg.h for va_list rather than requiring all consumers of
7280 missing.h to include stdarg.h themselves.
7283 * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c,
7284 plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c,
7285 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
7287 Pass in output function to lbuf_init() instead of writing to stdout.
7288 A side effect is that the usage info can now go to stderr as it
7292 2010-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
7294 * include/lbuf.h, plugins/sudoers/sudo_nss.c,
7295 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
7296 src/parse_args.c, src/sudo.c:
7297 Use number of tty columns that is passed in user_info instead of
7298 getting it directly in the lbuf code.
7301 * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
7302 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
7303 plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h,
7304 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
7305 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
7306 plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
7307 plugins/sudoers/gram.c, plugins/sudoers/gram.y,
7308 plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
7309 plugins/sudoers/logging.h, plugins/sudoers/match.c,
7310 plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c,
7311 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
7312 plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
7313 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h,
7314 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
7315 plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
7316 plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
7317 plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c,
7318 plugins/sudoers/visudo.c:
7322 * config.h.in, configure, configure.in, src/load_plugins.c:
7323 Set the sudoers plugin name in configure so we get the extension
7327 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
7328 Document lines/cols in user_info
7331 * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c:
7332 Add tty size to user info
7336 Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ
7339 2010-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
7341 * plugins/sudoers/sudoers.c:
7342 Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error
7343 out if we fail to lookup the user's name that is passed in
7346 * plugins/sudoers/error.c:
7347 Pass the error value back via siglongjmp.
7350 * plugins/sudoers/check.c:
7351 Use conversation function for lecture.
7354 * plugins/sudoers/check.c:
7355 Don't update ticket file if verify_user returns FALSE.
7358 2010-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
7360 * plugins/sudoers/sudoers.c, src/sudo.c:
7361 Wire up invalidate and validate methods for sudoers
7364 * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
7365 plugins/sudoers/sudoers.h:
7366 Add support for -k flag with a command.
7370 Allow -k to be specified with a command.
7373 * plugins/sudoers/sudoers.c:
7377 * plugins/sudoers/error.c:
7378 Add newline at the end of message and space after the colon in
7382 * plugins/sudoers/auth/sudo_auth.c:
7383 Add missing newline after pass password warning
7386 * plugins/sudoers/sudoers.c:
7387 Set user_groups and user_ngroups based on user_info
7390 * plugins/sudoers/error.c:
7394 * plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
7395 Make _warning in error.c use the conversation function and remove
7396 commented out warning/warningx in sudoers.c.
7399 * plugins/sudoers/logging.c:
7400 Use siglongjmp() in log_error for fatal errors
7403 * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in:
7404 Quiet a libtool warning
7408 Build sudoers plugin
7411 * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
7412 Use warningx in yyerror() so the conversation function gets used
7413 when built as part of sudoers.
7416 2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
7418 * plugins/sudoers/auth/pam.c:
7419 Rename sudo_conv to conversation to avoid a namespace conflict.
7422 * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
7423 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
7424 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
7425 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
7426 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
7427 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
7428 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
7429 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
7430 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
7431 plugins/sudoers/check.c, plugins/sudoers/defaults.c,
7432 plugins/sudoers/env.c, plugins/sudoers/error.c,
7433 plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
7434 plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
7435 plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
7436 plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
7437 plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
7438 plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
7439 plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
7440 plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
7441 plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
7442 plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c,
7443 plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
7444 Initial bits of sudoers plugin; still needs work.
7448 Add HAVE_STRDUP and HAVE_STRNDUP
7451 * compat/Makefile.in, configure, configure.in:
7452 Build libmissing in two flavors (one PIC one non-PIC) and link with
7453 the appropriate one.
7456 * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
7457 compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in:
7458 Build libmissing in two flavors (one PIC one non-PIC) and link with
7459 the appropriate one.
7462 2010-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
7464 * include/missing.h:
7465 Add strdup and strndup and fix strsignal
7468 2010-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
7470 * compat/strdup.c, compat/strndup.c, configure, configure.in,
7471 plugins/sample/Makefile.in, src/Makefile.in:
7472 Add strdup and strndup to compat
7475 * plugins/sample/sample_plugin.c:
7476 Need to include compat.h before missing.h
7479 * compat/strsignal.c:
7480 Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if
7481 it doesn't exist configure will set it to 0.
7485 Fix botched ANSI C coversion of globexp2()
7488 * configure, configure.in:
7489 Remove redundant getgroups check
7492 * configure, configure.in, src/lbuf.c, src/script.c, src/term.c:
7493 Require either termios or termio, no more sgtty.
7496 * compat/strsignal.c, config.h.in, configure, configure.in:
7497 Change the sys_siglist check to use AC_CHECK_DECLS and also check
7498 for _sys_siglist and__sys_siglist
7501 2010-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
7503 * configure, configure.in, src/Makefile.in:
7504 Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now
7505 use SUDO_OBJS for the main driver as part of OBJS.
7508 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
7509 Mention in the conversation function section that a newline is not
7514 Add definition of WCOREDUMP for systems without it. This is known
7515 to work on AIX and SunOS 4, but may be incorrect on other systems
7516 that lack WCOREDUMP.
7519 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
7521 * plugins/sample/sample_plugin.c, src/conversation.c:
7522 conversation function no longer puts a newline at the end of info or
7526 2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
7529 Use parent process group id instead of parent process id when
7530 checking foreground status and suspending parent. Fixes an issue
7531 when running commands under /usr/bin/time and others.
7534 2010-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
7537 transcript option is now --with not --enable
7540 * plugins/sample/sample_plugin.c:
7541 Add support to -u and -g flags Check fmt_string retval Add timeout
7542 for debugging purposes
7545 * src/script.c, src/sudo.c:
7546 Wire up SIGALRM handler Set close on exec flag for child side of the
7547 socketpair Fix signal handling when not doing I/O logging
7551 g/c unused SIGCHLD handler
7554 * src/fmt_string.c, src/parse_args.c, src/sudo.c:
7555 Don't use emalloc() in fmt_string(); we want to be able to use it
7560 tq_remove not list_remove
7563 * configure, configure.in:
7564 AUTH_OBJS should contain .lo files not .o files.
7567 2010-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
7570 Simplify conversion of command line args to name=value pairs.
7573 * plugins/sample/sample_plugin.c:
7574 Handle NULL reply from conversation function
7578 Don't depend on emalloc/erealloc
7581 * plugins/sample/Makefile.in:
7582 Use $(OBJS) instead of sample_plugin.lo
7585 * plugins/sample/sample_plugin.c:
7586 runas_user is in settings not user_info
7590 Fix a mismatch between sudo_settings and settings_pairs that causes
7591 some settings to get the wrong values.
7594 2010-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
7596 * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c,
7597 src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c,
7598 src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c:
7602 * src/load_plugins.c:
7603 Fix strlcpy() return value check.
7606 * INSTALL, configure, configure.in:
7607 No longer need to substitute in script.o and pty.o; I/O logging
7608 support is always built.
7611 2010-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
7614 Add fallback to /bin/sh when execve() fails with ENOEXEC.
7617 * include/alloc.h, src/alloc.c:
7621 2010-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
7623 * src/script.c, src/sudo.c:
7624 Refactor script_execve() a bit so that it can be used in non-script
7625 mode. Needs more cleanup.
7629 Ignore empty entries in command_info list
7632 * include/list.h, src/list.c:
7636 * src/conversation.c:
7637 Pass timeout to tgetpass()
7641 Add ChangeLog target
7645 Bump version and update things slightly for sudo 1.8.0
7648 * configure, configure.in:
7649 Sudo now requires an ANSI/ISO C compiler
7652 * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c,
7657 * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
7658 include/list.h, include/missing.h:
7662 * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c,
7663 compat/fnmatch.h, compat/getcwd.c, compat/getline.c,
7664 compat/getprogname.c, compat/glob.c, compat/glob.h,
7665 compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
7666 compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
7667 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
7668 compat/strlcpy.c, compat/strsignal.c, compat/utime.h,
7673 2010-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
7675 * src/sudo.c, src/tgetpass.c:
7676 Make user_details extern so tgetpass can get at the uid and gid. Set
7677 uid/gid to user before executing askpass program. Check environment
7678 for SUDO_ASKPASS and use that if set. TODO: a way for the policy to
7679 set the askpass program itself
7683 No longer need sudo_usage.h in sudo.c
7686 * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in,
7687 doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c,
7688 src/sudo_usage.h.in:
7689 Document -D level command line flag which maps to the debug_level
7693 * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
7694 Document debug_level in plugin doc. Still need to document the -D
7695 flag in sudo itself.
7698 2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
7700 * plugins/sample/sample_plugin.c:
7701 include missing,h for vasprintf
7704 * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat,
7705 doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
7706 Rename plugin.pod -> sudo_plugin.pod and wire into Makefile
7709 * plugins/sample/sample_plugin.c:
7710 Need to include limits.h
7717 * plugins/sample/Makefile.in, src/Makefile.in:
7718 Add missing compat bits
7721 * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in:
7722 compat files should not include sudo.h wire up compat in sample
7726 * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in:
7727 Fix up compat dependencies. Fix distclean target in doc/Makefile.in
7730 * configure, configure.in:
7734 * plugins/sample/sample_plugin.c:
7735 Log input and output to temp files for proof of concept.
7738 * Makefile, configure, configure.in, doc/Makefile.in:
7739 Add doc Makefile.in and wire it up
7743 Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with
7744 suspending a shell with the "suspend" builtint.
7748 In child, handle parent side of the pipe going away.
7752 No longer need to check for explicit death of the child (process #2)
7753 since if it dies we will get EPIPE from the socketpair. Fix a
7754 sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to
7759 Make sudo_debug do a single vfprintf() which will result in a single
7760 write call on most systems. Avoids problems with interleaved debug
7761 printf from different processes. Also remove an extraneous error
7762 case since recv() can't return a short read and add some more XXX.
7765 2010-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
7768 Fix uninitialized variable.
7772 Fix sudo install target
7775 * src/parse_args.c, src/sudo.c, src/sudo.h:
7783 * configure, configure.in:
7784 Fix setting of plugin dir
7792 Add missing source for sudo front end
7795 * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c:
7796 Sample plugin demonstrating the sudo plugin API
7799 * Makefile, configure, configure.in, install-sh, pathnames.h.in,
7800 plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c,
7801 src/fileops.c, src/fmt_string.c, src/load_plugins.c,
7802 src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h,
7803 src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c,
7805 Modular sudo front-end which loads policy and I/O plugins that do
7806 most the actual work. Currently relies on dynamic loading using
7807 dlopen(). See doc/plugin.pod for the plugin API.
7810 * doc/plugin.pod, include/sudo_plugin.h:
7814 * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
7815 compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c,
7816 plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
7817 plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
7818 src/fileops.c, src/sudo_edit.c:
7819 Replace emul/include.h with compat/include.h to match new source
7824 Include missing.h for memrchr() proto
7827 * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING,
7828 TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c,
7829 alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c,
7830 auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
7831 auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
7832 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
7833 auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c,
7834 closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c,
7835 compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c,
7836 compat/getline.c, compat/getprogname.c, compat/glob.c,
7837 compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
7838 compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
7839 compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
7840 compat/strlcpy.c, compat/strsignal.c, compat/timespec.h,
7841 compat/utime.h, compat/utimes.c, def_data.c, def_data.h,
7842 def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE,
7843 doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod,
7844 doc/license.pod, doc/sample.pam, doc/sample.sudoers,
7845 doc/sample.syslog.conf, doc/schema.ActiveDirectory,
7846 doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat,
7847 doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat,
7848 doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
7849 doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod,
7850 doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
7851 doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h,
7852 emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c,
7853 error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c,
7854 getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c,
7855 gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod,
7856 include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
7857 include/list.h, include/missing.h, ins_2001.h, ins_classic.h,
7858 ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c,
7859 interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod,
7860 list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h,
7861 mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c,
7862 nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in,
7863 plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp,
7864 plugins/sudoers/alias.c, plugins/sudoers/auth/API,
7865 plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
7866 plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
7867 plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
7868 plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
7869 plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
7870 plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
7871 plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
7872 plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
7873 plugins/sudoers/boottime.c, plugins/sudoers/check.c,
7874 plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
7875 plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
7876 plugins/sudoers/defaults.h, plugins/sudoers/env.c,
7877 plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
7878 plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
7879 plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c,
7880 plugins/sudoers/gram.c, plugins/sudoers/gram.h,
7881 plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h,
7882 plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
7883 plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh,
7884 plugins/sudoers/insults.h, plugins/sudoers/interfaces.c,
7885 plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
7886 plugins/sudoers/logging.c, plugins/sudoers/logging.h,
7887 plugins/sudoers/match.c, plugins/sudoers/mkdefaults,
7888 plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h,
7889 plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
7890 plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
7891 plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
7892 plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
7893 plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers,
7894 plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
7895 plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c,
7896 plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
7897 plugins/sudoers/toke.c, plugins/sudoers/toke.l,
7898 plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c,
7899 plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h,
7900 sample.pam, sample.sudoers, sample.syslog.conf,
7901 schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c,
7902 selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c,
7903 src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h,
7904 src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c,
7905 src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c,
7906 src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c,
7907 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
7908 sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c,
7909 sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat,
7910 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
7911 sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif,
7912 sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod,
7913 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
7914 tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat,
7915 visudo.man.in, visudo.pod, zero_bytes.c:
7916 Rework source layout in preparation for modular sudo.
7919 2010-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
7921 * Avoid a duplicate fclose() of the sudoers file.
7924 * Fix size arg when realloc()ing include stack. From Daniel Kopecek
7927 * Use setrlimit64(), if available, instead of setrlimit() when setting
7928 AIX resource limits since rlim_t is 32bits.
7931 * Fix use after free when sending error messages. From Timo Juhani
7935 * ChangeLog, Makefile.in:
7936 Generate the ChangeLog as part of "make dist" instead of having it
7940 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
7942 * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
7943 auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
7944 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
7945 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
7946 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
7947 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
7948 emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
7949 fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
7950 gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
7951 ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
7952 isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
7953 logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
7954 mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
7955 pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
7956 sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
7957 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
7958 strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
7959 sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
7960 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
7961 sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
7962 term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
7963 utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
7964 Remove CVS $Sudo$ tags.
7967 2010-01-18 convert-repo <convert-repo>
7973 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
7976 make this match sudoers SYNOPSIS
7980 Print a newline between Runas and Command-specific defaults in sudo
7985 Use SET and CLR macros in term_raw
7989 Set stdin to non-blocking mode early instead of in check_input. Use
7990 term_raw instead of term_cbreak since the data we get has already
7991 been expanded via OPOST.
7994 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
7997 Enable/disable all postprocessing instead of just nl->crnl
7998 processing since things like tab expansion matter too. However, if
7999 stdout is a tty leave postprocessing on in the pty since we run into
8000 problems doing it only on the real stdout with .e.g nvi.
8003 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
8006 If tty_tickets is enabled and there is no tty, prompt for a
8007 password. Do not lecture user for "sudo -k command" if user has a
8012 Document missing options: --with-efence and --with-bsm-audit
8015 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
8016 sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
8017 sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
8018 visudo.man.in, visudo.pod:
8019 username -> user name groupname -> group name hostname -> host name
8022 * INSTALL, README.LDAP, sudoers.pod:
8023 filename -> file name like the rest of the docs
8026 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
8029 Fix printing of entries with multiple host entries on a single line.
8032 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
8035 Mention that targetpw affects the timestamp file name.
8038 * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
8040 Add compress_transcript option.
8043 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
8045 * configure, configure.in:
8049 * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
8050 Better split of membership vs. traditional group check in
8051 user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
8054 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
8057 Fix pasto and add default return value.
8060 * check.c, match.c, pwutil.c, sudo.h:
8061 refactor group member checking into user_in_group()
8064 * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
8066 Add support for mbr_check_membership() as present in darwin.
8069 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
8072 Rename label to be accurate
8075 * Makefile.in, boottime.c, check.c, config.h.in, configure,
8076 configure.in, sudo.h:
8077 Treat timestamp files from before we booted as old. Idea from and
8081 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
8083 * sudo.c, sudo.pod, sudo_usage.h.in:
8084 Allow the -u flag to be used in conjunction with the -v flag as per
8085 older versions of sudo.
8089 fix typo in last commit
8092 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
8095 Convert fmt_first and fmt_confd into macros.
8099 timeouts can be floats now
8102 * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
8103 defaults.h, mkdefaults:
8104 Add support for floating point timeout values (e.g. 2.5 minutes).
8107 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
8110 The -L flag will be removed in sudo 1.7.4
8113 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
8116 Fix a bug due to order of operators.
8119 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
8122 cmnd_matches() already deals with negation so _cmndlist_matches()
8123 does not need to do so itself. Fixes a bug with negated entries in
8127 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
8130 Don't exit() from open_sudoers, just return NULL for all errors.
8134 Can't rely on the shell sending us SIGCONT when transitioning from
8135 backgroup to foreground process.
8139 Add missing extern def for parse_error
8142 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
8145 Avoid a parse error when #includedir doesn't find any files. Closes
8150 Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
8153 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
8156 Start command out in foreground mode if stdout is a tty. Works
8157 around issues with some curses-based programs that don't handle
8158 tcsetattr getting interrupted by a signal. Still allows us to avoid
8159 hogging the tty if the command is part of a pipeline.
8162 * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
8163 Use a socketpair to pass signals from parent to child. Child will
8164 now pass command status change info back via the socketpair. This
8165 allows the parent to distinguish between signals it has been sent
8166 directly and signals the command has received. It also means the
8167 parent can once again print the signal notifications to the tty so
8168 all writes to the pty master occur in the parent. The command is
8169 now always started in background mode with tty signals handled by
8173 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
8175 * configure, configure.in:
8176 Fix a few typos in the descriptions; from Jeff Makey Only do the
8177 check for krb5_get_init_creds_opt_free() taking two arguments if we
8178 find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
8179 positive when using our own krb5_get_init_creds_opt_free which takes
8180 only a single argument.
8183 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
8185 * configure, configure.in:
8186 Remove a spurious comma in the kerb5 bits.
8190 Call krb5_get_init_creds_opt_init() in our emulated
8191 krb5_get_init_creds_opt_alloc() for MIT kerberos.
8194 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
8201 Need to ignore SIGTT{IN,OU} in child when running the command in the
8202 background. Also some minor cleanup.
8205 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
8208 Instead of calling sigsuspend when waiting for SIGUSR[12] from
8209 parent, install the signal handlers w/o SA_RESTART and let them
8210 interrupt waitpid().
8214 Pass along SIGHUP and SIGTERM from parent to child.
8218 Close unused bits of script_fds in processes that don't need them.
8219 Restore default SIGCONT handler in child.
8223 Update foreground/background status in SIGCONT handler in parent
8227 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
8230 Defer setting terminal into raw mode until just before we fork() and
8231 only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
8232 and sudo is already in the foreground be sure to set raw mode before
8233 continuing the child.
8236 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
8239 Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
8240 give the command the controlling tty if the main sudo process is the
8245 Don't bother with sudo_waitpid() here for now.
8252 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
8255 Remove non-wroking code that crept into rev 1.55
8258 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
8260 * INSTALL, configure, configure.in, script.c, sudoreplay.c:
8261 First pass at zlib support for transcript data files
8265 remove vestiges of ZLDFLAGS
8269 Add missing variable declaration for when TIOCSCTTY is not defined.
8270 Need to include sys/termio.h for TIOCSCTTY on some systems.
8274 when resuming command, send SIGCONT to its pgrp not just pid
8278 remove unused variable
8282 include selinux.h for is_selinux_enabled() proto
8286 Don't use log_error() in the child process.
8290 Do I/O in parent instead of child since the parent can have both
8291 /dev/tty as well as the pty fds open. The child just sets things up
8292 and waits for its grandchild and writes the signal description to
8293 the pty master if the command was killed by a signal.
8296 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
8298 * missing.h, sudo.h:
8299 Move two struct forward declarations from sudo.h to missing.h
8303 Make comment at the top of script_exec() match reality.
8307 if neither stdin nor stdout is a tty, check stderr
8311 Add back dependecy of gram.h on gram.y
8315 Make transcript mode work as long as we can figure out our tty, even
8316 if it is not stdin. We'd like to use /dev/tty but that won't be
8317 valid after the setsid().
8320 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
8322 * config.h.in, configure, configure.in, pty.c:
8323 Add support for IRIX-style dynamic ptys
8326 * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
8327 Move alloc.c protos into alloc.h
8331 Move prototypes for missing libc functions to missing.h
8334 * Makefile.in, sudo.h, sudoreplay.c:
8335 Move prototypes for missing libc functions to missing.h
8338 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
8340 * config.h.in, configure, configure.in:
8341 Disable transcript support if no tcsetpgrp until we support older
8342 BSD-style job control.
8345 * configure, configure.in, pty.c, script.c:
8346 Break out pty code into pty.c
8349 * compat.h, config.h.in, configure, configure.in:
8350 add killpg macro if no killpg function
8353 * config.h.in, configure, configure.in, script.c:
8354 Push ptem and ldterm for STERAMS-based systems when allocating a
8358 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
8361 Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
8365 Call tcgetpgrp() in the parent, not the child and have the child
8366 spin until it is granted. Fixes a race on darwin.
8370 Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
8374 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
8377 In script mode, if the command is killed by a signal, print the
8378 signal description as well as a core dump notification like the
8382 * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
8384 Add check for strsignal() and a simple implementation if it is not
8385 there but sys_siglist is
8389 Add missing WUNTRACED and store the signal that stopped the
8390 grandchild in suspended, not signo.
8398 Associate the grandchild's pgrp with the tty instead of the child's
8399 and just get suspend notifications via SIGCHLD instead of directly.
8400 This fixes a hang with programs that try to set terminal attributes
8401 and is more consistent with how the shell handles things.
8404 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
8407 Move setpgid() of child into the parent side of the fork() where it
8411 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
8418 Run command in its own pgrp (like the shell does) for easier
8419 signalling. No need to relay SIGINT or SIGQUIT to parent, just send
8420 to grandchild. Don't want grandchild stopped events in the child
8421 (only termination). Flush output after suspending grandchild before
8426 Back out revision 1.34; the problem lies elsewhere.
8430 Don't set stdout to blocking mode when flushing remaining output.
8431 It can cause us to hang when trying to exit. Need to investigate
8436 Handle SIGTTOU and remove some debugging.
8440 Back out revision 1.10 as the signal that interrupts us may be
8441 SIGTTOU or SIGTTIN which the caller must handle.
8445 Apparently we need to send SIGSTOP to the command as well as ourself
8446 when we get SIGTSTP, the kernel doesn't automatically stop the
8451 Use an extra process to act as the glue bewteen the sessions
8452 associated with the user's controlling tty (what the shell uses) and
8453 the tty that sudo is using to do its logging. Basically, this means
8454 that if we get, e.g. SIGTSTP from the process sudo is running, we
8455 relay the signal to the parent so it's shell can do the job control.
8459 Handle getting/setting terminal attributes when the fd is in non-
8463 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
8465 * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
8466 Add support for pausing and changing the speed in interactive mode.
8470 Already define O_NOCTTY in compat.h, don't need it here
8473 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
8479 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
8482 Always update the stashed mtime of the temp file instead of using
8483 what we have for the original because the time resolution of the
8484 filesystem the temporary is on may not match that of the filesystem
8485 that holds the original. Should fix bz #371 found by Philippe Levan.
8489 Use cbreak mode instead of raw mode and add signal handlers to
8490 restore the tty on interrupt.
8493 * script.c, sudo.h, term.c:
8494 Retain NL to NLCR conversion on the real tty and skip it on the pty
8495 we allocate. That way, if stdout is not a pty there are no extra
8500 Fix log_output(); just pass in a string and a length.
8503 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
8506 do not use errno when complaining out lack of a tty
8509 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
8511 * Makefile.in, sudoreplay.c, term.c:
8512 Instead of messing with line endings, just set terminal to raw mode
8517 When copying the terminal attributes to the pty, be sure not to set
8518 ONLCR. This prevents extra carriage returns from ending up in the
8523 Convert a do {} while into a while
8527 Use if then instead of test && when installing binaries that may not
8532 Add O_NOCTTY when opening a tty device. Explicitly disconnect from
8533 old tty before associatng with new one.
8536 * script.c, selinux.c, sudo.c, sudo.h:
8537 First cut at refactoring some of the selinux code so it can be used
8538 in conjunction with sudo's transcript support.
8541 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
8543 * aclocal.m4, configure, configure.in:
8544 Fix default case of transcript_enabled being unset.
8547 * script.c, sudoreplay.c:
8548 Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
8551 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
8552 Hook up --disable-transcript and --enable-transcript=DIR
8555 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
8557 * aclocal.m4, configure, configure.in, pathnames.h.in:
8558 _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
8559 transcript=DIR option to specify the directory
8562 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
8566 * configure, configure.in, sudoers.man.pl, sudoers.pod:
8567 Substitute in default value for secure_path
8571 Mention that the password must be followed by a newline with the -S
8575 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
8578 Go back to dropping out of the select() loop when the process dies;
8579 Linux ptys apparently don't behave the same as BSD in regards to
8580 select(). No need to flush remaining output to the transcript, only
8581 to stdout. Add back code to check the master pty for additional data
8582 when we exit the main select loop.
8585 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
8588 Add getline.o to COMMON_OBJS
8592 sudoreplay depends on libsudo.a
8596 More pwutil.o into COMMON_OBJS
8599 * pwutil.c, testsudoers.c, tsgetgrpw.c:
8600 Remove my_* redirection in pwutil.c for testsudoers and just use the
8601 normal libc get{pw,gr}* names.
8604 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
8605 More time and date examples
8608 * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
8609 Move nanosleep() emulation into its own file Check librt.a for
8610 nanosleep if we don't find it in libc
8613 * Makefile.in, configure, configure.in:
8614 Build libsudo with the common bits and link things against that.
8622 Keep reading from the pty master -> log file until read returns <=
8623 0. Do our best to write everything to stdout when flushing any
8628 Use unbuffered I/O when writing to stdout and make sure we write the
8632 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
8635 Only use max_wait if it is non-zero
8638 * getdate.c, getdate.y, getline.c:
8643 Fix nanosleep emulation
8647 Fix comment after #endif
8651 Add protos for missing libc bits
8654 * configure, configure.in:
8655 add missing line continuation char
8658 * config.h.in, configure, configure.in, getline.c:
8659 Implement getline() in terms of fgetln() if we have it.
8663 Print year when formatting log line
8667 Document cwd, attempt to document time/date formats.
8671 Fix getline return value check.
8674 * Makefile.in, config.h.in, configure, configure.in, getline.c,
8676 Use getline() if the system has it, else use provide our own for
8681 Refactor code to update output and timing files.
8684 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
8687 Make sudo_getln() behave more like glibc getline.
8691 When flushing remaining output, also update timing file.
8695 Use get_timestr() and make the -l output look like the regular sudo
8699 * logging.c, sudo.h, timestr.c:
8700 Make get_timestr() take a time_t so we can use it properly in
8705 Create session dir earlier now that we update the seq number early.
8708 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
8711 Use fromdate and todate as the keywords instead of from and to; the
8712 short forms will still be accepted.
8716 Fix reading long liensin sudo_getln()
8719 * script.c, sudoreplay.c:
8720 Log the cwd in the script log file. Add sudo_getln() to read
8721 arbitrarily long lines.
8724 * Makefile.in, logging.c, sudo.h, timestr.c:
8725 Move get_timestr() into its own source file so sudoreplay can use
8729 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
8732 Add to and from perdicates (date ranges); needs documentation
8735 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
8737 * Makefile.in, getdate.c, getdate.y:
8738 Fix warning and add generated getdate.c
8741 * Makefile.in, getdate.y:
8742 Add getdate.y to be used for sudoreplay date parsing.
8745 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
8748 Check more than just the first character of a predicate
8751 * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
8752 Add examples, sort predicates
8755 * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
8757 Implement search expressions in sudoreplay similar in concept to
8758 what find or tcpdump uses. TODO: date ranges
8761 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
8764 Remove vhangup as it was hanging up the wrong tty. Should really
8765 vhangup in the child after it as set its tty.
8769 Fix cut at documenting transcript support.
8773 ID= -> TSID= for transcript ID
8776 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
8779 Move fast_glob description to where it belongs in sorted order
8782 * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
8783 parse.c, parse.h, sudo.c:
8784 Rename script -> transcript
8787 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
8790 Add timeradd and timersub for those without them
8794 Sanity check sessid before using it.
8798 Only set the session id if we are running a command or editing a
8803 Actually. qsort is fine since most versions fal back to a cheaper
8804 sort when the number of elements to sort is small (like in our
8808 * config.h.in, configure, configure.in, script.c:
8809 Check for dup2 and use dup instead if we don't have it.
8812 * script.c, sudo.c, sudo.h:
8813 Move the code to dup2 the script fds to low numbered descriptors
8814 into script_duplow() and fix the fd sorting.
8817 * script.c, sudo.c, sudo.h:
8818 Move script_setup() back to immediately before we drop privs and
8819 call the new script_nextid() in its place, which will set
8820 sudo_user.sessid for the logging functions.
8823 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
8830 remove unused variable
8833 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
8835 * logging.c, script.c, sudo.c, sudo.h:
8836 Log the session ID, if there is one. Currently logs ID=XXXXXX,
8837 perhaps should be SESSIONID or SESSID.
8840 * Makefile.in, configure, configure.in, sudoreplay.cat,
8841 sudoreplay.man.in, sudoreplay.pod:
8846 add -V (version) flag
8853 * script.c, sudoreplay.c:
8854 Use base36 number for the ID and store script files with paths like
8855 /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
8856 (2,176,782,336) unique IDs.
8859 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
8861 * config.h.in, configure.in:
8862 Add check for regcomp
8866 Add support for selecting by pattern and tty when listing.
8869 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
8872 The beginnings of a list mode.
8875 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
8881 * Makefile.in, config.h.in, configure.in:
8882 Add scaffolding for building sudoreplay
8886 include error.h first arg to nanotime is const
8890 Initial cut at sudoreplay; replay a sudo session.
8893 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
8896 Fix wait() usage and use correct wait status.
8899 * sudo.c, sudo.h, tgetpass.c:
8900 Add protos for term_* to sudo.h
8904 Fix detection of the child process exiting. Since the child is in
8905 its own session we should only ever get SIGCHLD for that process but
8906 better safe than sorry.
8910 Add UNIX98 pty support.
8913 * configure, configure.in, script.c:
8914 Add UNIX98 pty support.
8917 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
8920 For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
8925 Set PAM_RUSER and PAM_RHOST early so they can be used during
8926 authentication. Based on a patch from Jamie Beverly.
8930 Close dir before returning if strlcpy() reports overflow. From
8934 * config.h.in, configure, configure.in, script.c:
8935 On Linux, the openpty proto libes in pty.h
8939 Call vhangup on exit if the system has it Use setpgrp() if no
8943 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
8945 * config.h.in, configure, configure.in:
8946 Add checks for revoke and vhangup if we don't have openpty
8950 Session logging guts that got forgotten in the previous commit.
8953 * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
8954 configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
8955 gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
8957 First cut at session logging for sudo. Still need to write
8958 get_pty() for Unix 98 and old-style BSD ptys. Also needs
8959 documentation and general cleanup.
8962 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
8964 * sudo.c, sudo_edit.c:
8965 Fix a bug introduced with def_closefrom. The value of def_closefrom
8966 already includes the +1.
8969 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
8972 Generate sudo distributions with pax in ustar mode. No longer need
8973 to use a temp file or have the source dir name match the version.
8976 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
8979 Fix expansion of %h in #include names. Fixes bugzilla 363
8982 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
8985 If no arg assume def_data.in
8990 [f5ad45f69f05] [SUDO_1_7_2]
8996 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
8998 * sudoers.cat, sudoers.man.in, sudoers.pod:
8999 Add missing single quotes around a colon in Runas_Spec definition.
9003 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
9005 * sudo.man.in, sudoers.man.in:
9010 In rbrepair, re-color the root or the first non-block node we find
9011 to be black. Re-coloring the root is probably not needed but won't
9015 * sudo.cat, sudoers.cat:
9019 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
9022 When repairing the tree, don't touch the root node.
9025 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
9028 Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
9029 Reported by Josef Schmid.
9032 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
9035 Document that we accept env_pam-style environment files
9039 Adapt to accept pam_env-style /etc/environment which allows shell-
9040 style lines such as: export EDITOR="/usr/bin/vi"
9044 Make it clear that env_delete only works when !env_reset. From Lo??c
9048 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
9050 * sudo.pod, sudoers.pod:
9051 Add non-unix group bits, adapted from Quest
9055 build the .cat page in the current working dir, not the src dir
9059 Return EINVAL in setenv() if var is NULL or the empty string to
9060 match glibc behavior.
9063 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
9065 * configure, configure.in:
9066 Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
9069 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
9071 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9072 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
9076 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
9079 Document --with-libvas and --with-libvas-rpath
9082 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
9084 * ldap.c, sudoers.ldap.pod:
9085 For netscape-derived LDAP SDKs the cert and key paths may be a
9086 directory or a file. However, version 5.0 of the SDK only seems to
9087 support using a directory. If ldapssl_clientauth_init fails and the
9088 cert or key paths look like they could be files, strip off the last
9089 path element and try again.
9093 Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
9096 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
9098 * configure, configure.in, match.c, sudo.c, vasgroups.c:
9099 Update non-Unix group support from Quest, as reworked by me.
9107 Add support for escaped hex chars in names, e.g. \x20 for space.
9110 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
9112 * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
9113 auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
9114 fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
9115 logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
9116 set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
9117 sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
9118 tgetpass.c, toke.l, visudo.c:
9119 Update copyright years.
9122 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
9124 * interfaces.c, lbuf.c:
9125 Minor fixes for Minix-3
9128 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
9131 Handle getgroups() returning 0. Also add missing check for
9135 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
9137 * Makefile.in, config.h.in, configure, configure.in, sudo.c,
9138 version.h, visudo.c:
9139 Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
9142 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
9145 Remove group setting code in setusercontext case, we will do it
9146 ourselves later on in runas_setup. Set the gid after
9147 initgroups/setgroups is called, since on Mac OS X it seems to change
9151 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
9153 * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
9155 Initial bits of non-unix group support using Quest Authentication
9160 Accept %:foo as a non-Unix group
9164 Allow user/group to be double quoted in the case of non-Unix groups
9165 which contain spaces.
9168 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
9171 Don't allow the user to specify the default runas user if their
9172 sudoers entry only allows them to run as a group.
9175 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
9178 Must call audit_success before we change uids.
9181 * logging.c, set_perms.c, sudo.h, testsudoers.c:
9182 Add option for set_perm to not exit on failure and use this in the
9187 In -l mode, if the user is only allowed to run as a group, display
9188 the user's name, not root's before the allowed group.
9192 Fix -g mode, broken by rev 1.503 which had the side effect of
9193 setting the runas user to root unilaterally.
9196 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
9199 When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
9203 Only cache by the method we fetched for pwd and grp lookups.
9204 Previously we cached both by namd and id but this can cause problems
9205 for entries that share the same id. Also add more info in the error
9206 message in case the insert fails (which should now be impossible).
9209 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
9212 Add a clarification from Nick Sieger
9215 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
9218 Inline the setting of the environment string.
9221 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
9224 setenv(3) in Linux treats a NUL value as the empty string setenv(3)
9225 in BSD doesn't return an error if the name has '=' in it, it just
9226 treats the '=' as end of string.
9229 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
9232 Not all systems have d_namlen
9235 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
9238 Fix up some pod2html issues.
9241 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
9244 Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
9249 Ignore files ending in '~' in sudo.d (emacs backup files)
9253 Ignore files ending in '~' in sudo.d (emacs backup files)
9256 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
9258 * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
9259 For #includedir, ignore any file containing a dot
9262 * Makefile.in, version.h:
9266 * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
9267 sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
9269 Implement #includedir directive. Files in an includedir are not
9270 edited by visudo unless they contain a syntax error.
9275 [8741ed61a78b] [SUDO_1_7_1]
9278 Forgot umask_override
9285 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
9288 Rewind stream if we fdopen sudoers since it may not be at the
9289 beginning. Set the keepopen flag on already-open files too so the
9290 lexer doesn't close them out from under us.
9294 Print the proper file name when there is a parse error in an include
9298 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
9304 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
9306 * configure, configure.in:
9307 Fix a warning when --without-ldap is specified.
9310 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
9312 * alias.c, parse.h, visudo.c:
9313 Store aliases that we remove during check_aliases in a freelist and
9314 free them at the end so we don't leak memory.
9317 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
9320 Check aliases in -c mode too.
9323 * alias.c, parse.h, visudo.c:
9324 Make alias_remove return the alias struct instead of freeing it
9325 directly. Fixes a use after free in alias_remove_recursive, the only
9329 * alias.c, match.c, parse.c, parse.h, visudo.c:
9330 Rename find_alias -> alias_find for consistency.
9333 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
9336 When checking for unused aliases, recurse if the alias points to
9340 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
9343 Back out rev 1.105 for now. Real ldapux_client.conf support will be
9344 done later after some refactoring.
9347 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
9350 Treat ldap_hostport the same as "host" for ldapux.
9353 * configure, configure.in:
9354 Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
9355 Fixes compilation with ldapux.
9358 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
9364 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
9367 remove errant carriage returns
9374 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9375 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
9379 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
9382 Add missing HAVE_BSM_AUDIT
9390 Mention --with-netsvc
9394 Document netsvc.conf support
9397 * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
9399 Add support for AIX netsvc.conf (like nsswitch.conf).
9402 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
9404 * config.h.in, configure, configure.in, env.c:
9405 Add --enable-env-debug flag to enable environment sanity checks.
9408 * sudoers.ldap.pod, sudoers.pod:
9409 Work around some pod2html issue.
9412 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
9415 Only sync environ for putenv, setenv, and unsetenv. We need to make
9416 sure that sudo_putenv and sudo_setenv only modify env.envp, not
9420 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
9423 Really fix UNSETENV_VOID
9427 Fix unsetenv when UNSETENV_VOID
9430 * aclocal.m4, configure:
9431 Fix SUDO_FUNC_PUTENV_CONST
9435 tivoli-based ldap does not have ldapssl_err2string
9442 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
9444 * config.h.in, configure, configure.in, ldap.c:
9445 Add support for Tivoli-based LDAP start TLS as seen in AIX.
9450 Add sanity checks for setenv/unsetenv
9454 Include bsm_audit.h in the tarball
9457 * Makefile.in, version.h:
9458 bump version for sudo 1.7.1
9461 * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
9462 env.c, ldap.c, sudo.h:
9463 Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
9464 provide our own setenv/unsetenv/putenv that operates on own env
9465 pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
9468 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
9471 Make "sudoedit -h" work as expected
9475 Make sure def_prompt is always defined. This is a workaround for
9476 pam configs that prompt for a password in the session but don't have
9477 an auth line. A better fix is to expand the sudo prompt earlier and
9478 set def_prompt to that when initializing.
9482 Mention that the helper for -A may be graphical.
9486 Document what happens if there is no tty.
9498 Fix "sudo -k" with no other args
9501 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
9503 * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
9504 Allow the -k flag to be specified in conjunction with a command or
9505 another option that may require authentication.
9508 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
9510 * configure, configure.in:
9511 Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
9515 Parallel make fix. From Diego E. 'Flameeyes'
9518 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
9520 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
9521 Implement umask_override
9528 * sudoers.pod, toke.l, visudo.c:
9529 Implement %h escape in sudoers include filenames.
9533 Need to include compat.h
9536 * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
9537 Make audit_success and audit_failure generic functions in
9538 preparation for integrating linux audit support.
9542 remove duplicate include
9545 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
9552 May need to update the runas user after parsing command-based
9556 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
9559 Add missing pair of braces introduced with character class support.
9562 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
9564 * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
9565 Rename pwstars to pwfeedback
9568 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
9570 * bsm_audit.c, bsm_audit.h:
9571 Add const to make MacOS happy.
9574 * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
9575 configure.in, sudo.c:
9576 Add bsm audit support from Christian S.J. Peron
9580 This is new code, no DARPA notice.
9583 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
9585 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
9586 Rename simple_glob -> fast_glob
9593 * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
9594 Add simple_glob option to use fnmatch() instead of glob(). This is
9595 useful when you need to specify patterns that reference network file
9607 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
9610 Delete any pwstars we wrote after the user hits return. That way
9611 there is no record on screen as to the user's password length.
9614 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
9617 Move terminal setting bits from tgetpass.c to term.c
9620 * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
9622 Add pwstars sudoers option that causes sudo to print a star every
9623 time the user presses a key.
9626 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
9629 Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
9632 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
9635 For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
9636 indicate no limit. From Mark Janssen.
9639 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
9642 Comments that begin with #- should not be parsed as uids.
9645 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
9648 Do not try to set the close on exec flag if we didn't actually open
9652 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
9656 [e11f0e4c1bdd] [SUDO_1_7_0]
9658 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
9664 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
9667 Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
9671 * configure, configure.in:
9672 Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
9673 as it cannot generate shared objects.
9676 * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
9677 K&R compilation fixes
9681 Use tq_foreach_fwd when checking pseudo-commands to make it clear
9682 that we are not short-circuiting on last match. When pwcheck is
9683 'all', initialize nopass to TRUE and override it with the first non-
9687 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
9690 Do not short circuit pseudo commands when we get a match since,
9691 depending on the settings, we may need to examine all commands for
9695 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
9697 * sudoers.cat, sudoers.man.in:
9702 hostnames may also contain wildcards
9706 remove stamp-* files and linux core files in clean target
9709 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
9711 * auth/sudo_auth.h, config.h.in, configure, configure.in:
9712 Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
9715 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
9717 * configure, configure.in:
9718 correctly enable SIA on Digital UNIX
9729 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
9731 * check.c, sudo.h, tgetpass.c:
9732 Even if neither stdin nor stdout are ttys we may still have /dev/tty
9736 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
9738 * sudoers.cat, sudoers.man.in:
9743 fix typos; Markus Lude
9755 Fix matching of a line that only consists of a comment char
9758 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
9761 MacOS pam will retry conversation function if it fails so just treat
9762 ^C as an empty password.
9766 When checking for alias use, also check defaults bindings.
9774 Replace my rbdelete with Emin's version (which actually works ;-)
9777 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
9784 malloc options in devel mode for visudo too
9787 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
9790 fix compilation on non-C99; from Theo
9798 when destroying an alias, free the correct data pointer
9802 add proto for aixauth_cleanup; from Dale King
9805 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
9807 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
9812 * sudo.pod, sudoers.pod, visudo.pod:
9813 standardize on the term 'option' for command line options (not flag)
9816 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
9819 Add note on configuring HP-UX pam
9822 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
9825 Move tty checks into check_user() so we only do them if we actually
9830 Don't error out if no tty or askpass unless we actually need to
9834 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
9840 * pathnames.h.in, sudo.c:
9841 s/overriden/overridden/; from Tobias Stoeckmann
9844 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
9846 * WHATSNEW, visudo.c:
9847 check sudoers owner and mode in strict mode
9854 * sudo.man.in, sudoers.man.in, visudo.man.in:
9855 Update copyright years.
9858 * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
9859 auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
9860 auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
9861 closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
9862 gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
9863 interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
9864 parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
9865 sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
9866 testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
9867 visudo.pod, zero_bytes.c:
9868 Update copyright years.
9871 * emul/charclass.h, fnmatch.c, glob.c:
9875 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
9878 The loop in fill_cmnd() was going one byte too far past the end,
9879 resulting in a NUL being written immediately after the buffer end.
9882 * UPGRADE, WHATSNEW:
9883 add sections on tgetpass changes
9887 Treat EOF w/o newline as an error.
9890 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
9893 Fix "sudo -v" when NOPASSWD is set.
9896 * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
9898 No longer treat an empty password at the prompt as special. To quit
9899 out of sudo you now need to hit ^C at the password prompt.
9902 * sudoers.cat, sudoers.man.in:
9906 * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
9907 Sudo will now refuse to run if no tty is present unless the new
9908 visiblepw sudoers flag is set.
9911 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
9914 just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
9919 fix fallback value for RLIM_SAVED_MAX
9922 * auth/aix_auth.c, auth/sudo_auth.h:
9923 Move clearing of AUTHSTATE into aixauth_cleanup.
9926 * auth/aix_auth.c, env.c:
9927 Unset AUTHSTATE after calling authenticate() as it may not be
9928 correct for the user we are running the command as.
9932 Add isblank() function for systems without it. Needed for POSIX
9933 character class matching in fnmatch.c and glob.c.
9936 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
9939 expound on sudo and cd
9942 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
9948 * sudoers.cat, sudoers.man.in:
9953 mention defauts parse order
9956 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
9958 * Makefile.in, aclocal.m4, compat.h, configure:
9959 Add isblank() function for systems without it. Needed for POSIX
9960 character class matching in fnmatch.c and glob.c.
9964 add emul/charclass.h to HDRS
9967 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
9973 * defaults.c, parse.c, testsudoers.c, visudo.c:
9974 Move update_defaults into defaults.c and call it properly from
9975 visudo and testsudoers.
9978 * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
9980 use zero_bytes() instead of memset() for consistency
9983 * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
9985 Zero out sigaction_t before use in case it has non-standard entries.
9993 Short circuit glob() checks if basename(pattern) !=
9994 basename(command). Refactor code that checks for a command in a
9995 directory and use it in the glob case if the resolved pattern ends
9999 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
10001 * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
10002 Defer setting runas defaults until after runaspw/gr is setup.
10005 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
10007 * match.c, sudo.c, testsudoers.c:
10008 Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
10009 systems do not include space for the NUL in the size. Also manually
10010 NUL-terminate buffer from gethostname() since POSIX is wishy-washy
10014 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
10016 * sudo.c, sudoers.pod:
10017 When setting the umask, use the union of the user's umask and the
10018 default value set in sudoers so that we never lower the user's umask
10019 when running a command.
10023 Don't try to read from a zero-length sudoers file. Remove the bogus
10024 Solaris work-around for EAGAIN. Since we now use fgetc() it should
10028 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
10031 In update_defaults() check the return value of user*_matches against
10032 ALLOW so we don't inadvertantly match on UNSPEC.
10035 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
10037 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
10038 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
10039 regen man pages; no more hyphenation
10043 Don't error out on a zero-length sudoers file. With the advent of
10044 #include the user could create a situation where sudo is unusable.
10047 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
10049 * auth/kerb5.c, config.h.in, configure, configure.in:
10050 Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
10051 krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
10052 all. Add configure tests to handle all the cases.
10055 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
10062 document sudoers_locale
10065 * sudo.pod, sudo_edit.c:
10066 add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
10071 In fill_cmnd(), collapse any escaped sudo-specific characters.
10072 Allows character classes to be used in pathnames.
10075 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
10078 fix typo in non-C89 function declaration
10082 Mention POSIX characters classes now that out fnmatch() and glob()
10086 * sample.sudoers, sudoers.pod:
10087 Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
10092 use __signed char if we are going to assign a negative value since
10093 on Power, char is unsigned by default
10096 * config.h.in, configure, configure.in:
10097 Add tests for __signed char and signed char.
10101 Fix AIX limit setting. getuserattr() returns values in disk blocks
10102 rather than bytes. The default hard stack size in newer AIX is
10103 RLIM_SAVED_MAX. From Dale King.
10106 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
10108 * emul/charclass.h, fnmatch.c, glob.c:
10109 Add character class support to included glob(3) and fnmatch(3).
10112 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
10115 Remove UCB advertising clause and some compatibility defines.
10118 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
10121 Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
10122 or sudo. This allows one to set EDITOR to sudoedit without getting
10123 into an infinite loop of sudoedit running itself until the path gets
10127 * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
10128 Add sudoers_locale Defaults option to override the default sudoers
10132 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
10135 Set locale to system default except for during sudoers parse.
10138 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
10141 Redo change in 1.34 to use pointer arithmetic.
10144 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
10147 Fix a dereference (read) of a freed pointer. Reported by Patrick
10151 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
10154 Set locale to "C" to avoid interpretation issues with character
10155 ranges in sudoers. May want to make the locale a sudoers option in
10159 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
10162 we no longer use setproctitle
10169 * LICENSE, mkstemp.c:
10170 Use my replacement mkstemp() from the mktemp package.
10173 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
10176 regen with yacc skeleton bug fixed
10180 Remove duplicate "as root". From Martin Toft.
10183 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
10185 * pwutil.c, sudo.c, sudo.h, testsudoers.c:
10186 Flesh out the fake passwd entry used for running commands as a uid
10187 not listed in the passwd database. Fixes an issue with some PAM
10191 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
10194 Error out in -i mode if the user has no shell. This can happen when
10195 running commands as a uid with no password entry.
10198 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
10201 Better fix for line continuation inside double quotes. Now accepts
10202 whitespace between the backslash and the newline like the main
10206 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
10209 Fix line continuation in strings. It was only being honored if
10210 preceded by whitespace.
10213 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
10215 * config.h.in, configure, configure.in, logging.c:
10216 Replace the double fork with a fork + daemonize.
10219 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
10222 The -i flag should imply env_reset. This got broken in sudo 1.6.9.
10225 * logging.c, sudo.c, sudo_edit.c, visudo.c:
10226 Change how the mailer is waited for. Instead of having a SIGCHLD
10227 handler, use the double fork trick to orphan the child that opens
10228 the pipe to sendmail. Fixes a problem running su on some Linux
10232 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
10234 * configure, configure.in:
10235 Fix configure test for dirfd() on Linux where DIR is opaque.
10238 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
10241 Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
10242 this problem we'll need to revisit this again.
10245 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
10248 Ignore SIGPIPE instead of blocking it when piping to the mailer. If
10249 we only block the signal it may be delivered later when we unblock.
10250 Also, there is no need to block SIGCHLD since we no longer do the
10251 double fork. The normal SIGCHLD handler is sufficient.
10254 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
10256 * configure, configure.in:
10257 Add description for NO_PAM_SESSION, from a redhat patch.
10260 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
10262 * sudo.cat, sudo.man.in, sudo.pod:
10263 Fix typos in -i usage
10266 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
10268 * configure, configure.in:
10269 Redo the test for dgettext() in a way that hopefully will work
10270 around the libintl_dgettext() undefined problem.
10273 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
10275 * schema.ActiveDirectory:
10276 change filename in comment
10279 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
10281 * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
10283 Reference schema.ActiveDirectory
10286 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
10288 * schema.OpenLDAP, schema.iPlanet:
10289 Mark sudoRunAs as deprecated.
10292 * schema.ActiveDirectory:
10293 add sudoRunAsUser and sudoRunAsGroup
10296 * schema.ActiveDirectory:
10297 Active Directory schema by Chantal Paradis and Eric Paquet
10300 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
10303 remove an XXX that was fixed
10311 Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
10312 fixes a problem where the tag value printed was influenced by
10313 defaults set in the first pass through the parser.
10316 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
10318 * Makefile.in, sudo.psf:
10319 No point in packaging the TODO file
10326 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
10328 * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
10329 sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
10330 Add env_file Defaults option that is similar to /etc/environment on
10334 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
10336 * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
10337 sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
10338 version.h, visudo.cat, visudo.man.in:
10339 change version to 1.7.0
10343 initial valgrind pass done
10346 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
10349 Fix typo/think in sudo_ldap_read_secret() when storing the secret.
10352 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
10355 define LDAPS_PORT if the system headers do not
10358 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
10361 Fix another memory leak in init_parser().
10364 * configure, configure.in:
10365 There was a missing space before the ldap libs in SUDO_LIBS for some
10369 * alias.c, gram.c, gram.y, toke.c, toke.l:
10370 Clean up some memory leaks pointed out by valgrind.
10373 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
10376 fix "sudo -s" broken by mode/flags breakout
10379 * configure, configure.in:
10380 remove duplicate check for dgettext
10383 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
10386 Fall back to default stanza if no user-specific limit is found.
10389 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
10392 include stdint.h if present
10396 Use LLONG_MAX, not the old QUAD_MAX
10399 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
10401 * sudoers.ldap.pod:
10405 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
10411 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
10414 remove useless cast
10417 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
10428 Split MODE_* defines into primary and flags.
10431 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
10434 It turns out the logic for getting AIX limits is more convoluted
10435 than I realized and differs depending on whether the soft and/or
10436 hard limits are defined.
10439 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
10441 * Makefile.in, configure, configure.in:
10442 Back out AIX-specific change to set the sudo_noexec path to the .a
10443 file, we do really want to use the .so file. Since libtool doesn't
10444 do that correctly, just install the .so file ourselves in the
10449 If the file given to install is a path, only use the basename of the
10450 file when building the destination path.
10453 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
10456 parse_args() cleanup: Sort command line options in the getopt()
10457 switch The -U option requires a parameter Normalize a few ISSET
10458 calls Split mode into mode and flags and retire the now-obsolete
10462 * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
10464 Add -n (non-interactive) flag.
10468 Move version printing, etc. into a separate function.
10472 Don't try to cleanup nsswitch if it has not been initialized.
10475 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
10478 Block SIGPIPE in send_mail() so sudo is not killed by a problem
10479 executing the mailer.
10482 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
10484 * configure, configure.in:
10485 AIX shared libs end in .a, not .so.
10488 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
10491 Preserve HOME by default too. Matches documentation and previous
10495 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
10498 Use getopt() to parse the command line. We need to be able to
10499 intersperse env variables and options yet still honor "--"" which
10500 complicates things slightly.
10503 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
10509 * acsite.m4, configure, ltmain.sh:
10510 update to libtool-1.5.26
10513 * config.guess, config.sub:
10514 update from libtool-1.5.26 distribution
10518 attempt to fix compilation errors on AIX
10522 fix typo in last commit
10526 Add WHATSNEW file to the distribution
10530 use warningx instead of fprintf(stderr, ...)
10534 add DEBUG to list2tq
10545 * Makefile.in, aix.c, config.h.in, configure, configure.in,
10546 set_perms.c, sudo.h:
10547 Add aix_setlimits() to set resource limits on AIX using a
10548 combination of getuserattr() and setrlimit(). Currently untested.
10551 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
10553 * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
10554 sudoers.man.in, sudoers.pod:
10555 Add mailfrom Defaults option that sets the value of the From: field
10556 in the warning/error mail. If unset the login name of the invoking
10561 store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
10565 When adding a default, only call list2tq() once to do the list to tq
10566 conversion. It is not legal to call list2tq multiple times on the
10567 same list since list2tq consumes and modifies the list argument.
10570 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
10571 comment out XXXs for now
10578 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
10581 Error out if both -A and -S are specified Error out if -A is
10582 specified but no askpass is configured
10585 * configure, configure.in:
10586 we are not going to ship a sudo-specific askpass
10589 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
10592 fix definition of TGP_ASKPASS
10595 * def_data.c, def_data.in:
10596 make askpass boolean-capable
10600 document --with-askpass
10603 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
10604 sudoers.man.in, visudo.cat:
10608 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
10610 * sudo.pod, sudo_usage.h.in, sudoers.pod:
10611 document -A and askpass
10614 * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
10615 def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
10616 sudo_usage.h.in, tgetpass.c:
10617 Add support for running a helper program to read the password when
10618 no tty is present (or when specified with the -A flag). TODO: docs.
10621 * def_data.c, def_data.in:
10622 add missing printf format to SELinux role and type strings
10625 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
10627 * INSTALL, configure, configure.in:
10628 Disable use of gss_krb5_ccache_name() by default and add
10629 --enable-gss-krb5-ccache-name configure option to enable it. It
10630 seems that gss_krb5_ccache_name() doesn't work properly with some
10631 combinations of Heimdal and OpenLDAP.
10634 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
10637 Ignore setexeccon() failing in permissive mode. Also add a call to
10638 setkeycreatecon() (though this is probably insufficient). From Dan
10643 Only set std_prompt for the PAM_PROMPT_* cases. The conversation
10644 function may be called for non-password reading purposes so we must
10645 be careful not to use def_prompt in cases where it may not be set.
10648 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
10651 Don't free the new tty context, we need to keep it around when we
10652 restore the tty context after the command completes
10655 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
10661 * sudo.man.pl, sudo.pod:
10662 Only put login_cap(3) in SEE ALSO section if we have login.conf
10666 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
10668 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
10669 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
10674 Substitute in comment characters for lines partaining to login.conf,
10675 BSD auth and SELinux and only enable them if pertinent.
10679 Substitute in comment characters for lines partaining to login.conf,
10680 BSD auth and SELinux and only enable them if pertinent.
10684 Substitute in comment characters for lines partaining to login.conf,
10685 BSD auth and SELinux and only enable them if pertinent.
10689 Substitute in comment characters for lines partaining to login.conf,
10690 BSD auth and SELinux and only enable them if pertinent.
10693 * Makefile.in, configure, configure.in:
10694 Substitute in comment characters for lines partaining to login.conf,
10695 BSD auth and SELinux and only enable them if pertinent.
10698 * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
10699 Remove the =cut on the first line (above the copyright notice) to
10700 quiet pod2man. Also remove the hackery in the FILES section and
10701 just deal with the fact that there will a newline between each
10705 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
10708 run sudo.man.pl when generating sudo.man.in
10711 * configure, configure.in, sudo.man.pl:
10712 comment out SELinux manual bits unless --with-selinux was specified
10716 document role and type defaults for SELinux
10719 * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
10720 Document "sudo -ll" and make "sudo -l -l" be equivalent.
10723 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
10725 * configure, configure.in:
10726 Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
10727 Debian GNU/kFreeBSD.
10730 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
10733 Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
10734 verify_krb_v5_tgt()
10737 * logging.c, logging.h, sudo.c:
10738 Remove dependence on VALIDATE_NOT_OK in logging functions. Split
10739 log_auth() into log_allowed() and log_denial() Replace mail_auth()
10740 with should_mail() and a call to send_mail()
10743 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
10746 Add debugging so we can tell if the krb5 ccache is accessible
10750 mention --with-selinux
10753 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
10763 * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
10764 sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
10765 testsudoers.c, toke.c, toke.l:
10766 Add support for SELinux RBAC. Sudoers entries may specify a role
10767 and type. There are also role and type defaults that may be used.
10768 To make sure a transition occurs, when using RBAC commands are
10769 executed via the new sesh binary. Based on initial changes from Dan
10774 Add support for SELinux RBAC. Sudoers entries may specify a role
10775 and type. There are also role and type defaults that may be used.
10776 To make sure a transition occurs, when using RBAC commands are
10777 executed via the new sesh binary. Based on initial changes from Dan
10781 * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
10782 def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
10783 pathnames.h.in, selinux.c:
10784 Add support for SELinux RBAC. Sudoers entries may specify a role
10785 and type. There are also role and type defaults that may be used.
10786 To make sure a transition occurs, when using RBAC commands are
10787 executed via the new sesh binary. Based on initial changes from Dan
10791 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
10793 * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
10794 Add long list (sudo -ll) support for printing verbose LDAP and
10795 sudoers file entries. Still need to update manual.
10798 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
10800 * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
10801 Unify the -l output for file and ldap based sudoers and use lbufs
10802 for both. The ldap output does not currently include options that
10803 cannot be represented as tags. This will be remedied in a long list
10804 output mode to come.
10807 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
10810 Use a specific error message for errno == EAGAIN when setuid() et al
10811 fails. On Linux systems setuid() will fail with errno set to EAGAIN
10812 if changing to the new uid would result in a resource limit
10817 Unlimit nproc on Linux systems where calling the setuid() family of
10818 syscalls causes the nroc resource limit to be checked. The limits
10819 will be reset by pam_limits.so when PAM is used. In the non-PAM
10820 case the nproc limit will remain unlimited but there doesn't seem to
10821 be a way around that other than having sudo parse
10822 /etc/security/limits.conf directly.
10825 * env.c, sudo.c, sudo.pod:
10826 Only read /etc/environment on Linux and AIX
10829 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
10831 * configure, configure.in:
10832 Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
10833 ldap.conf and ldap.secret paths from going into config.h. Avoid
10834 single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
10835 since in some versions of bash they will end up literally in the
10839 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
10842 mention --with-nsswitch=no
10845 * configure, configure.in:
10846 ldap_ssl.h depends on ldap.h being included first
10849 * config.h.in, configure, configure.in, ldap.c:
10850 Include ldap_ssl.h if we can find it. Needed for the
10851 ldapssl_set_strength defines on HP-UX at least.
10854 * sudoers.ldap.pod:
10862 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
10863 sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
10868 Use 78n line length when formatting cat pages.
10872 Remove redundant info that is now in sudoers.ldap.pod
10875 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
10877 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
10878 Reorganize the first section a bit. Substitute the proper path for
10882 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
10883 Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
10884 schema into EXAMPLES
10887 * configure, configure.in:
10888 Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
10892 * configure, configure.in:
10893 substitute for sudoers.ldap.man
10897 Fix cut & pasto introduced when adding sudoers.ldap man page.
10900 * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
10901 Fill in some of the missing pieces. Still needs some reorganization
10905 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
10907 * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
10909 Beginnings of a sudoers.ldap man page. Currently, much of the
10910 information is adapted from README.LDAP.
10913 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
10916 When copying gr_mem we must guarantee that the storage space for
10917 gr_mem is properly aligned. The simplest way to do this is to
10918 simply store gr_mem directly after struct group. This is not a
10919 problem for gr_passwd or gr_name as they are simple strings.
10923 Fix a typo/thinko in one of the calls to
10924 sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
10927 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
10929 * config.h.in, configure, configure.in, ldap.c:
10930 include <mps/ldap_ssl.h> in ldap.c if available
10933 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
10936 Make sure we define SIZE_MAX for yacc's skeleton.c
10940 Use TCSAFLUSH when restoring terminal settings (and echo) to
10941 guarantee that any pending output is discarded
10944 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
10947 no longer need to specify SETENV when user has sudo ALL
10951 sync user_args size calculation with sudo.c Add -g group option,
10952 renaming old -g to -G Add set_runasgr() and set_runaspw() and use
10957 Make set_runaspw static void
10960 * testsudoers.c, visudo.c:
10961 g/c set_runaspw stub
10964 * configure, configure.in:
10965 Don't add -llber twice.
10968 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
10974 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
10980 * configure, configure.in:
10981 Fix check that determines whether -llber is required.
10984 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
10985 For netscape-based LDAP, use ldapssl_set_strength() to implement the
10986 checkpeer ldap.conf option.
10990 Delay krb5_cc_initialize() until we actually need to use the cred
10991 cache, which is what krb5_verify_user() does. Better cleanup on
10995 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
10998 Rewrite verify_krb_v5_tgt() based on what heimdal's
10999 krb5_verify_user() does.
11002 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
11005 The U suffix on constants is an ANSI feature
11008 * configure, configure.in:
11009 Add check for ber_set_option() in -llber
11012 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
11015 default if no nsswitch.conf is files only
11018 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
11021 don't tell people to mail aaron about LDAP stuff
11025 timelimit and bind_timelimit
11033 Move ldap.secret reading into a separate function.
11037 user_runas -> runas_pw
11040 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
11046 * check.c, sudo.pod, sudoers.pod:
11047 Add and document the %p escape in the password prompt. Based on a
11048 patch from Patrick Schoenfeld.
11052 Check strlcpy() return values.
11056 refactor ldap binding code into sudo_ldap_bind_s()
11060 Make it clear that host and uri can take multiple parameters. URI is
11061 now supported for more than just openldap nsswitch.conf does't
11066 comment cleanup and update (c) year
11069 * parse.c, sudo_nss.c:
11070 Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
11071 This should make it possible to build an LDAP-only sudo binary.
11074 * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
11075 Improve chaining of multiple sudoers sources by passing in the
11076 previous return value to the next in the chain
11080 Free up parser data structures in sudo_file_close().
11084 Free up parser data structures in sudo_file_close().
11088 Parse uri ourself if no ldap_initialize() is present Use
11089 ldap_create() instead of deprecated ldap_init() Use
11090 ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
11093 * config.h.in, configure, configure.in:
11094 Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
11098 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
11100 * config.h.in, configure, configure.in:
11101 add check for ldap_create
11104 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
11106 * config.h.in, configure, configure.in, ldap.c:
11107 Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
11108 dn using the mechanism appropriate for the LDAP SDK in use. Use
11109 ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
11110 ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
11117 * config.h.in, configure.in:
11118 fix typo in mtim_getnsec
11121 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
11123 * config.h.in, configure, configure.in:
11124 add check for st__tim in struct stat as used by SCO
11128 use ldap_search_ext_s instead of deprecated ldap_search_s
11131 * Makefile.in, TODO, sudo.cat, sudo.man.in:
11132 add sudo_nss.h to HDRS
11136 Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
11140 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
11143 Use ldap_get_values_len()/ldap_value_free_len() instead of the
11144 deprecated ldap_get_values()/ldap_value_free().
11155 * gettime.c, sudo.c:
11156 Remove some already fixed XXXs
11160 Same return value as non-existent sudoers if LDAP was unable to
11165 mention /etc/environment
11168 * README.LDAP, UPGRADE, WHATSNEW:
11169 Update to reflect recent developments.
11173 Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
11177 When building up a query don't list groups in the aux group vector
11178 that are the same as the passwd file group. On most systems the
11179 first gid in the group vector is the same as the passwd entry gid.
11183 Define LDAPNOINIT before calling ldap_init(), etc. to disable user
11184 ldaprc and system defaults that could affect how LDAP works.
11187 * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
11188 sudo_nss.c, sudo_nss.h:
11189 Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
11190 to specify nsswitch.conf path or disable it. If --with-nsswitch=no
11191 but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
11192 file and --with-ldap-secret-file
11196 Honor def_ignore_local_sudoers
11199 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
11202 no longer need to check def_ignore_local_sudoers here
11206 Refactor group vector resetting into a function and also call it
11207 from display_cmnd. Stop after the first sucessful match in
11208 display_cmnd. Print a newline between each display_privs method.
11212 fix double free introduced in rev 1.218
11216 belt and suspenders; zero out result after freeing it
11219 * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
11220 Refactor line reading into a separate function, sudo_parseln(),
11221 which removes comments, leading/trailing whitespace and newlines.
11222 May want to rethink the use of sudo_parseln() for /etc/ldap.secret
11226 Make the inability to read the sudoers file a non-fatal error if
11227 there are other sudoers sources available. sudoers_file_lookup now
11228 returns "not OK" if sudoers was not present
11232 make it clear that the global options are from LDAP
11236 allocate proper amount of space for error string
11239 * sudo_nss.c, sudo_nss.h:
11240 actual sudo nss code
11243 * ldap.c, parse.c, sudo.c, sudo.h:
11244 nss-ify display_privs and display_cmnd.
11247 * defaults.c, parse.c, testsudoers.c, visudo.c:
11248 move update_defaults() to parse.c
11251 * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
11252 Use nsswitch to hide some sudoers vs. ldap implementation details
11253 and reduce the number of #ifdef LDAP TODO: fix display routines and
11257 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
11259 * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
11260 First cut at nsswitch.conf support. Further reorganizaton and
11261 related changes are forthcoming.
11264 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
11266 * env.c, pathnames.h.in, sudo.c, sudo.h:
11267 Add support for reading and /etc/environment file. Still needs to
11268 be documented and should probably only applies to OSes that have it
11269 (AIX and Linux, maybe others).
11276 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
11282 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
11289 Add an example sudoRole, clarify netscape vs. openldap a bit more
11293 Be clear on what is OpenLDAP vs. Netscape-derived
11296 * config.h.in, configure, configure.in, ldap.c:
11297 Use ldapssl_init() for ldaps support instead of trying to do it
11298 manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
11299 and tls_key for cert7.db and key3.db respectively. Don't print
11300 debugging info for options that are not set. Add warning if
11301 start_tls specified when not supported.
11305 fix compilation on solaris
11309 add missing .h and .c files for missing lib objs
11312 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
11315 fix LDAP_OPT_NETWORK_TIMEOUT setting
11319 fix compilation on Solaris
11322 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
11324 * configure, configure.in:
11329 try to clear up which variables are for OpenLDAP and which are for
11330 netscape-derived SDKs
11333 * config.h.in, configure, configure.in, ldap.c:
11334 Add support for "ssl on" in both netscape and openldap flavors. Only
11335 the OpenLDAP flavor has been tested.
11338 * logging.c, sudo.c, sudo.h:
11339 Call cleanup() before exit in log_error() instead of calling
11340 sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
11347 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
11349 * logging.c, sudo.c, sudo.h:
11350 Better ldap cleanup.
11354 Distinguish between LDAP conf settings that are connection-specific
11355 (which take an ld pointer) and those that are default settings
11359 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
11362 Improved warnings on error.
11366 Make ldap config table driven and set the config *after* we open the
11370 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
11373 fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
11376 * configure, configure.in:
11377 some operating systems need to link with -lkrb5support when using
11381 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
11387 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
11391 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
11397 * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
11398 add -g support for LDAP
11401 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
11403 * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
11404 The -i and -s flags can now take an optional command.
11407 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
11409 * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
11411 Add passprompt_override flag to sudoers that will cause the prompt
11412 to be overridden in all cases. This flag is also set when the user
11413 specifies the -p flag.
11417 Move setting of login class until after sudoers has been parsed. Set
11418 NewArgv[0] for -i after runas_pw has been set.
11421 * configure, configure.in:
11422 Move the dgettext check.
11425 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
11427 * auth/pam.c, config.h.in, configure, configure.in:
11428 Add basic support for looking up the string "Password: " in the PAM
11429 localized text db. This allows us to determine whether the PAM
11430 prompt is the default "Password: " one even if it has been
11433 TODO: concatenate non-std PAM prompts and user-specified sudo
11437 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
11439 * Makefile.in, config.h.in, configure, configure.in, parse.c,
11440 set_perms.c, sudo.c, sudo.h:
11441 Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
11445 * acsite.m4, configure, interfaces.c, memrchr.c:
11446 Fix typos; Martynas Venckus
11449 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
11452 Don't assume runas_pw is set; it may not be in the -g case.
11455 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
11457 * logging.c, set_perms.c:
11458 Set aux group vector for PERM_RUNAS and restore group vector for
11459 PERM_ROOT if we previously changed it. Stash the runas group vector
11460 so we don't have to call initgroups more than once. Also add no-op
11461 check to check_perms.
11464 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
11466 * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
11467 ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
11468 pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
11469 sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
11470 testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
11471 Add support for runas groups. This allows the user to run a command
11472 with a different effective group. If the -g option is specified
11473 without -u the command will be run as the current user (only the
11474 group will change). the -g and -u options may be used together.
11475 TODO: implement runas group for ldap improve runas group
11476 documentation add testsudoers support
11479 * configure, configure.in:
11480 fix setting of mandir
11483 * sudo.pod, sudoers.pod:
11484 document that ALL implies SETENV
11488 s/setenv_ok/setenv_implied/g
11492 hostname_matches() returns TRUE on match in sudo 1.7.
11496 use strcmp, not strcasecmp when comparing ALL
11500 Make sudo ALL imply setenv. Note that unlike with file-based
11501 sudoers this does affect all the commands in the sudoRole.
11504 * gram.c, gram.y, parse.c, parse.h:
11505 sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
11506 it is not passed on to other commands in the list.
11510 Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
11511 sudo_getpwuid() instead of getpwuid().
11514 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
11517 Expand on the dangers of not using visudo to edit sudoers.
11520 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
11523 Don't quote *?[]! on output since the lexer does not strip off the
11524 backslash when reading those in.
11527 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
11530 expand "u_foo" types to "unsigned foo" to avoid compatibility
11534 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
11537 Refactor log line generation in to new_logline().
11540 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
11546 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
11548 * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
11550 Add configure check for struct in6_addr instead of relying on
11551 AF_INET6 since some systems define AF_INET6 but do not include IPv6
11555 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
11557 * configure, configure.in:
11558 Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
11562 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
11564 * configure, configure.in:
11565 POSIX states that struct timespec be declared in time.h so check
11566 there regardless of the value of TIME_WITH_SYS_TIME.
11569 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
11572 Instead of defining a macro to call the appropriate method for
11573 turning on/off echo, just define tc[gs]etattr() and the related
11574 defines that use the correct terminal ioctls if needed. Also go back
11575 to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
11578 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
11588 * INSTALL, auth/pam.c, config.h.in, configure.in:
11589 Add --disable-pam-session configure option to disable calling
11590 pam_{open,close}_session. May work around bugs in some PAM
11594 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
11601 Avoid printing the prompt if we are already backgrounded. E.g. if
11602 the user runs "sudo foo &" from the shell. In this case, the call
11603 to tcsetattr() will cause SIGTTOU to be delivered.
11606 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
11608 * def_data.c, def_data.h, def_data.in:
11609 Reorder things such that the definition of env_reset come right
11610 before the env variable lists.
11614 Shrink type and seqno in struct alias from int to u_short
11617 * alias.c, match.c, parse.c, parse.h:
11618 Add a sequence number in the aliases for loop detection. If we find
11619 an alias with the seqno already set to the current (global) value we
11620 know we've visited it before so ignore it.
11623 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
11625 * TODO, auth/pam.c, sudo.c, sudo.h:
11626 PAM wants the full tty path so add user_ttypath which holds the full
11627 path to the tty or is NULL if no tty was present.
11631 Set PAM_RHOST to work around a bug in Solaris 7 and lower that
11635 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
11641 * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
11642 parse.h, testsudoers.c, visudo.c:
11646 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
11649 remove some useless casts
11653 pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
11654 predates the final C99 spec and the standard specifies that it shall
11655 include stdint.h anyway
11658 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
11660 * Makefile.in, alloca.c, configure.in:
11661 Since we ship with a pre-generated parser there is no need to ship a
11662 bogus alloca implementation.
11670 remove initial setting of CHECKSIA, we require that it be unset if
11683 only do SIA checks on Digital Unix
11686 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
11688 * sudoers.cat, sudoers.man.in:
11697 Remove call to krb5_cc_register() as it is not needed for modern
11705 * aclocal.m4, configure.in:
11706 New method for setting the default authentication type and avoiding
11707 conflicts in auth types.
11710 * match.c, parse.c, testsudoers.c:
11711 Each entry in a cmndlist now has an associated runaslist so no need
11712 to keep track of the most recent non-NULL one.
11715 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
11718 back out partial ldaps support mistakenly committed
11722 Add support for unix groups and netgroups in sudoRunas
11725 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
11728 Fix sudoedit of a non-existent file. From Tilo Stritzky.
11731 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
11738 update --passprompt escape info
11742 remove now-bogus comment and update copyright date
11746 Fix up use of with_passwd
11749 * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
11750 Update to autoconf-2.61 andf libtool-1.5.24
11754 "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
11757 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
11764 move tags and runaslist propagation to be earlier
11768 If -f flag given use the permissions of the original file as a
11773 prevent a double free() when re-initing the parser
11776 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
11782 * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
11783 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
11784 auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
11785 configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
11786 parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
11787 sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
11788 Remove support for compilers that don't support void *
11795 * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
11796 parse.c, parse.h, testsudoers.c, visudo.c:
11797 Move list manipulation macros to list.h and create C versions of the
11798 more complex ones in list.c. The names have been down-cased so they
11799 appear more like normal functions.
11803 Fix cmp command when regenerating parser. Make gram.o the first
11804 dependency for all programs so gram.h will be generated before
11805 anything that needs it.
11809 Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
11812 * match.c, parse.c, testsudoers.c:
11813 Use LH_FOREACH_REV when checking permission and short-circuit on the
11814 first non-UNSPEC hit we get for the command. This means that
11815 instead of cycling through the all the parsed sudoers entries we
11816 start at the end and work backwards and quit after the first
11817 positive or negative match.
11824 * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
11825 Change list head macros to take a pointer, not a struct.
11833 Propagate the runasspec from one command to the next in a cmndspec.
11836 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
11839 Replace has_meta() with a macro that calls strpbrk().
11845 * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
11846 testsudoers.c, visudo.c:
11847 Use a list head struct when storing the semi-circular lists and
11848 convert to tail queues in the process. This will allow us to
11849 reverse foreach loops more easily and it makes it clearer which
11850 functions expect a list as opposed to a single member.
11852 Add macros for manipulating lists. Some of these should become
11855 When freeing up a list, just pop off the last item in the queue
11856 instead of going from head to tail. This is simpler since we don't
11857 have to stash a pointer to the next member, we always just use the
11858 last one in the queue until the queue is empty.
11860 Rename match functions that take a list to have list in the name.
11861 Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
11865 Fix pasto, append "!" not negated (which is an int) for sudo -l
11870 Remove the dependency of gram .h on gram.y, the .c dependency is
11871 enough. Only move y.tab.h to gram.h if it is different; avoids
11872 needless rebuilding.
11875 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
11878 Defaults lines may be associated with lists of users, hosts,
11879 commands and runas users, not just single entries.
11882 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
11885 Revert the "cmp" portion of the last diff, it doesn't make sense.
11889 Remove *.lo for clean: When generating the parser, only move the
11890 generated files into place if they differ from the existing ones.
11893 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
11896 Replace IPV6 regexp with a much simpler (readable) one and add an
11897 extra check when it matches to make sure we have a valid address.
11901 Fix thinko introduced when merging IPV6 support.
11904 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
11906 * HISTORY, LICENSE:
11915 mention #uid vs. comment pitfall
11919 Merge in a patch from the libtool cvs that fixes a problem with the
11920 latest autoconf. From Stepan Kasal.
11924 Back out he XOR swap trick, it is slower than a temp variable on
11933 Convert the tail queue to a semi-circle queue and use the XOR swap
11934 trick to swap the prev pointers during append.
11937 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
11940 remove useless statement
11944 Refactor #include parsing into a separate function and return
11945 unparsed chars (such as newline or comment) back to the lexer.
11948 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
11951 mention better uid support
11955 Users may now consist of a uid.
11958 * gram.c, gram.h, toke.c:
11963 Use lbuf_append_quoted() for sudo -l output to quote characters that
11964 would require quoting in sudoers.
11968 Add lbuf_append_quoted() which takes a set of characters which
11969 should be quoted with a backslash when displayed.
11973 Require that the first character after a comment not be a digit or a
11974 dash. This allows us to remove the GOTRUNAS state and treat
11975 uid/gids similar to other words. It also means that we can now
11976 specify uids in User_Lists and a User_Spec may now contain a uid.
11980 Replace RUNAS token with '(' and ')' tokens to make the runas
11981 portion of the grammar more natural.
11985 The BUGS file is history
11988 * Makefile.in, README:
11989 The BUGS file is history
11992 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
11995 Allow comments after a RunasAlias as long as the character after the
11996 pound sign isn't a digit or a dash.
12000 Glob support was back-ported to 1.6.9
12003 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
12006 remove sudo_usage.h in distclean
12010 If a Defaults value contains a blank, double-quote the string.
12014 Properly deal with Defaults double-quoted strings that span multiple
12015 lines using the line continuation char. Previously, the entire
12016 thing, including the continuation char, newline, and spaces was
12021 Be consistent when using single quotes and backticks.
12024 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
12026 * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
12027 sudo.c, sudo_usage.h.in:
12028 Add new linebuf code to do appends of dynamically allocated strings
12029 and word-wrapped output. Currently used for sudo's usage() and sudo
12030 -l output. Sudo usage strings are now in sudo_usage.h which is
12031 generated at configure time.
12034 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
12036 * parse.c, sudo.c, sudo.h:
12037 Fix line wrapping in usage() and use the actual tty width instead of
12041 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
12048 Mentioned Chris Jepeway's parser and also the new one that is in
12052 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
12054 * sudo.pod, visudo.pod:
12055 For the options list, add flag args where appropriate and increase
12056 the indent level so there is room for them.
12059 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
12062 Fix some spacing in "sudo -l" and add a comment about some bogosity
12063 in the line wrapping.
12066 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
12071 * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
12072 def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
12073 parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
12074 testsudoers.c, toke.c, toke.l:
12075 Remove monitor support until there is a versino of systrace that
12076 uses a lookaside buffer (or we have a better mechanism to use).
12079 * config.h.in, configure, configure.in, sudo.c:
12080 use getaddrinfo() instead of gethostbyname() if it is available
12083 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
12086 Deal with OSes where sizeof(gid_t) < sizeof(int).
12090 repair non-getifaddrs() code after ipv6 integration
12094 If we can open sudoers but fail to read the first byte, close the
12095 file stream before trying again.
12098 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
12104 * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
12105 Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
12108 * sudo.pod, sudoers.pod, visudo.pod:
12109 Add some missing markup Update copyright
12112 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
12114 * configure, configure.in:
12115 fix sudo_noexec extension which got broken in the libtool update
12118 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
12121 explicitly specify -Tascii to nroff
12124 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
12127 remove an ANSI-ism that crept in
12130 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
12133 Adjust list indents Prevent -- from being turned into an em dash Use
12134 a list for the environment instead of a literal paragraph
12138 Use a list for the environment instead of an indented literal
12143 Adjust list indentation
12150 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
12153 mention that when specifying a uid for the -u option the shell may
12154 require that the # be escaped
12157 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
12160 Fix off by one in group matching.
12163 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
12166 Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
12169 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
12171 * configure, configure.in:
12172 Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
12173 -lgssapi_krb5 case.
12176 * aclocal.m4, configure, configure.in:
12177 Fix link tests such that new gcc doesn't optimize away the test.
12180 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
12182 * sudo.pod, sudoers.pod, visudo.pod:
12183 add missing over/back
12186 * sudo.pod, sudoers.pod, visudo.pod:
12187 Change FILES section to use =item
12191 Add back allocation of the env struct in rebuild_env but save a copy
12192 of the old pointer and free it before returning.
12196 Don't init the private environment in rebuild_env() since it may
12197 have already been done implicitly sudo_setenv/sudo_unsetenv.
12199 Multiply length by sizeof(char *) in memcpy/memmove when copying the
12200 environment so we copy the full thing.
12202 Add missing set of parens so we deref the right pointer in
12203 sudo_unsetenv when searching for a matching variable.
12206 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
12208 * sudo.pod, sudoers.pod, visudo.pod:
12209 Use file markup for paths in the FILES section
12212 * sudo.pod, sudoers.pod, visudo.pod:
12213 Don't capitalize sudo/visudo
12217 Sort sudoers options; based on a diff from Igor Sobrado.
12220 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
12222 * sudo.pod, sudoers.pod, visudo.pod:
12223 Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
12224 latter confuses pod2man. The Makefile rules for the .man.in file
12225 will add @mansectsu@ and @mansectform@ back in after pod2man is done
12229 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
12231 * LICENSE, Makefile.in, license.pod:
12232 Move license info to pod format
12235 * configure, configure.in, sudoers.pod:
12236 Substitute value of path_info into sudoers man page.
12240 remove features that were back-ported to 1.6.9
12243 * sudo.c, sudo.pod, visudo.c, visudo.pod:
12244 Sort SYNOPSIS and sync usage. From Igor Sobrado.
12248 Only need sudo_setenv/sudo_unsetenv if we are going to use
12249 ldap_sasl_interactive_bind_s() but don't have
12250 gss_krb5_ccache_name().
12254 rebuild without branch info
12258 Add ChangeLog target
12262 Run cleanup code if the user hits ^C at the password prompt.
12266 Some versions of pam_lastlog have a bug that will cause a crash if
12267 PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
12271 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
12274 ChageLog not Changelog
12282 CHANGE -> Changelog
12289 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
12291 * config.h.in, configure, configure.in, ldap.c:
12292 Add configure hooks for gss_krb5_ccache_name() and the gssapi
12296 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
12299 rebuild_env() and insert_env_vars() no longer return environment
12300 pointer, they set environ directly.
12302 No longer need to pass around an envp pointer since we just operate
12305 Add dosync argument to insert_env() that indicates whether it should
12306 reset environ when realloc()ing env.envp.
12308 Use an initial size of 128 for the environment.
12312 Split sudo_setenv() into an external version and a version only for
12313 use by rebuild_env().
12316 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
12319 Add support for using gss_krb5_ccache_name() instead of setting
12320 KRB5CCNAME. Also use sudo_unsetenv() in the non-
12321 gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
12322 original environment. TODO: configure setup for
12323 gss_krb5_ccache_name()
12330 * README.LDAP, ldap.c:
12331 Add support for sasl_secprops in ldap.conf
12335 Add sudo_unsetenv() and refactor private env syncing code into
12339 * README.LDAP, ldap.c:
12340 The ldap.conf variable is sasl_auth_id not sasl_authid.
12343 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
12345 * ldap.c, sudo.c, sudo.h:
12346 Add support for krb5_ccname in ldap.conf. If specified, it will
12347 override the default value of KRB5CCNAME in the environment for the
12348 duration of the call to ldap_sasl_interactive_bind_s().
12352 Remove format_env() Add sudo_setenv() to replace most format_env() +
12353 insert_env() combinations. insert_env() no longer takes a struct
12358 Fix use_sasl vs. rootuse_sasl logic.
12361 * README.LDAP, config.h.in, configure, configure.in, ldap.c:
12362 Add support for SASL auth when connecting to an LDAP server. Adapted
12363 from a diff by Tom McLaughlin.
12366 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
12368 * configure, configure.in:
12369 Only enable AIX or BSD auth if no other exclusive auth method has
12370 been chosen. Allows people to e.g., use PAM on AIX without adding
12371 --without-aixauth. A better solution is needed to deal with default
12372 authentication since if a non-exclusive method is chosen we will
12373 still get an error.
12376 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
12378 * HISTORY, Makefile.in, history.pod:
12379 Generate HISTORY from history.pod (which is also used for web pages)
12382 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
12384 * sudo.man.in, sudoers.man.in:
12389 Better explanation of environment handling in the sudo man page.
12393 Defer setting user-specified env vars until after authentication.
12397 honor def_default_path for PATH set on the command line
12400 * env.c, sudo.c, sudo.pod, sudoers.pod:
12401 Allow user to set environment variables on the command line as long
12402 as they are allowed by env_keep and env_check. Ie: apply the same
12403 restrictions as normal environment variables. TODO: deal with
12407 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
12409 * sudo.c, sudo_edit.c:
12410 Call rebuild_env() in call cases. Pass original envp to sudo_edit().
12411 Don't allow -E or env var setting in sudoedit mode. More accurate
12412 usage() when called as sudoedit.
12420 add -c option to sudoedit synopsis
12428 Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
12429 value from {user,host,runas,cmnd}_matches(). Rename *matches
12430 variables -> *match. Purely cosmetic.
12434 Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
12442 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
12445 Make pwcheck local to the pwflag block. Use pwcheck even if user
12446 didn't match since Defaults options may still apply.
12450 Do not update timestamp if user not validated by sudoers.
12454 for PERM_RUNAS, set the egid to the runas user's gid and restore to
12455 the user's original in PERM_ROOT
12458 * logging.c, mon_systrace.c, set_perms.c, sudo.h:
12459 PERM_FULL_ROOT is now no different than PERM_ROOT so remove
12464 don't check timestamp mtime if we are just going to remove it
12468 Move sudoers defaults parameters into their own section.
12472 Reduce a level of indent by a few placed continue statements.
12476 Make matching but negated commands/hosts/runas entries override a
12477 previous match as expected. Also reduce some levels of indent by a
12478 few placed continue statements.
12481 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
12484 Print default runas in "sudo -l" if sudoers don't specify one.
12488 Less hacky way of testing whether the domain was set.
12491 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
12494 Mention pam-devel and openldap-devel for Linux
12497 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
12503 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
12506 fix typo in Solaris project support
12514 Make -- on the command line match the manual page. The implied shell
12515 case has been simplified as a result.
12518 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
12521 add simplistic support for sudoRunas; note that if a sudoers entry
12522 contains multiple Runas users, all will apply to the sudoRole
12526 honor SETENV and NOSETENV tags
12529 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
12532 Redo setting of user_args. We now build up a private copy of argv
12533 first and then replace the NULs?with spaces.
12537 getcwd() returns NULL on failure, not 0 on success
12541 allow chunksiz to reach 1 before erroring out
12544 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
12549 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
12551 * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
12552 logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
12554 Add support for setting environment variables on the command line.
12555 This is only allowed if the setenv sudoers options is enabled or if
12556 the command is prefixed with the SETENV tag.
12560 replace Aaron's email address with the sudo-workers list
12567 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
12569 * schema.OpenLDAP, schema.iPlanet:
12570 Break schema out into separate files.
12573 * Makefile.in, README.LDAP:
12574 Break schema out into separate files.
12577 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
12580 free message if set by authenticate()
12584 deal with NULL gr_mem
12587 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
12594 add template for HAVE_PROJECT_H
12601 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
12604 mention --with-project
12607 * config.h.in, configure.in, sudo.c:
12608 Add Solaris 10 "project" support. From Michael Brantley.
12620 Fix preservation of LDFLAGS in the LDAP case.
12624 Remove dependecy on NULL
12631 * aclocal.m4, configure.in:
12632 Can't use the regular autoconf fnmatch() check since we need
12633 FNM_CASEFOLD so go back to our custom one.
12637 Fix preserving of variables in env_keep.
12645 expand upon env resetting and mention that it began in 1.6.9 not
12650 Update descriptions of env_keep and env_check to match current
12654 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
12657 Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
12658 LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
12661 * env.c, logging.c:
12662 Treat USERNAME environemnt variable like LOGNAME/USER
12666 Don't need to populate keepenv table with the contents of the
12671 Don't force sudo into the C locale.
12675 Make env_check apply when env_reset it true. Environment variables
12676 are passed through unless they contain '/' or '%'. There is no need
12677 to have a variable in both env_check and env_keep.
12680 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
12683 Remove an duplicate lock_file() call and add a comment.
12687 Add sudo 1.6.9 upgrade note.
12690 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
12693 Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
12694 small. From Klaus Wagner.
12697 * logging.c, sudo.h:
12698 Redo the long syslog line splitting based on a patch from Eygene
12699 Ryabinkin. Include memrchr() for systems without it.
12703 Redo the long syslog line splitting based on a patch from Eygene
12704 Ryabinkin. Include memrchr() for systems without it.
12707 * Makefile.in, config.h.in, configure, configure.in:
12708 Redo the long syslog line splitting based on a patch from Eygene
12709 Ryabinkin. Include memrchr() for systems without it.
12713 Since we need to be able to convert timespec to timeval for utimes()
12714 the last 3 digits in the tv_nsec are not significant. This makes the
12715 sudoedit file date comparison work again.
12718 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
12720 * aclocal.m4, configure, configure.in:
12721 Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
12722 This deals with exclusive authentication methods in a simple way.
12725 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
12728 mkstemp.c is BSD code too.
12731 * sudo.pod, sudoers.pod, visudo.pod:
12732 No commercial support for now.
12735 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
12738 cleanenv() is no more.
12741 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
12744 Display branch info in Changelog
12748 Include config.h early so we have it for TIME_WITH_SYS_TIME
12752 Fix Changelog generation and update.
12755 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
12758 Use /proc/self/fd instead of /proc/$$/fd
12760 Move old-style fd closing into closefrom_fallback() and call that if
12761 /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
12764 * auth/kerb5.c, config.h.in, configure.in:
12765 o use krb5_verify_user() if available instead of doing it by hand o
12766 use krb5_init_secure_context() if we have it o pass an encryption
12767 type of 0 to krb5_kt_read_service_key() instead of
12768 ENCTYPE_DES_CBC_MD5 to let kerberos choose.
12772 Check TERM and COLORTERM for '%' and '/' characters. From Debian.
12776 Fix closefrom() substitution in the Makefile
12780 Mention alternate sudo pronunciation.
12783 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
12786 Remove KRB5_KTNAME from environment. Allow COLORTERM.
12790 If we cannot get a valid service key using the default keytab it is
12791 a fatal error. Fixes a bug where sudo could be tricked into
12792 allowing access when it should not by a fake KDC. From Thor Lancelot
12796 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
12798 * aclocal.m4, configure, configure.in:
12799 Update long long checks to use AC_CHECK_TYPES and to cache values.
12802 * aclocal.m4, configure.in:
12803 Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
12804 use AC_REPLACE_FNMATCH since that assumes replacing with GNU
12808 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
12810 * configure, configure.in:
12811 Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
12812 need it for visudo now too.
12815 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
12818 Attempt to clarify the bit talking about network numbers w/o
12823 Clarify timestamp dir ownership sentence.
12826 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
12829 Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
12833 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
12836 -i is also one of the mutually exclusive options to list it in the
12837 warning message. Noted by Chris Pepper.
12840 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
12843 The sudoers variable is env_editor, not enveditor. From Jean-
12847 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
12850 I tracked down the original author so credit him and include his
12854 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
12856 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
12858 Fix typos; from Jason McIntyre.
12862 Restore signal mask before calling reapchild(). Fixes a possible
12863 race condition that could prevent sudo from properly waiting for the
12867 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
12870 Don't declare pw_free() if we are not going to use it.
12874 Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
12875 LDR_PRELOAD64. The 64-bit version is not currently supported.
12876 Remove zero_env() prototype as it no longer exists.
12879 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
12882 Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
12885 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
12888 If the user enters ^C at the password prompt, abort instead of
12889 trying to authenticate with an empty password (which causes an
12893 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
12895 * closefrom.c, config.h.in, configure, configure.in:
12896 Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
12901 pw_free() is only used by sudo_freepwcache() so ifdef it out too.
12904 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
12906 * config.guess, config.sub:
12907 Update to latest versions from cvs.savannah.gnu.org
12910 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
12912 * pwutil.c, sudo_edit.c:
12913 Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
12914 we can close the passwd/group files early.
12917 * config.h.in, configure, configure.in, set_perms.c:
12918 Add seteuid() flavor of set_perms() for systems without setreuid()
12919 or setresuid() that have a working seteuid(). Tested on Darwin.
12922 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
12925 systrace_read() returns ssize_t
12928 * configure, configure.in:
12929 Fix typo, -lldap vs. -ldap; from Tim Knox.
12932 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
12935 Fix typo; Matt Ackeret
12938 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
12941 Print sudoers path in -V mode for root.
12944 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
12947 Do a sub tree search instead of a base search (one level in the tree
12948 only) for sudo right objects. This allows system administrators to
12949 categorize the rights in a tree to make them easier to manage.
12952 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
12958 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
12961 Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
12962 bind_timelimit support; adapted from gentoo.
12965 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
12968 Support comments that start in the middle of a line
12971 * configure, configure.in:
12972 Define LDAP_DEPRECATED until we start using ldap_get_values_len()
12975 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
12978 Silence gcc -Wsign-compare; djm@openbsd.org
12981 * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
12982 cleanup() now takes an int as an arg so it can be used as a signal
12987 Make a copy of the shell field in the passwd struct for NewArgv to
12988 avoid a use after free situation after sudo_endpwent() is called.
12991 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
12993 * config.h.in, configure, configure.in:
12994 Add mkstemp() for those poor souls without it.
12998 Add mkstemp() for those poor souls without it.
13002 Add mkstemp() for those poor souls without it.
13005 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
13008 Add PERL5DB to list of environment variables to remove.
13011 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
13013 * mon_systrace.c, mon_systrace.h:
13014 Instead of calling the check function twice with a state cookie use
13015 separate check/log functions.
13017 Check more ioctl() calls for failure.
13019 systrace_{read,write} now return the number of bytes read/written or
13024 Add more environment variables to remove; from gentoo linux Add some
13025 comments about what bad env variables go to what (more to do)
13028 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
13030 * sudo.c, sudo_edit.c:
13031 Move sudo_end{gr,pw}ent() until just before the exec since they free
13032 up our cached copy of the passwd structs, including sudo_user and
13033 sudo_runas. Fixes a use-after-free bug.
13037 Close all fd's before executing editor.
13041 Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
13045 Fix fd leak when lecture file option is enabled. From Jerry Brown
13048 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
13051 Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
13052 environment variables to remove. From Charles Morris
13055 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
13058 add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
13061 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
13064 add PS4 and SHELLOPTS to initial_badenv_table for bash
13067 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
13070 Fix typo; Toby Peterson
13073 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
13076 Make return buffers static so they don't get clobbered
13079 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
13082 Fix securid5 authentication, was not checking for ACM_OK. Also add
13083 default cases for the two switch()es. Problem noted by ccon at
13087 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
13090 Remove ncat() in favor of just counting bytes and pre-allocating
13094 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
13097 Fix up some comments Add missing fclose() for the rootbinddn case
13101 align struct ldap_config
13105 use LINE_MAX for max conf file line size
13109 add _PATH_LDAP_SECRET
13113 Mention rootbinddn Give example ou=SUDOers container
13116 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
13118 * INSTALL, configure, configure.in, ldap.c:
13119 Support rootbinddn in ldap.conf
13122 * env.c, sudo.pod, sudoers.pod:
13123 Preserve DISPLAY environment variable by default.
13126 * acsite.m4, configure:
13127 set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
13130 * acsite.m4, configure:
13131 set need_version=no for all cases; this is safe for LD_PRELOAD
13138 * configure, configure.in:
13143 Fix call to pam_end() when pam_open_session() fails.
13151 rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
13152 ltsugar.m4 ltversion.m4
13155 * config.guess, config.sub, ltmain.sh:
13156 merge in local changes: config.guess: o better openbsd support
13157 config.sub: o hiuxmpp support ltmain.sh o remove requirement that
13158 libs must begin with "lib" o don't print a bunch of crap about
13159 library installs o don't run ldconfig
13162 * config.guess, config.sub, ltmain.sh:
13167 Update with autoupdate and make minor changes for libtool 1.9f
13170 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
13173 don't call sudo_ldap_display_cmnd if ldap not setup
13176 * sudo_edit.c, visudo.c:
13177 Move declatation of struct timespec to its own include files for
13178 systems without it since it needs time_t defined.
13182 Move declatation of struct timespec to its own include files for
13183 systems without it since it needs time_t defined.
13187 Move declatation of struct timespec to its own include files for
13188 systems without it since it needs time_t defined.
13192 Move declatation of struct timespec to its own include files for
13193 systems without it since it needs time_t defined.
13196 * check.c, compat.h:
13197 Move declatation of struct timespec to its own include files for
13198 systems without it since it needs time_t defined.
13202 Don't set safe_cmnd for the "sudo ALL" case.
13205 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
13208 Call pam_open_session() and pam_close_session() to give pam_limits a
13209 chance to run. Idea from Karel Zak.
13212 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
13215 Add explicit cast from mode_t -> u_int in printf to silence warnings
13220 include grp.h to silence a warning on Solaris
13223 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
13226 Fix printing of += and -= defaults.
13229 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
13232 Sanity check number of syscall args with argsize. Not really needed
13233 but a little paranoia never hurts.
13236 * mon_systrace.c, mon_systrace.h:
13237 Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
13238 for systrace lengths (since it uses int)
13241 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
13244 Add some memsets for paranoia Fix namespace collsion w/ error Check
13245 rval of decode_args() and update_env() Remove improper setting of
13249 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
13251 * parse.c, sudo.c, sudo.h:
13252 In -l mode, only check local sudoers file if def_ignore_sudoers is
13253 not set and call LDAP versions from display_privs() and
13254 display_cmnd() instead of directly from main(). Because of this we
13255 need to defer closing the ldap connection until after -l processing
13256 has ocurred and we must pass in the ldap pointer to display_privs()
13257 and display_cmnd().
13261 Reorganize LDAP code to better match normal sudoers parsing.
13262 Instead of storing strings for later printing in -l mode we do
13263 another query since the authenticating user and the user being
13264 listed may not be the same (the new -U flag). Also add support for
13267 There is still a fair bit if duplicated code that can probably be
13271 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
13274 Replace pass variable with do_netgr for better readability.
13282 estrdup, not strdup
13285 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
13288 Add macro to test if the tag changed to improve readability.
13292 Avoid printing defaults header if there are no defaults to print...
13296 Fix a warning on systems without strlcpy().
13300 Use macros where possible for sudo_grdup() like sudo_pwdup().
13303 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
13306 It is possible for tv_usec to hold >= 1000000 usecs so add in
13310 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
13313 The component in krb5_principal_get_comp_string() should be 1, not 0
13314 for Heimdal. From Alex Plotnick.
13317 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
13319 * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
13320 interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
13321 redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
13322 Add efree() for consistency with emalloc() et al. Allows us to rely
13323 on C89 behavior (free(NULL) is valid) even on K&R.
13327 Move initgroups() for -U option into display_privs() so group
13328 matching in sudoers works correctly.
13331 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
13334 Removed duplicate call to ldap_unbind_s introduced along with
13339 Add missing space in Defaults printing
13342 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
13345 Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
13349 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
13352 Zero old pw_passwd before replacing with version from shadow file.
13355 * configure, configure.in:
13356 Only attempt shadow password detection if PAM is not being used Add
13357 shadow_* variables to make shadow password detection more generic.
13361 Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
13364 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
13367 use a non-breaking space to avoid a double space after e.g.
13371 commna, not colon after e.g.
13374 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
13377 Add __ variants of the exec functions. GNU libc at least uses
13378 __execve() internally.
13382 Match reality a bit more.
13386 Missed piece from rev. 1.6, fix sudo_getpwnam() too.
13390 Store shadow password after making a local copy of struct passwd in
13391 case normal and shadow routines use the same internal buffer in
13395 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
13397 * alloc.c, logging.c:
13398 Make varargs usage consistent with the rest of the code.
13401 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
13404 Wrap more of the exec family since on Linux the others do not appear
13405 to go through the normal execve() path.
13409 make print_unused static like proto says
13413 silence a warning on K&R systems
13416 * alias.c, error.c:
13417 make this build in K&R land
13421 make this build in K&R land
13424 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
13430 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
13433 return(foo) not return foo optimize _atobool() slightly
13441 Reformat to match the rest of sudo's code.
13445 I am the primary author
13448 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
13450 * Makefile.in, README, RUNSON:
13451 The RUNSON file is toast--it confused too many people and really
13452 isn't needed in a configure-oriented world.
13456 alternate -> alternative
13460 Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
13465 Allow leading blanks before Defaults and Foo_Alias definitions
13469 fix rules to build toke.o and gram.o in devel mode
13472 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
13475 env_keep overrides set_logname
13479 Fix disabling set_logname and make env_keep override set_logname.
13482 * compat.h, config.h.in, configure, configure.in:
13483 No longer need memmove()
13487 Just clean the environment once. This assumes that any further
13488 setenv/putenv will be able to handle the fact that we replaced
13489 environ with our own malloc'd copy but all the implementations I've
13493 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
13496 In -i mode, base the value of insert_env()'s dupcheck flag on
13497 DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
13500 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
13503 Move setting of user_path, user_shell, user_prompt and prev_user
13504 into init_vars() since user_shell at least is needed there.
13507 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
13514 Fix some printf format mismatches on error.
13518 Fix some printf format mismatches on error.
13521 * configure, gram.c, toke.c:
13525 * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
13526 auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
13527 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
13528 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
13529 auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
13530 closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
13531 emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
13532 getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
13533 interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
13534 parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
13535 snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
13536 sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
13537 testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
13538 visudo.pod, zero_bytes.c:
13539 Update copyright years.
13542 * Makefile.binary.in:
13543 Update copyright years.
13547 Update copyright years.
13550 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
13555 What's new in sudo 1.7, based on the 1.7 CHANGES entries.
13558 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
13560 * compat.h, logging.h, sudo.h:
13561 Add __printflike and use it with gcc to warn about printf-like
13565 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
13567 * CHANGES, ChangeLog:
13568 Replaced CHANGES file with ChangeLog generated from cvs logs
13572 Use warning/error instead of perror/fatal.
13576 Update OpenBSD section
13580 Add upgrading noted for 1.7
13583 * env.c, sudo.c, sudoers.pod:
13584 Instead of zeroing out the environment, just prune out entries based
13585 on the env_delete and env_check lists. Base building up the new
13586 environment on the current environment and the variables we removed
13590 * config.h.in, configure, configure.in, sudo.c:
13591 Set locale to "C" if locales are supported, just to be safe.
13595 Cast?argument to ctype functions to unsigned char.
13598 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
13601 correct value for DID_USER
13604 * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
13605 #include <compat.h> not "compat.h"
13609 Reset the environment by default.
13613 Alloc an extra slot in NewArgv. Removes the need to malloc an new
13614 vector if execve() fails.
13617 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
13619 * INSTALL, config.h.in, configure, configure.in, sudo.c:
13620 Use execve(2) and wrap the command in sh if we get ENOEXEC.
13623 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
13626 Only include time.h on systems that lack struct timespec which gets
13627 defind in compat.h (using time_t).
13631 Include time.h for time_t in compat.h for systems w/o struct
13635 * compat.h, config.h.in, configure, configure.in:
13636 use bcopy on systems w/o memmove
13640 __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
13645 Add explicit rule to build sudo_noexec.lo
13648 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
13650 * INSTALL.configure, Makefile.in:
13651 No longer depend on VPATH; pointed out a bunch of missed
13656 Help for PAM when account section is missing
13660 Give user a clue when there is a missing "account" section in the
13665 Better error handling.
13668 * config.h.in, configure, configure.in:
13669 Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
13670 possible. Silences a warning about isblank() on linux.
13674 Fix typo (missing comma) that caused an incorrect number of args to
13675 be passed to log_error().
13678 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
13681 Don't try to destroy a tree we didn't create.
13684 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
13686 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
13687 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
13688 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
13689 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
13690 compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
13691 fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
13692 goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
13693 match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
13694 sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
13695 strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
13696 tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
13697 Add __unused to rcsids
13700 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
13702 * configure, configure.in:
13703 Fix error message when mixing invalid auth types
13707 PAM, AIX auth, BSD auth and login_cap are now on by default if the
13711 * auth/sudo_auth.h, config.h.in:
13712 s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
13716 Better checking for conflicting authentication methods Display the
13717 authentication methods used at the end of configure Rename --with-
13718 authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
13719 --with-pam, --with-logincap by default on systems that support them
13720 unless disabled. Add OSMAJOR variable that replaces old OSREV; now
13721 OSREV has full version number
13724 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
13726 * def_data.c, def_data.in, sudo.c, sudoers.pod:
13730 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
13733 Replace: test -n "$FOO" || FOO="bar"
13735 With: : ${FOO='bar'}
13738 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
13740 * pwutil.c, testsudoers.c, tsgetgrpw.c:
13741 Use function pointers to only call private passwd/group routines
13742 when using a nonstandard passwd/group file.
13745 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
13752 Can't use strtok() since it doesn't handle empty fields so add
13753 getpwent()/getgrent() functions and call those.
13756 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
13759 Fix dummied out toke.c and gram.c dependencies.
13763 Rename PARSESRCS -> GENERATED since it is only used in the clean
13764 target Add devdir variable and use it to specify the path to parser
13773 Add a devdir variables that defaults to $(srcdir) and is set to . if
13774 --devel was specified. Allows for proper dependecies building the
13779 Add support for custom passwd/group files.
13783 Build private copy of pwutil.o for testsudoers with MYPW defined so
13784 it uses our own passwd/group routines.
13788 Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
13789 stubs instead. We can now just use the caching sudo_*{pw,gr}*
13790 functions in pwutil.c Add comment about wanting to call
13791 sudo_endpwent/sudo_endgrent in cleanup()
13795 Remove caching; we will just use what is in pwutil.c Use global
13796 buffers for passwd/group structs Rename functions from sudo_* to
13800 * logging.c, sudo.c:
13801 g/c pwcache_init/pwcache_destroy
13805 Undo last commit and add sudo_setspent and sudo_endspent instead.
13808 * getspwuid.c, pwutil.c:
13809 Move all but the shadow stuff from getspwuid.c to pwutil.c and
13810 pwcache_get and pwcache_put as they are no longer needed. Also add
13811 preprocessor magic to use private versions of the passwd and group
13812 routines if MYPW is defined (for use by testsudoers).
13816 zero out struct passwd/group before filling it in so if there are
13817 fields we don't handle they end up as 0.
13820 * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
13825 Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
13830 Passwd and group lookup routines for testsudoers that support
13831 alternate passwd and group files.
13834 * getspwuid.c, pwutil.c:
13835 Split off pw/gr cache and dup code into its own file. This allows
13836 visudo and testsudoers to use the pw/gr cache too.
13839 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
13842 Print Defaults info in "sudo -l" output and wrap lines based on the
13846 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
13848 * match.c, testsudoers.c, visudo.c:
13849 Only check group vector in usergr_matches() if we are matching the
13850 invoking or list user. Always check the group members, even if
13851 there was a group vector.
13854 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
13856 * LICENSE, Makefile.in, fnmatch.3:
13857 No longer bundle fnmatch.3
13864 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
13871 Sort command line options
13874 * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
13875 sudo.pod, sudoers.pod:
13876 Add closefrom sudoers option to start closing at a point other than
13877 3. Add closefrom_override sudoers option and -C sudo flag to allow
13878 the user to specify a different closefrom starting point.
13882 Add _PATH_DEVNULL for those without it.
13886 no more UCB strcasecmp
13890 replace BSD licensed one with version derived from pdksh
13893 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
13900 Make sure stdin, stdout and stderr are open and dup them to
13904 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
13906 * ldap.c, mon_systrace.c, sudo.c, sudo.h:
13907 add sudo_ldap_close
13910 * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
13911 Use TIME_WITH_SYS_TIME
13914 * config.h.in, configure, configure.in:
13915 Add TIME_WITH_SYS_TIME_H
13918 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
13921 Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
13922 unconditionally on darwin. From Toby Peterson.
13926 Check rbinsert() return value. In the case of faked up entries
13927 there is usually a negative response cached that we need to
13930 In pwfree() don't try to zero out a NULL pw_passwd pointer.
13934 Use the double fork trick to avoid the monitor process being waited
13935 for by the main program run through sudo.
13938 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
13941 Call initgroups() in -U mode so group matches work normally.
13944 * def_data.h, mkdefaults:
13945 Don't print a trailing comma for the last entry in enum def_tupple
13948 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
13950 * sudoers.cat, sudoers.man.in, sudoers.pod:
13951 Mention values when lecture, listpw and verifypw are used in boolean
13955 * def_data.c, def_data.in:
13956 verifypw when used in a boolean TRUE context should be "all", not
13960 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
13962 * def_data.in, defaults.c:
13963 Allow tuples that can be used as booleans to be used as boolean
13964 TRUE. In this case the 2nd possible value of the tuple is used for
13968 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
13970 * configure, configure.in:
13971 Correct the test for 2-parameter timespecsub
13975 Add strub struct definitions for passwd, timeval and timespec
13978 * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
13979 Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
13980 and fix a typo in the gettimeofday check.
13983 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
13985 * match.c, testsudoers.c:
13986 Deal with user_stat being NULL as it is for visudo and testsudoers.
13989 * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
13990 Add -U option to use in conjunction with -l instead of -u. Add
13991 support for "sudo -l command" to test a specific command.
13994 * gram.c, gram.y, sudo.c:
13995 Set safe_cmnd after sudoers_lookup() if it has not been set.
13996 Previously it was set by sudo "ALL" in the parser but at that point
13997 the fully-qualified pathname has not yet been found.
14000 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
14002 * parse.c, testsudoers.c:
14003 Correctly handle multiple privileges per userspec and runas
14007 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
14010 Zero out sd_un for each entry in sudo_defs_table in init_defaults.
14013 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
14016 make per-command defaults work with sudoedit
14019 * ldap.c, parse.c, sudo.c, sudo.h:
14020 Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
14021 Instead, we just set the approriate defaults variable.
14024 * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
14025 Document per-command Defaults.
14028 * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
14029 sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
14030 Add support for command-specific Defaults entries. E.g.
14031 Defaults!/usr/bin/vi noexec
14034 * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
14035 Change an occurence of user_matches() -> runas_matches() missed
14036 previously runas_matches(), host_matches() and cmnd_matches() only
14037 really need to pass in a list of members. user_matches() still
14038 needs to pass in a passwd struct because of "sudo -l"
14042 Check def_authenticate, def_noexec and def_monitor when setting
14043 return flags. XXX May be better to just set the defaults directly
14044 and get rid of those flags.
14047 * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
14048 auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
14049 auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
14050 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
14051 defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
14052 getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
14053 gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
14054 mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
14055 strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
14056 sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
14057 visudo.c, zero_bytes.c:
14058 Use: #include <config.h> Not: #include "config.h" That way we get
14059 the correct config.h when build dir != src dir
14063 Back out part of rev 1.263; fix -I order
14067 More robust parsing if #include; could be much better still.
14070 * sudo_edit.c, visudo.c:
14071 Make arg splitting in visudo and sudoedit consistent.
14074 * Makefile.in, alias.c, gram.c, gram.y, parse.h:
14075 Split alias routines out into their own file.
14079 __attribute__ is already defined in compat.h
14083 quit() should not be __noreturn__ as it is non-void on some
14087 * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
14088 Add local error/warning functions like err/warn but that call an
14089 additional cleanup routine in the error case. This means we no
14090 longer need to compile a special version of alloc.o for visudo.
14094 Clarify comments about the data structures
14097 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
14100 Add support for VISUAL and EDITOR containing command line args. If
14101 env_editor is not set any args in VISUAL and EDITOR are ignored.
14102 Arguments are also now supported in def_editor.
14105 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
14108 alias_matches() is no more
14116 When regenerating the parser, don't replace gram.h unless it has
14121 remove Makefile.binary for distclean
14125 Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
14126 sure we can't overflow new_env.
14130 paranoia when stripping trailing slashes from tempdir.
14134 Set user_ngroups to 0 if getgroups() returns an error.
14137 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
14139 * config.h.in, configure, configure.in, sudo.c:
14140 Add configure check for getgroups()
14144 Use supplementary group vector in struct sudo_user.
14148 Only do string comparisons on the group members if there is no
14149 supplemental group list.
14157 On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
14158 chop off any trailing slashes we see and add an explicit one.
14162 remove bogus XXX comment
14166 Get rid of alias_matches and correctly fall through to the non-alias
14167 cases when there is no alias with the specified name.
14171 Cache non-existent passwd/group entries too.
14182 * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
14183 mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
14184 Implement group caching and use the passwd and group caches
14188 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
14191 Properly negate the return value of alias_matches() when
14196 Make hostname_matches() return TRUE for a match, else FALSE like the
14201 Add missing dependencies on gram.h
14205 Use runas_matches in alias_matches() now that we have it.
14208 * parse.c, parse.h:
14209 Expand aliases in "sudo -l" mode
14213 Use ALIAS for the member type when storing an alias instead of
14214 HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
14215 more generic type. Expand runas_matches instead of calling
14216 user_matches() inside of it since user_matches() looks up
14217 USERALIASes, not RUNASALIASes.
14220 * CHANGES, getspwuid.c:
14221 Paranoia; zero out pw_passwd before freeing passwd entry.
14224 * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
14225 configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
14226 error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
14227 sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
14228 Add local error/warning functions like err/warn but that call an
14229 additional cleanup routine in the error case. This means we no
14230 longer need to compile a special version of alloc.o for visudo.
14234 Use userpw_matches() to compare usernames, not strcmp(), since the
14235 latter checks for "#uid".
14238 * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
14239 Cache passwd db entries in 2 reb-black trees; one indexed by uid,
14240 the other by user name. The data returned from the cache should be
14241 considered read-only and is destroyed by sudo_endpwent().
14249 missing free in alias_destroy
14253 Can't use rbapply() for rbdestroy since the destructor is passed a
14254 data pointer, not a node pointer.
14257 * getspwuid.c, logging.c, sudo.c, sudo.h:
14258 Create and use private versions of setpwent() and endpwent() that
14259 set/end the shadow password file too.
14262 * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
14263 Store aliases in a red-black tree.
14266 * Makefile.in, redblack.c, redblack.h:
14267 red-black tree implementation
14271 Edit all sudoers file if there were unused or undefined aliases and
14272 we are in strict mode.
14275 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
14277 * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
14278 find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
14279 Bring back the "secure_path" Defaults option now that Defaults take
14280 effect before the path is searched.
14283 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
14285 * logging.c, parse.c:
14286 A user can always list their own entries, even with -u. Better error
14287 message when failing to list another user's entries.
14290 * parse.c, sudo.c, sudo.h:
14291 The syntax to list another user's entries is now "-u otheruser -l".
14292 Only root or users with sudo "ALL" may list other user's entries.
14295 * sudo.cat, sudo.man.in, sudo.pod:
14296 Update env variable info in SECURITY NOTES
14304 strip exported bash functions from the environment.
14307 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
14310 Only reset sudo_user.pw based on SUDO_USER environment variables for
14311 real commands and sudoedit. This avoids a confusing message when a
14312 user tries "sudo -l" or "sudo -v" and is denied.
14315 * gram.c, gram.y, parse.h:
14316 Extend LIST_APPEND to deal with appending lists too
14319 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
14322 Convert some bitwise AND to ISSET
14325 * lex.yy.c, toke.c:
14326 toke.c replaces lex.yy.c
14334 new parser fixes most of the outstanding bugs
14342 Rework for the new parser. Now checks for unused aliases in sudoers.
14346 Rewrite for the new parser. Now supports a -d flag (dump) and adds
14347 a -h flag (host). It now defaults to the local hostname unless
14348 otherwise specified.
14352 Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
14356 Update for new parse. We now call find_path() *after* we have
14357 updated the global defaults based on sudoers. Also adds support for
14358 listing other user's privs if you are root.
14362 Working LDAP support; also remove a now-unneeded rewind().
14365 * logging.c, logging.h:
14366 Add NO_STDERR flag.
14370 Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
14371 udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
14372 connecto to LDAP, apply the default options, find the command in the
14373 user's path, and then check whether the user is allowed to run it.
14374 The important thing here is that the default runas user may be
14375 specified as a default option and that needs to be set before we
14376 search for the command.
14380 Add casts to unsigned char for isspace() to quiet a gcc warning.
14384 Add prototype for update_defaults()
14388 Don't warn about line numbers now that we operate on a set of data
14389 structures (or LDAP) and not a file.
14393 No long use lsearch()
14397 Update for new and changed file names.
14401 no more BSD lsearch.c
14405 foo_matches() routines now live in match.c Added user_matches(),
14406 runas_matches(), host_matches(), cmnd_matches() and alias_matches()
14407 that operate on the parsed sudoers file.
14410 * parse.lex, toke.l:
14411 Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
14412 WORD no longer needs to exclude '@' kill yywrap()
14415 * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
14417 Rewritten parser that converts sudoers into a set of data
14418 structures. This eliminates ordering issues and makes it possible to
14419 apply sudoers Defaults entries before searching for the command.
14422 * configure.in, emul/search.h, lsearch.c:
14423 We won't be using lsearch() any longer.
14427 sudo should not send mail if someone who runs 'sudo -l' has no
14431 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
14437 Update warnings to match new visudo
14441 The new parser doesn't have the old ordering constraints.
14445 Document that -l now takes an optional username argument
14448 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
14455 If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
14456 a compilation problem with Solaris 9's native LDAP.
14458 Set FLAG_MONITOR when needed.
14461 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
14464 Call sudo_goodpath() *after* changing the cwd to match the traced
14465 process. Fixes relative paths.
14468 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
14471 Kill set_perms() stub--it is no longer needed.
14474 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
14476 * sudoers.cat, sudoers.man.in, sudoers.pod:
14477 stay_setuid now requires set_reuid() or setresuid()
14480 * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
14481 configure.in, set_perms.c, sudo.c, sudo.h:
14482 Kill use of POSIX saved uids; they aren't worth bothering with.
14485 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
14488 remove call to issetugid()
14491 * sudoers.cat, sudoers.man.in, sudoers.pod:
14492 Remove warning about wildcards. Now that we use glob() the bug is
14497 Use glob(3) instead of fnmatch(3) for matching pathnames and stat
14498 each result that matches the basename of the user's command. This
14499 makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
14500 /usr/bin/blah. Fixes bug #143.
14503 * config.h.in, configure, configure.in:
14504 Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
14508 * config.h.in, configure, configure.in:
14509 Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
14517 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
14522 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
14526 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
14529 Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
14530 means we are out of space in the stack gap...
14538 Take a stab at ldap sudoers support here.
14541 * mon_systrace.c, mon_systrace.h:
14542 Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
14543 doesn't cause reboot to inadvertanly kill itself.
14547 put "monitor" in the proctitle, not "systrace"
14551 When modifying the environment, don't replace envp when we can get
14552 away with just rewriting pointers in the traced process.
14555 * mon_systrace.c, mon_systrace.h:
14556 Add environment updating via STRIOCINJECT (if available).
14559 * sudoers.cat, sudoers.man.in:
14563 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
14570 Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
14574 Include file is now mon_systrace.h
14577 * Makefile.in, configure, configure.in, def_data.c, def_data.h,
14578 def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
14579 sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
14580 No longer call it tracing, it is now "monitoring" which should be
14581 more a obvious name to non-hackers.
14584 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
14586 * mon_systrace.c, mon_systrace.h:
14590 * mon_systrace.c, mon_systrace.h:
14591 No need to include syscall.h, use 1024 as the max # of entries (the
14592 max that systrace(4) allows).
14594 Only need to use SYSTR_POLICY_ASSIGN once
14596 Change check_syscall() -> find_handler() and have it return the
14597 handler instead of just running it. We need this since handler now
14598 have two parts: one part that generates and answer and another that
14599 gets called after the answer is accepted (to do logging).
14601 Add some missing check_exec for emul execv
14604 * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
14609 Add missing HAVE_LINUX_SYSTRACE_H
14613 add trace_systrace.o dependency
14616 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
14618 * configure, configure.in:
14619 Also look for systrace.h in /usr/include/linux
14622 * mon_systrace.c, mon_systrace.h:
14623 Move all struct defs and prototypes into trace_systrace.h and mark
14624 all but systace_attach() static.
14627 * mon_systrace.c, mon_systrace.h:
14628 Add support for tracing emulations. At the moment, all emulations
14629 are compiled in. It might make sense to #ifdef them in the future,
14630 though this impeeds readability.
14633 * Makefile.in, configure, configure.in:
14634 rename systrace.c -> trace_systrace.c
14637 * parse.yacc, sudo.tab.c:
14638 Allow this to build with a K&R compiler again
14645 * compat.h, sudo.c, visudo.c:
14646 Use __attribute__((__noreturn__))
14650 Exit() takes a negative value to indicate it was not called via
14654 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
14659 * Makefile.in, visudo.c:
14660 Define Err() and Errx() that are like err() and errx() but call
14661 Exit() instead of exit(). Build private copy of alloc.o for visudo
14662 that calls Err() and Errx().
14665 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
14667 * lex.yy.c, sudo.tab.c:
14676 Overhaul visudo for editing multiple files: o visudo has been
14677 broken out into functions (more work needed here) o each file is
14678 now edited before sudoers is re-parsed o if a #include line is
14679 added that file will be edited too
14681 TODO: o cleanup temp files when exiting via err() or errx() o
14682 continue breaking things out into separate functions
14685 * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
14686 Add keepopen arg to open_sudoers that open_sudoers can use to
14687 indicate to the caller that the fd should not be closed when it is
14688 done with it. To be used by visudo to keep locked fds from being
14689 closed prematurely (and thus losing the lock).
14692 * parse.yacc, sudo.c:
14693 Add errorfile global that contains the name of the file that caused
14698 return COMMENT to yacc grammar for a #include line
14702 Remove us of unput() in favor of yyless() which is cheaper.
14706 Allow an empty sudoers file.
14709 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
14712 Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
14715 * lex.yy.c, sudo.tab.c:
14720 Do signal setup before calling edit_sudoers(). Don't shadow the
14725 If a sudoers file includes other files, edit those too. Does not yes
14726 deal with creating the new includes files itself.
14730 init_parser now takes a path
14733 * parse.c, parse.h, parse.lex, parse.yacc:
14734 More scaffolding for dealing with multiple sudoers files: o
14735 init_parser() now takes a path used to populate the sudoers global
14736 o the sudoers global is used to print the correct file in yyerror()
14737 o when switching to a new sudoers file, perserve old file name and
14741 * Makefile.in, pathnames.h.in:
14742 Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
14743 multiple sudoers files.
14747 Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
14748 we start at the right file position when reading include files.
14760 Add max depth of 128 for the include stack to avoid loops.
14762 Since yyerror() doesn't stop parsing, pass return values back to
14763 yylex and call yyterminate() on error.
14766 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
14773 Mention PREVENTING SHELL ESCAPES section of sudoers man page
14776 * lex.yy.c, sudo.tab.c:
14781 Add support for #include in sudoers (visudo support TBD)
14785 make yyerror()'s argument const
14788 * testsudoers.c, visudo.c:
14789 Add open_sudoers() stubs.
14793 Rename check_sudoers() open_sudoers() and make it return a FILE *
14796 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
14798 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
14803 * Makefile.in, sudo.psf:
14804 Better HP-UX depot construction
14807 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
14810 o Made children global so check_exec() can lookup a child. o
14811 Replaced uid in struct childinfo with struct passwd * (for runas) o
14812 new_child() now takes a parent pid so the runas info can be
14813 inherited o Added find_child() to lookup a child by its pid o
14814 update_child() now fills in a struct passwd o Converted the big
14815 if/else mess in set_policy to a switch o Syscalls that change uid
14816 are now "ask" so we get SYSTR_MSG_UGID events
14820 Add flag to sudo_pwdup that indicates whether or not to lookup the
14821 shadow password. Will be used to a struct passwd that has the
14822 shadow password already filled in.
14826 add missing increment of addr in read_string()
14830 Remove bogus call to update_child() and some cosmetic fixes
14834 Don't leak /dev/systrace fd to tracee Make initialized global for
14835 simplicity If STRIOCATTACH returns EBUSY we are already being traced
14836 Check for user_args == NULL in setproctitle() call Add missing calls
14841 g/c sudo_pwdup proto
14844 * Makefile.in, sudo.psf:
14845 Add target for building a depot file
14852 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
14854 * lex.yy.c, sudo.tab.c, sudo.tab.h:
14859 document --with-systrace
14862 * config.h.in, configure, configure.in:
14863 Add check for setproctitle
14867 pass struct str_msg_ask in to syscall checker so it can set the
14872 systrace(4) support for sudo. On systems with the systrace(4)
14873 kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
14874 intercept exec calls and check the exec args against the sudoers
14875 file. In other words, sudo can now control subcommands and shell
14880 Call systrace_attach() if FLAG_TRACE is set.
14883 * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
14884 Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
14888 Don't close sudoers_fp, keep it open and set close on exec flag
14892 * def_data.c, def_data.h, def_data.in:
14901 SunOS /bin/sh blows up with configure
14904 * configure, configure.in:
14905 Include sys/param.h before systrace.h
14917 line up options in --help
14920 * config.h.in, configure.in:
14921 Add --with-systrace
14924 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
14930 * aclocal.m4, configure.in:
14931 make this work with autoconf-2.59
14934 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
14937 Simplify logic around open & stat of files and do sanity on edited
14938 file even if we lack fstat (still racable but worth doing).
14941 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
14949 [b84ebfaf1552] [SUDO_1_6_8p1]
14952 more changes for 1.6.8p1
14959 * CHANGES, sudo_edit.c:
14960 Add sanity check so we don't try to edit something other than a
14964 2004-09-15 Aaron Spangler <aaron777@gmail.com>
14971 document --with-ldap-conf-file
14974 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
14976 * CHANGES, ins_csops.h:
14977 political correctness strikes again
14984 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
14986 * Makefile.binary.in, Makefile.in:
14987 Install sudoedit man link
14991 Update PAM note and mention where HP-UX users can download gcc
14996 libtool wants to install stuff from .libs so fake one up for binary
15000 * Makefile.binary.in:
15001 rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
15005 Deal with "uname -m" having slashes in it rm -f old sudoedit link
15006 instead of using ln -f
15009 * Makefile.binary, Makefile.binary.in:
15010 Makefile.binary -> Makefile.binary.in for config.status substitution
15011 Add support for installing noexec bits
15015 Copy noexec bits into binary dists too No longer use my old arch
15016 script for making binary dists
15020 Install sudoedit link.
15023 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
15026 avoid __P so there is no need for compat.h to be included
15030 Don't use HAVE_UTIME_H before including config.h.
15033 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
15036 Fix Solatis futimes macro
15039 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
15042 Rename ots -> omtim for improved readability.
15045 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
15048 Redo changes in revision 1.7. Don't really need to keep the temp
15049 file open; re-opening it with the invoking user's euid is
15057 * sudo.cat, sudo.man.in:
15062 back out revision 1.70; it is no long applicable
15066 Let the loader initialize nep
15069 * config.h.in, configure, configure.in:
15070 Removed unneed check for fchown Add check for gettimeofday Move
15071 autoheader template stuff into separate AH_TEMPLATE lines
15074 * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
15075 Use timespec throughout.
15083 function to return the current time in a struct timespec
15087 Not a darpa-sponsored file.
15090 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
15092 * compat.h, config.h.in, configure, configure.in:
15093 Add a check for struct timespec and provide it for those without.
15096 * config.h.in, configure, configure.in, sudo_edit.c:
15097 Add checks for st_mtim and st_mtimespec and add macros for pulling
15098 the mtime sec and nsec out of struct stat. These are used in
15099 sudo_edit() to better tell whether or not the file has changed.
15102 * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
15103 Add an extra param to touch() for nsec
15107 Call mkstemp() as the in invoking user so we don't have to chown the
15108 file later. Only touch() the temp file if we can do it via the file
15109 descriptor. Don't check for modification of the temp file if we lack
15110 fstat(). Catch errors read()ing the temp file.
15114 If path is NULL and fd == -1 return -1.
15118 closefrom() is overkill, the only extra fds are the ones we opened
15119 so just close those in the child.
15122 * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
15123 configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
15125 Use utimes() and futimes() instead of utime() in touch(), emulating
15126 as needed. Not all systems are able to support setting the times of
15127 an fd so touch() takes both an fd and a file name as arguments.
15130 2004-09-07 Aaron Spangler <aaron777@gmail.com>
15136 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
15138 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
15143 * sudo.pod, sudoers.pod, visudo.pod:
15144 Add SUPPORT section and re-order some of the sections to match the
15145 order we use in OpenBSD.
15148 2004-09-06 Aaron Spangler <aaron777@gmail.com>
15151 Openldap ~/.ldaprc fix
15154 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
15157 Talk about how the editor must write its changes to the original
15158 file and not just use rename(2).
15166 Keep the temp file open instead of re-opening after the editor has
15171 Update for current redhat/fedora core.
15174 2004-09-03 Aaron Spangler <aaron777@gmail.com>
15180 2004-09-02 Aaron Spangler <aaron777@gmail.com>
15183 config tls_* options
15186 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
15188 * configure, configure.in:
15189 No need for -lcrypt when using pam.
15192 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
15198 2004-08-27 Aaron Spangler <aaron777@gmail.com>
15200 * configure.in, ldap.c, pathnames.h.in:
15201 Allow --with-ldap-conf-file option to override LDAP_CONF
15205 cleanup debug message
15208 2004-08-26 Aaron Spangler <aaron777@gmail.com>
15214 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
15216 * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
15217 Add cmnd_base to struct sudo_user and set it in init_vars(). Add
15218 cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
15219 longer use gross statics in command_matches(). Also rename some
15220 variables for improved clarity.
15223 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
15226 document HP's crippled compiler deficiency.
15230 Fix some thinkos in --with-editor and --with-env-editor
15231 descriptions. Noticed by Norihiko Murase.
15234 * configure, configure.in:
15235 --with-noexec takes an optional PATH argument.
15239 document --with-noexec
15242 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
15246 [f2503bd13373] [SUDO_1_6_8]
15249 Better warning message when sudoedit is unable to write to the
15253 * sudo.cat, sudo.man.in:
15258 Don't italicize the string "sudoedit"
15261 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
15267 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
15274 Reset used_runas to FALSE when re-intializing the parser.
15277 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
15280 Correct OpenBSD mips support
15287 2004-08-07 Aaron Spangler <aaron777@gmail.com>
15290 More behavior notes
15294 Updates on current behavior
15297 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
15300 =back does not take an indentlevel (makes no difference to formatted
15305 =back does not take an indentlevel (makes no difference to formatted
15314 Consistency. Use same error for bad -u #uid when targetpw is set as
15315 we do when a bad -u username is specified.
15319 Add checksum idea from Steve Mancini
15322 * sudoers.cat, sudoers.man.in:
15326 * sudo.cat, sudo.man.in:
15330 * sudo.pod, sudoers.pod:
15331 Document the restriction on uids specified via -u when targetpw is
15336 Error out when targetpw is enabled and sudo is run with -u #uid but
15337 #uid does not exist in the passwd database. We can't do target
15338 authentication when the target is not in passwd!
15341 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
15346 Some more todo for the next release.
15350 Make it clear that PAM should be used for DCE support when possible.
15354 o Document problems with wildcards and relative paths. o Make the
15355 order requirements more prominent. o Change a "set" to "reset" for
15359 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
15362 Mention --with-secure-path, not SECURE_PATH.
15365 2004-08-03 Aaron Spangler <aaron777@gmail.com>
15368 reflect changes to parse.c
15371 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
15377 * parse.c, parse.h, testsudoers.c, visudo.c:
15378 Don't pass user_cmnd and user_args to command_matches(), just use
15379 the globals there. Since we keep state with statics anyway it is
15380 misleading to pretend that passing in different cmnd and cmnd_args
15385 Don't pass user_cmnd and user_args to command_matches(), just use
15386 the globals there. Since we keep state with statics anyway it is
15387 misleading to pretend that passing in different cmnd and cmnd_args
15392 Fix a bug introduced in rev. 1.149. When checking for pseudo-
15393 commands check for a '/' anywhere in cmnd, not just the first
15397 2004-07-31 Aaron Spangler <aaron777@gmail.com>
15399 * sudo.man.in, sudo.pod:
15400 Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
15403 * sudoers.man.in, sudoers.pod:
15404 Add ignore_local_sudoers
15408 Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
15412 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
15418 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
15425 Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
15426 PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
15429 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
15435 2004-07-08 Aaron Spangler <aaron777@gmail.com>
15438 Better debugging of ALL command
15441 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
15444 When matching for "sudoedit" in sudoers check both the command the
15445 user typed *and* the command that is listed in the sudoers entry.
15448 2004-07-04 Aaron Spangler <aaron777@gmail.com>
15451 Added !command feature
15454 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
15457 Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
15460 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
15463 License is ISC-style, not BSD-style
15470 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
15472 * sudo.cat, sudo.man.in:
15477 o Update some out of date bits to reality o Change the shell promt
15478 in examples to bourne-shell style o Clarify some details o Add a
15479 CAVEAT about "sudo cd /foo"
15483 Don't ask for a password if invoking user == target user.
15490 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
15492 * sudoers.cat, sudoers.man.in:
15497 Expand on NOEXEC a little.
15504 * visudo.cat, visudo.man.in:
15513 Add a check in visudo for runas_default being set after it has
15517 * CHANGES, parse.yacc, visudo.c:
15518 Add a check in visudo for runas_default being set after it has
15527 Add a MATCHED macro for testing whether foo_matches has been set to
15528 TRUE or FALSE. This is more readable than checking for >=0 or < 0.
15529 Doesn't change the actual code generated.
15532 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
15543 Correct description of where Defaults specs should go.
15547 Correct description of where Defaults specs should go.
15550 * testsudoers.c, visudo.c:
15570 * auth/bsdauth.c, auth/kerb5.c:
15574 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
15580 * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
15581 Remove trailing spaces, no actual code changes.
15585 Remove trailing spaces, no actual code changes.
15588 * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
15589 Remove trailing spaces, no actual code changes.
15593 Remove trailing spaces, no actual code changes.
15597 Remove trailing spaces, no actual code changes.
15600 * compat.h, defaults.c, env.c:
15601 Remove trailing spaces, no actual code changes.
15605 Remove trailing spaces, no actual code changes.
15613 Fix a >=0 that should be <0 that was improperly converted when
15618 Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
15619 NOMATCH when resetting it.
15623 Fix pastos introduced in SETNMATCH addition.
15626 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
15629 Update for configure changes
15637 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
15638 these in parse.yacc. Also in parse.yacc initialize the *_matches
15639 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
15640 when setting *_matches to a value that may be
15641 NOMATCH/UNSPEC/TRUE/FALSE.
15645 Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
15646 these in parse.yacc. Also in parse.yacc initialize the *_matches
15647 vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
15648 when setting *_matches to a value that may be
15649 NOMATCH/UNSPEC/TRUE/FALSE.
15653 Initialize runas to -2, not -1 since we need to be able to
15654 distinguish between the initialized value and the value of a non-
15655 match when passing along the runas value to multiple commands.
15657 The result of this is that an unmatched runas is now set to -1, not
15658 0. This is required now that parse.c treats a FALSE value for runas
15659 as being explicitly denied.
15662 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
15664 * sudo.c, visudo.c:
15665 Error out if argc < 1.
15669 Error out if argc < 1.
15672 * configure, configure.in:
15673 Add tests for what libs we need to link with for ldap and for
15674 whether or not lber.h needs to be explicitly included.
15677 2004-06-03 Aaron Spangler <aaron777@gmail.com>
15680 Solaris native LDAP build fix
15683 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
15686 Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
15691 Add prototype for sudo_ldap_list_matches
15694 * configure, configure.in:
15695 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
15696 version too. Added check for dd_fd in `DIR' if no dirfd is found;
15697 this is now used to confitionally define the dirfd macro in
15702 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
15703 version too. Added check for dd_fd in `DIR' if no dirfd is found;
15704 this is now used to confitionally define the dirfd macro in
15709 Better check for dirfd macro--we now set HAVE_DIRFD for the macro
15710 version too. Added check for dd_fd in `DIR' if no dirfd is found;
15711 this is now used to confitionally define the dirfd macro in
15716 Only check /proc/$$/fd if we have the dirfd function/macro.
15719 * compat.h, config.h.in, configure, configure.in:
15720 Add a check for a dirfd() function (like Linux) and add a dirfd
15721 macro in compat.h if there is no dirfd() function or macro.
15724 * closefrom.c, getcwd.c:
15725 dirfd() is now defined in compat.h as needed.
15729 Clarify closefrom() note.
15733 When checking for a command in the directory, only copy the base dir
15738 If there is a /proc/$$/fd directory, behave like the Solaris
15739 closefrom() and only close the descriptors listed therein.
15743 compat.h guarantees INT_MAX is defined.
15747 Add definitions of OPEN_MAX and INT_MAX for those without it and
15748 remove definition of RLIM_INFINITY (now unused).
15751 * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
15752 sudo.c, sudo.h, visudo.c:
15753 Use PATH_MAX, not MAXPATHLEN since the former is standardized.
15756 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
15763 Add some entries that were mailed in a while ago
15767 o sysconf returns a long, not an int. o check for negative return
15768 value from sysconf/getdtablesize and use OPEN_MAX in this case. o
15769 define OPEN_MAX to 256 for those without it (a fair guess...)
15772 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
15775 Mention change in parse order for RunAs entries.
15782 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
15784 * INSTALL, README.LDAP, config.h.in, configure.in:
15785 o --with-ldap now takes an optional dir as a parameter o added
15786 check for ldap_initialize() and start_tls_s()
15790 Fix some typos, word choice and formatting issues.
15793 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
15796 Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
15797 read/write as it is simpler.
15800 * configure, configure.in:
15801 Remove hack overriding cross-compiler check. It should no longer be
15806 Remove select() compat bits since we no longer use select().
15809 * CHANGES, tgetpass.c:
15810 Use alarm() instead of select() for the timeout for systems that
15811 don't fully/properly implement select().
15814 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
15825 Deal with systems that have no way of setting the effective uid such
15829 * configure, configure.in:
15830 Define NO_SAVED_IDS if we don't find seteuid()
15833 * config.h.in, configure, configure.in:
15834 Add back check for setreuid() since NSK doesn't have it.
15837 * sudoers.cat, sudoers.man.in:
15850 In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
15851 explicitly denied and the command matched. This fixes a long-
15852 standing bug and makes: foo machine = (ALL) /usr/bin/blah
15853 foo machine = (!bar) /usr/bin/blah
15855 equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
15859 Clarify mail_noperm
15862 2004-05-20 Aaron Spangler <aaron777@gmail.com>
15865 Missing DESTDIR in make install for sudo_noexec.la
15868 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
15870 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
15880 Remove fastboot/fasthalt (who still remembers these?) and add a
15881 minimal sudoedit example.
15885 Remove fastboot/fasthalt (who still remembers these?) and add a
15886 minimal sudoedit example.
15889 * UPGRADE, sudo.c, visudo.c:
15890 filesystem -> file system
15894 filesystem -> file system
15897 * CHANGES, INSTALL:
15898 filesystem -> file system
15901 * sudo.pod, sudoers.pod:
15902 Fix some minor typos and formatting goofs
15910 remove my email addr
15913 * sudo.pod, sudoers.pod, visudo.pod:
15914 Use @mansectform@ and @mansectsu@ everywhere Make man page
15915 references links with L<>
15919 Accept quoted globbing characters and pass them verbatim for
15924 Document that /tmp/.odus is gone.
15928 No longer use /tmp/.odus as a possible timestamp dir unless
15929 specifically configured to do so. Instead, if no /var/run exists,
15930 use /var/adm/sudo or /usr/adm/sudo.
15934 No longer use /tmp/.odus as a possible timestamp dir unless
15935 specifically configured to do so. Instead, if no /var/run exists,
15936 use /var/adm/sudo or /usr/adm/sudo.
15940 No longer use /tmp/.odus as a possible timestamp dir unless
15941 specifically configured to do so. Instead, if no /var/run exists,
15942 use /var/adm/sudo or /usr/adm/sudo.
15946 No longer use /tmp/.odus as a possible timestamp dir unless
15947 specifically configured to do so. Instead, if no /var/run exists,
15948 use /var/adm/sudo or /usr/adm/sudo.
15951 * set_perms.c, sudo.c, tgetpass.c, visudo.c:
15952 Preliminary changes to support nsr-tandem-nsk. Based on patches
15957 Preliminary changes to support nsr-tandem-nsk. Based on patches
15961 * check.c, compat.h:
15962 Preliminary changes to support nsr-tandem-nsk. Based on patches
15966 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
15969 There was no 1.6.7p6.
15977 add missing files to DISTFILES
15980 * sudo.cat, sudoers.cat, visudo.cat:
15989 Fix some line wrap and update (c) year
15992 2004-04-28 Aaron Spangler <aaron777@gmail.com>
15998 2004-04-07 Aaron Spangler <aaron777@gmail.com>
16004 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
16011 In Exit() when used as a signal handler, emsg is a pointer so
16012 sizeof() is wrong so make it a #define instead. Also avoid using a
16013 negative exit value. Found by Aaron Campbell
16016 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
16019 Remove bogus sentence about uids in a User_List. Document usernames
16020 vs. uid parsing in a Runas_List.
16023 * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
16024 If the user specified a uid with the -u flag and the uid exists in
16025 the passwd file, set runas_user to the name, not the uid.
16027 When comparing usernames in sudoers, if a name is really a uid
16028 (starts with '#') compare it numerically to pw_uid.
16031 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
16034 krb5_mcc_ops should be const; Johnny C. Lam
16037 2004-02-28 Aaron Spangler <aaron777@gmail.com>
16039 * CHANGES, config.h.in, ldap.c:
16040 Added start_tls support
16043 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
16046 Clean up libtool stuff for 'make distclean' and add def_data.c,
16047 def_data.h to PARSESRCS.
16050 2004-02-14 Aaron Spangler <aaron777@gmail.com>
16052 * strlcat.c, strlcpy.c:
16053 Un-Fix last license munge
16056 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
16062 * CHANGES, RUNSON, TODO:
16066 * lex.yy.c, sudo.tab.c:
16070 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
16071 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
16072 emul/search.h, emul/utime.h:
16073 More to a less restrictive, ISC-style license.
16076 * auth/kerb5.c, auth/pam.c:
16077 More to a less restrictive, ISC-style license.
16080 * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
16081 More to a less restrictive, ISC-style license.
16085 More to a less restrictive, ISC-style license.
16088 * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
16089 More to a less restrictive, ISC-style license.
16092 * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
16093 visudo.man.in, visudo.pod:
16094 More to a less restrictive, ISC-style license.
16098 More to a less restrictive, ISC-style license.
16101 * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
16103 More to a less restrictive, ISC-style license.
16106 * sigaction.c, strerror.c:
16107 More to a less restrictive, ISC-style license.
16110 * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
16112 More to a less restrictive, ISC-style license.
16115 * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
16116 ins_goons.h, insults.h, interfaces.c, interfaces.h:
16117 More to a less restrictive, ISC-style license.
16120 * find_path.c, getprogname.c:
16121 More to a less restrictive, ISC-style license.
16125 More to a less restrictive, ISC-style license.
16129 More to a less restrictive, ISC-style license.
16133 More to a less restrictive, ISC-style license.
16136 * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
16138 More to a less restrictive, ISC-style license.
16141 * utime.c, version.h:
16142 More to a less restrictive, ISC-style license.
16145 * parse.lex, parse.yacc:
16146 More to a less restrictive, ISC-style license.
16150 More to a less restrictive, ISC-style license.
16153 2004-02-13 Aaron Spangler <aaron777@gmail.com>
16156 Merged in LDAP Support
16159 * ldap.c, sudo.c, sudo.h:
16160 Merged in LDAP Support
16163 * def_data.c, def_data.h, def_data.in:
16164 Merged in LDAP Support
16167 * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
16168 Merged in LDAP Support
16171 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
16173 * sudo.h, sudo_noexec.c:
16174 Only do "extern int errno" if errno is not a macro.
16177 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
16180 setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
16181 euid first, then just call setuid(0) to set the real uid too.
16185 Use setresuid() and setreuid() for PERM_RUNAS when appropriate
16186 instead of seteuid() which may not exist.
16189 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
16195 * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
16196 Add --with-pc-insults configure option
16200 Prefer VISUAL over EDITOR like old vipw did.
16203 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
16205 * sudo.man.in, sudoers.man.in:
16210 Add a note that noexec is not a cure-all.
16214 Mention that disabling "root_sudo" is pretty pointless.
16217 * configure, configure.in:
16218 Substitute for root_sudo in sudoers.pod
16222 Add sudoedit to the NAME section
16226 Document that fact that setting ignore_dot in sudoers has no effect
16227 due to the fact that find_path() is called *before* sudoers is read.
16230 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
16233 Do not require _PATH_USRTMP to be set.
16236 * BUGS, CHANGES, TODO:
16245 Clarify that when sudo is run by root with the SUDO_USER variable
16246 set, the sudoers lookup happens for root and not the SUDO_USER user.
16249 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
16251 * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
16252 set_perms.c, sigaction.c, sudo.c, tgetpass.c:
16253 Use the SET, CLR and ISSET macros.
16257 Use the SET, CLR and ISSET macros.
16260 * defaults.c, env.c:
16261 Use the SET, CLR and ISSET macros.
16265 MAIN was replaced with _SUDO_MAIN some time ago.
16269 Don't look at prev_user until after we've parsed sudoers and done
16270 the password check. That way, if sudo/sudoedit is run from a root
16271 process that was invoked by sudo, we check sudoers for root, not the
16272 previous user. This makes sudoedit much more useful and means that
16273 for the sudo case, we get correct logging on who actually ran the
16277 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
16280 Add a comment describing why we need to be notified about our child
16284 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
16286 * def_data.c, def_data.in:
16287 Update the noexec variable descriptions
16290 * sudoers.man.in, sudoers.pod:
16291 noexec now replaces more than just execve()
16295 Alas, all the world does not go through execve(2). Many systems
16296 still have an execv(2) system call, Linux 2.6 provides fexecve(2)
16297 and it is not uncommon for libc to have underscore ('_') versions of
16298 the functions to be used internally by the library. Instead of
16299 stubbing all these out by hand, define a macro and let it do the
16300 work. Extra exec functions pointed out by Reznic Valery.
16303 * sudo.c, sudo_edit.c:
16304 Fix suspending the editor in -e mode. Because we do a fork() first
16305 we need to be notified when the child has been stopped and then send
16306 that same signal to ourself so the shell can do its job control
16311 Use WIFEXITED and WEXITSTATUS macros. If there are systems out
16312 there that want to run sudo that still don't support these we can
16313 try to deal with that later.
16320 * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
16321 Document sudo -e / sudoedit
16324 * configure, configure.in:
16328 * config.h.in, configure.in:
16332 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
16335 Allow non-exclusive flags when invoked as sudoedit. Pretty print the
16336 long usage() line to not wrap (assumes 80 char display)
16339 * Makefile.in, sudo.c:
16340 If sudo is invoked as "sudoedit" the -e flag is implied and no other
16341 flags are permitted.
16345 Add a new flag, -e, that makes it possible to give users the ability
16346 to edit files with the editor of their choice as the invoking user,
16347 not the runas user. Temporary files are used for the actual edit
16348 and the temp file is copied over the original after the editor is
16352 * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
16353 Add a new flag, -e, that makes it possible to give users the ability
16354 to edit files with the editor of their choice as the invoking user,
16355 not the runas user. Temporary files are used for the actual edit
16356 and the temp file is copied over the original after the editor is
16361 If real uid == 0 and the SUDO_USER environment variables is set, use
16362 that to determine the invoking user's true identity. That way the
16363 proper info gets logged by someone who has done "sudo su" but still
16364 uses sudo to as root. We can't do this for non-root users since
16365 that would open up a security hole, though perhaps it would be
16366 acceptable to use getlogin(2) on OSes where this a system call (and
16367 doesn't just look in the utmp file).
16371 Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
16374 * config.h.in, configure, configure.in:
16375 Add check for fchown(2)
16378 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
16381 Back out portions of the -i commit that set NewArgv[0] in
16382 set_runaspw. It is far to late to set NewArgv[0] there and will have
16383 no effect anyway as cmnd and safe_cmnd have already been set.
16386 * visudo.c, visudo.pod:
16387 Prefer VISUAL over EDITOR like old vipw did.
16390 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
16393 In -i mode always set new environment based on the runas user's
16397 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
16399 * sudo.man.in, sudo.pod:
16400 Document the new -i flag and sync SYNOPSIS section with usage() in
16401 sudo.c. Also sort the flags in the OPTIONS section.
16405 o Add -i that acts similar to "su -", based on patches from David J.
16406 MacKenzie o Sort the flags in the usage message
16409 * sudoers.man.in, sudoers.pod:
16410 Add a missing @runas_default@ substitution.
16413 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
16416 Change euid to runas user before calling find_path().
16417 Unfortunately, though runas_user can be modified in sudoers we
16418 haven't parsed sudoers yet.
16421 * sudoers.man.in, sudoers.pod:
16422 Add missing defintion of Parameter_List and use single pipes in the
16423 Defaults EBNF definition.
16427 Fix a bug when set_runaspw() is used as a callback. We don't want
16428 to reset the contents of runas_pw if the user specified a user via
16431 Avoid unnecessary passwd lookups in set_authpw(). In most cases we
16432 already have the info in runas_pw.
16435 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
16438 Add Stan Lee / Uncle Ben quote to the lecture from RedHat
16442 Update sudo_getepw() proto and add one for set_runaspw()
16446 If we can't stat the command as root, try as the runas user instead.
16449 * testsudoers.c, visudo.c:
16450 Add stub set_runaspw() function
16454 Add set_runaspw() function to fill in runas_pw. This will be used
16455 as a callback to update runas_pw when the runas user changes.
16459 PERM_RUNAS -> PERM_FULL_RUNAS
16462 * set_perms.c, sudo.h:
16463 Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
16468 Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
16469 one chunk for easy free()ing. Also change it from static to extern.
16472 * defaults.c, defaults.h:
16473 Add callback support
16477 Add a callback field and use it for runas_default
16480 * def_data.c, def_data.in:
16481 Add a callback field and use it for runas_default
16484 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
16487 Add support for chalnecho and display server responses used by fwtk
16491 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
16493 * sudoers.man.in, sudoers.pod:
16494 ld.so is ld.so.1 on solaris
16497 * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
16498 Use closefrom() instead of doing the equivalent inline.
16502 closefrom(3) for systems w/o it
16505 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
16508 Update from .pod file.
16511 * configure, configure.in:
16512 Substitute noexec_file for the sudoers man page
16515 * sudo.man.in, sudo.pod:
16519 * sudoers.man.in, sudoers.pod:
16523 * auth/pam.c, config.h.in, configure.in:
16524 Move PAM_CONST macro definition from config.h to pam.c where it
16525 belongs. We can't have this in config.h since that gets included too
16529 * auth/pam.c, config.h.in, configure, configure.in:
16530 Some PAM implementations put their headers in /usr/include/pam
16531 instead of /usr/include/security.
16535 I missed changing the EXEC macro -> EXECV here when I changed this
16536 in config.h.in and sudo.c a while ago.
16540 OpenBSD vax/m88k/hppa don't do shared libs
16543 * configure, configure.in:
16544 o merge the hpux case entries into a single entry w/ its own sub-
16545 case statement. o HP-UX >= 11 support getspnam(), use it in
16546 preference to getprpwuid()
16549 * configure, configure.in:
16550 eval $shrext so that it expands nicely on MacOS X
16554 Don't lie about making a module, it does the wrong thing on mach
16558 Remove requirement that libs must begin with "lib". They don't when
16559 we point directly at the lib using LD_PRELOAD or its equivalent.
16563 Disable support for c++, f77 and java. We don't need it, it takes a
16564 lot of time, and it hosed our check for shared lib support.
16572 Call AC_ENABLE_SHARED and check the status of enable_shared to know
16573 when shared libs are available.
16577 Duh, OpenBSD suports shared libs too
16580 * config.h.in, configure.in:
16581 Only OpenPAM and Linux PAM use const qualifiers.
16584 * configure, configure.in:
16585 o No need to check for sed, libtool config does that for us o move
16586 check for --with-noexec until after libtool magic is run so we can
16587 use $can_build_shared and $shrext
16591 Don't print a bunch of crap about library installs since we are not
16592 really installing a library.
16596 Make format_env() varargs Add noexec support for Darwin, MacOS X,
16600 * acsite.m4, ltconfig, ltmain.sh:
16601 Update to libtool 1.5 with local changes: o no ldconfig in the
16602 finish step o assume no libprefix or version is needed
16606 Fix compilation under K&R
16609 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
16616 stub execve() that just returns EACCES; used for noexec
16621 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
16626 Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
16630 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
16632 * def_data.c, def_data.h, def_data.in:
16633 Move the environment defaults to the end and shorten a few of the
16637 * configure, configure.in:
16638 no shared libs on ultris or convexos
16641 * Makefile.in, configure, configure.in:
16642 Build sudo_noexec shared object using libtool; could use some
16646 * acsite.m4, ltconfig, ltmain.sh:
16647 libtool scaffolding
16650 * parse.yacc, sudo.tab.c:
16651 Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
16655 * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
16656 parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
16657 update copyright year
16660 * configure, configure.in, defaults.c, env.c, pathnames.h.in:
16661 Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
16662 option. The default value of noexec_file is set to this.
16665 * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
16666 parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
16668 Add support for preloading a shared object containing a dummy
16669 execve() function that just sets error and returns -1. This adds a
16670 "noexec_file" option to load the filename as well as a "noexec" flag
16671 to enable it unconditionally. There is also a NOEXEC tag that can
16672 be attached to specific commands and an EXEC tag to disable it.
16676 add missing newline to usage statement
16679 * config.h.in, sudo.c:
16680 Rename EXEC macro -> EXECV
16684 Don't truncate usernames to 8 characters in the log message.
16687 * check.c, sudoers.man.in, sudoers.pod:
16688 Update copyright year
16691 * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
16693 Add a new option, lecture_file, that can be used to point to a
16694 custom sudo lecture.
16697 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
16699 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
16701 Add a zero_bytes() function to do the equivalent of bzero in such a
16702 way that will heopfully not be optimized away by sneaky compilers.
16706 Add a zero_bytes() function to do the equivalent of bzero in such a
16707 way that will heopfully not be optimized away by sneaky compilers.
16710 * Makefile.in, sudo.h:
16711 Add a zero_bytes() function to do the equivalent of bzero in such a
16712 way that will heopfully not be optimized away by sneaky compilers.
16716 Use #ifdef __STDC__, not #if __STDC__.
16719 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
16722 Always put at least one space between the def_* macro name and its
16726 * configure, configure.in:
16727 Adjust code for --without-lecture to match new values.
16731 regen after pasto fix
16734 * sudoers.man.in, sudoers.pod:
16735 Document that "lecture" has changed from a flag to a tuple.
16738 * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
16739 defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
16740 Add support for tuples in def_data.in; these are implemented as an
16741 enum type. Currently there is only a single tuple enum but in the
16742 future we may have one tuple enum per T_TUPLE entry in def_data.in.
16743 Currently listpw, verifypw and lecture are tuples. This avoids the
16744 need to have two entries (one ival, one str) for pwflags and syslog
16747 lecture is now a tuple with the following values: never, once,
16750 We no longer use both an int and string entry for syslog facilities
16751 and priorities. Instead, there are logfac2str() and logpri2str()
16752 functions that get used when we need to print the string values.
16755 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
16756 auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
16757 check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
16758 logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
16759 sudo.tab.c, visudo.c:
16760 Create def_* macros for each defaults value so we no longer need the
16761 def_{flag,ival,str,list,mode} macros (which have been removed). This
16762 is a step toward more flexible data types in def_data.in.
16769 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
16772 If we are in -k/-K mode, just spew to stderr. It is not unusual for
16773 users to place "sudo -k" in a .logout file which can cause sudo to
16774 be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
16775 Previously, this would result in useless mail and logging.
16778 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
16781 fix pasto in VISUAL description
16784 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
16795 Some OSes (like Solaris) allow export w/ nosuid too
16798 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
16801 We don't use FD_ZERO anymore so just define FD_SET (if not already
16805 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
16808 Fix a core dump on Solaris by preserving the pam_handle_t we used
16809 during authentication for pam_prep_user(). If we didn't
16810 authenticate (ie: ticket still valid), we call pam_init() from
16811 pam_prep_user(). This is something of a hack; it may be better to
16812 change the auth API and add an auth_final() function that acts like
16816 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
16819 Add explicit declaration of printerr variable in function header
16820 (was defaulting to int which is OK but oh so K&R :-). From Theo.
16823 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
16825 * config.h.in, configure.in:
16826 s/HAVE_STOW/USE_STOW/
16830 Also exit waitpid() loop when pid == 0. Fixes a problem where the
16831 sudo process would spin eating up CPU until sendmail finished when
16832 it has to send mail.
16835 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
16838 Remove advertising clause, UCB has disavowed it
16842 Remove advertising clause, UCB has disavowed it
16845 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
16848 Don't assume that getgrnam() calls don't modify contents of struct
16849 passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
16850 Based on a patch from Kirk Webb.
16853 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
16860 darwin has a broken setreuid() in at least some versions
16864 Fix an off by one error when reallocating the environment; Kevin Pye
16867 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
16870 Fix User_Spec definition; SEKINE Tatsuo
16873 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
16876 More info on the early days from Coggs.
16879 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
16882 remove errant semicolon that prevented compilation under heimdal
16885 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
16887 * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
16888 add DARPA credit on affected files
16892 add DARPA credit on affected files
16895 * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
16897 add DARPA credit on affected files
16901 add DARPA credit on affected files
16905 add DARPA credit on affected files
16908 * logging.c, parse.c:
16909 add DARPA credit on affected files
16912 * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
16913 auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
16914 find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
16916 add DARPA credit on affected files
16919 * auth/kerb5.c, auth/pam.c:
16920 add DARPA credit on affected files
16923 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
16924 auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
16926 add DARPA credit on affected files
16930 add DARPA credit on affected files
16933 * defaults.c, defaults.h:
16934 add DARPA credit on affected files
16938 add DARPA credit on affected files
16941 * Makefile.in, alloc.c, check.c:
16942 add DARPA credit on affected files
16946 slightly different wording for the darpa credit
16949 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
16955 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
16958 Use krb5_princ_component() instead of krb5_princ_realm() for MIT
16959 Kerberos like we did before I messed things up ;-)
16961 Use krb5_principal_get_comp_string() to do the same thing w/
16962 Heimdal. I'm not sure if the component should be 0 or 1 in this
16965 #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
16966 older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
16967 should be a configure check for this I guess.
16970 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
16973 builtin -> built-in; Jason McIntyre
16976 * TROUBLESHOOTING, config.h.in, configure, configure.in:
16977 builtin -> built-in; Jason McIntyre
16981 built in -> built-in; Jason McIntyre
16984 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
16987 checkpoint for 1.6.7p3
16991 Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
16992 Amazingly, sudo source from 1985 is available via groups.google.com
16996 Don't change rl.rlim_max for RLIMIT_CORE. We need only set
16997 rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
16998 RLIMIT_CORE restoration on some OSes.
17001 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
17004 Make this compile on Heimdal and MIT Kerberos 5
17007 * config.h.in, configure, configure.in:
17008 Check for heimdal even if we found krb5-config and define
17013 Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
17014 no longer defined by MIT kerb5 (though it used to be and indeed
17015 remains so in Heimdal).
17018 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
17021 Remove newer stuff that passes multiple (possibly duplicate)
17022 directories to "mkdir -p" since that seems to break on Tru64 Unix at
17023 least. This basically brings back what shipped with sudo 1.6.6.
17026 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
17029 Correct number of args to krb5_principal_get_realm() and fix an
17030 unclosed comment that hid the bug.
17057 * CHANGES, version.h:
17066 use krb5-config to determine Kerberos V details if it exists
17069 * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
17070 auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
17071 find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
17072 testsudoers.c, visudo.c:
17073 Use warn/err and getprogname() throughout. The main exception is
17074 openlog(). Since the admin may be filtering logs based on the
17075 program name in the log files, hard code this to "sudo".
17079 Add getprogname.c and err.c
17086 * config.h.in, configure.in:
17087 Add checks for getprognam(), __progname and err.h
17091 For systems withour err/warn functions.
17095 For systems withour err/warn functions.
17099 For systems neither getprogname() nor __progname; uses Argv[0].
17102 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
17105 checkpoint for 1.6.7p1
17108 * sudo.c, testsudoers.c:
17109 fix strlcpy() rval check (innocuous)
17113 oflow detection in expand_prompt() was faulty (false positives). The
17114 count was based on strlcat() return value which includes the length
17115 of the entire string.
17118 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
17121 checkpoint for the sudo 1.6.7 release
17122 [096bab4da29a] [SUDO_1_6_7]
17125 checkpoint for the sudo 1.6.7 release
17128 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
17131 g/c unused variable
17139 use man sections 8 and 5 for csops
17142 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
17149 Add -lskey or -lopie directly to SUDO_LIBS instead of having
17150 AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
17158 Add --with-blibpath for AIX. An alternate libpath may be specified
17160 -blibpath support can be disabled. Also change conifgure such that
17161 -blibpath is not specified if no -L libpaths were added to
17166 Add --with-blibpath for AIX. An alternate libpath may be specified
17168 -blibpath support can be disabled. Also change conifgure such that
17169 -blibpath is not specified if no -L libpaths were added to
17174 Add --with-blibpath for AIX. An alternate libpath may be specified
17176 -blibpath support can be disabled. Also change conifgure such that
17177 -blibpath is not specified if no -L libpaths were added to
17182 add AIX blibpath support
17185 * INSTALL, configure.in:
17186 --with-skey and --with-opie now take an option directory argument
17187 This obsoletes a --with-csops hack (/tools/cs/skey)
17189 Also remove the remaining direct uses of "echo"
17192 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
17195 Detect KTH Kerberos IV and deal with it. Also make -lroken optional
17196 for KTH Kerberos IV and V.
17200 Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
17201 -R/path/to/dir if $with_rpath) to the specified variable.
17204 * INSTALL, configure.in:
17205 Add -R/path/to/libs for Solaris and SVR4. There is a new configure
17206 option, --with-rpath to control this behavior.
17210 for kerb4 put libdes after libkrb on the link line
17218 fix kerberos lib check when a path is specified
17222 Fix boolean thinko in SIGCHLD reaper and call reapchild after
17223 sending mail instead of doing a conditional sudo_waitpid.
17226 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
17233 replace =DIR with [=DIR] where sensible
17237 o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
17238 detection based on openssh's configure.in
17242 --with-kerb4 and --with-kerb5 now take an optional argument.
17245 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
17248 Kill remaining strcpy(), the programmer's guide says username is 32
17253 trat uid_t as unsigned long for printf and use snprintf, not sprintf
17260 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
17262 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
17263 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
17264 auth/rfc1938.c, auth/sudo_auth.c:
17265 update copyright year
17268 * sudo.man.in, sudoers.man.in, visudo.man.in:
17269 update copyright year
17272 * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
17273 configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
17274 parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
17275 sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
17276 update copyright year
17279 * check.c, env.c, sudo.c:
17280 Cast [ug]ids to unsigned long and printf with %lu
17288 correct error messages for --with-sudoers-{mode,uid,gid}
17292 make the malloc(0) error specific to each function to aid tracking
17297 deal with platforms where size_t is signed and there is no SIZE_MAX
17302 Make this compile w/ Heimdal and fix some gcc warnings.
17306 Use stat_sudoers macro so --with-stow can work
17309 * INSTALL, config.h.in, configure, configure.in:
17310 Add support for --with-stow based on patches from Robert Uhl
17326 use strlcpy, not strncpy
17330 Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
17337 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
17339 * strlcat.c, strlcpy.c:
17340 Make gcc shutup about unused rcsid
17344 Move the n == 0 check for the non-getifaddrs cas
17348 skeychallenge() on NetBSD take a size parameter
17356 put -ldl after -lpam, not before; fixes static linking on Linux
17360 Avoid malloc(0) and fix the loop invariant for the getifaddrs()
17364 * sudo.cat, sudoers.cat, visudo.cat:
17368 * sudo.man.in, sudoers.man.in, visudo.man.in:
17373 Preserve copyright notice from .pod file in .man.in file
17377 Add sudoers(5) to SEE ALSO
17380 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
17387 Don't assume libc can realloc() a NULL string. If malloc/realloc
17388 fails, make sure we just return; yyerror() is not terminal.
17396 simplify fill_args a little and use strlcpy for paranoia
17403 * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
17405 Use strlc{at,py} for paranoia's sake and exit on overflow. In all
17406 cases the strings were either pre-allocated to the correct size of
17407 length checks were done before the copy but a little paranoia can go
17412 Add strlc{at,py} protos
17415 * env.c, interfaces.c:
17424 Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
17425 memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
17429 snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
17434 In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
17437 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
17440 Use snprintf() for paranoia
17444 Use emalloc2 and erealloc3
17448 strlc{at,py} for those w/o it
17451 * strlcat.c, strlcpy.c:
17452 stlc{at,py} for those w/o it.
17455 * config.h.in, configure, configure.in:
17456 Add stlc{at,py} for those w/o it.
17460 Add erealloc3(), a realloc() version of emalloc2().
17463 * interfaces.c, sudo.c:
17464 Use emalloc2() to allocate N things of a certain size.
17468 Add emalloc2() -- like calloc() but w/o the bzero and with
17469 error/oflow checking.
17473 Error out on malloc(0); suggested by theo
17476 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
17478 * configure, configure.in:
17479 fix a typo; David Krause
17482 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
17488 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
17491 Remove DYLD_ from the environment for MacOS X; from bbraun
17494 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
17496 * config.h.in, configure.in:
17497 not not; Anil Madhavapeddy
17500 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
17502 * sudo.pod, sudoers.pod, visudo.pod:
17503 typos; jmc@openbsd.org
17506 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
17509 Add some missing ';' rule terminators that bison warns about.
17513 fix typo I introduced in last merge
17517 regenerate with autoconf 2.57
17521 Add missing "$HOME"
17525 Add some more square backets to make autoconf 2.57 happy
17528 * config.sub, mkinstalldirs:
17529 Updates from autoconf-2.57
17533 Updates from autoconf-2.57
17536 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
17542 * lex.yy.c, sudo.tab.c:
17546 * parse.lex, parse.yacc, sudoers.pod:
17547 Add support for Defaults>RunasUser
17550 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
17553 fclose() yyin after each yyparse() is done and use fopen() instead
17554 of using freopen().
17558 Better fix for sudoers files w/o a newline before EOF. It looks
17559 like the issue is that yyrestart() does not reset the start
17560 condition to INITIAL which is an issue since we parse sudoers
17564 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
17567 Work around what appears to be a flex bug when dealing with files
17568 that lack a final newline before EOF. This adds a rule to match EOF
17569 in the non-initial states which resets the state to INITIAL and
17574 o The parser needs sudoers to end with a newline but some editors
17575 (emacs) may not add one. Check for a missing newline at EOF and
17576 add one if needed. o Set quiet flag during initial sudoers parse (to
17577 get options) o Move yyrestart() call and always use freopen() to
17578 open yyin after initial sudoers parse.
17581 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
17584 Fix pasto/thinko in setresgid()/setregid() usage. Want to set
17585 effective gid, not real gid, when reading sudoers.
17589 don't compile set_perms_posix if we have setreuid or setresuid
17592 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
17594 * sudo.pod, sudoers.pod:
17595 document new prompt escapes
17599 Add %U and %H escapes and redo prompt rewriting. "%%" now gets
17600 collapsed to "%" as was originally intended. This also gets rid of
17601 lastchar (does lookahead instead of lookback) which should simplify
17602 the logic slightly.
17605 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
17608 Write the prompt *after* turning off echo to avoid some password
17609 characters being echoed on heavily-loaded machines with fast
17614 Add support for mipseb; wiz@danbala.tuwien.ac.at
17618 Fix IRIX fallout from name changes in man dir/sect Makefile
17619 variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
17623 Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
17624 the global copy. Problem noted by Peter Pentchev.
17627 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
17634 Add missing yyerror() calls; YYERROR does not seem to call this for
17638 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
17641 fix typo in comment; Pedro Bastos
17644 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
17647 document --disable-setresuid
17650 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
17652 Sprinkle some volatile qualifiers to prevent over-enthusiastic
17653 optimizers from removing memset() calls.
17656 * logging.c, parse.yacc:
17657 minor sign fixes pointed out by gcc -Wsign-compare
17660 * set_perms.c, sudo.c, sudo.h:
17661 Revamp set_perms. We now use a version based on setresuid() or
17662 setreuid() when possible since that allows us to support the
17663 stay_setuid option and we always know exactly what the semantics
17664 will be (various Linux kernels have broken POSIX saved uid support).
17667 * config.h.in, configure:
17668 regen from configure.in
17672 Add checks for setresuid() and a way to disable using it
17676 No long need to emulate set*[ug]id() via setres[ug]id() or
17677 setre[ug]id(). The new set_perms stuff only uses things it knows are
17682 Before exec, restore state of signal handlers to be the same as when
17683 we were initialy invoked instead of just reseting to SIG_DFL. Fixes
17684 a problem when using sudo with nohup. Based on a patch from Paul
17689 o timestamp_uid should be uid_t, not int o clarify error message
17690 when sudo is run by root and no_root_sudo is set
17693 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
17696 update ftp link for bison
17699 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
17702 Error out if setusercontext() fails and the runas user is not root.
17705 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
17712 Fix SecurID API test
17715 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
17722 securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
17723 but I don't see a better way at the moment.
17726 * Makefile.in, auth/securid5.c:
17727 SecurID API version 5 support from Michael Stroucken
17731 Add check for SecurID 5.0 API
17734 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
17737 We actually do still need config.h to get the 'const' definition for
17741 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
17744 regen with autoconf 2.5.3
17748 Don't set sysconfdir to '/etc' if the user has specified a --prefix.
17752 Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
17753 LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
17756 * env.c, sudo.c, sudo.h:
17757 No need for dump_badenv() now that dump_defaults() knows how to dump
17761 * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
17767 document timestampowner
17771 Don't call set_perms() when doing timestamp stuff unless
17772 timestamp_uid != 0.
17775 * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
17776 sudo.h, testsudoers.c:
17777 g/c second arg to set_perms--it is no longer used
17780 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
17782 * check.c, set_perms.c, sudo.c, sudo.h:
17783 Add support for non-root timestamp dirs. This allows the timestamp
17784 dir to be shared via NFS (though this is not recommended).
17787 * def_data.c, def_data.h, def_data.in:
17788 Add timestampowner, "Owner of the authentication timestamp dir"
17791 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
17794 Don't try to pre-compute the size of the new envp, just allocate
17795 space up front and realloc as needed. Changes to the new env
17796 pointer must all be made through insert_env() which now keeps track
17797 of spaced used and allocates as needed.
17800 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
17807 Fix two typo/pastos; from jrj@purdue.edu
17810 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
17812 * INSTALL.binary, README:
17814 [a1e33027278c] [SUDO_1_6_6]
17816 * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
17817 visudo.cat, visudo.man.in:
17821 * CHANGES, RUNSON, TODO:
17826 The the loop used to expand %h and %u, the lastchar variable was not
17827 being initialized. This means that if the last char in the prompt
17828 is '%' and the first char is 'h' or 'u' a extra copy of the host or
17829 user name would be copied, for which space had not been allocated.
17832 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
17834 * BUGS, INSTALL, Makefile.in, configure.in, version.h:
17835 crank version to 1.6.6
17839 #undef VOID to get rid of an AFS warning
17843 Use easprintf instead of emalloc + sprintf for some things.
17846 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
17848 * lex.yy.c, sudo.tab.c:
17852 * parse.c, parse.lex, parse.yacc, testsudoers.c:
17853 Remove Chris Jepeway's email address so people don't bug him ;-)
17856 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
17859 Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
17860 endgrent() at the same time.
17863 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
17866 Make it clear which configure options take arguments.
17869 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
17872 HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
17873 RLIM_INFINITY, just pretend it is -1. This works because we only
17874 check for RLIM_INFINITY and do not set anything to that value.
17877 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
17880 Zero and free allocated memory when there is a conversation error.
17884 Use sigaction() not signal()
17888 Mention that some linux kernels have broken POSIX saved ID support
17892 checkpoint for 1.6.5p2
17900 Add --disable-setreuid flag
17904 Document new --disable-setreuid option and change description for
17905 --disable-saved-ids to match new error message.
17909 fatal() now takes an argument that determines whether or not to call
17914 Update for new error messages from set_perms()
17918 Update for new error messages from set_perms()
17921 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
17924 Make this compile w/o warnings
17928 Mention that we can't use pam_acct_mgmt()
17931 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
17932 The user's password was not zeroed after use when AIX
17933 authentication, BSD authentication, FWTK or PAM was in use.
17936 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
17939 Avoid giving PAM a NULL password response, use the empty string
17940 instead. This avoids a log warning when the user hits ^C at the
17941 password prompt when PAM is in use.
17945 Don't check the return value of pam_setcred(). In Linux-PAM 0.75
17946 pam_setcred() returns the last saved return code, not the return
17947 code for the setcred module. Because we haven't called
17948 pam_authenticate(), this is not set and so pam_setcred() returns
17953 Don't need a '/' between $(DESTDIR) and a directory.
17957 Don't need a '/' between $(DESTDIR) and a directory.
17960 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
17967 o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
17968 setreuid() o new NetBSD has a real setreuid() o add check for
17969 freeifaddrs() if getifaddrs() exists.
17972 * config.h.in, interfaces.c:
17973 Older BSDi releases lack freeifaddrs() so add a test for that and if
17974 it is not present just use free().
17977 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
17980 Checkpoint for 1.6.5p1
17984 Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
17985 to normal passwords, not AUTH_FATAL (which just causes an exit).
17989 Don't use memory after it has been freed.
17993 skeyaccess() wants a struct passwd * not a char *; Patch from
17995 [65a1d3806fcd] [SUDO_1_6_5]
18001 * CHANGES, RUNSON, TODO:
18002 checkpoint for sudo 1.6.5
18005 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
18011 * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
18015 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
18021 o when invoking the mailer as root use a hard-coded environment that
18022 doesn't include any info from the user's environment. Basically
18025 o Add support for the NO_ROOT_MAILER compile-time option and run the
18026 mailer as the user and not root if NO_ROOT_MAILER is defined.
18029 * set_perms.c, sudo.h:
18030 Bring back PERM_FULL_USER
18041 * INSTALL, config.h.in, configure.in:
18042 Add --disable-root-mailer option to run the mailer as the user and
18047 checkpoint for 1.6.4p2
18051 Mention the "seteuid(0): Operation not permitted" problem here too
18052 just for good measure.
18055 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
18057 * env.c, getspwuid.c, sudo.c:
18058 The SHELL environment variable was preserved from the user's
18059 environment instead of being reset based on the passwd database when
18060 the "env_reset" option was used. Now it is reset as it should be.
18067 * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
18069 Add a configure option to turn off use of POSIX saved IDs
18077 add --with-efence option
18081 Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
18082 "sudo -l" would not work if always_set_home was set.
18090 Quoted commas were not being treated correctly in command line
18095 o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
18096 Otherwise, the set_home option has no effect.
18098 o Fix use of freed memory when the "fqdn" flag is set. This was
18099 introduced by the fix for the "segv when gethostbynam() fails" bug.
18100 Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
18101 there is no need to check the "fqdn" flag in set_fqdn() itself.
18105 Add 'continue' statements to optimize the switch statement. From
18109 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
18111 * sudoers.cat, sudoers.man.in:
18112 Regen from new sudoers.pod
18113 [6ecc07b3d0e1] [SUDO_1_6_4]
18116 Add caveat about stay_setuid flag
18120 If set_perms == set_perms_posix and the stay_setuid flag is not set,
18121 set all uids to 0 and use set_perms_fallback().
18124 * set_perms.c, sudo.h:
18125 Remove PERM_FULL_USER (which is no longer used) and add
18126 PERM_FULL_ROOT (used when exec'ing the mailer).
18130 Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
18131 never want to run the mailer setuid.
18134 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
18136 * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
18138 Use sudo.ws instead of courtesan.com in URLs
18141 * Makefile.binary, Makefile.in:
18142 Fix mansect substitution
18146 Substitute man sections in Makefile.binary
18150 Sync install targets with Makefile.in and substitute in man
18154 * INSTALL, INSTALL.binary:
18159 Repair bindist target
18166 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
18169 Fix case where neither whoami nor id are found
18172 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
18175 If neither whoami nor id exists, just assume we are root.
18179 Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
18180 on AIX which for some reason isn't pulling in the malloc prototype.
18183 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
18185 * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
18194 Defer assigning new environment until right before the exec.
18198 kill extra blank line
18201 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
18208 Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
18209 compiler doesn't recognise -O2.
18213 Clarify origins of Root Group sudo a bit based on info from
18214 billp@rootgroup.com
18217 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
18224 checkpoint for 1.6.4rc1
18227 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
18230 now generated via autoheader
18238 Move in some stuff that was previously in config.h.
18241 * aclocal.m4, configure.in:
18242 Add info for autoheader.
18245 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
18248 o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
18249 -g to facilitate non-root installs
18253 Add -M option (like -m but only for root) If we can't find "whoami",
18254 use "id" w/ some sed.
18262 allow user to always override mansectsu and mansectform
18265 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
18268 update from autoconf 2.52
18271 * config.guess, config.sub:
18272 Update from autoconf 2.52
18276 regen with autoconf 2.52
18280 o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
18281 mode o Remove compiler-specific checks for HP-UX now that we use
18290 o Add pam_prep_user function to call pam_setcred() for the target
18291 user; on Linux this often sets resource limits. o When calling
18292 pam_end(), try to convert the auth->result to a PAM_FOO value.
18293 This is a hack--we really need to stash the last PAM_FOO value
18294 received and use that instead.
18297 * set_perms.c, sudo.h:
18298 o Add pam_prep_user function to call pam_setcred() for the target
18299 user; on Linux this often sets resource limits.
18303 Fix off by one error in number of bytes allocated via malloc (does
18304 not affected any released version of sudo).
18307 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
18314 Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
18315 requiring that they be quoted.
18318 * sudoers.cat, sudoers.man.in, sudoers.pod:
18319 Mention that no double quotes are needed when
18320 adding/deleting/assigning a single value to a list.
18324 Don't rely on mkdefaults being executable, call perl explicitly.
18332 Remove some XXX that are no longer relevant.
18336 o Roll our own loop instead of using strpbrk() for better
18337 grokability o When adding to a list we must malloc() and use
18338 memcpy(), not strdup() since we must only copy len bytes from str.
18341 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
18351 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
18362 avoid the -g flag unless --with-devel was specified
18366 mkdefaults, def_data.in and sigaction.c were missing from the
18371 def_data.c was missing
18374 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
18377 Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
18378 allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
18386 Add comment for Default section so folks know where it should go.
18389 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
18392 Use TCSETAF, not TCSETA to set terminal in termio case
18395 * sudoers.cat, sudoers.man.in:
18396 regen from sudoers.pod
18400 o Typo, Runas_User_List should be Runas_List o a User_List can not
18401 contain a uid o mention that the Defaults section should come after
18402 Alias definitions but before the user specifications
18405 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
18407 * sudoers.cat, sudoers.man.in:
18412 Fix listpw and verifypw sections, they were not being formatted
18416 * sudoers.cat, sudoers.man.in:
18428 * config.h.in, configure.in:
18429 use AC_SYS_POSIX_TERMIOS instead of rolling our own
18433 Reference sudo.ws not courtesan.com
18437 Add notes on shadow passwords
18441 In list mode (sudo -l), characters escaped with a backslash are
18442 shown verbatim with the backslash.
18446 Add simple examples from OpenBSD (Marc Espie)
18450 Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
18454 minor prettyification
18462 Fix CIDR handling here too.
18466 Apparently a NULL response is OK
18470 Checkpoint for upcoming beta release
18474 Many people believe that adding a runas spec should obviate the need
18475 for the -u flag. It does not.
18479 checkpoint update for upcoming 1.6.4 beta
18483 o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
18484 if HAVE_STRING_H is defined -- this is safe now
18488 Add signals section
18496 Fix check for sigaction_t
18500 XXX - should call find_path() as runas user, not root. Can't do
18501 that until the parser changes though.
18505 If find_path() fails as root, try again as the invoking user (useful
18506 for NFS). Idea from Chip Capelik.
18509 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
18510 Regenerate after pod file changes
18513 * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
18514 sudo.pod, sudoers.pod:
18515 Add new sudoers option "preserve_groups". Previously sudo would not
18516 call initgroups() if the target user was root. Now it always calls
18517 initgroups() unless the -P command line option or the
18518 "preserve_groups" sudoers option is set. Idea from TJ Saunders.
18521 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
18523 * compat.h, config.h.in:
18524 Use new HAVE_SIGACTION_T define
18528 Fix compilation on K&C
18536 Add check for sigaction_t -- IRIX already defines this so don't
18545 need stdlib.h here too
18553 Remove redundant checks for string.h, strings.h and unistd.h
18556 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
18558 Regen from pod files
18565 * configure, lex.yy.c, sudo.tab.c:
18570 Return EINVAL if errnum > sys_nerr
18573 * auth/sudo_auth.h:
18574 o Update copyright year
18577 * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
18578 config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
18580 o Update copyright year
18584 o Don't define STDC_HEADERS unconditionally for IRIX o Update
18592 * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
18593 auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
18594 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
18595 auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
18596 set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
18598 o Reorder some headers and use STDC_HEADERS define properly o Update
18603 o Reorder some headers and use STDC_HEADERS define properly o Update
18607 * getspwuid.c, goodpath.c, interfaces.c:
18608 o Reorder some headers and use STDC_HEADERS define properly o Update
18613 o Reorder some headers and use STDC_HEADERS define properly o Update
18617 * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
18619 o Reorder some headers and use STDC_HEADERS define properly o Update
18628 flags set in signal handlers should be volatile sig_atomic_t
18631 * config.h.in, configure.in:
18632 Add checks for volatile and sig_atomic_t
18635 * configure, lex.yy.c:
18639 * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
18640 sudo.c, sudoers.pod:
18641 Remove "secure_path" Defaults option since it cannot work with the
18645 * find_path.c, sudo.c:
18646 Unset "secure_path" if user_is_exempt()
18649 * env.c, pathnames.h.in:
18650 o Remove assumption that PATH and TERM are not listed in env_keep o
18651 If no PATH is in the environment use a default value o If TERM is
18652 not set in the non-reset case also give it a default value.
18655 * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
18656 _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
18657 systems that define in paths.h
18660 * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
18661 Add support for skeyaccess(3) if it is present in libskey.
18664 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
18667 Only need to do 'lc = login_getclass(NULL)' if lc == NULL
18671 '\\' is a perfectly legal character to have in a command line
18676 o Defer call to set_fqdn() until it is safe to use log_error() o
18677 Don't print errno string value if gethostbyname fails, it is not
18682 Fix CIDR -> in_addr_t conversion.
18685 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
18688 Remove an extra "User_List" in the User_Spec definition From
18689 ybertrand AT snoopymail.com
18693 Make 'listpw=never' work for users who are not explicitly mentioned
18698 Remove gratuitous '=' in EBNF grammar; era AT iki.fi
18702 Document new list Defaults type and convert env_keep and env_delete
18703 to lists. Document new env_check option.
18706 * lex.yy.c, sudo.tab.c, sudo.tab.h:
18711 Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
18720 Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
18723 * config.h.in, configure.in:
18724 Add check for skeyaccess(3)
18728 Document new -c, -f, and -q options
18732 o Add -f option (alternate sudoers file) o Convert to use getopt(3)
18739 * aclocal.m4, config.h.in, configure.in:
18740 Add check for isblank and a replacement macro if it doesn't exist.
18743 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
18746 In check-only mode, don't create sudoers if it does not already
18751 o Add a new token, DEFVAR, to indicate a Defaults variable name o
18752 Add support for "+=" and "-=" list operators o replace some 1 and 0
18753 with TRUE and FALSE for greater legibility.
18757 o Use exclusive start conditions to remove some ambiguity in the
18758 lexer. Also reorder some things for clarity. o Add support for
18759 "+=" and "-=" list operators. o Use the new DEFVAR token to denote
18760 a Defaults variable name.
18764 Prototype init_envtables()
18768 o Convert environment handling to use lists instead of strings.
18769 This greatly simplifies routines that need to do "foreach" type
18770 operations. o Add new init_envtables() function to set env_check
18771 and env_delete defaults based on initial_badenv_table and
18772 initial_checkenv_table (formerly sudo_badenv_table).
18775 * defaults.c, defaults.h:
18776 o Add a new LIST type and functions to manipulate it. o This is for
18777 use with environment handling variables. o Call new
18778 init_envtables() routine inside init_defaults() to initialize the
18782 * def_data.c, def_data.h, def_data.in:
18783 Convert environment options to use the new LIST type and add a new
18784 one, env_check that only deletes if the sanity check fails.
18788 Add dummy version of init_envtables()
18796 Add check-only mode
18800 Fix generation of entries with NULL descriptions.
18803 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
18806 Use sigaction_t and quiet a gcc warning.
18810 Must reset signal handlers before we exec
18813 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
18815 Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
18816 version needs testing. Set SIGTSTP to SIG_DFL during password entry
18817 so user can suspend us.
18821 Add support for interrupting/suspending tgetpass via keyboard input.
18822 If you suspend sudo from the password prompt and resume it will re-
18827 Don't block keyboard interrupt signals, just set them to SIG_IGN.
18830 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
18833 add back HAVE_SIGACTION
18840 * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
18841 Kill POSIX_SIGNALS define and old signal support now that we emulate
18842 POSIX ones Also be sure to correctly initialize struct sigaction.
18846 Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
18850 Add scaffolding for POSIX signal emulation
18854 o Add missing ';' so this compiles o Can't use NULL since we don't
18859 Emulate sigaction() using sigvec()
18862 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
18865 Document new behavior of negative values of timestamp_timeout Fix a
18870 Add security note about command not being logged after 'sudo su' and
18875 Mention that -V prints default values when run as root, including
18876 the list of environment variables to clear.
18880 Run pod2man with --quotes=none to avoid stupid quoting of C<>
18884 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
18886 * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
18887 Add mail_badpass option Also modify mail_always behavior to also
18888 send mail when the password is wrong
18891 * env.c, sudo.c, sudo.h:
18892 Dump default bad env table when 'sudo -V' is run by root.
18896 document env_delete
18900 Add support for '*' in env_keep when not resetting the environment
18901 (ie: the normal case).
18905 Add env_delete variable that lets the user replace/add to the
18906 bad_env_table. Allow '*' wildcard in env_keep entries.
18909 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
18912 Force umask to 022 to guarantee sane directory permissions.
18915 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
18918 add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
18922 fix breakage in last commit
18926 acsite.m4 -> aclocal.m4
18930 fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
18934 regenerated from def_data.in
18937 * check.c, defaults.c, defaults.h:
18938 Add new T_UINT type that most things use instead of T_INT If
18939 timestamp_timeout is < 0 then treat the ticket as never expiring (to
18940 be expired manually by the user).
18944 change most T_INT -> T_UINT
18948 fix warning when no args
18952 Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
18953 we are a signal handler. We no longer print the signal number but
18954 the user can just check the exit value for that.
18957 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
18960 when setting up pipes in child process check for case where stdin ==
18964 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
18967 Ignore editor exit value since XPG4 says vi's exit value is the
18968 count of editing errors made (failed searches, etc).
18971 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
18978 sco now is identified by config.guess as *-sco-*
18982 Check for getspnam() in -lgen if not in -lc for UnixWare.
18985 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
18987 * sudoers.pod, visudo.pod:
18988 "upper case" -> "uppercase"
18992 fix typos and grammar; pjanzen@foatdi.harvard.edu
18995 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
18998 Missing word (specify); krapht@secureops.com
19001 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
19004 If we fail to lookup a login class, apply the default one.
19008 In log_error() free message, not logline unconditionally, then free
19009 logline if it is not the same as message. No function change but
19010 this mirrors how they are allocated.
19013 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
19020 remove some backslash quotes that are unneeded
19024 o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
19025 instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
19026 can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
19027 to AC_DEFINE things manually.
19030 * config.guess, config.sub:
19031 Updated from autoconf-2.50
19034 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
19037 Update mailing list section. We use mailman now, not majordomo.
19040 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
19042 * getspwuid.c, logging.c, sudo.c:
19043 Use setpwent()/endpwent() + all the shadow variants to make sure we
19044 don't inadvertantly leak an fd to the child. Apparently Linux's
19045 shadow routines leave the fd open even if you don't call setspent().
19046 Reported by mike@gistnet.com; different patch used.
19049 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
19056 select() may return EAGAIN. If so, continue like we do for EINTR.
19060 Fix a non-exploitable buffer overflow in the word splitting code.
19061 This should really be rewritten.
19069 Tell people to look in sample.syslog.conf for examples, not FAQ
19073 Update list of env vars that are cleared
19077 remove struct env_table decl since that stuff has all moved to env.c
19080 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
19083 Fix a pasto in flock-style unlocking and include <sys/file.h> for
19084 flock on older systems; twetzel@gwdg.de
19088 regen to get NeXT lockf/flock fix
19092 force NeXT to use flock since lockf is broken
19095 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
19098 Use stashed user_gid when checking against exempt gid since sudo
19099 sets its gid to a a value that makes sudoers readable. Previously
19100 if you used gid 0 as the exempt group everyone would be exempt. From
19101 Paul Kranenburg <pk@cs.few.eur.nl>
19104 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
19111 #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
19112 some types (such as ssize_t) therein.
19115 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
19118 Fix negation of paths in a boolean context. Problem found by
19122 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
19128 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
19131 SA_RESETHAND means the opposite of what I was thinking--oops To
19132 block all signals in old-style signals use ~0, not 0xffffffff
19135 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
19138 coerce difference of pointers to int when used in a string length
19139 printf format; deraadt@openbsd.org
19142 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
19145 Block all signals in Exit() to avoid a signal race. There is still
19146 a tiny window but I'm not going to worry about it.
19149 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
19152 glibc uses the LANGUAGE env var so clear that too; Solar Designer
19156 Regenerate with a fix to flex.skl that preserves errno from
19157 clobbering by isatty().
19160 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
19162 * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
19163 auth/sia.c, auth/sudo_auth.c:
19164 Some defaults I_ defines got renamed.
19167 * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
19168 defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
19169 set_perms.c, sudo.c, sudo.tab.c:
19170 Move defaults info into its own files from which we generate .h and
19171 .c files. This makes adding or rearranging variables much simpler.
19174 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
19176 * configure, configure.in:
19177 fix typo in last commit
19180 * compat.h, config.h.in, configure, configure.in:
19181 Add check + emulation for setegid (like seteuid).
19185 Make env_keep override badenv_table as documented Fix traversal of
19186 badenv_table (broken in last commit)
19189 * set_perms.c, sudo.c, sudo.h:
19190 Don't try and build saved uid version of set_perms on systems w/o
19191 them. Rename set_perms_saved_uid() -> set_perms_posix() Make
19192 set_perms_setreuid simply be set_perms_fallback() and simply include
19193 the appropriate function at compile time (setreuid() vs. setuid()).
19196 * sudoers.cat, sudoers.man.in, sudoers.pod:
19197 PATH is also preserved when env_reset is in effect
19200 * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
19201 configure.in, defaults.c, defaults.h, env.c, find_path.c,
19202 getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
19203 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
19204 visudo.c, visudo.cat, visudo.man.in:
19205 New Defaults options: o stay_setuid - sudo will remain setuid if
19206 system has saved uids or setreuid(2) o env_reset - reset the
19207 environment to a sane default o env_keep - preserve environment
19208 variables that would otherwise be cleared
19210 No longer use getenv/putenv/setenv functions--do environment munging
19211 by hand. Potentially dangerous environment variables can be cleared
19212 only if they contain '/' pr '%' characters to protect buggy
19213 programs. Moved environment routines into env.c (new file)
19217 Clear up --without-passwd description
19220 * putenv.c, sudo_setenv.c:
19221 We now build up a new environment from scratch and assign it to
19225 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
19227 * sudo.pod, visudo.pod:
19228 Grammatical fixes from Paul Janzen
19231 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
19234 If there was a syntax error and the user just wants to quit, unlink
19235 sudoers if it is zero length.
19239 'Q' means ignore parse error, not 'q'
19243 Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
19247 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
19250 Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
19253 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
19255 * config.guess, config.sub:
19256 Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
19259 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
19261 * sudo.c, visudo.c:
19262 Use exit(127), not exit(-1)
19265 * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
19266 Move set_perms() to its own file and use POSIX saved uid or
19267 setreuid() if available.
19269 Added stay_setuid option for systems that have libraries that
19270 perform extra paranoia checks in system libraries for setuid
19271 programs (ie: anything with issetugid(2)).
19275 strip more bits from the environment and add a facility for
19276 stripping things only if they contain '/' or '%' to address printf
19277 format string vulnerabilities in other programs.
19280 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
19287 For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
19296 Check for strcasecmp(3) in -lc89 for NCR Unix
19299 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
19302 Define HAVE_INNETGR #ifdef HAVE__INNETGR
19309 * compat.h, config.h.in, configure.in:
19310 Add check for _innetgr(3) since NCR systems have that instead of
19314 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
19317 check return value of creadcfg() call sd_close() after sd_auth()
19318 store username in sd->username so we don't rely on the USER env
19322 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
19325 document --with-bsdauth
19333 --with-bsdauth assumes --with-logincap
19336 * auth/bsdauth.c, auth/fwtk.c:
19337 When prompting for a response to a challenge, if the user just hits
19338 return then reprompt with echo turned on.
19341 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
19344 Remove debugging code that should not have been committed, oops.
19348 Use lower-level routines and get the password ourselves. Checks for
19349 a challenge and if there is one echo is not turned off.
19352 * auth/pam.c, auth/sudo_auth.h:
19353 minor housekeeping, no real code changes
19356 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
19359 Fix a coredump in the logging functions if gethostname(2) fails by
19360 deferring the call to log_error() until things are better setup.
19362 Fix return value of set_loginclass() in non-BSD-auth case.
19364 Hard-code 'sudo' in the usage message so we can fit more options on
19369 Fix errant ';' (typo) that broken MSG_ONLY
19372 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
19374 * sudo.cat, sudo.man.in:
19382 * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
19383 configure, configure.in, getspwuid.c, sudo.c:
19384 Add support for BSD authentication.
19387 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
19390 Fix typo; from sato@complex.eng.hokudai.ac.jp
19393 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
19396 Mention negating umask
19400 Allow user to specify umask of 0777 (same as !umask)
19403 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
19405 * sudo.pod, visudo.pod:
19406 Fix a typo and give a URL for the sudo history.
19409 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
19411 * defaults.c, sudo.pod:
19412 fix typos; pepper@reppep.com
19415 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
19417 * sudo.c, sudo.h, sudo_setenv.c:
19418 sudo_setenv() now exits on memory alloc failure instead of returning
19422 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
19425 Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
19426 and possibly others.
19430 Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
19431 that "%m" won't be expanded but we don't use that anyway since the
19432 logging routines may splat to stderr as well.
19435 * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
19437 Add always_set_home variable
19440 * configure, configure.in:
19441 Have to hard code default values in help since the defaults are set
19442 _after_ the help stuff.
19445 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
19447 * lex.yy.c, parse.lex:
19448 Allow special characters (including '#') to be embedded in pathnames
19449 if quoted by a '\\'. The quoted chars will be dealt with by
19450 fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
19453 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
19456 Better path searching for programs we need.
19460 Add section on "C compiler cannot create executables" errors.
19463 * Makefile.binary, Makefile.in, version.h:
19467 * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
19468 sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
19469 visudo.man.in, visudo.pod:
19470 Substitute values from configure into man pages.
19473 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
19476 The listpw and verifypw sudoers options would not take effect
19477 because the value of the default was checked *before* sudoers was
19478 parsed. Instead of passing in the value of PWCHECK_* to
19479 sudoers_lookup(), pass in the arg for def_ival() so the check can be
19480 deferred until after sudoers is parsed.
19483 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
19486 When writing prompt, no need to write the NUL as well;
19490 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
19493 When looking for chown, check in /sbin too
19496 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
19499 Remove extraneous call to init_defaults() and set runas_user to NULL
19500 betweem parses so init_defaults will reset it each time, thus
19501 avoiding a reference to free()d data.
19504 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
19506 * config.h.in, interfaces.c, interfaces.h, sudo.c:
19507 Add support for using getifaddrs() to get the list of ip addr /
19508 netmask pairs. Currently IPv4-only.
19512 Add a missing check for UserEditor == NULL Add missing '+' before
19513 line number when invoking editor to fix a syntax error
19516 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
19519 Call clean_env very early in main() for paranoia's sake. Idea from
19523 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
19526 Update proto for evasprintf and easprintf
19530 Make easprintf() and evasprintf() return an int.
19534 If the targetpw flag is set, use target username as part of the
19535 timestamp path. If tty tickets are in effect cat the tty and the
19536 target username with a ':' as the separator.
19539 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
19542 Backout part of last change; setting PAM_USER to the invoking user
19543 breaks things like targetpw.
19547 set tty and username via pam_set_item
19550 * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
19551 Fix root, runas, and target authentication for non-passwd file auth
19555 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
19557 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
19558 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
19559 Use B<-Z> not C<-Z> for command line flags in all places. This is
19560 more consistent and works around a bug in Pod::Man.
19563 * sudoers.cat, sudoers.man.in, sudoers.pod:
19564 Fix an occurence of 'semicolon' that should be 'colon'
19567 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
19569 * configure, configure.in:
19570 Fix --with-badpri help line
19573 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
19575 * defaults.c, logging.c, sudo.c:
19576 Bracket calls to syslog with an openlog() and closelog() since some
19577 authentication methods (like PAM) may do their own logging via
19578 syslog. Since we don't use syslog much (usually just once per
19579 session) this doesn't really incur a performance penalty. It also
19580 Fixes a SEGV with pam_kafs.
19583 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
19586 Fix -H flag. runas_homedir is only valid after
19587 set_perms(PERM_RUNAS, mode)
19590 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
19593 Clarify the fact that insults are not enabled just by including them
19597 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
19599 * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
19601 Regenerated with perl 5.6.0 pod2man
19605 Give date string to pod2man since its default is ugly and it ain't
19610 Do section substitution on the output of pod2man and remove hack
19611 needed for old pod2man.
19614 * sudo.pod, sudoers.pod, visudo.pod:
19615 Put back real man sections, we will do the substitution later.
19618 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
19620 * configure, configure.in:
19621 Don't bother checking for the path to vi if user specified --with-
19625 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
19627 * CHANGES, visudo.c:
19628 Visudo now does its own fork/exec instead of calling system(3).
19631 * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
19632 sudoers.pod, visudo.c:
19633 Visudo now checks for the existence of an editor and gives a
19634 sensible error if it does not exist.
19636 The path to the editor for visudo is now a colon-separated list of
19637 allowable editors. If the user has $EDITOR set and it matches one
19638 of the allowed editors that editor will be used. If not, the first
19639 editor in the list that actually exists is used.
19642 * sudo.cat, sudo.man.in, sudo.pod:
19643 Clear up confusion wrt sudo's return value.
19646 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
19649 Strip sudo and visudo for bindist target
19652 * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
19653 sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
19654 Use @mansectsu@ and @mansectform@ in the man page bodies as well.
19655 [5eb9e60a726f] [SUDO_1_6_3]
19657 * visudo.cat, visudo.man.in, visudo.pod:
19658 Typo: @sysconf@ -> @sysconfdir@
19662 'make dist' should not cause any files to be modified so remove its
19667 Whoops, forgot to add release marker
19670 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
19673 Final change for 1.6.3 (or so I hope)
19676 * sudo.cat, sudoers.cat, visudo.cat:
19677 Use SYSV man sections since BSD systems will have nroff...
19680 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
19682 * parse.yacc, sudo.tab.c:
19683 When checking to see if the host/user matches in a defaults spec,
19684 check against TRUE, not just non-zero since it might be -1.
19687 * configure, configure.in:
19688 OSF/1 puts file formats in section 4, not 5.
19691 * CHANGES, INSTALL, sudo.c:
19692 Make login class support work on BSD/OS
19699 * configure, configure.in:
19700 If there is no inet_addr but there *is* an __inet_addr that's ok
19701 since inet_addr is probably just a macro then. The better thing to
19702 do would be to look for the macro, but this is fine for now.
19705 * configure, configure.in:
19706 Don't use shlicc for BSD/OS 4.x
19709 * Makefile.in, configure, configure.in:
19710 *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
19711 configure variable so we can deal with this. Also, only remove *.man
19712 for 'distclean' not 'clean'.
19716 set_loginclass() should be static like the proto says
19719 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
19722 Add #ifdef __STDC__ around the rangematch function header to avoid
19723 promotion of test to int, thus violating the prototype. Gcc handles
19724 this gracefully but more std ANSI compilers will complain.
19728 Pull in newer fnmatch(3) that supports FNM_CASEFOLD
19731 * aclocal.m4, configure, fnmatch.3, fnmatch.c:
19732 Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
19733 FNM_CASEFOLD in configure
19740 * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
19741 Fully qualified hosts w/ wildcards were not matching the FQHOST
19742 token type. There's really no need for a separate token for fully-
19743 qualified vs. unqualified anymore so FQHOST is now history and
19744 hostname_matches now decides which hostname (short or long) to check
19745 based on whether or not the pattern contains a '.'.
19749 Fully qualified hosts w/ wildcards were not matching the FQHOST
19750 token type. There's really no need for a separate token for fully-
19751 qualified vs. unqualified anymore so FQHOST is now history and
19752 hostname_matches now decides which hostname (short or long) to check
19753 based on whether or not the pattern contains a '.'.
19756 * lex.yy.c, parse.c, parse.lex, parse.yacc:
19757 Fully qualified hosts w/ wildcards were not matching the FQHOST
19758 token type. There's really no need for a separate token for fully-
19759 qualified vs. unqualified anymore so FQHOST is now history and
19760 hostname_matches now decides which hostname (short or long) to check
19761 based on whether or not the pattern contains a '.'.
19764 * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
19765 sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
19766 Add support for wildcards in the hostname.
19770 Add targets for *.man.in, using config.status to generate *.man from
19774 * sudoers.cat, sudoers.man.in, sudoers.pod:
19775 Document set_logname option and enbolden refs to sudo and visudo.
19778 * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
19779 sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
19780 visudo.cat, visudo.man.in, visudo.pod:
19781 Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
19782 from Michael D. Marchionna. configure now does substitution on the
19783 man pages, allowing us to fix up the paths and set the section
19784 correctly. Based on an idea from Michael D. Marchionna.
19788 Better fix for handling HP-UX aging info.
19792 Add support for set_logname run-time default
19795 * sudo.man.in, sudoers.man.in, visudo.man.in:
19796 configure does substitution on these to produce *.man
19799 * sudo.man, sudoers.man, visudo.man:
19800 These files now get generated from *.man.in at configure time.
19803 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
19805 * defaults.c, defaults.h:
19806 Add set_logname option so users can turn off setting of LOGNAME/USER
19807 environment variables.
19810 * lsearch.c, parse.c, testsudoers.c:
19814 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
19817 HP-UX adds extra info at the end for password aging so when
19818 comparing the result of crypt to pw_passwd we only compare the first
19819 len(epass) bytes *unless* the user entered an empty string for a
19824 Get rid of grandchild hack, it was causing problems and there is
19825 really no need for it. This fixes a bug where we spin eating up CPU
19826 when the user runs a long-running process like a shell.
19829 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
19832 User can always specify a login class if he/she is already root.
19835 * config.h.in, configure, configure.in, defaults.c, defaults.h,
19837 FreeBSD login class (login.conf) support.
19840 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
19842 * auth/sudo_auth.c:
19843 HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
19846 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
19849 Truncate unencrypted password to 8 chars if encrypted password is
19850 exactly 13 characters (indicateing standard a DES password). Many
19851 versions of crypt() do this for you, but not all (like HP-UX's).
19854 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
19857 Mention that gcc on dynix may have problems
19860 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
19863 Link visudo with NET_LIBS since we now call syslog via defaults.c
19867 Use Argv[0] as the first arg to openlog() since visudo uses this
19871 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
19874 Stash coredumpsize resource limit and retsore it before the exec()
19875 Otherwise the child ends up with a coredumpsize of 0.
19878 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
19880 * sudo.cat, sudo.man, sudo.pod:
19888 * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
19889 auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
19890 Added -S flag (read passwd from stdin) and tgetpass_flags global
19891 that holds flags to be passed in to tgetpass(). Change echo_off
19892 param to tgetpass() into a flags field. There are currently 2
19893 possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
19894 tgetpass(), abstract the echo set/clear via macros and if (flags &
19895 TGP_ECHO) but echo is not set on the terminal, but sure to set it.
19899 Fixed a bug that caused an infinite loop when the password timeout
19903 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
19905 * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
19906 sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
19907 Add rootpw, runaspw, and targetpw options.
19910 * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
19912 enveditor -> env_editor
19915 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
19917 * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
19918 sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
19920 crank versino to 1.6.3
19923 * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
19924 sudoers.pod, visudo.c:
19925 Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
19926 them. This means that visudo will now parse the sudoers file
19927 *before* it is edited so a bogus sudoers file will cause a warning
19928 to go to stderr. Also, visudo checks the variables once--it does not
19929 check them after each editor run since that could be confusing.
19932 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
19938 * check.c, sudo.c, sudo.h:
19939 Move user_is_exempt prototype into sudo.h
19942 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
19944 * configure, configure.in:
19945 Fix thinko, some && should have been || in the last commit
19948 * configure, configure.in:
19949 Don't initialized Makefile variables to be NULL since the user may
19950 want to import variables from their environment.
19953 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
19955 * configure, configure.in:
19959 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
19962 fix a yacc (skeleton.c) warning
19965 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
19967 * INSTALL, RUNSON, configure, configure.in:
19968 Make pam work on HP-UX 11.0;jaearick@colby.edu
19972 recent changes; prepare for 1.6.2p1
19976 Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
19979 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
19982 Regen with yacc that has a memory leak plugged.
19985 * sudoers.cat, sudoers.man, sudoers.pod:
19986 Expanded docs on sudoers 'defaults' options based on INSTALL file
19991 Fix some while lies
19994 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
19997 When making a bindist, link FAQ to TROUBLESHOOTING instead of
20001 * sudoers.cat, sudoers.man, sudoers.pod:
20002 Add netgroup caveat
20003 [28d119f466e3] [SUDO_1_6_2]
20006 Last minute updates
20022 Better detection of PAM errors and fix custom prompts with PAM.
20023 Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
20026 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
20029 Cast ULONG_MAX to unsigned long long when comparing to an unsigned
20033 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
20035 * CHANGES, config.h.in, configure, configure.in, visudo.c:
20036 Fix sudoers locking in visudo. We now lock the sudoers file itself,
20037 not the temp file (since locking the temp file can foul up editors).
20038 The previous locking scheme didn't work because the fd was closed
20042 * config.h.in, configure, configure.in:
20043 Don't need test for ftruncate() any more.
20046 * configure, configure.in:
20047 Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
20048 the unbundled HP-UX cc.
20051 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
20053 * sudoers.cat, sudoers.man, sudoers.pod:
20054 "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
20057 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
20059 * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
20060 parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
20061 version.h, visudo.c:
20062 update copyright year on changed files
20074 Crank version to 1.6.2
20078 Crank version to 1.6.2
20082 When using rlimit check for RLIM_INFINITY When computing the value
20083 of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
20090 * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
20091 sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
20092 Crank version to 1.6.2
20095 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
20096 Add 'shell_noargs' runtime option back in. We have to defer
20097 checking until after the sudoers file has been parsed but since
20098 there are now other options that operate that way this one can too.
20099 Based on a patch from bguillory@email.com.
20102 * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
20103 Add "listpw" and "verifypw" options.
20106 * sudoers.cat, sudoers.man, sudoers.pod:
20107 o Fix some typos/omissions o Add section on verifypw and listpw o
20108 Define how NOPASSWD interacts with the -v and -l flags
20111 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
20113 * configure, configure.in:
20114 For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
20115 -D_HPUX_SOURCE to CPPFLAGS.
20118 * defaults.c, defaults.h:
20119 In struct sudo_defs_types, move the union to the end and don't
20120 initialize the union member since that only works with an ANSI
20121 compiler. We set the value of the union by hand in init_defaults()
20122 anyway. This allows sudo to compile on a K&R compiler again.
20125 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
20127 * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
20128 netgr_matches needs to check shost as well as host since they may be
20133 End on \r as well as \n
20136 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
20139 Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
20140 from 0400 to whatever SUDOERS_MODE is (converting from the old
20141 sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
20142 0400 which should always be the case.
20145 * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
20146 Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
20147 w/o a passwd if there is *any* entry for the user on the host with a
20148 NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
20149 the user on the host w/ the specified runas user have the NOPASSWD
20157 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
20160 Treat EOF at whatnow prompt like 'x' instead of looping.
20163 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
20167 [5836a9452568] [SUDO_1_6_1]
20169 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
20171 * config.h.in, configure, configure.in, sudo.c:
20172 Add check for initgroups() since old SYSV lacks this.
20175 * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
20176 parse.c, testsudoers.c:
20177 o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
20181 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
20183 * auth/sudo_auth.c:
20184 Don't allow insults to be enabled if the insults[] array is empty.
20185 Otherwise there would be division by zero.
20189 Don't allow insults to be enabled if the insults[] array is empty.
20190 Otherwise there would be division by zero.
20194 Don't allow insults to be enabled if the insults[] array is empty.
20195 Otherwise there would be division by zero.
20199 Don't care about USE_INSULTS #define since the insult stuff may be
20200 overridden at runtime.
20203 * auth/sudo_auth.c:
20204 Honor insults flag.
20207 * CHANGES, parse.c:
20208 Don't ask the user for a password if the user is not allowed to run
20209 the command and the authenticate flag (in sudoers) is false.
20212 * CHANGES, RUNSON, lex.yy.c, parse.lex:
20213 o Whenever we get a bare newline we change to the INITIAL state. o
20214 Enter GOTRUNAS when we see Runas_Alias
20216 This allows #uid to work in a RunasAlias.
20219 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
20221 * CHANGES, parse.yacc, sudo.tab.c:
20222 fix parsing of runas lists: o oprunasuser and runaslist now return a
20223 value o in a runasspec, if a runaslist does not return TRUE, set
20224 runas_matches to FALSE. Normally, a runaslist only returns FALSE
20225 for explicitly denied users. o since runaslist does not modify the
20226 stack there is no need for a push/pop in runasalias.
20230 Don't kill the user's tickets until after sudoers has been parsed
20231 since tty_tickets and ticket_dir could be set in sudoers.
20234 * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
20235 configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
20236 sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
20237 crank version to 1.6
20241 add set_fqdn() stub
20244 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
20246 * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
20247 sudoers.man, sudoers.pod, visudo.c:
20248 o Kill shell_noargs option, it cannot work since the command needs
20249 to be set before sudoers is parsed. o Fix the "set_home" sudoers
20250 option (only worked at compile time). o Fix "fqdn" sudoers option.
20251 We now set host/shost via set_fqdn which gets called when the
20252 "fqdn" option is set in sudoers. o Move the openlog() to
20253 store_syslogfac() so this gets overridden correctly from the
20258 SecurID support should compile now.
20261 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
20263 * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
20264 visudo.man, visudo.pod:
20265 fix some syntactic goofs
20268 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
20270 * Makefile.in, sudo.html, sudoers.html, visudo.html:
20271 No longer need the .html files as they are generated automatically
20275 * CHANGES, LICENSE:
20276 kill characters that made wml unhappy
20283 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
20286 majordomo@cs.colorado.edu -> majordomo@courtesan.com
20289 * Makefile.in, configure:
20290 Wrap script execution w/ /bin/sh for the benefit of ctm
20293 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
20296 Make the -s flag be exclusive too. Also reorder the flags in the
20297 exclusive usage message so they are alphabetical.
20300 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
20303 make pam errors other than PAM_PERM_DENIED fatal
20311 make it clear that /etc/pam.d/sudo is required on linux
20315 fix a warning on redhat and spew an error if pam_authenticate()
20316 returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
20319 * sudo.cat, sudo.html, sudo.man, sudo.pod:
20320 Be very clear that the password required is the user's not root's
20323 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
20326 add sample.syslog.conf to DISTFILES and BINFILES
20329 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
20332 updates from Brian Jackson + some formatting
20335 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
20337 * INSTALL.binary, Makefile.binary, README, RUNSON:
20338 o One RUNSon update o Changes for automating real binary releases
20345 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
20348 talk about run-time options in addition to compile-time options
20349 [1eb813ff0a9a] [SUDO_1_6_0]
20356 need sys/time.h if HAVE_SETRLIMIT
20359 * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
20360 sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
20361 get rid of references to sudo-bugs. Now mention the web site or the
20366 repair pod2html damage
20370 Update for 1.6 release
20373 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
20374 Add warning about using ALL in a command context.
20377 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
20380 Call yyrestart() on a parse error to reset the lexer state.
20383 * lex.yy.c, parse.lex:
20384 Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
20385 since it might not get called in yywrap if we get a parse error
20386 (and we only reread the file on error anyway).
20389 * lex.yy.c, parse.lex:
20390 Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
20391 might still exist. Call yyrestart() instead of using the deprecated
20395 * lex.yy.c, parse.lex:
20396 flex doesn't need %N table size declarations
20399 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
20400 Mention what characters need to be escaped in names.
20403 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
20410 clarify Mac OS X entry
20418 o Use AC_MSG_ERROR throughout o Check syslog configure options for
20422 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
20425 Fix printing of type T_MODE in dump_defaults()
20429 missing sys/types.h
20433 Break out options that may be overridden at run time into their own
20434 section. Add a not about Max OS X and correct some lies.
20437 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
20439 * CHANGES, config.h.in, configure, configure.in, sudo.c:
20440 o Now use getrlimit to find the highest fd when closing all non-std
20441 fd's o Turn off core dumps via setrlimit for the sake of paranoia
20448 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
20455 When read()'ing, do a single character at a time to be sure we don't
20456 go oast the newline.
20460 For the sudo_root option, check against user_uid, not getuid() since
20461 at this point, ruid == euid == 0.
20469 Fix compilation problem when --with-logging=file was specified.
20470 This means that syslog is now required to build sudo but that should
20471 not be a problem. If it is it can be fixed trivially with a
20472 configure check for syslog() or syslog.h.
20476 Make this work again for things like "sudo echo hi | more" where the
20477 tty gets put into character at a time mode. We read until we read
20478 end of line or we run out of space (similar to fgets(3)).
20481 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
20483 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
20484 change ital to bold
20491 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
20494 Error out if syslog parameters are given without a value. For
20495 Ultrix or 4.2BSD "syslog" is allowed without a value since there are
20496 no facilities in the 4.2BSD syslog.
20499 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
20502 Ignore the syslog facility for systems w/ old syslog like Ultrix.
20506 people with "." early in their path can have problems running sudo
20507 from the build dir ;-)
20510 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
20512 * sudo.cat, sudo.html, sudo.man, sudo.pod:
20513 Remove -r realm option
20516 * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
20517 configure.in, sudo.c:
20518 New krb5 code from Frank Cusack <fcusack@iconnet.net>.
20525 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
20528 include <auth.h> to get function prototypes.
20531 * sudo.cat, sudo.html, sudo.man, sudo.pod:
20535 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
20538 in set_perms(), always call setuid(0) before changing the ruid/euid
20539 so we always know it will succeed.
20543 #undef T_FOO to avoid conflicts with system defines (like on
20547 * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
20549 Docuement "Defaults" lines in /etc/sudoers. Still needs some
20550 fleshing out but this is a start.
20553 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
20555 * use strtol, not strtoul since not everyone has not strtoul
20559 use strtol, not strtoul since not everyone has not strtoul
20562 * lex.yy.c, parse.lex:
20563 last {WORD} rule should only apply in the INITIAL state
20566 * lex.yy.c, parse.lex:
20567 o Add support for escaped characters in the WORD macro o Modify
20568 fill() to squash escape chars
20571 * defaults.c, defaults.h:
20572 o Add T_PATH flag to allow simple sanity checks for default values
20573 that are supposed to be pathnames. o Fix a duplicate free when
20574 visudo finds an error.
20577 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
20579 * defaults.c, defaults.h, logging.c:
20580 mail_if_foo -> mail_foo
20583 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
20585 * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
20586 o Add requiretty option o Move O_NOCTTY to compat.h
20590 The exit() in log_error() was mistakenly removed in a previous
20591 version. Put it back...
20594 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
20596 * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
20597 auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
20598 configure, configure.in, defaults.c, defaults.h, find_path.c,
20599 getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
20600 o Change defaults stuff to put the value right in the struct. o
20601 Implement mailer_flags o Store syslog stuff both in int and string
20602 form. Setting the string form magically updates the int version.
20603 o Add boolean attribute to strings where it makes sense to say !foo
20607 add O_NOCTTY when opening /dev/tty just in case
20610 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
20613 cleanup function no longer takes a status arg
20620 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
20622 * TODO, config.h.in, configure, configure.in, logging.c:
20623 Use strftime() instead of ctime() if it is available.
20626 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
20633 update ReliantUNIX entry
20636 * defaults.c, defaults.h, logging.c:
20637 add log_year option
20640 * configure, configure.in:
20641 add --without-sendmail to help output
20644 * configure, configure.in:
20645 enforce an otctal arg for --with-suoders-mode
20648 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
20650 * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
20651 auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
20652 auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
20653 defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
20654 parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
20655 testsudoers.c, version.c, visudo.c:
20656 Add support for "Defaults" line in sudoers to make configuration
20657 variables changable at runtime (and on a global, per-host and per-
20658 user basis). Both the names and the internal representation are
20659 still subject to change. It was necessary to make sudo_user.runas
20660 but a char ** instead of a char * since this value can be changed by
20661 a Defaults line. There is a similar (but more complicated) issue
20662 with sudo_user.prompt but it is handled differently at the moment.
20664 Add a "-L" flag to list the name of options with their descriptions.
20665 This may only be temporary.
20667 Move some prototypes to parse.h
20669 Be much less restrictive on what is allowed for a username.
20672 * sample.syslog.conf:
20676 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
20678 * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
20680 UCB has dropped the advertising clause from their license.
20683 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
20685 * auth/sudo_auth.h:
20686 move dce_verofy proto to correct section
20693 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
20696 Add fnmatch() prototype
20699 * fnmatch.c, parse.c, testsudoers.c:
20700 Move inclusion of emul/fnmatch.h to be after sudo.h for __P
20704 add strcasecmp proto
20707 * auth/sudo_auth.c:
20708 add check for case where there are no auth methods
20711 * configure, configure.in:
20712 Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
20716 * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
20717 include strings.h everywhere we include string.h
20721 nicer output when showing auth methods
20725 Add support for SEND_MAIL_WHEN_NO_HOST
20728 * config.h.in, configure, configure.in:
20729 Add _GNU_SOURCE for Linux
20732 * lex.yy.c, parse.lex:
20733 fix definition of OCTECT
20736 * configure, configure.in:
20737 aix_auth.o not authenticate.o
20740 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
20743 Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
20744 keyboard). Since we run with ruid/euid == 0 the user can't really
20745 signal us in nasty ways.
20749 Don't need to worry about catching too many signals since we do
20750 locking on the tmp file. If a lockfile is really stale, it will be
20751 detected and overwritten.
20754 * INSTALL, Makefile.in:
20755 include auth/API in tarball
20758 * auth/sudo_auth.c:
20759 move memset() of plaintext pw outside of verify loop and only do the
20760 memset if we are *not* in standalone mode.
20763 * auth/sudo_auth.c, auth/sudo_auth.h:
20764 DCE is not a standalone method
20768 fix --enable-noargs-shell
20772 "#ifdef __STDC__" not "#if __STDC__" (I missed one)
20775 * auth/fwtk.c, auth/sia.c:
20776 _cleanup() function returns an int.
20780 there were still some return(0)'s hanging around, make them
20789 add missing semicolon
20792 * auth/sudo_auth.h:
20796 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
20798 * CHANGES, config.h.in, configure, configure.in:
20799 Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
20803 add parse.h to HDRS
20806 * Makefile.in, configure, configure.in:
20807 Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
20808 LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
20809 network libs like -lsocket, -lnsl go in NET_LIBS. This allows
20810 testsudoers to build on Solaris and is a bit cleaner in general.
20814 mention ptmp -> sudoers.tmp
20817 * config.h.in, configure, configure.in:
20818 Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
20826 Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
20827 return a value more like a system function
20839 update based on what is in the man page
20842 * parse.yacc, sudo.tab.c:
20843 minor change to first line printed in -l mode
20846 * sudo.cat, sudo.html, sudo.man, sudo.pod:
20847 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
20848 standard and add "EXAMPLES" section
20851 * visudo.cat, visudo.html, visudo.man, visudo.pod:
20852 rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
20856 * logging.c, parse.c, sudo.h:
20860 * lex.yy.c, parse.lex:
20861 make an OCTET really be limited to 0-255
20865 mention timestamp changes
20872 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
20873 new sudoers(8) man page
20876 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
20879 Update comments about syslog name tables
20882 * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
20883 strcasecmp.c, sudo.tab.c:
20884 include strcasecmp() for those without it
20888 Use the : operator some more and fix a typo
20892 update the history of sudo
20895 * parse.c, parse.lex, testsudoers.c:
20896 CIDR-style netmask support
20903 * sudo.tab.c, sudo.tab.h:
20904 these should be generated with byacc, not bison
20911 * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
20912 In "sudo -l" mode, the type of the stored (expanded) alias was not
20913 stored with the contents. This could lead to incorrect output if
20914 the sudoers file had different alias types with the same name.
20915 Normal parsing (ie: not in '-l' mode) is unaffected.
20918 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
20920 * configure, configure.in:
20921 define _XOPEN_SOURCE to get at crypt() proto on some systems
20924 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
20931 don't need limits.h
20935 kill bogus reference to vfprintf
20938 * sample.sudoers, sudoers:
20943 Add some const in the K&R defs. This is safe since we define const
20944 away if the compiler doesn't grok it.
20947 * aclocal.m4, configure:
20948 Better test for working long long support. Ultrix compiler supports
20949 basic long long but not all operations on them.
20952 * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
20953 snprintf.c, sudo.c:
20954 Add check for LONG_IS_QUAD #undef MAXINT before including
20955 hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
20956 in snprintf.c and use LONG_IS_QUAD
20959 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
20961 * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
20963 UCB-derived snprintf + asprintf support. Supports quads if the
20964 compiler does. No floating point yet, perhaps later...
20967 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
20969 * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
20970 goodpath.c, logging.c, parse.c, sudo.c:
20971 Run most of the code as root, not the invoking user. It doesn't
20972 really gain us anything to run as the user since an attacker can
20973 just have an setuid(0) in their egg. Running as root solves
20974 potential problems wrt signalling.
20981 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
20983 * logging.c, sudo.c:
20984 Don't wait for child to finish in log_error(), let the signal
20985 handler get it if we are still running, else let init reap it for
20986 us. The extra time it takes to wait lets the user know that mail is
20989 Install SIGCHLD handler in main() and for POSIX signals, block
20994 * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
20995 parse.yacc, sudo.c, sudo.h:
20996 sudoers_lookup() now returns a bitmap instead of an int. This makes
20997 it possible to express things like "failed to validate because user
20998 not listed for this host". Some thigns that were previously
20999 VALIDATE_FOO are now FLAG_FOO. This may change later on.
21001 Reorganized code in log_auth() and sudo.c to deal with above
21004 Safer versions of push/pushcp with in the do { ... } while (0) style
21006 parse.yacc now saves info on the stack to allow parse.c to determine
21007 if a user was listed, but not for the host he/she tried to run on.
21009 Added --with-mail-if-no-host option
21012 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
21014 * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
21015 visudo.man, visudo.pod:
21016 o NewArgv and NewArgc don't need to be externally visible. o If
21017 pedantic > 1, it is a parse error. o Add -s (strict) option to
21018 visudo which sets pedantic to 2.
21021 * HISTORY, INSTALL:
21022 Just have sudo-bugs contact info in one place
21025 * sudo.cat, sudo.html, sudo.man, sudo.pod:
21029 * Makefile.in, configure, configure.in:
21030 Add testsudoers to default build target if --with-devel Don't clean
21031 generated parser files unless "distclean".
21034 * parse.yacc, sudo.tab.c:
21035 In pedantic mode we need to save *all* the aliases, not just those
21036 that match, or we get spurious warnings.
21040 reference samples.sylog.conf
21043 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
21045 * sample.syslog.conf:
21046 Sample entries for syslog.conf
21053 * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
21054 auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
21055 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
21056 auth/sudo_auth.c, auth/sudo_auth.h:
21057 In struct sudo_auth, turn need_root and configured into flags and
21058 add a flag to specify an auth method is running alone (the only
21059 one). Pass auth methods their sudo_auth pointer, not the data
21060 pointer. This allows us to get at the flags and tell if we are the
21061 only auth method. That, in turn, allows the method to be able to
21062 decide what should/should not be a fatal error. Currently only
21063 rfc1938 uses it this way, which allows us to kill the OTP_ONLY
21064 define and te hackery that went with it. With access to the
21065 sudo_auth struct, methods can also get at a string holding their
21066 cannonical name (useful in error messages).
21069 * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
21070 getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
21072 o --with-otp deprecated, use --without-passwd instead o real
21073 dependencies in the Makefile o --with-devel option to enable yacc,
21074 lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
21075 back to being a token, not a string but don't leak memory o rename
21076 hsotspec -> host in parse.yacc
21079 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
21085 * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
21087 o Digital UNIX needs to check for *snprintf() before -ldb is added
21088 to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
21089 for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
21090 functions in snprintf.c to fix -Wall o Add missing includes to fix
21094 * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
21095 configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
21097 o Add a "pedentic" flag to the parser. This makes sudo warn in
21098 cases where an alias may be used before it is defined. Only turned
21099 on for visudo and testsudoers. o Add --disable-authentication option
21100 that makes sudo not require authentication by default. The PASSWD
21101 tag can be used to require authentication for an entry. We no
21102 longer overload --without-passwd.
21105 * lex.yy.c, parse.lex:
21106 Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
21107 username can contain just about anything so be very permissive. Also
21108 drop the unused \. punctuation.
21111 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
21113 * parse.yacc, sudo.tab.c:
21114 o add a 'val' element to aliasinfo struct and move -> parse.h o
21115 find_alias() now returns an aliasinfo * instead of boolean o
21116 add_alias() now takes a value parameter to store in the
21117 aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
21118 return: 1) positive match 0) negative match (due to '!')
21119 -1) no match This means setting $$ explicitly in all cases, which I
21120 should have done in the first place. It also means that we always
21121 store a value that is != -1 and when we see a '!' we can set
21122 *_matches to !rv if rv != -1. The upshot of all of this is that '!'
21123 now works the way it should in lists and some of the rules are more
21124 uniform and sensible.
21128 add parse.h dependency
21132 kill unused *_matched macros
21136 Allow a list of users as the first thing in a user spec, not just a
21137 single entry. This makes things more uniform, though it does allow
21138 you to write user specs that are hard to read.
21150 fix check for crypt() in libufc
21153 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
21156 sudo-users list now exists
21159 * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
21163 * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
21164 config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
21165 version.c, visudo.c:
21166 o Move lock_file() and touch() into fileops.c so visudo can use them
21167 o Visudo now locks the sudoers temp file instead of bailing when the
21168 temp file already exists. This fixes the problem of stale temp
21169 files but it does *require* that you not try to put the temp file in
21170 a world-writable directory. This shoud not be an issue as the temp
21171 file should live in the same dir as sudoers. o Visudo now only
21172 installs the temp file as sudoers if it changed.
21175 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
21181 * config.h.in, configure, configure.in, logging.c:
21185 * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
21186 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
21187 o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
21188 temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
21189 -> _PATH_SUDOERS_TMP
21192 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
21194 * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
21195 o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
21196 root sudo -V config reporting
21199 * configure, configure.in:
21200 aix_auth.o not authenticate.o
21204 Add --with-goodpri and --with-badpri configure options to specify
21205 the syslog priority to use.
21208 * INSTALL, configure, configure.in, logging.h:
21209 Add --with-goodpri and --with-badpri configure options to specify
21210 the syslog priority to use.
21214 kill crufty AIX stuff
21218 Sigh, some versions of make (like Solaris's) don't deal with $< like
21219 I would expect. Both GNU and BSD makes get this right but... So, we
21220 just expand $< inline at the cost of some ugliness.
21224 If the invoking user is root, sudo will now print configure info in
21225 -V mode. Currently just prints logging info, to be expanded later.
21228 * logging.c, logging.h, sudo.c, sudo.h:
21229 o new defines for syslog facility and priority o use new
21230 print_version() functino for -V mode
21234 Don't need version.c
21237 * aclocal.m4, config.h.in, configure, configure.in:
21238 Add check for syslog facilities and priorities tables in syslog.h
21242 o authenticate -> aix_auth o add version.c
21245 * auth/sudo_auth.c:
21246 Missed a prompt -> user_prompt conversion
21249 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
21252 sudo should lock its logfile
21255 * parse.yacc, sudo.tab.c:
21256 o Add '!' correctly when expanding Aliases. o Add shortcut macros
21257 for append() to make things more readable. o The separator in
21258 append() is now a string instead of a char. o In append(), only
21259 prepend the separator if the last char is not a '!'. This is a
21260 hack but it greatly simplifies '!' handling. o In -l mode, Runas
21261 lists and NOPASSWD/PASSWD tags are now inherited across entries in
21262 a list (matches current behavior). o Fix formatting in -l mode such
21263 that items in a list are separated by a space. Greatlt improves
21264 readability. o Space for name field in struct aliasinfo is now
21265 allocated dyanically instead of using a (big) buffer. o In
21266 add_alias(), only search the list once (lsearch instead of lfind +
21270 * lex.yy.c, sudo.tab.c, sudo.tab.h:
21274 * configure, configure.in:
21275 Solais pam doesn't require anye xtra setup
21279 o Simpler '!' support now that the lexer deals with multiple !'s for
21280 us. o In the case of opFOO, have FOO give a boolean return value and
21281 set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
21282 it gets fill()'d in parse.lex--fixes a small memory leak. In the
21283 long run it may be better to just fix parse.lex and make ALL back
21284 into a token. However, having it be a string is useful since it
21285 can be easily passed back to the parent rule if we so desire.
21289 o Remove some unnecessary backslashes o collapse multiple !'s by
21290 using !+ and checking if yyleng is even or odd. this allows us to
21291 simplify ! handling in parse.yacc
21295 -u flag was being ignored
21298 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
21305 work around pod2man stupididy
21309 correct dependencies for .cat
21312 * sudo.cat, sudo.man, visudo.cat, visudo.man:
21316 * sudo.pod, visudo.pod:
21317 Add copyright Update to reality
21320 * parse.c, sudo.c, sudo.h:
21321 rename validate() to the more descriptive sudoers_lookup()
21328 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
21334 * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
21335 configure, configure.in, sudo.c:
21340 add 4th term to license similar to term 5 in the apache license
21343 * emul/search.h, emul/utime.h:
21344 add 4th term to license similar to term 5 in the apache license
21347 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
21348 auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
21349 auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
21350 auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
21351 logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
21352 pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
21353 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
21355 add 4th term to license similar to term 5 in the apache license
21358 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
21359 add 4th term to license similar to term 5 in the apache license
21362 * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
21363 getspwuid.c, goodpath.c:
21364 add 4th term to license similar to term 5 in the apache license
21367 * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
21368 insults.h, logging.c, sudo.c, sudo.h:
21369 there was a 1995 release too
21372 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
21379 Use dirs instead of files for timestamp. This allows tty and non-
21380 tty schemes to coexist reasonably. Note, however, that when you
21381 update a tty ticket, the mtime on the user dir gets updated as well.
21384 * configure, configure.in:
21385 Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
21386 when linking test program, not just -lprot. Also add check for
21387 getspnam(). The SCO docs indicate that /etc/shadow can be used but
21391 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
21394 first cut at auth API description
21397 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
21399 * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
21400 auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
21402 auth API change. There is now an init method that gets run before
21403 the main loop. This allows auth routines to differentiate between
21404 initialization that happens once vs. setup that needs to run each
21405 time through the loop.
21408 * auth/kerb5.c, logging.c:
21409 use easprintf() and evasprintf()
21413 add easprintf() and evasprintf(), error checking versions of
21414 asprintf() and vasprintf()
21418 remove 2 items. One done, one won't do.
21421 * lex.yy.c, sudo.tab.c:
21425 * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
21426 visudo.html, visudo.man:
21435 o Document -K flag and update meaning of -k flag. o BSD-style
21436 copyright o Document clearing of BIND resolver environment variables
21437 o Clarify bit about shared libs o suggest rc files create /tmp/.odus
21438 if your OS gives away files
21446 BSD-style copyright
21450 o BSD copyright o no need to block signals, we now do that in main()
21454 * testsudoers.c, visudo.c:
21455 o BSD-style copyright o Use "struct sudo_user" instead of old
21456 globals. o some cometic cleanup
21460 BSD-style copyright
21464 o BSD copyright o logging and parser bits moved to their own .h
21465 files o new "struct sudo_user" to encapsulate many of the old
21470 o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
21471 logging routines o simplified flow of control o BIND resolver
21472 additions to badenv_table
21476 BSD-style copyright
21480 Now compiles on more K&R compilers
21484 BSD-style copyright, cosmetic changes
21488 BSD-style copyright
21491 * parse.c, parse.h, parse.lex, parse.yacc:
21492 BSD-style copyright. Move parser-specific defines and structs into
21493 parse.h + other cosmetic changes
21497 defines for logging routines
21500 * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
21501 BSD-style copyright, cosmetic changes
21504 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
21506 BSD-style copyright
21510 o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
21511 kill --disable-tgetpass o add --without-passwd o changes to fill in
21512 AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
21513 v?asprintf() o replace --with-AuthSRV with --with-fwtk
21517 BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
21518 HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
21519 HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
21523 BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
21527 BSD-style copyright
21531 no more --with-getpass
21535 Take out things I've done...
21543 --with-getpass no longer exists
21547 BSD-style copyright. Update to reflect reality wrt new files and
21552 Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
21557 Update history a bit
21560 * COPYING, LICENSE:
21561 Now distributed under a BSD-style license
21564 * auth/sudo_auth.c:
21565 o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
21566 options. o skey/opie replaced by rfc1938 code o new struct sudo_user
21570 * auth/pam.c, auth/sia.c:
21571 BSD-style copyright and use new log functions
21575 o BSD-style copyright o Use new log functiongs o Use asprintf() and
21576 snprintf() where sensible.
21580 Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
21581 done more reasonably--better sanity checks and tty-based stamps are
21582 now done as files in a directory with the same name as the invoking
21583 user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
21584 to mix tty and non-tty based ticket schemes but this may change in
21585 the future (it requires sudo to use a directory instead of a file in
21586 the non-tty case). Also, ``sudo -k'' now sets the ticket back to
21587 the epoch and ``sudo -K'' really deletes the file. That way you
21588 don't get the lecture again just because you killed your ticket in
21589 .logout. BSD-style copyright now.
21593 o rewritten logging routines. log_error() now takes printf-style
21594 varargs and log_auth() for the return value of validate(). o BSD-
21598 * auth.c, check_sia.c, dce_pwent.c, secureware.c:
21599 superceded by new auth API
21603 BSD-style copyright
21607 Use snprintf() where it makes sense and add a BSD-style copyright
21610 * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
21611 auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
21612 BSD-style copyright
21615 * emul/utime.h, utime.c:
21616 BSD-style copyright
21620 this has been rewritten so use my BSD-style copyright
21623 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
21626 include malloc.h if no stdlib.h
21630 KTH snprintf()/asprintf() for systems w/o them
21634 strerror() for systems w/o it
21637 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
21643 * parse.c, parse.lex, parse.yacc:
21644 Add contribution info in the main comment
21647 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
21650 remove missed ref to PAM_nullpw
21653 * auth/sudo_auth.h:
21658 more or less complete now--still untested
21661 * auth/afs.c, auth/pam.c:
21662 don't use user_name macro, it will go away
21665 * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
21666 combine skey/opie code into rfc1938.c
21669 * auth/dce.c, auth/sudo_auth.h:
21670 DCE authentication method; basically unchanged from dce_pwent.c
21673 * auth/aix_auth.c, auth/sudo_auth.h:
21674 AIX authenticate() support. Could probably be much better
21678 Fix an uninitialized variable and some cleanup. Now works (tested)
21681 * auth/sia.c, auth/sudo_auth.h:
21682 SIA support for digital unix
21686 don't use prompt global, it will go away
21689 * auth/secureware.c:
21690 correct copyright years
21693 * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
21694 auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
21695 auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
21696 New authentication API and methods
21699 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
21706 only save an entry if user_matches && host_matches, even if the
21707 stack is empty (fix for previous commit)
21715 1) Always save an entry on the stack if it is empty. This fixes the
21716 -l and -v flags that were broken by earlier parser changes.
21718 2) In a Runas list, don't negate FALSE -> TRUE since that would make
21719 !foo match any time the user specified a runas user (via -u) other
21724 interfaces and num_interfaces are now auto, not extern
21727 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
21730 use a static global to keep stae about empty passwords
21734 make PASSWORD_NOT_CORRECT logging consistent with other modules
21737 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
21740 PAM prompt code was wrong, looks like we have to kludge it after
21745 In the PAM code, when a user hits return at the first password
21746 prompt, exit without a warning just like the normal auth code
21749 * configure, configure.in:
21750 kludge around cross-compiler false positives
21753 * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
21754 New (correct) PAM code Tgetpass now takes an echo flag for use with
21755 PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
21756 useless umask setting Change error from BAD_ALLOCATION ->
21757 BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
21762 Some -Wall and kill some trailing spaces
21766 define -D__EXTENSIONS__ for solaris so we get crypt() proto
21769 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
21775 * INSTALL, config.h.in, configure, configure.in:
21776 for kerberos V < version, fall back on old kerb4 auth code
21780 clarify some things
21783 * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
21787 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
21790 mention why DONT_LEAK_PATH_INFO is not the default
21793 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
21796 Fix open(2) return value checking, was NULL for fopen, should be -1
21805 better wording for solaris pam notice
21809 document recent changes
21813 Update shadow password section
21817 move authentication code from check.c to auth.c
21820 * Makefile.in, check.c, sudo.h:
21821 move authentication code to auth.c
21824 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
21826 * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
21827 getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
21828 logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
21829 sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
21831 Move interface-related defines to interfaces.h so we don't have to
21832 include <netinet/in.h> everywhere.
21835 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
21837 * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
21838 parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
21839 o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
21840 turns out the old DES crypt does the right thing with passwords
21841 longert than 8 characters. o Fix common typo (necesary ->
21842 necessary) o Update TODO list
21845 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
21848 set $LOGNAME when we set $USER
21851 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
21854 add comment about digital unix and interfaces.c warning with gcc
21857 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
21860 use modern paths and give examples for some of the new parser
21864 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
21870 * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
21871 getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
21872 parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
21873 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
21874 Function names should be flush with the start of the line so they
21875 can be found trivially in an editor and with grep
21878 * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
21879 sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
21880 free(3) is already void, no need to cast it
21883 * logging.c, sudo.c, sudo.h:
21884 catch case where cmnd_safe is not set (this should not be possible)
21887 * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
21888 testsudoers.c, visudo.c:
21889 Stash the "safe" path (ie: the one listed in sudoers) to the command
21890 instead of stashing the struct stat. Should be safer.
21893 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
21895 * INSTALL, Makefile.in, UPGRADE:
21896 notes on updating from an earlier release
21903 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
21905 * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
21906 sudoers.man, sudoers.pod:
21907 You can now specifiy a host list instead of just a host or alias.
21908 Ie: user = host1,host2,ALIAS,!host3 my_command now works.
21915 * parse.yacc, sudo.tab.c:
21916 Move the push from the beginning of cmndspec to the end. This means
21917 we no longer have to do a push at the end of privilege, just reset
21921 * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
21922 runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
21923 use "!" most everywhere
21926 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
21929 modernize paths and update su example based on sample.sudoers one
21933 New runas semantics
21936 * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
21938 In estrdup(), do the malloc ourselves so we don't need to rely on
21939 the system strdup(3) which may or may not exist. There is now no
21940 need to provide strdup() for those w/o it. Also, the prototype for
21941 estrdup() was wrong, it returns char * and its param is const.
21949 buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
21952 * CHANGES, TODO, parse.yacc, sudo.tab.c:
21953 It is now possible to use the '!' operator in a runas list as well
21954 as in a Cmnd_Alias, Host_Alias and User_Alias.
21957 * logging.c, sudo.h:
21958 Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
21962 Definitions of *_matched were wrong--user top, not top-2 as
21966 * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
21967 Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
21968 command but the NOPASSWD flag was set. Make runasspec, runaslist,
21969 runasuser, and nopasswd typeless in parse.yacc Add support for '!'
21970 in the runas list Fix double printing of '%' and '+' for groups and
21971 netgroups respectively Add *_matched macros (no need for local stack
21972 variable). Should only be used directly after a pop (since top must
21976 * aclocal.m4, configure.in:
21977 Add copyright, somewhat silly
21980 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
21982 * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
21983 compat.h, config.h.in, configure, configure.in, dce_pwent.c,
21984 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
21985 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
21986 lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
21987 putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
21988 sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
21989 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
21991 Crank version to 1.6 and combine copyright statements
21995 Use ! not ^ to do negation
21998 * lex.yy.c, sudo.tab.c:
22002 * parse.lex, parse.yacc:
22003 Make runas and NOPASSWD tags persistent across entris in a command
22004 list. Add a PASSWD tag to reverse NOPASSWD. When you override a
22005 runas or *PASSWD tag the value given becomes the new default for the
22006 rest of the command list.
22009 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
22013 [a1ae9d4a7d54] [SUDO_1_5_9]
22016 Shift return value of system(3) by 8 to get real exit value and if
22017 it is not 1 or 0 print the retval along with the error message.
22020 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
22023 testsudoers needs LIBOBJS too
22026 * parse.c, parse.yacc, sudo.tab.c:
22027 Fix another parser bug. For a sudoers entry like this: millert
22028 ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
22036 * parse.yacc, sudo.tab.c:
22037 Save entries that match a ! command on the matching stack too
22041 Make sudo's usage info better when mutually exclusive args are given
22042 and don't rely on argument order to detect this; nick@zeta.org.au
22045 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
22047 * CHANGES, Makefile.in, RUNSON:
22055 * parse.yacc, sudo.tab.c:
22056 Fix off by one error introduced in *alloc changes
22059 * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
22060 check_sia.c, compat.h, config.h.in, configure, configure.in,
22061 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
22062 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22063 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
22064 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
22065 sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
22066 sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
22067 visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
22071 * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
22072 interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
22073 putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
22074 sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
22075 Use emalloc/erealloc/estrdup
22079 error checking memory allocation routines
22082 * parse.yacc, sudo.tab.c:
22083 Still not right, this fixes it for real
22086 * parse.yacc, sudo.tab.c:
22087 Fix for previous commit
22090 * CHANGES, INSTALL, parse.yacc:
22091 Fix a parser bug that was exposed when mixing different runas specs
22092 and ! commands. For example: millert ALL=(daemon)
22093 /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
22094 as well as daemon when it should just allow daemon. The problem was
22095 that comma-separated commands in a list shared the same entry on the
22096 matching stack. Now they get their own entry iff there is a full
22097 match. It may be better to just make the runas spec persistent
22098 across all commands in a list like the user and host entries of the
22099 matching stack. However, since that is a fairly major change it
22100 should gets its own minor rev increase.
22103 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
22105 * check.c, config.h.in:
22106 Simplify PAM code and fix a PAM-related warning on Linux
22109 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
22123 * check.c, configure.in:
22124 new pam code that works on solaris, should work on linux too;
22128 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
22135 only include strings.h if there is no string.h
22138 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
22141 Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
22144 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
22147 shost must be set before log functions are called #ifdef HOST_IN_LOG
22150 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
22152 * CHANGES, lex.yy.c, parse.lex:
22153 Fix a bug wrt quoting characters in command args. Stop processing
22154 an arg when you hit a backslash so the quoted-character detection
22158 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
22161 include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
22164 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
22166 * configure, configure.in:
22167 add missing case statement so --without-sendmail works
22170 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
22176 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
22178 * configure, configure.in:
22179 only search for -lsun in irix <= 4.x
22182 * configure, configure.in:
22183 back out last configure.in change now that I've hacked autoconf to
22184 fix the real problem and add a missing newline
22192 add def of dirfd() for those without it
22195 * configure, configure.in:
22196 When falling back to checking for socket() when linking with
22197 "-lsocket -lnsl" check for main() instead since autoconf has already
22198 cached the results of checking for socket() in -lsocket. This is
22199 really an autoconf bug as it should use the extra libs as part of
22200 the cache variable name.
22207 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
22210 fix occurrence of $with_timeout that should be
22211 $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
22215 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
22217 * sudo.cat, sudo.html, sudo.man, sudo.pod:
22218 fix grammar; espie@openbsd.org
22219 [7031d9dfbc3e] [SUDO_1_5_8]
22221 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
22223 * parse.yacc, sudo.c, testsudoers.c:
22224 add cast for strdup in places it does not have it
22227 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
22229 * configure, configure.in:
22230 define for_BSD_TYPES irix
22233 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
22235 * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
22236 Make it clear that it is the user's password, not root's, that we
22241 If the user enters an empty password and really has no password,
22242 accept the empty password they entered. Perviously, they could
22244 *but* an empty password. Also, add GETPASS macro that calls either
22245 tgetpass() or getpass() depending on how sudo was configured.
22246 Problem noted by jdg@maths.qmw.ac.uk
22249 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
22251 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
22252 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
22253 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22254 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
22255 pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
22256 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
22258 add explicate copyright
22262 mention -lsocket, -lnsl configure changes
22265 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
22268 Don't clobber errno after calling check_sudoers().
22271 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
22273 * configure, configure.in:
22274 When linking with both -lsocket and -lnsl be sure to do so in that
22275 order. Also, when we can't find socket() or inet_addr() and have to
22276 try linking with both libs, issue a warning.
22279 * sudo.cat, sudo.man, sudo.pod:
22280 clarify bad timestamp and fmt
22283 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
22286 be clear that pam is linux-only and add a RUNSON entry
22289 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
22291 * CHANGES, INSTALL, configure, configure.in:
22292 fix and correctly document --with-umask; problem noted by
22296 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
22298 * configure, configure.in:
22299 only use /usr/{man,catman}/local to store man pages if suer didn't
22300 override prefix or mandir
22303 * INSTALL, configure, configure.in:
22304 fix typo, make --with-SecurID take an arg
22307 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
22313 * CHANGES, INSTALL, check.c, configure, configure.in:
22314 FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
22317 * configure, configure.in:
22318 better fix for the problem of unresolved symbols in -lnsl or
22322 * configure, configure.in:
22323 when checking for functions in -lnsl and -lsocket link with both of
22324 them to avoid unresolved symbols on some weirdo systems
22327 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
22329 * BUGS, CHANGES, RUNSON, TODO:
22330 old changes that didn't make it into RCS before the RCS->CVS switch
22333 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
22335 * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
22336 configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
22337 getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
22338 ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
22339 lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
22340 secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
22341 sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
22354 * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
22355 config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
22356 find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
22357 ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
22358 logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
22359 secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
22360 sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
22361 utime.c, version.h, visudo.c, visudo.cat, visudo.man:
22362 crank version and regen files
22366 kill rcs goop in update_version and fix now that version is a const
22369 * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
22370 sudo.c, sudo.h, sudo.pod:
22371 kerb5 support from fcusack@iconnet.net
22374 * realpath.c, sudo_realpath.c:
22375 we no longer use realpath
22379 replaced by find_path.c
22383 all options are now configure flags
22391 superceded by getcwd.c
22395 superceded by tgetpass.c
22399 superceded by RUNSON
22403 No longer used now that we have configure options for everything.
22407 regen based on configure.in
22410 * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
22411 sudoers.man, visudo.cat, visudo.html, visudo.man:
22412 regen based on sudo.pod, sudoers.pod, and visudo.pod
22415 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
22418 fix tty tickets in remove_timestamp (didn't use ':')
22421 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
22424 close sock when we are done with it
22427 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
22430 never say "error on line -1"
22433 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
22436 check for -lnsl before -lsocket
22440 quote '[', ']' used in ranges correctly
22443 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
22446 add missing NO_ROOT_SUDO noted by drno@tsd.edu
22449 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
22456 more info for 1.5.7
22464 make increases of cm_list_size and ga_list_size be similar to
22465 increases of stacksize (ie: >= not > in initial compare).
22469 when we get a syntax error, report it for the previous line since
22470 that's generally where the error occurred.
22473 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
22475 * config.h.in, configure.in, interfaces.c:
22476 add back check for sys/sockio.h but only use it if SIOCGIFCONF is
22478 [d197f31fd1e4] [SUDO_1_5_7]
22481 define BSD_COMP for svr4
22484 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
22485 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
22486 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
22487 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22492 kill check for sockio,h
22496 no more HAVE_SYS_SOCKIO_H
22499 * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
22500 goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
22501 parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
22502 testsudoers.c, tgetpass.c, utime.c, visudo.c:
22506 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
22509 add missing inform_user()
22512 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
22515 return NOT_FOUND if given fully qualified path and it does not exist
22516 previously it would perror(ENOENT) which bypasses the option to not
22521 for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
22525 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
22528 tty tickets are user:tty now
22532 when using tty tickets make it user:tty not user.tty as a username
22533 could have a '.' in it
22536 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
22539 add "ignoring foo found in ." for auth successful case
22542 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
22545 add missing printf param
22548 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
22550 * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
22551 go back to printing "command not found" unless --disable-path-info
22552 specified. Also, tell user when we ignore '.' in their path and it
22553 would have been used but for --with-ignore-dot.
22557 Only one space after a colon, not two, in printf's
22560 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
22563 document setting $USER
22567 fix bugs with prompt expansion
22571 set $USER for root too
22574 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
22581 HP-UX's iscomsec is in -lsec, not libc
22585 remove some entries in the OS case statement that did nothing
22589 add "cd" section and flush out syslog section
22593 no more sudo-lex.yy.c
22597 add custom prompt support
22601 kill perror("malloc") since we already have a good error messages
22602 pw_ent -> pw for brevity
22606 kill perror("malloc") since we already have a good error messages
22607 pw_ent -> pw for brevity set $USER if -u specified
22611 kill perror("malloc") since we already have a good error messages
22615 kill perror("malloc") since we already have a good error messages
22616 pw_ent -> pw for brevity when checking if %group matches, look up
22617 user in password file so that %groups works in a RunAs spec.
22621 kill perror("malloc") since we already have a good error messages
22624 * check.c, getspwuid.c, interfaces.c:
22625 kill perror("malloc") since we already have a good error messages
22626 pw_ent -> pw for brevity
22629 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
22632 the prompt is expanded before tgetpass is called
22636 tgetpass now has the same args as getpass again
22640 add iscomsec, issecure support
22644 we now expand any %h or %u in the prompt before passing to tgetpass
22648 add check for syslog(3) in -lsocket, -lnsl, -linet
22652 add HAVE_ISCOMSEC and HAVE_ISSECURE
22656 add check for iscomsec in HP-UX
22660 check for issecure if we have getpwanam on SunOS some options are
22661 incompatible with DUNIX SIA check for dispcrypt on DUNIX
22664 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
22671 add back support for non-dispcrypt based checking for older DUNIX
22679 SIA becomes the default on Digital UNIX now havbe --disable-sia to
22684 move local includes after system ones
22687 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
22689 * check.c, check_sia.c, sudo.h:
22690 add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
22695 fix while loop in sia_attempt_auth() that checks the password. Only
22696 the first iteration was working.
22699 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
22702 don't trust UID_MAX or MAXUID
22713 * getspwuid.c, secureware.c:
22714 init crypt_type to INT_MAX since it is legal to be negative in DUNX
22719 for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
22720 -ldb since DUNX < 4.0 lacks it
22723 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
22725 * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
22726 secureware.c, sudo.c, tgetpass.c:
22727 getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
22728 minutes if the shadow files don't exist).
22731 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
22734 updated --with-editor blurb
22738 tell how to put sudoers in a different dir
22742 add missing quotes around $with_editor
22746 typo in --with-editor bits
22750 I don't expect it to work on Solaris
22754 add back security/pam_misc.h
22757 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
22760 remove dunix note since configure checks for this now
22764 add check for broken dunix prot.h (4.0 < 4.0D is bad)
22767 * getspwuid.c, secureware.c, tgetpass.c:
22768 new dunix shadow code, use dispcrypt(3)
22776 call initprivs() if we have it for getprpwuid later on
22780 clean pathnames.h too
22784 quote "Sorry, try again." with [] since it has a comma in it set
22785 LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
22786 getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
22791 update Digital UNIX note about acl.h
22796 --without-root-sudo -> --disable-root-sudo some reordering
22803 * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
22811 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
22814 when checking for -lsocket, -lnsl, and -linet, check for the
22815 specific functions we need from them.
22818 * config.h.in, sudo.h:
22819 move Syslog_* defs into sudo.h
22822 * Makefile.in, sudo.h:
22823 added check_secureware
22827 finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
22831 don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
22832 defined. configure now does that for us
22836 move some --with options around change a bunch of echo's to
22837 AC_MSG_CHECKING, AC_MSG_RESULT pairs
22841 change $with_foo-bar -> $with_foo_bar kill extra " that caused a
22842 syntax error add some echo verbage
22845 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
22848 moved SecureWare stuff into secureware.c
22856 update url to solaris gcc bins
22860 change option formatter and flesh out someentries
22863 * TROUBLESHOOTING, sudo.pod, visudo.pod:
22864 environmental variable -> environment variable
22868 everything is now done via configure
22876 passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
22880 SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
22884 merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
22885 sudoers_mode from configure
22889 SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
22890 the Makefile, not config.h
22894 document all --with/--enable options
22897 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
22900 options.h is no more
22904 assimilated options.h
22908 moved options from options.h to configure
22911 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
22912 logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
22913 sudo_setenv.c, visudo.c:
22917 * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
22918 remove references to options.h
22921 * dce_pwent.c, interfaces.c, sudo.c:
22926 if select return < -1 still prompt for pw
22930 convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
22935 FAST_MATCH is no longer an optino
22939 remove_timestamp() if timestamp is preposterous
22943 convert more options to --with/--enable
22946 * INSTALL, aclocal.m4:
22951 convert more options into --with and --enable
22955 catch EINTR in select and restart
22962 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
22965 UMASK -> SUDO_UMASK.
22968 * check.c, logging.c:
22969 time.h, not sys/time.h
22972 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
22975 MAILER -> _PATH_SENDMAIL
22978 * INSTALL, configure.in:
22979 no more --with-C2, now it is --disable-shadow
22982 * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
22983 getspwuid.c, sudo.c, tgetpass.c:
22984 new shadow password scheme. Always include shadow support if the
22985 platform supports it and the user did not disable it via configure
22988 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
22991 --with-getpass -> --{enable,disable}-tgetpass
22995 pathnames.h -> pathnames.h.in
23003 move pam_conv to be static to auth function remove pam_misc.h
23004 (solaris doesn't have one)
23008 _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
23012 munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
23016 convert to pathnames.h.in
23019 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
23022 fix typo in sysv4 matching case /.
23025 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
23028 pam stuff needs to run as root, not user, for shadow passwords
23031 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
23033 * BUGS, INSTALL, README, configure.in:
23037 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
23038 emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
23039 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
23040 logging.c, options.h, parse.c, parse.lex, parse.yacc,
23041 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
23042 testsudoers.c, tgetpass.c, utime.c, visudo.c:
23047 user version.h for long message
23051 this is version 1.5.6
23054 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
23057 remove errant backslash
23060 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
23062 * options.h, parse.yacc, pathnames.h.in:
23064 [fdee73255d64] [SUDO_1_5_6]
23066 * BUGS, CHANGES, TODO:
23074 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
23077 kill unused localhost_mask var copy if name to ifr_tmp after we zero
23081 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
23084 Better description of new vs. old sudoers modes fix some typos
23085 better description of /usr/ucb/cc gotchas on slowaris
23093 set NewArgv[0] to user_shell, not basename(user_shell)
23096 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
23099 mention TROUBLESHOOTING more fix some typos
23103 move --enable/--disable to be after --with
23107 document --enable/--disable
23111 document --with-pam
23114 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
23117 Add message for pam users
23128 * check.c, config.h.in, configure.in:
23129 pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
23132 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
23135 add HOST_IN_LOG and WRAP_LOG
23139 add WRAP_LOG and HOST_IN_LOG
23143 add --enable-log-host and --enable-log-wrap
23147 use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
23150 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
23157 include sys/param.h to get howmany macro
23160 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
23162 * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
23166 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
23169 bring in stdio.h for NULL
23173 allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
23177 use HAVE_SET_AUTH_PARAMETERS
23181 add HAVE_SET_AUTH_PARAMETERS
23185 add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
23189 add support for HI-UX/MPP SR220001 02-03 0 SR2201
23193 initialize previfname
23197 Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
23198 it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
23207 don't need special build line for sudo.tab.o
23211 don't clean sudo.tab.[ch]
23215 Sudo should prompt for a password before telling the user that a
23216 command could not be found.
23224 no longer require yacc
23232 y.tab -> sudo.tab include pre-yacc'd parse.yacc
23236 include sudo.tab.h, not y.tab.h don't break out of command args if
23244 * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
23253 getcwd(3) from OpenBSD for those without it.
23257 HAVE_GETWD -> HAVE_GETCWD
23261 pretend sunos doesn't have getcwd(3) since it opens a pipe to
23270 remove duplicate include of string.h
23274 call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
23278 add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
23282 add dev_t and ino_t
23285 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
23288 fix OTP_ONLY for opie
23291 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
23293 * testsudoers.c, tgetpass.c:
23294 include stdlib.h for malloc proto
23297 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
23300 make update_version saner
23304 add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
23308 check for waitpid and wait3 or no waitpid
23312 used waitpid or wait3 if we have 'em
23315 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
23318 fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
23321 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
23324 don't need to explicately mention -lsocket -lnsl for sequent
23327 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
23330 dynix should not link with -linet
23333 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
23336 mention that HP-UX doesn't ship with yacc
23339 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
23342 ignore kerberos if we can't get the local realm
23345 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
23347 * BUGS, INSTALL, README, configure.in:
23355 * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
23356 find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
23357 logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
23358 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
23367 don't use popen/pclose. Do it inline.
23378 * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
23379 ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
23384 * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
23389 getwd.c -> getcwd.c
23401 use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
23405 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
23407 * OPTIONS, options.h:
23408 add STUB_LOAD_INTERFACES
23411 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
23412 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
23413 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
23414 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
23415 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
23416 testsudoers.c, tgetpass.c, utime.c, visudo.c:
23421 support *-ccur-sysv4 and fix two typos
23424 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
23427 don't echo about with_logfile and with_timedir
23431 document --with-logfile and --with-timedir
23435 support --with-logfile and --with-timedir
23439 Add --with-logfile and --with-timedir
23443 change size computation of NewArgv for UNICOS
23446 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
23449 treate -*-sysv4* like *-*-svr4
23452 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
23455 fix spacing for --with-authenticate help
23458 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
23459 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
23460 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
23461 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
23462 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
23463 testsudoers.c, tgetpass.c, utime.c, visudo.c:
23468 fix off by one error in push macro
23471 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
23474 removed bogus alloca hack
23478 added AIX 4.x authenticate() support
23482 include alloca.h if using bison and not gcc and it exists. fixes an
23483 alloca problem on hpux 10.x
23487 mention --with-authenticate
23491 added AIX authenticate() support
23495 add HAVE_AUTHENTICATE
23499 dynamically size ifconf buffer
23506 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
23507 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
23508 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
23509 logging.c, options.h, parse.c, parse.lex, parse.yacc,
23510 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
23511 testsudoers.c, tgetpass.c, utime.c, visudo.c:
23519 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
23522 add busy stmp file explanation
23525 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
23528 the name of the cached var that signals whether or not you are cross
23529 compiling changed. It is now ac_cv_prog_cc_cross
23532 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
23535 mention glibc 2.07 is fixed wrt lsearch()\.
23538 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
23540 * sample.sudoers, sudoers.pod:
23541 better example of su but not root su
23544 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
23546 * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
23547 emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
23548 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
23549 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
23550 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
23551 testsudoers.c, tgetpass.c, utime.c, visudo.c:
23556 correct regexp for updating version
23560 remove bogus flush of stderr spew prompt before turning off echo.
23561 Seems to fix a weird problem where if sudo complained about a bogus
23562 stamp file the user would sometimes not have a chance to enter a
23567 fix bogus flush of stderr
23571 close fd's <=2 not <=3 and move that chunk of code up
23575 support hpux1[0-9] not just hpux10
23578 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
23581 set sudoers_fp to nil after closing
23584 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
23586 * config.guess, config.sub:
23587 updated from autoconf 2.12
23594 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
23597 fix select usage for high fd's (dynamically allocate readfds)
23601 kill extra whitespace
23605 do an initgroups() before running a command, unless the target user
23609 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
23612 tell people to use tabs, not spaces, in syslog.conf
23615 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
23617 * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
23618 parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
23622 * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
23623 logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
23627 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
23628 insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
23633 more tweaks to update_version
23637 fixed up update_version rule
23645 removed supe of check.c
23656 * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
23657 dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
23658 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
23659 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
23660 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
23661 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
23671 add rules to update version stuff in files so I don't need to do it
23676 sudoers_fp is now extern
23680 in check_sudoers, cache the sudoers file handle in sudoers_fp so we
23681 don't have to open it again in the parse. This may help with weird
23682 solaris problems where EAGAIN sometime occurrs.
23686 sudoers file open is now done only in check_sudoers() so we just do
23687 a rewind() instead of an open. May help people on solaris who were
23691 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
23694 mention that newer glibc is fixed
23697 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
23700 newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
23701 _RLD* instead of _RLD_*
23709 fix that bug for real
23713 document Linux's libc6 brokenness.
23722 [4949a1bbd0a9] [SUDO_1_5_4]
23725 remind people to HUP syslogd
23741 remove author's email addr. people should mail sudo-bugs
23748 * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
23749 find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
23750 ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
23751 logging.c, options.h, parse.c, parse.lex, parse.yacc,
23752 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
23753 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
23761 * INSTALL, Makefile.in:
23770 exit(1) if user enters no passwd
23778 commands can start with ./* not just /* -- fixes a serious security
23782 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
23785 Don't set the tty variable to NULL when we lack a tty, leave it as
23789 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
23792 fix usage of (username) in conjunction with , and !
23796 catch the case where the user is not in the passwd file
23800 use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
23805 define tty global to an initial value to avoid dumping core in
23806 logging functions when passwd file is unavailable.
23810 do the set_perms(PERM_USER, sudo_mode) after we have gotten the
23815 talk about problem of ALL
23818 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
23825 fdesc bug is fixed in Open/Net BSD
23829 updates from Nieusma
23832 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
23835 move compat.h after the system includes
23838 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
23841 save errno from being clobbered by wait(). From Theo
23844 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
23847 fix an occurence of setresuid -> setreuid (typo)
23850 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
23853 check for path to strip
23856 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
23859 deal with maxfilelen < 0 case
23866 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
23869 correct error message if mode/owner wrong and not statable by owner
23870 but is statable by root.
23873 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
23875 * config.guess, config.sub:
23879 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
23881 * CHANGES, RUNSON, TODO:
23885 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
23887 * parse.yacc, sudo.h:
23888 command_alias -> generic_alias
23889 [c404ca8c510d] [SUDO_1_5_3]
23892 added Runas_Alias example and fixed syntax errors
23895 * OPTIONS, options.h:
23896 updated MAILSUBJECT
23903 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
23904 configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
23905 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
23906 insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
23907 parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
23908 sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
23913 * BUGS, emul/utime.h:
23918 document Runas_Alias
23926 buffer oflow checking q (uit) -> Q if yyparse() fails drop into
23931 add size params to sprintf
23935 allow trailing space after '\\' but before '\n'
23939 off by one error in path size check
23946 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
23953 now warns if killed by signal ./
23956 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
23959 fix Runas_Alias stuff Alias's in runas list now get expanded (but it
23964 Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
23968 add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
23972 Add Runas_Alias and simplify a rule.
23976 always store User_Alias's since they can be used inside of a runas
23977 list. Sigh. Really need a Runas_Alias instead.
23980 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
23983 deal with case where there is no sudoers file
23986 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
23992 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
23994 * HISTORY, testsudoers.c:
23995 developement -> development
24010 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
24013 removed seteuid() notes
24014 [1010a60f281d] [SUDO_1_5_2]
24016 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
24019 better seteuid() emulatino
24023 added check for seteuid
24030 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
24033 first stab at sequent support
24037 added HAVE_SYS_SELECT_H
24041 sequent -> _SEQUENT_
24045 added seteuid() macro for DYNIX
24049 _AIX -> HAVE_SYS_SELECT_H
24052 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
24054 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
24055 parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
24056 testsudoers.c, tgetpass.c, utime.c, visudo.c:
24060 * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
24061 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
24062 ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
24063 pathnames.h.in, version.h:
24068 added -H and SUDO_PS1
24072 use SUDO_FUNC_FNMATCH
24076 added SUDO_FUNC_FNMATCH
24084 added MODE_RESET_HOME /
24087 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
24101 * compat.h, config.h.in:
24106 added HAVE_OPIE and changed to *_OTP_*
24113 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
24116 moved fclose() in skey stuff.
24119 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
24122 index -> strchr remove unnecesary stuff
24126 now call skeychallenge() to get challenge instead of making one up
24127 ourselves. this way, we get extra goodies in the prompt.
24130 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
24134 [3f5149357e2a] [SUDO_1_5_1]
24137 allow logins to start with a number (YUCK!)
24140 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
24143 added soalris 2.5 vs 2.4 note
24147 DUNIX doesn't need -lnsl
24151 *** empty log message ***
24154 * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
24155 getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
24156 ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
24157 options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
24158 strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
24159 utime.c, version.h, visudo.c:
24163 * PORTING, README, RUNSON:
24167 * INSTALL, Makefile.in, TROUBLESHOOTING:
24172 *** empty log message ***
24175 * sudo.pod, visudo.pod:
24179 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
24185 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
24188 added $SUDO_PROMPT support
24191 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
24194 print long skey challemged to stderr, not stdout
24197 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
24207 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
24213 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
24216 use shost, not host for tgetpass
24220 documented %u and %h
24224 documented %u and %h
24231 * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
24232 dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
24233 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
24234 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
24235 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
24236 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
24244 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
24246 * Makefile.in, configure.in, version.h:
24251 new tgetpass() params
24255 pass use and host to tgetpass
24259 added %u and %h escapes
24262 * OPTIONS, check.c, options.h:
24267 added cray (unicos) support
24270 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
24272 * OPTIONS, options.h, sudo.c:
24273 added SHELL_SETS_HOME
24276 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
24279 added note about "make install"
24283 changed length/size params from int to size_t
24287 now get CSOPS insults as well by default
24291 use csops insults too by default
24294 * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
24299 added runas_homedir
24315 added "upgrading" notes
24318 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
24321 now do chmod and chown after edit of temp file and before rename
24322 [de174e34faa7] [SUDO_1_5_0]
24324 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
24327 ++version added INSTALL.configure
24330 * configure.in, version.h:
24335 *** empty log message ***
24343 sets $HOME to pw_dir of runas user
24347 document $HOME change
24350 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
24353 fixed up some wording
24356 * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
24357 interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
24358 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
24363 * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
24364 insults.h, options.h, pathnames.h.in, sudo.h:
24373 name nad type changes
24377 now works with new sudo
24385 some variable name changes + comment headers for functions.
24389 added extra paren's to make compilers happy
24393 *** empty log message ***
24397 now uses init_parser() if not in sudoers and tries "list" or
24398 "validate" scold but don't be nasty.
24402 now can use upper case login names
24406 now uses init_parser()
24414 added info about PASSWORD_TIMEOUT
24417 * INSTALL.configure:
24426 now dynamically allocates memory for the stacks -- no more
24431 -l now explands command aliases
24435 hacks to expand command aliases for `sudo -l'
24439 remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
24443 added struct command_alias
24451 in compar() key should be first arg
24454 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
24461 can now deal with upcase HOST and USER names
24465 don't yell too loudly at non-sudoers if they do "sudo -l"
24476 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
24478 * parse.c, parse.yacc:
24479 added support for new `sudo -l' stuff
24483 now uses list_matches()
24487 added struct sudo_match
24491 now more -lgnumalloc
24494 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
24497 added more paths for chown and whoami
24500 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
24506 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
24509 fixed DUNIX check for shadow pw
24513 now only turn off echo if it is already on. this fixes a race when
24514 you use sudo in a pipelin
24522 changed "test -z $foo && do_this" to if; then construct
24525 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
24528 added missing defines of SHADOW_TYPE
24531 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
24534 protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
24539 added AUTH_CRYPT_C1CRYPT support
24543 no longer return VALIDATE_NOT_OK if there was a runas that didn't
24544 match. Now we can have runas stuff on more than one line.
24547 * getspwuid.c, sudo.c, tgetpass.c:
24548 use SHADOW_TYPE instead of HAVE_C2_SECURITY
24552 got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
24557 removed HAVE_C2_SECURITY added SPW_BSD
24561 use SHADOW_TYPE instead of HAVE_C2_SECURITY
24565 SHADOW_TYPE is always defined so just against its value
24569 added SUDO_CHECK_SHADOW_DUNIX
24572 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
24575 * -> ?* in one example added another instance of (runas) and one of
24579 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
24582 added back check for config.cache from other host type
24586 removed an instance of \"
24594 updated wrt new wildcard matching
24598 new check for shadow passwords if we don't know anything
24602 new SUDO_CHECK_SHADOW_GENERIC
24606 added back check for -lsocket (oops)
24610 better (working) check for shadow passwd type if we know to use C2.
24614 now uses AC_CANONICAL_HOST to figure out os type
24618 added config.{guess,sub}
24622 removed unused stuff to figure out os type
24638 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
24639 pathname. need to check against sudoers_args even if user_args is
24644 don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
24645 pathname need to check against sudoers_args even if user_args is nil
24648 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
24651 added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
24655 now takes command line args and uses cmnd_args
24659 fill_args was adding an extra leading space
24662 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
24665 fixed dummy command_matches()
24677 now uses flat args string
24680 * parse.c, parse.lex:
24681 now uses flat arg string
24685 added cmnd_args def
24689 now sets cmnd_args global
24693 cmnd_args is now exported from sudo.[ch]
24696 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
24699 can't rely on cmnd_matches as much as I thought -- added some $$
24700 stuff back in to prevent namespace pollution problems.
24704 Simplified parse rules wrt runas and NOPASSWD (more consistent).
24707 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
24710 NOPASSWD may now have blanks before the ':' '(' only starts a
24711 'runas' if in the initial state to avoid collision with command args
24715 added checks for specific shadow passwd schemes
24719 added routines to check for specific shadow passwd types
24722 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
24725 added support for ncr boxen
24729 added support for detecting ncr boxen
24732 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
24735 added sinix support
24738 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
24741 added info about "config.cache from other other" error.
24745 now makes sure you don't have a config.cache file from another OS
24749 now sets $LIBS when needed to configure links with libs when doing
24750 tests hpux10 now uses SPW_SECUREWARE for C2 added check for
24751 bigcrypt(3) if SPW_SECUREWARE
24759 now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
24767 no more SPW_HPUX10 added HAVE_BIGCRYPT
24771 now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
24775 SPW_SECUREWARE now uses bigcrypt
24778 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
24781 fixed 2 syntax errors
24785 root may now run ALL as ALL
24788 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
24791 fixed a typo/thinko that broke BSD's with sa_len
24794 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
24796 * check.c, configure.in:
24797 updated AFS support
24801 added entry about /usr/ucb/cc
24805 prep no longer holds gcc binaries
24817 AFS allows long passwords
24821 fixed -u user support
24825 sudo -v now groks VALIDATE_OK_NOPASS
24829 fixed no_passwd vs. runas_matched
24833 took out stuff about NFS-mounting since it is no longer an issue
24837 added --with-libraries > --with-libpath --with-incpath
24841 was setting runas_matches to -1 in wrong place
24845 removed usersec.h which is not present in new AFS versions
24849 now deals with timeout <= 0
24857 BSD/OS >= 2.0 now uses shlicc instead of just gcc
24861 fixed backwards compatibility with sudo 1.4 sudoers mode for root
24862 readable/writable filesystems
24866 now gives INSTALL -c flag
24870 slightly simpler initialization of no_passwd and runas_matches
24874 added -u username support
24878 improved --with-libraries support
24881 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
24884 added --with-incpath, --with-libpath, --with-libraries
24888 now initializes some fields that weren't getting set to -1 pretty
24889 gross -- need a rewrite.
24892 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
24899 no longer add -lPW to *_LIBS since we include alloca.c
24903 added HAVE_ALLOCA_H
24918 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
24921 now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
24922 not always set to a valid uid.
24926 fixed entry for SUDO_MODE
24930 Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
24931 being set to -2. Now beat NFS to the punch and set uid to "nobody"
24932 ourselves, preserving group 0 to read sudoers.
24936 moved set_perms(PERM_ROOT) to be before yyparse()
24944 no longer need AC_PROG_INSTALL
24948 always use install-sh to avoid install(1)'s that use get{pw,gr}nam
24952 make clean -> make distclean
24955 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
24958 removed some unnecsary if's
24961 * Makefile.in, version.h:
24965 * parse.c, testsudoers.c:
24966 now includes netgroup.h
24970 removed cats of ioctl to int since they didn't shut up -Wall
24974 explicately cast ioctl() to int since it it not always declared
24978 added declarations for yyparse() and yylex()
24982 fixed an occurence of '==' -> '='
24985 * config.h.in, configure.in:
24986 added check for netgroup.h
24990 fixed 2 compiler warnings
24994 SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
24998 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
25004 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
25007 fixed a formatting thingie
25010 * parse.c, parse.yacc:
25011 fixed -u support with multiple user lists on a line
25015 unixware needs -lgen
25019 updated ftp location
25023 add net_addr/netmask support
25027 added net_addr/mask example
25030 * parse.c, parse.lex:
25031 added support for net_addr/netmask
25034 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
25040 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
25050 * BUGS, TODO, TROUBLESHOOTING:
25055 updated with examples of new stuff
25063 updated wrt -u and NOPASSWD
25067 updated wrt -u and CAVEATS
25070 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
25077 now use :foo: character classes (makes no diff for generated lexer)
25080 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
25083 fixed LONG_SKEY_PROMPT stuff
25086 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
25093 make more like NetBSD one -- now compiles w/o warnings
25097 fixed decls of lsearch()
25100 * config.h.in, configure.in, getspwuid.c:
25105 hpux 10 uses bigcrypt() if C2
25108 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
25111 now always uses fnmatch to match args
25115 back to using stdio instead of raw i/o since that caused some
25119 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
25122 now give usage warning if use -l,-v,-k with args
25125 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
25128 NewArgc is now set to 1 for -l, -v, -k
25132 now sets sudoers to correct group if mode is 0400
25136 updated to version used by inn and bind
25140 now uses -lgnumalloc if it exists
25144 "make install" now sets uid/gid and mode on sudoers if it exists
25148 rmeoved debugging statements
25152 added a missing free()
25156 now uses user_gid instead of getegid (which was wrong anyway) to set
25157 SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
25158 (logging.c depends on args being in the environment)
25162 now uses SUDO_COMMAND envariable to get command args rather than
25163 building it up again.
25171 fixed off by one error in allocation NewArgv
25175 in sudoers, 'command ""' now means command with no args
25179 added check for fnmatch(3) and fnmatch.h
25187 replaced wildcat.* with fnmatch.*
25194 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
25197 now uses fnmatch() instead of wildmat a trailing star (*) by itself
25198 now matches multiple args added support for wildcards in the
25199 pathname in sudoers
25202 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
25205 now includes compat.h and config.h
25209 added HAVE_FNMATCH_H
25213 now checks for alloca() (if needed by bison or dce) and links with
25214 -lPW if it contains alloca() and libv and compiler do not.
25217 * emul/fnmatch.h, fnmatch.3, fnmatch.c:
25221 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
25224 now fixes mode on sudoers if set to 0400 to aid in upgrade
25227 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
25230 fixed pod2man usage
25233 * Makefile.in, configure.in, version.h:
25237 * testsudoers.c, visudo.c:
25238 runas_user is now initialized to "root"
25242 removed PERM_FULL_ROOT
25246 runas_user defaults to "root" so no more need to PERM_RUNAS
25250 will now only running commands as root if there was no runas list
25251 (or if root is in the runas list)
25259 runas_matches is now set to false if we get a negative match
25263 make #uid work + some minor cleanup
25267 added support for NOPASSWD and "runas" from garp@opustel.com /
25271 added support for "runas" from garp@opustel.com replaced
25272 SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
25277 added support for "runas" from garp@opustel.com
25281 added support for NO_PASSWD and runas from garp@opustel.com replaced
25282 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
25287 added support for NO_PASSWD and runas from garp@opustel.com replaced
25288 SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
25293 added support for NO_PASSWD and runas from garp@opustel.com
25296 * parse.c, parse.lex:
25297 added support for NO_PASSWD and runas from garp@opustel.com
25301 added support for SUDOERS_WRONG_MODE and "runas"
25305 added --with-CC only link with -lshadow on linux (with shadow pw) if
25306 libc lacks getspnam()
25309 * OPTIONS, options.h:
25310 removed NO_PASSWD since it is not possible to do this in the sudoers
25311 file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
25312 SUDOERS_GID. Added SUDOERS_MODE.
25316 now uses SUDOERS_UID and SUDOERS_GID
25319 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
25325 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
25328 added double quote support
25332 documented double quoting
25335 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
25342 fixed some indentation
25350 added install-dirs .
25353 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
25356 new version from "Jeff A. Earickson" <jaearick@colby.edu>
25359 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
25362 $CSOPS -> $with_csops (whoops, missed one)
25370 FQHOST now has same constraints as non-FQHOST
25374 added note about OS's w/ shadow passwords turned on by default
25377 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
25384 added support for --without-THING sanitized shadow pw situtation by
25390 fixed a typo wrt placement of an end paren
25394 was closing an fd that may not have been opened
25397 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
25399 * OPTIONS, options.h, sudo.c:
25403 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
25406 now always use shadow pw on some arches
25409 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
25412 added pyramid support
25416 no longer check for C2 if alternate passwd method is used no longer
25417 check for some libs twice
25421 moved fqdn stuff into parse.lex (FQHOST)
25429 now define TCSASOFT in necesary
25433 now uses read/write instead of stdio string goop to avoid problems
25437 * OPTIONS, find_path.c, options.h:
25438 -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
25441 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
25444 added note about no shadow auto-detect if using alternate auth
25449 don't check for C2 if AFS or DCE (unless they said --with-C2)
25456 * OPTIONS, find_path.c, options.h:
25460 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
25463 checkdot now works correctly
25466 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
25469 can't have DCE and C2 passwords both...
25472 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
25474 * parse.yacc, sudo.c, sudo.h, visudo.c:
25475 now uses shost even if not FQDN
25479 now looks for skey in /usr/lib and doesn't require libskey to be in
25480 /usr/local/lib just because skey.h is (for my netbsd box :-)
25483 * aclocal.m4, config.h.in, pathnames.h.in:
25484 _SUDO_PATH_ -> _CONFIG_PATH_
25487 * aclocal.m4, sudo.pod:
25488 /var/run/.odus -> /var/run/sudo
25492 now uses _SUDO_PATH_TIMEDIR
25499 * aclocal.m4, configure.in:
25504 added _SUDO_PATH_TIMEDIR
25508 updated wrt /var/run/sudo
25512 added support for shost if FQDN
25515 * parse.yacc, visudo.c:
25516 now uses shost if FQDN
25520 Now use skeylookup() instead off skeychallenge()
25523 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
25526 mail_argv should not contain ALERTMAIL as it includes "-t"
25529 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
25531 * INSTALL, Makefile.in, README, configure.in, version.h:
25536 added more _PASSWD_LEN stuff -- now uses PASS_MAX too
25540 now includes limits.h moved _PASSWD_LEN -> compat.h
25543 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
25561 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
25568 done for 1.4.1 (I hope)
25572 added info on wildcards
25576 added wildcard example
25580 now uses *.pod to build *.man and *.cat & *.html
25584 addedSUDO_PROG_BSHELL !ll
25588 fixed up some formatting
25592 redid section describing sample sudoers stuff
25596 fixed some formatting
25600 now treats "" as bourne shell
25604 TESTOBJS nwo includes wildmat.o
25608 now works with NewArg[cv]
25612 removed an XXX (fixed it in getspwuid.c)
25616 added check for bourne shell
25624 added _SUDO_PATH_BSHELL
25627 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
25630 unixware vi returns 256 instead of 0
25638 fixed up some XXX's. file log format now looks a little more like
25639 real syslog(3) format.
25642 * README, TROUBLESHOOTING:
25643 updated wrt lex/flex
25647 commented out rule to build lex.yy.c from parse.lex since we ship
25648 with a pre-flex'd parser
25651 * parse.c, parse.yacc, visudo.c:
25652 path_matches -> command_matches
25656 eliminated some strcat()'s
25660 no longer checks for lex/flex (now assumes flex)
25664 now checks for $kerb_dir_candidate/krb.h instead of just
25668 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
25671 now use a 'hook' expression instead of an iffy one :-)
25674 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
25677 now works with new sudo arg stuff
25681 fixed dereferencing deadbeef
25685 changed an occurrence of Argv to NewArgv
25689 took out support for quoted commands since there is no need...
25693 fixed a typo in a for() loop
25697 protected against dereferencing rogue pointers
25701 now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
25702 also allows us to eliminate some kludges in parse_args() and
25703 eliminate superfluous code.
25707 no longer uses cmnd_args, now uses NewArgv instead.
25711 added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
25716 added wildmat.c to SRCS & SUDOBJS
25720 COMMAND is now a struct containing the path and args
25724 replaced append() with fill_cmnd() and fill_args. command args from
25725 a sudoers entry are now stored in an arrary for easy matching.
25729 command line args from sudoers file are now in an array like ones
25730 passed in from the command line
25733 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
25736 wildwat stuff now works
25739 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
25746 ++version added wildmat.*
25749 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
25752 added support for quoted commands (w/ or w/o args)
25755 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
25757 * sudo.pod, visudo.pod:
25758 cleaned up formatting
25761 * sudo.pod, visudo.pod:
25765 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
25768 looks reasonable, could be mroe readable
25775 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
25782 updated NO_ROOT_SUDO entry
25785 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
25788 *** empty log message ***
25789 [5b63de579ff7] [SUDO_1_4_0]
25800 AIX aixcrypt.exp now uses $(srcdir)
25804 added entry for anal ansi compilers
25807 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
25810 added info on libcrypt_i for SCO
25814 *** empty log message ***
25829 * INSTALL, OPTIONS, README, config.h.in, configure.in:
25834 ++version and fixed ISC
25837 * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
25838 goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
25839 insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
25840 sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
25846 added STUB_LOAD_INTERFACES ++version
25849 * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
25855 added info about fd_set in tgetpass added info on interfaces.c
25858 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
25869 tgetpass.o is now only linked in with sudo (not visudo)
25872 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
25874 * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
25880 added copyright notice
25883 * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
25884 ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
25885 interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
25886 pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
25887 testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
25892 minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
25896 ISC now gets -lcrypt now check for sys/bsdtypes.h
25900 added check for sys/bsdtypes.h
25903 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
25906 removed debugging stuff (setting freed ptr to NULL)
25918 added section on syslog
25922 added AC_ISC_POSIX for better ISC support
25930 added define for _POSIX_SOURCE
25933 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
25936 fixed check for lsearch()
25939 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
25942 fixed for AIX now deal if num_interfaces == 0 (should not happen)
25945 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
25948 now only define HAVE_LSEARCH if there is a corresponding search.h
25955 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
25958 now define HAVE_LSEARCH if we find lsearch() in libcompat
25962 char * -> const char *
25966 now looks in -lcompat for lsearch()
25970 remove sudo.core visudo.core for clan target
25974 added UID_MAX support in check for MAX_UID_T_LEN
25978 fixed another occurence of sudo_getpwuid.*
25981 * Makefile.in, getspwuid.c:
25982 sudo_getpwuid.c -> getspwuid.c
25989 * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
25990 compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
25991 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
25992 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
25993 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
25994 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
25995 version.h, visudo.c:
26000 added group support
26008 documented group support
26011 * parse.c, parse.lex, parse.yacc, visudo.c:
26012 added group support
26015 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
26018 tkfile was too short and overflowed the kerberos realm
26021 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
26024 now copy command args directly from Argv
26028 replaced code to copy cmnd_args so that is does not use realloc
26029 since most realloc()'s really stink
26032 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
26035 syslog() fixed in hpux 10.01
26038 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
26041 AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
26045 better error if cannot find skey incs or libs
26049 now use a temp file for determining max len of uid_t in string form.
26050 the old hacky way broke on netbsd
26054 added set of parens and a space
26057 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
26060 fixes from Jeff Earickson <jaearick@colby.edu> ,
26068 fixed up testsudoers target
26072 DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
26073 SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
26077 LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
26081 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
26084 fix for C2 on hpux 10 now uses -linet if it exists
26088 LONG_SKEY_PROMPT is less of a klusge /
26092 fixed typos w/ dce stuff
26099 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
26102 amended section on combining authentication mechanisms
26106 minor updates for 1.3.6
26110 added 2 more entries
26122 rewrote for sudo 1.3.6
26129 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
26131 * find_path.c, getspwuid.c, sudo.c:
26132 added explict casts for strdup since many includes don't prototype
26137 removed prototype for sudo_getpwuid() since convex C compiler choked
26142 added prototype for sudo_getpwuid()
26146 now compiles on strict ANSI compilers
26150 added LONG_SKEY_PROMPT support
26154 added extra $'s for make to eat up, yum.
26157 * OPTIONS, options.h:
26158 added LONG_SKEY_PROMPT
26161 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
26164 s/key support now works with normal s/key as well as logdaemon
26167 * OPTIONS, options.h:
26172 set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
26176 added DCE note added more AIX notes
26180 now include pthread.h for DCE support
26184 dce_pwent() is ok after all .,
26188 now uses SYSLOG() macro that equates to either syslog() or
26193 minor formatting changes. renamed check() to somthing less generic
26196 * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
26198 now uses user_pw_ent and simple macros to get at the contents
26201 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
26204 simpler dec unix C2 support
26208 now sets crypt_type for DEC unix C2
26211 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
26214 added csops paths for skey
26218 now includes string.h for strdup() prototype
26226 now includes skey.h
26234 moved a lot of the shadow passwd crap to sudo_getpwuid()
26238 now uses sudo_pw_ent
26242 now uses sudo_pw_ent
26246 now sets sudo_pw_ent
26254 moved dce stuff into compat.h
26257 * logging.c, sudo.h:
26258 now uses sudo_pw_ent
26262 added sudo_getpwuid.c
26270 now uses sudo_pw_ent
26273 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
26276 fixed exempt_group stuff for OS's that don't put base gid in group
26281 S/Key support now works with sunos4 shadow passwords
26288 * config.h.in, configure.in:
26297 first stab at dce support
26301 now smells like sudo
26309 skey'd sudo now works w/ normal password as well
26312 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
26314 * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
26315 getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
26316 ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
26317 parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
26318 sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
26319 version.h, visudo.c:
26320 updated version number
26324 updated to reflect version change
26328 --with options now line up ++version
26332 removed unecesary S/Key stuff
26336 fixed S/Key support
26340 -I stuff now goes in CPPFLAGS
26352 fixed description of EXEMPTGROUP
26356 more people use _RLD_ than just alphas...
26360 replaced $man_prefix with $mandir
26368 now use more GNU'ish dir names
26372 now set *dir correctly (can override from command line)
26376 now deal with situations where we getwd() fails
26379 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
26382 added etc_dir, bin_dir, sbin_dir
26390 now ship a flex-generated lex.yy.c
26394 now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
26398 _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
26402 no more error for redefining SUDOERS_OWNER
26406 expanded SUDOERS_OWNER section
26409 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
26412 now warn if chown(2) failed
26416 better default warning for NO_SUDOERS_FILE
26420 added missing set_perms() no more cryptic message if the sudoers
26421 file is zero length, now just give a parse error
26425 better diagnostics if NO_SUDOERS_FILE
26429 check_sudoers() now catches sudoers files that are not readable (but
26433 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
26436 now add -D__STDC__ for convex cc (not gcc)
26440 MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
26444 now uses exec_prefix & prefix from configure
26447 * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
26448 parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
26450 options.h is now <> instead of "" so shadow build trees can have a
26451 custom copy of options.h
26455 user_is_exempt() is no longer a hack, it now uses getgrnam()
26459 EXEMPTGROUP is now "sudo"
26463 MAN_POSTINSTALL now contains a leading space
26467 removed leading tab if @MAN_POSTINSTALL@ not defined now removes
26468 testsudoers in clean:
26472 includes pwd.h to get _PASSWD_LEN definition
26475 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
26478 unset the KRB_CONF envariable if using kerberos so we don't get
26479 spoofed into using a bogus server
26482 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
26485 now explicately initialize match[] tp be FALSE
26488 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
26491 removed unused variable now passes -Wall
26495 yyerror and dumpaliases are now void's now passes -Wall
26499 added prototype for yyerror
26502 * check.c, logging.c, parse.c:
26507 rmeoved unused cruft now passes -Wall
26511 fixed headers that moved to emul dir
26515 fixed deref of nil pointer if no args
26518 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
26521 added a caveat to FQDN section
26524 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
26527 more $srcdir support for install targets
26530 * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
26531 strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
26532 don't include malloc.h if we include stdlib.h
26536 local search.h now lives in emul
26539 * check.c, utime.c:
26540 local utime.h now lives in emul dir
26544 local search.h now lives in emul
26548 added support for building in other than the sourcedir
26551 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
26554 annotated CSOPS_INSULTS option
26558 updated shadow passwords blurb
26562 if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
26563 passes along foo as the arguments
26566 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
26569 collapsed pathname and dir sections into one -- its now less
26574 fixed spacing quoting [,:\\=] now works correctly append() and
26575 fill() now take args to make the above work
26579 fixed a typo that caused commands with no tty on fd 0 but a tty on
26580 fd 1 to erroneously have "none" as their tty
26583 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
26586 timestampfile is now a global static removed decl of timestampfile
26587 in remove_timestamp since we can just use the global one
26591 created touch() to update timestamps added USE_TTY_TICKETS support
26596 added _S_IFDIR and S_ISDIR
26599 * OPTIONS, options.h:
26600 added USE_TTY_TICKETS
26604 removed const from casts for lsearch() & lfind() to placate irix 4.x
26608 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
26611 now only strip '/dev/' off of a tty if it starts with '/dev/'
26619 AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
26624 fixed incorrect #ifdef termio uses "unsigned short" not int for
26628 * parse.lex, parse.yacc:
26629 fixed a spelling error
26636 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
26643 added dotcat() to cat 2 strings w/ a dot effeciently now that we
26644 dynamically allocate strings they need to be free()'d
26648 dynamically allocates space for strings
26652 no more MAXCOMMANDLENGTH
26659 * logging.c, sudo.c:
26660 moved tty stuff into sudo.c
26663 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
26666 fixed a logic bug. Was denying a command if user gave command line
26667 args but there were none in the sudoers file which is wrong.
26671 MAXCOMMMANDLEN dropped down to 1K
26675 return foo; -> return(foo);
26679 fixed netgr_matches() prototype
26683 added support for escaping "termination" characters
26687 buf is now of size MAXPATHLEN+1 since it never holds command args
26695 fixed negation problem (doh!)
26699 fixed 2nd parameter to lfind()
26703 now do bounds checking in fill() and append()
26707 include netdb.h as we should added a missing void cast added
26708 SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
26709 realloc actually moved the string instead of shrinking it
26713 updated with examples of new features
26717 now set errno to EACCES if not a regular file or not executable
26721 if given a fully-qualified or relative path we now check it with
26722 sudo_goodpath() and error out with the appropriate error message if
26723 the file does not exist or is not executable
26726 * emul/search.h, lsearch.c:
26727 now use correct args for lfind
26735 added in CSOps insults
26747 increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
26751 added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
26755 fixed -k load_interfaces() now gets called if FQDN is set
26756 -p now works with -s
26760 don't try to stat() "pseudo commands" like "validate"
26764 added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
26768 added SecurID support added other insults to --with-csops
26776 added clobber target added ins_csops.h now gets CFLAGS from
26781 relaxed SUDO_FULL_VOID
26785 function comment blocks are now in same style as rest of code
26789 added support for command line args in /etc/sudoers
26793 updated to have command args in the sudoers file
26797 added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
26800 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
26803 PATH renamed to COMMAND
26807 it is now a parse error for directories to have args attached to
26812 now say command args if telling user to buzz off
26816 -s no longer indicates end of args sped up loading on cmnd_args in
26821 removed an unreachable statement
26825 made more efficient by pulling out the terminators when in GOTCMND
26826 state and making them their own rule
26829 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
26832 removed MAXLOGLEN since it is no longer used
26836 now allows command args
26840 now groks command arguments
26844 now sets tty correctly when piped input
26848 fixed loading of cmnd_args (was including command name too)
26852 fixed a core dump due to incorrect if construct
26855 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
26858 only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
26862 fixed check for ISC
26866 now sets cmnd_args used by log_error() and that will be used by the
26867 parse to check against command args
26875 now dynamically allocate logline since we can guess at its size
26878 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
26881 cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
26882 "register" since the compiler knows more than I do now do a
26883 "basename" of the tty
26886 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
26893 added shell extern changed MODE_* to be bit masks to allow for
26894 several options together
26898 added -s (shell) option made MODE_* masks so we can do bitwise & and
26899 | to see if multiple flags are set.
26903 added securid support
26906 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
26909 removed a bunch of unnecesary strncpy()'s and replaced with strcat()
26912 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
26914 * Makefile.in, version.h:
26918 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
26921 fixed free() of an uninitialized pointer (yuck)
26925 added netgr_matches
26929 cleaned up netgr_matches
26932 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
26938 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
26941 now installs sudoers.man -- really should clean this up though.
26945 added sudoers.cat and sudoers.man
26949 pulled out stuff on the sudoers file format into a separate man page
26957 fixed up my email address
26961 added checks for innetgr and getdomainname
26965 added dummy netgr_matches function
26969 added netgr_matches
26972 * parse.lex, parse.yacc:
26973 added NETGROUP support
26977 added HAVE_INNETGR & HAVE_GETDOMAINNAME
26980 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
26983 rewrote clean_env() that has rm_env() builtin
26986 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
26989 now cast uid to long in sprintf
26993 added _INSULTS suffix to HAL & GOONS end
26997 added _INSULTS suffix to HAL & GOONS
27000 * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
27001 converted to new scheme of insult "unions" end
27005 now uses MAX_UID_T_LEN
27009 added SUDO_UID_T_LEN !l
27013 added MAX_UID_T_LEN
27017 now use MAX_UID_T_LEN
27021 added check for max len of uid_t fixed sco vs. isc check
27024 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
27035 hack to check for sco
27039 removed #include <net/route.h> since it was hosing some OS's
27042 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
27045 fixed prreadlink() prototype
27049 added parens in #if's
27057 moved SPW_* to config.h.in
27061 added a set of parens
27069 added SPW_* reordered error codes
27073 moved SPW_* to sudo.h
27076 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
27079 SPW_AUTH -> SPW_SECUREWARE
27083 GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
27091 SPW_AUTH -> SPW_SECUREWARE
27095 now uses SHADOW_TYPE to make shadow pw support more readable and
27096 modular. It's a start...
27100 added autodetection of shadow passwords
27104 now uses SHADOW_TYPE define
27108 added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
27112 added SUDO_CHECK_SHADOW
27115 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
27118 define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
27119 memmove() since we dno longer use it...
27127 added BROKEN_SYSLOG support
27131 added BROKEN_SYSLOG
27135 now only bitch it timestamp > time_now + 2 * timeout to allow for a
27136 machine udpating its time from a server
27140 added 2 security notes updated Nieusma's email addr
27144 changed a memmove() to memcpy() since we don't have to worry about
27145 overlapping segments.
27148 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
27151 cleanup up the loop when interfaces are groped in so that it is
27155 * Makefile.in, version.h:
27159 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
27165 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
27168 fixed permissions check on /tmp/.odus
27171 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
27174 fixed some comments
27178 now checks owner & mode of timedir also checks for bogus dates on
27183 updated TIMEOUT info
27186 * logging.c, sudo.h:
27187 added BAD_STAMPDIR and BAD_STAMPFILE
27191 added definition of S_IRWXU
27198 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
27201 added #ifdef to make it compile on strange arches
27204 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
27207 fixed check for fulkl void impl.
27211 added mssing "static"
27215 replaced #elif with #else #if constructs for ancient C compilers
27219 updated irix c2 & kerb5 info
27223 added shadow pw support for irix
27226 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
27233 last changes for sudo 1.3.3
27237 now calls SUDO_SOCK_SA_LEN
27245 added SUDO_SOCK_SA_LEN
27249 now works with ip implementations that use sa_len in sockaddr
27253 added note about buggy AIX compiler
27257 now include sys/time.h for AIX
27260 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
27267 now works for ISC and others. yay.
27270 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
27272 * Makefile.in, version.h:
27276 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
27279 fixed test for full void impl
27283 now check to see that st_dev is non-zero before assuming that we are
27287 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
27289 * aclocal.m4, configure.in:
27290 SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
27293 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
27296 fixed include file order for SUDO_FUNC_UTIME_POSIX
27300 added cast for ttyname()
27308 now deal correctly with all known variation of utime() -- yippe
27312 added SUDO_FUNC_UTIME_POSIX
27316 added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
27320 added HAVE_UTIME_POSIX
27328 no longer assume !HAVE_UTIME_NULL means old BSD utime()
27332 fixed fascist C compiler warning
27336 now set strioctl.ic_timout in STRSET() now initialize num_interfaces
27337 to 0 (just to be anal)
27340 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
27343 increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
27351 reworked the ISC code
27354 * Makefile.in, version.h:
27359 now expect old-style utime(3) if utime() can't take NULL as an arg
27363 added check for utime.h
27371 added CPPFLAGS STATIC_FLAGS -> LDFLAGS
27375 now search for kerb libs and includes
27379 added support for utime(2)'s that can't take a NULL parameter
27383 moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
27387 added utime(s) stuff
27395 added HAVE_UTIME and HAVE_UTIME_NULL
27398 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
27401 now use HAVE_UTIME_NULL
27404 * emul/utime.h, utime.c:
27409 need to setuid(0) to make kerb4 stuff work.
27413 no more special case for kerberos
27417 took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
27422 no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
27427 now use private ticket file for kerberos support to avoid trouncing
27431 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
27434 added SPOOF_ATTEMPT & cmnd_st
27438 added anti-spoofing support
27442 now use global cmnd_st
27446 added SPOOF_ATTEMPT suypport
27449 * testsudoers.c, visudo.c:
27450 added void casts where appropriate
27454 fixed up spacing and added void casts where appropriate
27458 fixed problem with "-p prompt" but no args
27461 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
27464 added BUGS and annotated -l description
27468 validate() now takes a flag
27472 validate() now takes a flag added -l
27476 added support for -l
27480 validate() now takes a flag that says whether or not to check the
27484 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
27487 now deals with Argv == 1
27495 added prompt support reworked parse_args()
27507 now use BUFSIZ as length of kerb password added kpass so pass is
27508 always a char * now use prompt global when asking for a password
27512 now use BUFSIZ as _PASSWD_LEN if using kerberos
27519 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
27522 only look for -lufc or -lcrypt if crypt() not in libc
27526 don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
27527 (unknown user) silently fail
27535 HAVE_KERBEROS -> HAVE_KERB4
27539 removed debugging printf
27543 KERBEROS -> KERB4 added checks for setreuid & setresuid
27547 HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
27551 added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
27552 with setresuid if applic
27556 HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
27557 no setreuid() or a broken one
27560 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
27563 added kerberos support
27567 added HAVE_KERBEROS
27571 added KERBEROS support (long passwords)
27575 added kerberos support
27578 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
27581 added MODE_BACKGROUND
27585 escaped dashes added -b option
27593 added crypt() for osf/1 3.x enhanced secuiry
27597 now check for -lcrypt
27601 added ENXIO like EADDRNOTAVAIL
27604 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
27607 now emulate getwd(), not getcwd()
27611 getcwd() -> getwd()
27618 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
27620 * ins_2001.h, ins_classic.h, ins_goons.h:
27625 broke out insults into separate include files
27628 * OPTIONS, options.h:
27633 added ins_2001.h ins_classic.h ins_goons.h
27636 * Makefile.in, version.h:
27641 moved signal handler setup to setup_signals()
27645 added load_interfaces()
27649 moved load_interfaces to interfaces.c
27656 * OPTIONS, options.h:
27661 now uses clearaliases variable
27669 added interfaces.[co]
27673 now uses ip addrs and netmasks via load_interfaces()
27677 now remove IFS instead of setting to "sane" value
27680 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
27686 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
27689 sudo_goodpath.c-> goodpath.c
27693 added Andy's new ISC changes
27696 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
27699 added a sentence to SECURE_PATH info
27714 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
27720 * Makefile.in, version.h:
27725 sendmail is now looked for in
\17/usr/ucblib
27741 added unixware case
27745 user_is_exempt is no longer hidden
27753 isc and riscos changes
27757 added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
27761 fixed a typo and added testsudoers stuff
27768 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
27771 applied fixed patch from Chris
27774 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
27781 added a set of braces for bison
27785 merged in Chris' changes to dekludge the parser.
27789 send_mail() was calling find_path() which is wrong since find_path()
27790 stores cmnd in a static var. Anyhow, it doesn't make much sense
27791 since MAILER should always be fully qualified
27794 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
27797 added User_Alias stuff
27801 SUDO_NEXT now looks for /usr/lib/NextStep/software_version
27805 added DEC UNIX 3.0 w/ gcc
27809 Exit was being used in places where exit should be used
27813 added "User alias specification"
27817 fixed probs caused by making nslots and naliases a size_t
27821 added KSR, upped rev to 1.3.1b2
27824 * logging.c, parse.yacc:
27829 void * -> VOID * naliases and nslots are now size_t to appease
27830 lsearch on 64-bit machines
27833 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
27836 did a bunch of things and added a bunch :-)
27844 closer to BSD manpage style
27848 closer to standard BSD man format
27851 * compat.h, config.h.in, emul/search.h, insults.h, options.h,
27852 pathnames.h.in, sudo.h, version.h:
27857 removed crufty #defines that are no longer used
27865 updated based on sudo changes
27869 now allow ALL keyword in User_Aliases now allow ALL keyword as well
27878 now sets SUDO_COMMAND and SUDO_GID envariables.
27882 fixed bug with full void impl check
27886 fixed User_Alias supoprt
27890 added stubs for User_Alias support
27894 now sets removes # bogus interfaces from num_interfaces
27898 added User_Alias support
27901 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
27904 removed extraneous TODO
27907 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
27910 ntwk_matches -> addr_matches
27914 ntwk_matches -> addr_matches
27918 ntwk_matches -> addr_matches now use inet_addr() not inet_network()
27919 (which expects octet boundaries) fixes for OSF (sizeof(int) !=
27924 took out debugging info
27928 OS was being set to unknown before non-uname based host checks.
27929 This caused no checks to happen since $OS was not zero-length.
27933 fixed loading of interfaces struct still has debugging info in
27941 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
27952 removed extraneous extern decl of "top
27960 removed parser_cleanup (no need for it now)
27964 now calls reset_aliases() directly
27967 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
27970 added a sentence to SECURE_PATH description
27974 fixed my stupid bug where I used NAMLEN on something I wanted to
27975 just get the name from. argh.
27978 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
27981 fixed argument order of memmove() that i hosed when converting from
27986 finally fixed DISTFILES line
27994 added missing files to DISTFILES
27998 SUPPORTED -> RUNSON
28001 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
28008 updated for pl5b1 release
28016 fixed bug where if you hit return at first sudo prompt it would
28017 still log as a failure
28025 better test for bogus void * implementation
28029 added PASSWORDS_NOT_CORRECT
28033 added PASSWORDS_NOT_CORRECT stuff]
28037 added PASSWORDS_NOT_CORRECT
28045 removed some unused vars and fixed up uid2str
28052 * getcwd.c, getwd.c:
28056 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
28059 fixed a typo I introduced in the last checkin :-(
28063 can't have #ifdef's where N is defined so just do this the broken
28068 better hack from Chris (but still a hack)
28072 stupid hack for broken aix lex
28076 now includes compat.h
\ 6
28080 now includes fcntl.h
28084 added FD_SET and FD_ZERO for 4.2BSD
28088 dirty hack to fix parser bug. i don't really like this but it works
28093 uid2str is now static like the prototype says
28096 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
28098 * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
28107 check_sudoers now returns an error code and sudo calls inform_user
28108 and log_error based on the return value.
28111 * logging.c, sudo.h:
28112 added entries for new errors
28116 now set uid to that of SUDOERS_OWNER while parsing sudoers file
28120 took out testsudoers
\ 6
28124 now explicately checks that it is setuid root
28128 If a user has no passwd entry sudo would segv (writing to a garbage
28129 pointer). Now allocate space before writing :-)
28133 reordered AC_CHECK_FUNCS
28140 * tgetpass.c, visudo.c:
28145 bzero -> memset when a parse error is logged the line number of the
28146 error is now logged too
28150 added Sunos to blurb about c2 security
28154 added a SUN4 define for C2 security
28158 bcopy -> memmove bzero -> memset
28162 bcopy -> memmove char * -> VOID *
28166 added support for sunos with C2 security
28169 * OPTIONS, options.h:
28174 _PATH_SUDO_LOGFILE now set based on configure
28178 added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
28182 added _SUDO_PATH_LOGFILE
28186 added SUDO_LOGFILE to find where to put sudo.log added
28187 SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
28188 SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
28191 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
28198 now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
28199 to work around a problem is trusted hpux shadow passwords. yuck.
28203 backed out a change in malloc/realloc
28207 now include stdlib.h
28211 now do an freopen() of the stmp file so that yyin will always point
28212 to the same thing. This is important for flex since we are doing a
28217 replaced yywrap() with parser_cleanup() since yywrap() needs to be
28218 in parse.lex to be able to use YY_NEW_FILE. sigh.
28222 now have a rule that matches anything that doesn't match an
28223 explicite rule. well, you know what i mean (. matches anything not
28224 yet matched). However, this means that there is input still queued
28225 up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
28226 into parse.lex and it calls parser_cleanup() which is most of the
28234 * getcwd.c, getwd.c:
28235 moved compat.h to be the last include file
28239 fixed type of aliascmp() args
28247 added casts to lfind and lsearch args for irix
28251 bsdinstall -> install-sh
28255 added info about make realclean
28259 updated VERSION added dependencies for visudo.cat
28271 now there is a real visudo.man and visudo.cat
28275 took out visudo stuff
28282 * parse.c, parse.lex, parse.yacc:
28291 updated Nieusma & Hieb email addresses
28295 updated to include options.h and OPTIONS
28303 eliminated bug #1 (yay)
28307 sunos no longer gets linked statically
28310 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
28313 prototype now uses __P()
28317 make fill() non-ansi
28321 made -v (validate) work
28329 don't check for execute/statable if fq or relative path given
28337 now include ctype.h for islower and tolower macros
28341 moved _S_IFMT & _S_ISREG to compat.h
28345 moved a set of parens
28349 now include compat.h
28357 now cast malloc & realloc return vals added search for HAVE_LSEARCH
28358 now use strcmp if no strcasecmp available
28366 removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
28367 HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
28371 added _S_IFMT, _S_IFREG, and S_ISREG
28375 took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
28376 to most SUDO_* macros
28384 various 1.x ro 2.x autoconf changes now check for strcasecmp now use
28385 AC_INSTALL_PROG instead of custom one added check for fully woorking
28386 void implementation
28390 added lsearch & search.h visudo links into $(LIBOBJS)
28394 partial 1.x to 2.x changes added SUDO_FULL_VOID
28398 whatnow_help was prototyped to be static be was not declared as
28403 autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
28404 for dirent/dir/ndir.h
28408 now use groovy gnu autoconf macro AC_HEADER_DIRENT
28411 * getcwd.c, getwd.c:
28412 MAXPATHLEN -> MAXPATHLEN+1
28415 * emul/search.h, lsearch.c:
28419 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
28422 eliminated bison warnings
28430 now iincludes signal.h
28434 only clear data structures on a parse error
28438 whatnow() now gives help on invalid input
28442 added a whatnow() function (sort of like mh)
28446 kill_aliases -> reset_aliases yywrap() now cleans up by calling
28447 reset_aliases() and clearing top took reset stuff out of yyerror()
28448 since it doesn't beling there (and doesn't work anyway). errorlineno
28449 is now initially set to -1 so we can set it to the first error that
28450 occurrs (it was getting set to the last)
28458 rewrote from scratch based on 4.3BSD vipw.c
28461 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
28468 no more sudo_realpath() and find_path() changed params
28472 find_path() changed since no more realpath()
28476 on error, errorlineno is set to the line where the error occurred
28477 added kill_aliases() to free the aliases struct now clean up in
28478 yyerror() so we can reparse cleanly
28481 * options.h, parse.c:
28482 no more USE_REALPATH
28486 changed to use new find_path()
28490 removed all the realpath() stuff
28494 sudo_realpath.c -> sudo_goodpath.c
28498 now works correctly with utk parser
28506 eliminated a compiler warning
28510 elinated compiler warning
28514 added sudo_goodpath()
28518 added prototype for sudo_goodpath
28522 added support for /sys/dir.h
28526 USE_REALPATH turned off
28530 added calls to sudo_goodpath()
28534 added check for dirent.h
28538 added HAVE_DIRENT_H
28542 added in linux shadow pass stuff
\ 6
28545 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
28548 added back host, user, cmnd, parse_error
28552 added in utk changes plus some minor cosmetic changes
28555 * sudo.c, sudo_realpath.c:
28556 added void casts for printf's
28560 added a define of USE_REALPATH
28564 there is no more visudoers/Makefile
28568 added in utk changes (visudo is now built from the toplevel)
28572 added (void) casts to printf's
28575 * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
28576 merged in utk changes
28579 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
28582 now check to see that what we are trying to run is a file (or a link
28583 to a file, we do a stat(2) so there is no diff)
28586 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
28593 aclocal.m4 -> acsite.m4 make realclean updated for new autoconf
\ 6
28597 added myself as maintainer
28600 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
28603 changed setegid -> setgid
28606 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
28609 fixed the test for irix 5.x to skip bad libs
28613 now initialize OS and OSREV
28616 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
28623 AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
28627 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
28630 use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
28631 thing wrt yyrestart (grrrr)
28634 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
28637 added visudoers/compat.h to DISTFILES
28645 added ocmnd declaration adjusted for find_path()'s new parameters
28649 added ocmnd extern adjusted find_path() prototype
28653 cmndcmp() now takes 3 arguments and checks against the qualified as
28654 well as the unqualified pathname. more code that should use
28655 cmndcmp() but did not, now does
28663 changed to use new find_path() parameter passing
28667 find_path() now takes 2 copyout parameters (one for the qualified
28668 pathname and one for the unqualified pathname). The third parameter
28673 no longer munge pathnames.h
28677 changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
28678 as a result, pathnames.h does not need to be run through configure
28679 and the user can override the configured values easily.
28683 added _SUDO_PATH_* entries
28687 _PATH* -> _SUDO_PATH_*
28691 updated DISTFILES and HDRS .o's now depend on config.h
28694 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
28697 removed extraneous #endif
28705 added SUDO_PROG_MV added riscos and isc os types took out
28706 -DSHORT_MESSAGE from --with-csops since it is now the default
28710 move the include of id.h to compat.h now includes options.h
28714 moved compatibility #defines to compat.h
28722 move __P to compat.h
28725 * getcwd.c, getwd.c, putenv.c:
28726 now includes compat.h
28733 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
28736 pull user-configurable stuff out and put in options.h
28739 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
28741 * parse.lex, parse.yacc, visudo.c:
28742 now includes options.h
28745 * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
28747 now includes options.h
28751 added visudoers/options.h
28754 * OPTIONS, options.h:
28759 added OPTIONS and options.h
28763 changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
28767 changed PASSWORD_TIMEOUT to minutes
28770 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
28773 now only do Editor +line_num if line_num != 0
28776 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
28779 now use mv if rename(2) fails
28790 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
28793 fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
28796 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
28799 added mips & isc support
28803 added support for non-root owned sudoers file
28807 added exempt group support
28811 added set_perms() support added SUDOERS_OWNER so can have non-root
28812 own sudoers file added exempt group support added isc support
28816 now copy sudoers to temp file via read/write (not stdio) now chown
28817 new sudoers file to SUDOERS_OWNER
28820 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
28831 fixed typo added set_perms support added skey support added
28832 seteuid()/setegid() emulation for AIX
28836 be_* -> setperms() now check to make sure sudoers file is owned by
28837 root nread/write by only root
28840 * logging.c, parse.c:
28845 be_* -> set_perms() added skey support
28848 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
28858 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
28868 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
28874 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
28889 now bail if ARgv[1] > MAXPATHLEN
28893 added function check for tcgetattr(3)
28897 only define HAVE_TERMIOS_H if you have tcgetattr(3)
28901 added check for tcgetattr
28904 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
28910 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
28913 now only include unistd.h for linux
28916 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
28919 added visudo.8 generation
28923 added -Wl,-bI:./aixcrypt.exp to aix flags
28926 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
28937 added mailing list info
28941 now use sudolineno instead of yylineno fixed bison warnings
28945 now use -no_library_replacement for osf don't make a static binary
28950 added string.h/strings.h inclusion
28958 added inclusion of string.h/strings.h
28962 fixed uname | sed (needed to quote the '[')
28966 replaced yylineno with sudolineno fixed bison syntax errors
28970 changed yylineno to sudolineno since yylineno cannot be counted
28979 added code to support command listings
28983 added code for -l flag
28987 fixed typo added info for -l flag
28991 AC_SSIZE_T -> SUDO_SSIZE_T
29006 * find_path.c, sudo_realpath.c:
29007 readlink() is now declared as returning ssize~_t
29011 added -laud for OSF c2
29014 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
29016 * Makefile.in, visudo.c:
29017 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
29020 * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
29021 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
29024 * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
29025 parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
29026 sudo_setenv.c, tgetpass.c, version.h:
29027 changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
29030 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
29041 added host to alertmail messages
29049 fixed logging problem where mail would not say which user it was
29053 added -laud for gcc if osf & c2
29057 moved set_auth_parameters to sudo.c
29061 added set_auth_parameters for osf
29065 cleaned up -static stuff
29077 changed setenv() to sudo_setenv()
29093 added osf auth support & removed some extra spaces
29096 * INSTALL, SUPPORTED:
29100 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
29103 added 2 suggestions
29107 removed README.v1.3.1 and added VERSION stuff
29114 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
29125 mention HISTPRY file
29129 use sizeof instead of a constant in 1 place
29148 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
29152 [7dfbb4a810bb] [SUDO_1_3_1]
29159 added unistd.h include
29162 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
29165 added sys/time.h for AIX
29168 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
29171 added check for -lsocket and sys/sockio.h
29175 took out libshadow check and added in sys/sockio.h check
29179 now include sockio.h instead of ioctl.h if it exists "sudo -" now
29180 gets a better error message
29184 now has a dir and subnet entry
29187 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
29198 added network and ip addresses to man page
29202 no error if can't get interfaces or netmask since networking may not
29207 nwo check for interfaces == NULL
29211 fixed a bug that caused directory specs in a Cmnd_Alias to fail if
29212 the last entry in the spec failed (ie: it was only looking at the
29213 last entry). CLeaned things up by adding the cmndcmp() function--all
29221 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
29224 now do two passes to skip bogus interfaces (lo0, etc)
29227 * parse.lex, parse.yacc, visudo.c:
29228 added include of netinet/in.h
29231 * logging.c, sudo_realpath.c, sudo_setenv.c:
29232 added ninclude of netinet/in.h
29235 * check.c, find_path.c, getcwd.c, getwd.c:
29236 added include of netinet/in.h
29244 added interfaces global
29248 now uses new interfaces global
29252 now ip addresses are gleaned fw/o dns
29255 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
29258 added load_ip_addrs() to load the ip_addrs global var
29262 added hostcmp() to compare hostnames, ip addrs, and network addrs
29266 added ip_addrs def added load_ip_addrs prototype
29269 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
29276 removed multiple entries in DISTFILES
29280 ansified the !STDC_HEADERS decls
29283 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
29284 don't do malloc decl if gnuc
29288 can't use getopt(3) since it munges args to the command to be run as
29289 root don't do malloc decl if gnuc
29292 * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
29293 sudo_realpath.c, sudo_setenv.c:
29294 ansi-fied !STDC_HEADER function prottypes
29297 * getcwd.c, getwd.c:
29298 added missing paren
29302 added putenv.c to DISTFILES
29306 added params to func decls when STDC_HEADERS is not defined now can
29307 count on putenv() being there
29311 took out errno decl since sudo.h does it for us fixed up a next cc
29312 warning added params to func decls when STDC_HEADERS is not defined
29316 took out environ extern added local declaratio of putenv() if local
29320 * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
29321 added params to func decls when STDC_HEADERS is not defined
29325 added memcpy check check to see that ansi vs bsd macros are ntot
29326 already defiend before defining (ie: avoid redefinition)
29330 removed fluff setenv check plus check w/ replace for putenv if also
29338 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
29345 rm'd s realp[ath added sudo_realpath and sudo_setenv
29349 now use sudo_setenvc
29353 added puteenv and setenv, removed realpath
29357 added putenv & setenv
29368 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
29371 added MAN_POSTINSTALL and /usr/share/catman for irix
29375 added MAN_POSTINSTALL
29383 added SUDO_* plus new options
29391 took out shadow lib
29399 now use yyrestart() if flex now reset yylineno to 0
29403 support for installing a cat page instead of a man page if no nroff
29407 now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
29408 to determine whether or not to install a cat or man page
29416 not set ret to MODE_RUN initially
29420 made command (and therefor cmnd dynamically allocated)
29432 changed bufs from MAXPATHLEN to MAXPATHLEN+1
29436 added MODE_ removed validate_only and added remove_timestamp()
29440 usage() now takes an int (exit value) added parse_args() to parse
29441 command line arguments moved call to find_path() from load_globals
29442 to new function load_cmnd() removed validate_only global -- now use
29443 the concept of "modes" added -h and -k options
29447 no longer use global validate_only now checks for command called
29448 "validate" removed check for non-fully qualified commands since that
29449 is done by find_path
29453 changed MAXPATHLEN r to MAXPATHLEN+1
29457 fixed off by one error with MAXPATHLEN and fixed a comment
29461 check_timestamp no longer runs reminder(), it is implied in the
29462 return val added remove_timestamp()
29469 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
29483 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
29486 moved send_mail to after syslog
29490 now set SUDO_ envariables
29493 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
29500 now print error if chdir fails
29507 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
29514 no more static binaries for aix
29517 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
29524 took out stuff not needed for sudo now does be_root/be_user itself
29525 now uses cwd global
29532 * logging.c, sudo.c:
29533 be_root/be_user is now down in sudo_realpath()
29536 * logging.c, sudo.h:
29537 now works with 4.2BSD syslog (blech)
29541 now use sudo_realpath()
29545 took out realpth() stuff since we now use sudo_realpath()
29549 ultrix enhanced sec
29553 added ultrix enhanced sec.
29561 ultrix enhanced security suport
29565 added sudo_realpath.c
29573 increased passwd len to 24 for c2 security
29580 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
29583 now use user global var
29590 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
29597 user is now a char * added epasswd
29601 added tzset() to load_globals added epasswd (encrypted password)
29602 global made user dynamically allocated
29614 cleaned up encrypted passwd grab somewhat
29630 can now log to both syslog & a file
29654 removed AFS stuff :-)
29658 include sys/select for AIX
29669 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
29671 * CHANGES, SUPPORTED:
29676 can now have MAILER undefined
29680 new sub-note about MAILER
29684 added blurb about password timeout
29692 took out duplicate define of _CONVEX_SOURCE
29704 added a goto if fgets fails
29708 use __hpux not hpux convex c2 stuff
29712 use __hpux not hpux
29720 define ansi-ish cpp os defines if non-ansi are defined for hpux &
29725 updated to say we support sonvex C2
29729 added convex c2 support
29732 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
29735 no more ioctl never returns NULL uses fgets() and select() to
29739 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
29742 things were testing -n "$GCC" instead of -z "$GCC"
29746 now works + uses fgets()
29749 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
29752 select doesn't seem to recognize a single '\n' as input waiting so
29753 we can;t use it, sigh.
29756 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
29759 updated tgetpass() blurb
29763 added --with-getpass
29767 added tgetpass stuff
29778 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
29785 added USE_GETPASS && HAVE_C2_SECURITY
29789 fixed a test aded --with-C2 and --with-tgetpass
29797 took out tgetpass.*
29804 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
29807 no termio(s) for ultrix since it is broken
29811 added a space (yeah, anal)
29814 * realpath.c, sudo_realpath.c:
29815 fixed it (duh, rtfm)
29818 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
29821 took out bsd signal stuff for irix
29829 don't define BSD signals for irix
29840 * realpath.c, sudo_realpath.c:
29841 took out unneeded code by changing where a strings was terminated
29844 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
29846 * realpath.c, sudo_realpath.c:
29847 fix bug where /dirname would return NULL
29851 move __P to config.h
29854 * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
29855 added errno definition
29870 * realpath.c, sudo_realpath.c:
29871 now works if no fchdir
29875 define SA_RESETHAND to null if not defined
29879 added check & replace
29883 took out -static for nextstep -- it doesn't work
29886 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
29889 moved #endif to where it belongs
29897 now checks for strdup realpath getcwd bzero
29905 added posic signals
29913 added posix signals
29917 removed BROKEN_GETPASS added new srcs toreplace missing functions
29921 added posix signal stuff
29933 now uses posix signals
29937 updated sto reflect major changes
29945 uses sysconf() if available
29949 added PASSWORD_TIMEOUT + prototypes for new functions
29952 * realpath.c, sudo_realpath.c:
29953 for those w/o this in libc
29956 * getcwd.c, getwd.c:
29961 rewrote to use realpath(3) - nis now all my code
29965 added HAVE_REALPATH
29973 added LIBOBJS use tgetpass.c
29976 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
29990 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
30001 added check for getwd
30005 replace strdup & realpath & getcwd if missing
30013 added SUDO_PROG_PWD
30020 * realpath.c, sudo_realpath.c:
30024 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
30027 quoted quare brackets
30030 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
30033 no need to strdup() a constant
30048 * parse.c, sudo.c, sudo.h:
30049 added validate_only stuff
30052 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
30059 $OSREV is now an int
30062 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
30065 added mtxinu to caser
30073 now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
30077 changed mail_argv[] def now use EXEC() macro
30081 took out crypt() definition
30089 always look for -lnsl
30097 SHORT_MESSAGE is now the default
30105 added missing AC_DEFINE(SVR4) for solaris
30109 documented the -v flag
30121 added LIBSHADOW undef
30125 nwo set OS to be lowercase
30128 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
30131 now use SUDO_OSTYPE to set $OS
30135 now use uname to determine os
30139 added prototypes & moved sig handler around
30146 * check.c, logging.c, sudo.c:
30155 nwo use _BSD_SIGNALS not _BSD_COMPAT
30166 * parse.lex, parse.yacc:
30167 moved config.h to top of includes
30170 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
30173 now don't bitch if get EACCESS (treat like EPERM)
30177 added -v flag and usage()
30185 cast Argv to a const for exec added -v flag
30189 mail_argv is now a const
30193 only set RETSIGTYPE if it is not set already
30197 now defines & STDC_HEADERS for Irix
30204 * insults.h, sudo.h:
30205 prevent multiple inclusion
30212 * parse.lex, parse.yacc:
30213 now includes config.h
30217 now talks about sunos 4.x
30221 calls to Exit now pass an arg
30224 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
30227 signal handler now takes an int argument
30235 ok, the getcwd() is now *really* done as the user
30239 changed AIX STATIC_FLAGS
30243 solaris now defines SVR4
30247 added cwd and fixed stupid core dump that makes no sense. sigh.
30251 moved getcwd stuff into load_globals
30255 took out externs that are in suod.h
30259 moved cwd into load_globals
30267 fixed make distclean & realclean
30275 added solaris changes
30279 added solaris changes, need to rework
30283 cleaned up for solaris
30287 reinstall reapchild signal handler for non-bsd signals
30291 took out getdtablesize() emulation for HP-UX (no longer needed)
30295 support for HAVE_SYSCONF
30299 added <fcntl.h> for solaris & reorg'd the includes + minor prettying
30307 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
30310 now tells you what os you are running /.
30317 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
30332 uid seinitialized to -2
30335 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
30338 now removes LIBPATH for AIX
30341 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
30344 now uses ufc if it finds it
30347 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
30350 no longer define yyval & yylval since yacc does it
30354 now defines yylval as extenr
30358 BROKEN_GETPASS is now an OPTION
30362 took out BROKEN_GETPASS
30366 took out big comment
30374 took out README.beta
30382 now reference SUPPORTED .,
30386 now check for convex OR __convex__
30390 now check for convex or __convex__
30402 now use _S_* stat stuff to be ansi-like
30406 updated for configure directions
30410 distclean now removes config.h and pathnames.h
30429 * config.h.in, pathnames.h.in:
30430 added copyright header
30433 * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
30434 parse.yacc, sudo.c, sudo.h:
30439 udpated to use configure + pathnames.h
30446 * Makefile.in, config.h.in, configure.in:
30451 now works with configure
30454 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
30455 updated to work with configure + pathnames.h
30462 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
30465 updated gnu general licence to versio 2
30468 * config.h.in, pathnames.h.in:
30473 changed to work with configure
30476 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
30478 * Makefile.in, aclocal.m4, configure.in:
30483 now uses defines used by configure
30486 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
30489 sudo won't bitch about EPERM now, for real
30492 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
30495 renamed exec_argv to eliminate a libc name clash with ksros
30502 * logging.c, sudo.c, sudo.h:
30519 added UMASK and mode_t declaration
30527 now opens log file with mode 077
30531 saved current umask ans restores it
30535 added MAXLOGFILELEN
30539 split long log lines. FOr syslog, split into multiple entries, for
30540 a log file, indent the extra for readability
30543 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
30550 MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
30553 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
30556 added input from Brett M Hogden <hogden@rge.com>
30559 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
30562 added rmenv() to remove stuff from environ. can now uses execvp()
30563 OR execve() becuase of this.
30567 now uses execvp() OR execve()
30583 moved some func decls out of sudo.h and into sudo.c as statics /.
30594 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
30600 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
30615 added sample.sudoers note
30622 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
30629 took out SAVED_UID garbage
30630 [b7c2d3469661] [SUDO_1_3_0]
30649 more verbose error if mailer not found
30653 now do getpwent as root for soem shadow password systems (bsdi)
30656 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
30659 took out SAVED_UID garbade
30663 took out SAVED_UID garbage since it don't work
30666 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
30673 added a missing space :-)
30677 took out multimax cruft
30689 fixed a typo + indentation
30692 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
30695 took outumoved some defines to the config file ,. ,.
30707 added HAS_SAVED_UID
30714 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
30720 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
30726 * check.c, logging.c, parse.c, sudo.c, sudo.h:
30727 now is only root when abs necesary
30734 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
30749 now removed _RLD_* for alphas
30753 updated for new config scheme
30757 more verbose eror messages
30760 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
30767 define __svr4__ for SOLARIS
30771 added svr4 junk for shadow pws for solaris 2.x
30775 took out setuid(0) and setreuid(udi) garbage. Its not needed since
30776 we start out setuid with the correct perms.
30779 * check.c, sudo.c, sudo.h:
30783 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
30786 revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
30791 now uses ENV_EDITOR if you want to use the EDITOR envar
30795 now uses ENV_EDITOR if you want to use the EDITOR envar >> .
30798 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
30801 rewrote most of this
30805 minor update + spell fix
30809 added all options that are in the Makefile
30813 now use USE_TERMIO #define for sgi & hpux
30820 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
30822 * check.c, find_path.c:
30823 always include strings.h
30831 sgi has vi in /usr/bin too
30838 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
30841 sue /usr/bin/vi on some systems
30845 fixed warning (include strings.h)
30849 added John_Rouillard@dl5000.bc.edu's changes (new features)
30853 changes from John_Rouillard@dl5000.bc.edu
30860 * check.c, find_path.c, parse.c, sudo.c:
30861 added patches from John_Rouillard directory spec
30865 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
30868 added flush for hpux
30871 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
30874 no longer assume malloc returns a char *
30878 alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
30879 gets removed correctly
30883 added STD_HEADERS macro
30887 now uses STD_HEADERS macor for ansi
30891 now uses STD_HEADERS macro
30895 niceties for C compiler bitches -- no real change
30898 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
30901 now doesn't fclose a file never opened.
30904 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
30911 added error stuff added me in there...
30919 added blurb about reading stuff
30927 corrected somments and removed newlines
30939 added dec syslog note
30943 added real stuff in there
30954 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
30961 updated with changes
30972 * CHANGES, COPYING, INSTALL, README, TODO:
30977 updated version number and took out jeff's old addr since it is no
30981 * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
30983 updated version number and took out jeff's email (since it is
30987 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
30993 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
30996 now return NULL instead pf
\b\bof exiting for nopn
\b\bn-fatal errors
30999 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
31006 now sudo.h gets included first
31009 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
31020 hpux 9 fix, removes SHLIB_PATH linux patch
31027 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
31030 stat now ignores EINVAL
31033 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
31035 * find_path.c, sudo.c:
31036 now declare strdup as extern
31039 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
31042 reformatted with indent + by hand
31045 * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
31046 used indent to "fix" coding style
31050 now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
31051 move the code that does this into the loop body. makes it messier
31055 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
31058 redid the fix for non-executable files in an easier to read way plus
31059 some minor aethetic changes
31063 fixed bug with non-executable tings of same name in path introduced
31064 by checkig errno after stat(2).
31067 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
31070 fixed off by one error
31074 now handles decending below '/' correctly
31078 now actually builds Envp instead of munging envp
31081 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
31084 now includes sys/param.h
31088 now includes sys/param.h
31092 fixed ifndef -> ifdef
31096 make more like find_path.c
31100 rewritten by millert
31104 fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
31105 about new defines in the comment
31113 added delc for clean_envp() and Envp
31117 now rips LD_* env vars out of envp and passed sanitized Envp to exec
31125 ENOTDIR is ok now too (in case part of the path is bogus)
31129 now works correctly (ttaltotal rewrite)
31133 now includes sys/param.h didn't match trailing / -- fix from
31137 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
31140 moved around the #ifndef _AIX
31143 * check.c, logging.c, parse.c:
31147 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
31153 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
31156 now works if you do sudo bin/test
31163 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
31173 * parse.lex, parse.yacc:
31177 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
31184 now spews error if exec fails and exits with -1
31192 now only execs files with (an) executable bit set.
31199 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>