version 1.1, 2012/02/21 16:23:01
|
version 1.1.1.4, 2013/07/22 10:46:10
|
Line 1
|
Line 1
|
2012-01-24 Todd C. Miller <Todd.Miller@courtesan.com> | 2013-06-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: |
|
Fix typo; bug 605 |
|
[41f7b46a6e51] |
|
|
|
2013-06-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/po/da.mo, src/po/eo.mo, src/po/es.mo, src/po/it.mo, |
|
src/po/tr.mo: |
|
Regen .mo files that were out of date. |
|
[9e25a254f9db] |
|
|
|
2013-05-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.in: |
|
On Solaris 11 and higher, tag binaries for ASLR if supported by the |
|
linker. |
|
[a2a6cafa3e60] |
|
|
|
* mkpkg: |
|
No longer need to disable PIE on Solaris. |
|
[cf90019ae67e] |
|
|
|
2013-05-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING: |
|
Restrict default creation of PIE binaries (-fPIE and -pie) to Linux. |
|
OpenBSD also supports PIE but enables it by default so we don't need |
|
to do anything. This fixes problems on systems with a version of |
|
GNU ld that accepts -pie but where the run-time linker doesn't |
|
actually support PIE. Also verify that a trivial PIE binary works |
|
unless PIE is explicitly enabled. |
|
[3c5f125efeb1] |
|
|
|
2013-05-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* aclocal.m4, configure, configure.in: |
|
Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld |
|
where we can end up crashing due to malloc() failures. Sems OK when |
|
Using Sun as and ld. |
|
[b8ba412102ab] |
|
|
|
* NEWS: |
|
Update with final changes. |
|
[78ff6d2ed47a] |
|
|
|
2013-05-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Add -fPIE to PIE_LDFLAGS as per gcc manual. |
|
[fe900cbb0780] |
|
|
|
2013-05-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/Makefile.in, compat/Makefile.in: |
|
Add missing $(PIE_LDFLAGS) $(SSP_LDFLAGS) for test programs |
|
[f84bc7482b78] |
|
|
|
* MANIFEST, plugins/sudoers/alias.c, plugins/sudoers/match.c, |
|
plugins/sudoers/parse.c, plugins/sudoers/parse.h, |
|
plugins/sudoers/regress/visudo/test4.out.ok, |
|
plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c: |
|
Replace sequence number-based cycle detection in visudo with a |
|
"used" flag in struct alias. The caller is required to call |
|
alias_put() when it is done with the alias. Inspired by a patch |
|
from Daniel Kopecek. |
|
[0bdbac1b3b39] |
|
|
|
2013-05-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/iolog.c: |
|
Eliminate a few relocations related to sudoers_io. |
|
[18e9e2cc3367] |
|
|
|
* plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po: |
|
Sync with translationproject.org |
|
[f38cc128a2ad] |
|
|
|
2013-05-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/ttyname.c: |
|
Clarify a comment. |
|
[7a045ee06e95] |
|
|
|
2013-05-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/ttyname.c: |
|
Handle d_type == DT_UNKNOWN when resolving the device to a name and |
|
sprinkle some more debugging. |
|
[8774133747d9] |
|
|
|
2013-05-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/TROUBLESHOOTING: |
|
Add message about disabling PIE if sudo gets SIGSEGV. |
|
[c786af2a6751] |
|
|
|
* plugins/sudoers/check.h, plugins/sudoers/timestamp.c: |
|
No longer store the ctime of a devpts tty. The handling of ctime on |
|
devpts in Linux has been changed to conform to POSIX. As a result |
|
we can no longer assume that the ctime will stay unchanged |
|
throughout the life of the session. We store the session ID in the |
|
time stamp file so there is a much smaller chance of the time stamp |
|
file being reused by a new login. While here, store the uid/gid in |
|
the timestamp file too for good measure. |
|
[7028b21f7a9b] |
|
|
|
* configure, configure.in: |
|
PIE is broken on FreeBSD/arm |
|
[f232c60d6229] |
|
|
|
* mkpkg: |
|
Add explicit sendmail path for Linux since we may not have sendmail |
|
installed in the build chroot. |
|
[1ba2f84f4ff0] |
|
|
|
2013-05-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_debug.c, plugins/sudoers/iolog.c, |
|
plugins/sudoers/set_perms.c, src/sudo.c, src/tgetpass.c: |
|
Quiet a few -Wunused-result compiler warnings. |
|
[ef12afb61423] |
|
|
|
2013-04-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Mention what SHA-2 formats are supported. |
|
[bf298d0fdf8a] |
|
|
|
* doc/CONTRIBUTORS: |
|
List code and translations separately. |
|
[826547bc1295] |
|
|
|
2013-04-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, |
|
plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, |
|
plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po: |
|
Sync with translationproject.org |
|
[9499a6f438b8] |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
regen |
|
[cce449e284a6] |
|
|
|
* Makefile.in: |
|
Fix c-format for fatal/fatalx |
|
[4ad81d3faaeb] |
|
|
|
2013-04-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.h: |
|
Change some error/errorx -> fatal/fatalx in comments and xgettext |
|
flags. |
|
[9d9b64fa2ec9] |
|
|
|
* NEWS: |
|
There is now a Turkish translation of sudoers. |
|
[701c5af6aa76] |
|
|
|
* MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, |
|
plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: |
|
Updated translations from translationproject.org including new |
|
Turkish translation. |
|
[9cedbb50d90f] |
|
|
|
2013-04-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Document that sudoers will re-use existing I/O log paths unless they |
|
are mktemp-style with trailing X's. |
|
[4f43bd13d9e7] |
|
|
|
* NEWS, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, |
|
doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/ldap.c, |
|
plugins/sudoers/policy.c, plugins/sudoers/sudoers.h: |
|
Allow ldap_conf and ldap_secret to be specified as plugin arguments |
|
in sudo.conf |
|
[37c6c425b565] |
|
|
|
* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, |
|
doc/sudoers.ldap.mdoc.in: |
|
sudoers_debug is now deprecated in favor of the sudo debugging |
|
framework. |
|
[1195be1ec254] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Replace DPRINTF with DPRINTF1 and DPRINTF2 macros that use |
|
SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the |
|
debug file with the ldap subsystem. The sudoers_debug setting in |
|
ldap.conf is still honored for now but will be removed in a future |
|
release. |
|
[cfa42b4b913e] |
|
|
|
2013-04-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers2ldif: |
|
Add support for converting sudoers files with SHA-2 command digests. |
|
[dc0d03485946] |
|
|
|
* doc/fixman.sh, doc/fixmdoc.sh, mkdep.pl, mkpkg, |
|
plugins/sudoers/sudoers2ldif: |
|
Add copyright notice to scripts |
|
[5e8bd4e6083f] |
|
|
|
* MANIFEST, plugins/sudoers/regress/sudoers/test14.in, |
|
plugins/sudoers/regress/sudoers/test14.out.ok, |
|
plugins/sudoers/regress/sudoers/test14.toke.ok: |
|
Add regress for SHA-2 digests. |
|
[0b258c2a2a95] |
|
|
|
* compat/getgrouplist.c: |
|
Solaris maps negative gids to GID_NOBODY. |
|
[57050e5c750f] |
|
|
|
* plugins/sudoers/visudo.c: |
|
Clear up an llvm checker warning which appears to be a false |
|
positive and fix an old XXX while I'm at it. |
|
[9ee13133e596] |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: |
|
Correct last change date |
|
[3bc1fa5b0f76] |
|
|
|
* plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoreplay.c: |
|
No need to translate this error message. |
|
[4d9941970a26] |
|
|
|
* doc/UPGRADE: |
|
Mention .sl vs. .so extension handling on HP-UX Mention group |
|
membership changes Fix typos |
|
[40ac0efbdb2b] |
|
|
|
* aclocal.m4, common/aix.c, common/alloc.c, common/atobool.c, |
|
common/error.c, common/fmt_string.c, common/lbuf.c, common/list.c, |
|
common/setgroups.c, common/term.c, common/ttysize.c, |
|
compat/Makefile.in, compat/dlopen.c, compat/endian.h, |
|
compat/getline.c, compat/getprogname.c, compat/isblank.c, |
|
compat/memrchr.c, compat/mksiglist.c, compat/mktemp.c, |
|
compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c, |
|
compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, |
|
compat/strsignal.c, compat/utimes.c, doc/Makefile.in, |
|
include/Makefile.in, include/alloc.h, include/fileops.h, |
|
include/gettext.h, include/lbuf.h, include/missing.h, |
|
include/sudo_plugin.h, pathnames.h.in, |
|
plugins/group_file/Makefile.in, plugins/sample/Makefile.in, |
|
plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/alias.c, plugins/sudoers/audit.c, |
|
plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, |
|
plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, |
|
plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, |
|
plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, |
|
plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, |
|
plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, |
|
plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/bsm_audit.c, |
|
plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c, |
|
plugins/sudoers/defaults.h, plugins/sudoers/env.c, |
|
plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, |
|
plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, |
|
plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, |
|
plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c, |
|
plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c, |
|
plugins/sudoers/logging.h, plugins/sudoers/match.c, |
|
plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, |
|
plugins/sudoers/parse.h, plugins/sudoers/prompt.c, |
|
plugins/sudoers/pwutil.h, plugins/sudoers/redblack.c, |
|
plugins/sudoers/redblack.h, |
|
plugins/sudoers/regress/check_symbols/check_symbols.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/regress/parser/check_fill.c, |
|
plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, |
|
plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers_version.h, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.h, plugins/sudoers/toke.l, |
|
plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c, |
|
plugins/sudoers/visudo.c, plugins/system_group/Makefile.in, |
|
plugins/system_group/system_group.c, src/Makefile.in, |
|
src/conversation.c, src/exec.c, src/exec_common.c, src/get_pty.c, |
|
src/net_ifs.c, src/parse_args.c, src/preload.c, src/selinux.c, |
|
src/sesh.c, src/signal.c, src/sudo_edit.c, src/sudo_exec.h, |
|
src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c, |
|
src/utmp.c: |
|
Update copyright years. |
|
[5c6d72661bad] |
|
|
|
* plugins/sudoers/mon_systrace.h: |
|
Systrace support was removed long ago. |
|
[10a038a2da77] |
|
|
|
2013-04-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/regress/sudoers/test10.toke.out.ok, |
|
plugins/sudoers/regress/sudoers/test9.toke.out.ok: |
|
Remove some files that were mistakenly added. |
|
[833502da26de] |
|
|
|
* common/sudo_debug.c, config.h.in, configure, configure.in, |
|
plugins/sudoers/boottime.c, plugins/sudoers/iolog.c, |
|
plugins/sudoers/ldap.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c: |
|
Use time(&now) instead of now = time(NULL) when storing the current |
|
time in a time_t (better compiler error checking). Better parsing |
|
and printing of 64-bit time_t on 32-bit platforms. |
|
[c227dc72c04e] |
|
|
|
2013-04-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/ttyname.c: |
|
Don't check the tty of the parent process. Now that we get the |
|
controlling tty device number from the kernel there is no need. If |
|
the process has really disassociated from the tty then reporting |
|
"unknown" is appropriate. |
|
[62fb66e565db] |
|
|
|
2013-04-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/error.c: |
|
Use EXIT_FAILURE instead of 1 as the fatal() exit value. |
|
[ed94c2c5e88a] |
|
|
|
* src/sesh.c: |
|
Change remaining errorx -> fatalx |
|
[3f6d70e19303] |
|
|
|
2013-04-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h: |
|
Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an |
|
error if the entry already exists in the cache. |
|
[94d45970400a] |
|
|
|
* plugins/sudoers/bsm_audit.c, plugins/sudoers/po/sudoers.pot: |
|
Change "foo: failed" to just "foo" since we print the string form of |
|
errno. Gets rids of some useless translations. |
|
[476f37349dbc] |
|
|
|
2013-04-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/match.c: |
|
Fix pasto in debug_decl |
|
[08650186a239] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
regen |
|
[acf4c34fba2c] |
|
|
|
* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, |
|
plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, |
|
plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/logging.h, plugins/sudoers/parse.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: |
|
Rename log_error() -> log_warning() for consistency with |
|
warning()/fatal() |
|
[474ed5a0e335] |
|
|
|
* plugins/sudoers/auth/API: |
|
The NO_EXIT flag was removed a while ago. |
|
[e0a4be270226] |
|
|
|
* common/aix.c, common/alloc.c, common/error.c, include/error.h, |
|
plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c, |
|
plugins/sudoers/find_path.c, plugins/sudoers/hexchar.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/policy.c, plugins/sudoers/prompt.c, |
|
plugins/sudoers/pwutil.c, |
|
plugins/sudoers/regress/check_symbols/check_symbols.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, |
|
plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c, |
|
src/exec_pty.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, |
|
src/signal.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, |
|
src/utmp.c: |
|
Rename error/errorx -> fatal/fatalx and remove the exit value as it |
|
was always 1. |
|
[ea66f58c4da5] |
|
|
|
* NEWS: |
|
digests are supported in sudoers ldap too |
|
[77d6c25f7653] |
|
|
|
* plugins/sudoers/regress/check_symbols/check_symbols.c: |
|
Print test failures to stdout like the final count so the outputis |
|
not displayed out of order. |
|
[f541b78ecb93] |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, |
|
plugins/sudoers/po/eo.po, plugins/sudoers/po/hr.mo, |
|
plugins/sudoers/po/hr.po, plugins/sudoers/po/it.po, src/po/da.mo, |
|
src/po/da.po, src/po/eo.po, src/po/hr.mo, src/po/hr.po, |
|
src/po/it.po, src/po/tr.po: |
|
Sync with translationproject.org |
|
[cbd70678b99f] |
|
|
|
* Makefile.in: |
|
Check for any uncommitted changes in dist target and add force-dist |
|
target that omit check-dist. |
|
[78dc3f41e37e] |
|
|
|
2013-04-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/regress/ttyname/check_ttyname.c: |
|
Fix logic bug when checking tty via ttyname(). |
|
[279aee076194] |
|
|
|
* compat/endian.h: |
|
Fix check for _BIG_ENDIAN and _LITTLE_ENDIAN (Solaris) and |
|
__BIG_ENDIAN__ and __LITTLE_ENDIAN__ (HP-UX) |
|
[fe35e0b04502] |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
regen |
|
[0ddebccd3045] |
|
|
|
* NEWS, doc/sample.sudoers, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, |
|
doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Document digest support. |
|
[d794c7b9a7bc] |
|
|
|
* MANIFEST, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/regress/parser/check_base64.c: |
|
Simple bas64 decode unit test. |
|
[344b0df0fe50] |
|
|
|
* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/base64.c, |
|
plugins/sudoers/match.c, plugins/sudoers/parse.h: |
|
Move base64_decode into its own source file. |
|
[30497e7f88bc] |
|
|
|
* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: |
|
Only check year against 2038 if time_t is 32-bit. |
|
[9c1f2e3fc3ba] |
|
|
|
2013-04-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c, plugins/sudoers/parse.h, |
|
plugins/sudoers/sssd.c: |
|
Add digest support for sudoers in ldap and sss. |
|
[314937b5e59e] |
|
|
|
* INSTALL, configure, configure.in: |
|
Error out in configure if the compiler doesn't support "long long". |
|
[d3645c1d50d1] |
|
|
|
* plugins/sudoers/match.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l: |
|
Include stdint.h or inttypes.h before sha2.h |
|
[20ad1c20313d] |
|
|
|
* common/lbuf.c: |
|
Simplify lbuf append functions by moving the realloc code into |
|
lbuf_expand(). We now expand as needed each time bytes need to be |
|
written to the lbuf. Also handle a NULL pointer being passed in for |
|
paranoia's sake. |
|
[6283ee562ef4] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Zero out struct iolog_details early to avoid a potential (though |
|
unlikely) dereference of stack garbage if we hit a fatal error |
|
before iolog_deserialize_info() is called. |
|
[2eeca8be05fb] |
|
|
|
2013-04-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Update copyright year. |
|
[b843c6a43238] |
|
|
|
* plugins/sudoers/sudoers_version.h: |
|
Bump SUDOERS_GRAMMAR_VERSION for new digest support. |
|
[188556fb8156] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.h, |
|
plugins/sudoers/gram.y, plugins/sudoers/match.c, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Sanity check digest in parser so visudo can catch errors. Add base64 |
|
support |
|
[b8586d5cc7ed] |
|
|
|
* MANIFEST, compat/endian.h, config.h.in, configure, configure.in, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/sha2.c: |
|
For big endian architectures just use memcpy() instead of BE macros |
|
in a loop. |
|
[c71a0f4a8a8e] |
|
|
|
2013-04-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, config.h.in, configure, configure.in, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.h, plugins/sudoers/gram.y, |
|
plugins/sudoers/hexchar.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/match.c, plugins/sudoers/parse.h, |
|
plugins/sudoers/regress/parser/check_digest.c, |
|
plugins/sudoers/regress/parser/check_digest.out.ok, |
|
plugins/sudoers/sha2.h, plugins/sudoers/sssd.c, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l, |
|
plugins/sudoers/toke_util.c: |
|
Initial implementation of checksum support in sudoers. Currently |
|
supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format |
|
validation in parser and base64 support. checksum support for |
|
ldap sudoers |
|
[b8f196346eca] |
|
|
|
2013-04-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS, plugins/sudoers/sha2.c, plugins/sudoers/sha2.h: |
|
SHA-224, SHA-256, SHA-384 and SHA-512. Derived from the public |
|
domain SHA-1 and SHA-2 implementations by Steve Reid and Wei Dai |
|
respectively. |
|
[7511d07c0a83] |
|
|
|
2013-04-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Add sudo 1.8.6p8 |
|
[0666fd0321ae] |
|
|
|
* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/po/sudoers.pot: |
|
Add missing "not" in error message when mixing standalone and non- |
|
standalone authentication methods. |
|
[7eba4439db73] |
|
|
|
* plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c: |
|
Check for crypt() returning NULL. Traditionally, crypt() never |
|
returned NULL but newer versions of eglibc have a crypt() that does. |
|
Bug #598 |
|
[887b9df243df] |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Better PAM error messages |
|
[fd7eda53cdd7] |
|
|
|
* plugins/sudoers/auth/kerb5.c: |
|
Better error messages |
|
[98142874a2f4] |
|
|
|
* plugins/sudoers/bsm_audit.c: |
|
Use same error message for getauid() failure. |
|
[07f0d88cb1df] |
|
|
|
* plugins/sudoers/sssd.c: |
|
Start warning with a lower case letter for consistency and to match |
|
existing translated strings. |
|
[b719ac52c9e3] |
|
|
|
2013-04-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* mkpkg: |
|
Disable PIE on Solaris where it is not really supported. |
|
[c36c84cdcc7a] |
|
|
|
* src/ttyname.c: |
|
AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit |
|
before we try to match it against st_rdev. |
|
[5dab449fb962] |
|
|
|
* src/ttyname.c: |
|
Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes |
|
a problem finding the tty name when it is not in /dev/pts. |
|
[6c205d087fa0] |
|
|
|
* compat/snprintf.c: |
|
Support %lld and %llu |
|
[feabfa06c954] |
|
|
|
* .hgignore, MANIFEST, src/Makefile.in, |
|
src/regress/ttyname/check_ttyname.c: |
|
Add ttyname test. |
|
[e987038f8c07] |
|
|
|
2013-04-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/de.mo, src/po/de.po, src/po/fi.mo, src/po/fi.po, |
|
src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po, |
|
src/po/sl.mo, src/po/sl.po, src/po/uk.mo, src/po/uk.po, |
|
src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: |
|
Sync with translationproject.org |
|
[4d7b73b22079] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Log timestampfile to debug file. |
|
[e997281146c0] |
|
|
|
* plugins/sudoers/auth/pam.c, plugins/sudoers/po/sudoers.pot: |
|
Don't add the "Password: " string we look up in the PAM text domain |
|
to the sudoers.pot file. |
|
[771b52244abf] |
|
|
|
2013-04-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
Synce with regcomp() error message change. |
|
[fc6d3dfb8eb8] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Be consistent with error message when regcomp() fails. |
|
[de6c69ba04e4] |
|
|
|
2013-04-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/regress/testsudoers/test5.out.ok, |
|
plugins/sudoers/regress/testsudoers/test5.sh: |
|
Use group -1 instead of 1 as the invalid group since the running |
|
user might have group 1 as their default group. |
|
[71404a9fa75d] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
PWD may be a shell builtin, use CWD instead. |
|
[c443105c5091] |
|
|
|
2013-04-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/check.c: |
|
Split up check_user(). |
|
[ce7cc0767589] |
|
|
|
2013-04-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure.in: |
|
Cosmetic fixes in the comments. |
|
[640abee43c14] |
|
|
|
2013-04-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Use AC_LINK_IFELSE instead of AC_TRY_LINK Fix printing of status |
|
message for visibility checks when the test fails. |
|
[99665477ee55] |
|
|
|
* config.h.in: |
|
regen |
|
[00c22606719a] |
|
|
|
* configure, configure.in: |
|
We no longer use mbr_check_membership() and setrlimit64() is AIX- |
|
specific. |
|
[43caf685a1f1] |
|
|
|
* Makefile.in: |
|
The first (all) target must be by itself or some makes will choose |
|
the run the entire target list. |
|
[16cf3def49f5] |
|
|
|
* configure, configure.in: |
|
Do exec_prefix expansion when enable_shared even if noexec is not |
|
enabled. |
|
[7ed28cb32d8d] |
|
|
|
* compat/getgrouplist.c: |
|
Use free() not efree() since we don't include alloc.h here |
|
[1a008737be24] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[b939f941346f] |
|
|
|
* plugins/sudoers/regress/testsudoers/test2.sh, |
|
plugins/sudoers/regress/testsudoers/test3.sh, |
|
plugins/sudoers/regress/testsudoers/test5.sh: |
|
Pass in expected gid to testsudoers in addition to the uid that |
|
matches the test sudoers files. |
|
[6a1710e8cac1] |
|
|
|
2013-04-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* include/missing.h: |
|
Tru64 5.x does declare innetgr() and getdomainname(). |
|
[c75598e69c7e] |
|
|
|
* plugins/sudoers/match.c: |
|
Fix compilation when getdomainame() is not present. |
|
[e831b017a962] |
|
|
|
* config.h.in, configure.in, include/missing.h: |
|
Move SET/CLR/ISSET from config.h.in to missing.h |
|
[3a3dd29fd7f0] |
|
|
|
* configure, configure.in: |
|
Fix getgrouplist() check. |
|
[12a2adf60e98] |
|
|
|
* MANIFEST: |
|
No more timestamp.h |
|
[5677e26afc0f] |
|
|
|
* plugins/sudoers/check.c: |
|
Neded sys/time.h for struct timeval in struct sudo_tty_info. |
|
[aceaadd8c400] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
regen depends |
|
[21675a8b67e5] |
|
|
|
* NEWS: |
|
Mention libibmldap on HP-UX |
|
[75b4e4b22950] |
|
|
|
* NEWS, plugins/sudoers/match.c: |
|
Instead of checking the domain name explicitly for "(none)", just |
|
check for illegal characters. |
|
[ce35dda811db] |
|
|
|
* plugins/sudoers/visudo.c: |
|
Only warn once when we are unable to open the sudoers file. |
|
[9e27e3aa5b10] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Fall back to opening /dev/tty to determine whether there is a tty if |
|
the system doesn't have kernel support for determing the tty. |
|
[2775bcf9a9b5] |
|
|
|
* compat/getprogname.c: |
|
Update guard to take __progname into account |
|
[60eae3f20232] |
|
|
|
* compat/snprintf.c: |
|
Some older systems have inttypes.h but not stdint.h |
|
[ed1ef160015f] |
|
|
|
* compat/closefrom.c, compat/dlopen.c, compat/fnmatch.c, |
|
compat/getaddrinfo.c, compat/getcwd.c, compat/getgrouplist.c, |
|
compat/getline.c, compat/getprogname.c, compat/glob.c, |
|
compat/isblank.c, compat/memrchr.c, compat/mktemp.c, |
|
compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c, |
|
compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, |
|
compat/strsignal.c, compat/utimes.c: |
|
Add guards in compat source files. Not really needed since we only |
|
include them in the Makefile if they are needed but should not hurt |
|
either. |
|
[8cbd3b4595b9] |
|
|
|
2013-03-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y: |
|
Don't include gram.h in gram.y, its contents are already included. |
|
Move sudoerserror to the end of gram.y so COMMENT is declared when |
|
we need to use it. |
|
[7d72ebdd7222] |
|
|
|
2013-03-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure.in: |
|
Remove some pre-ANSI cruft. |
|
[6a95704b2116] |
|
|
|
* plugins/sudoers/match.c: |
|
Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h |
|
when it is set. |
|
[da40c550ffed] |
|
|
|
* NEWS, plugins/sudoers/iolog_path.c: |
|
We still want to recognize %{seq} for the SUDOERS_NO_SEQ case but |
|
just leave it as-is. |
|
[9a22de140d28] |
|
|
|
2013-03-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y: |
|
Add missing semicolon in rule. |
|
[817d3f1b2a21] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Now that we can determine the terminal even when file descriptors |
|
are redirected we can check user_ttypath rather than opening |
|
/dev/tty when enforcing requiretty. |
|
[56a28bc09041] |
|
|
|
* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h: |
|
Stash umask in struct sudo_user so we don't need to look it up |
|
later. |
|
[9f85749199dc] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Minor cosmetic change |
|
[c373e106ed49] |
|
|
|
* plugins/sudoers/regress/parser/check_addr.c: |
|
No longer need to declare interfaces |
|
[d7ff7e579557] |
|
|
|
* plugins/sudoers/logging.c: |
|
Fix compilation in SUDOERS_NO_SEQ case |
|
[9a6db9247534] |
|
|
|
* plugins/sudoers/regress/parser/check_addr.c: |
|
No longer need to define sudo_printf |
|
[578ad13c3546] |
|
|
|
* plugins/sudoers/check.c, plugins/sudoers/check.h, |
|
plugins/sudoers/timestamp.c: |
|
Pass auth_pw to the timestamp functions. |
|
[f603649177d6] |
|
|
|
* plugins/sudoers/iolog_path.c: |
|
Fix SUDOERS_NO_SEQ |
|
[17881f9bcd68] |
|
|
|
* plugins/sudoers/locale.c: |
|
Don't need all of sudoers.h in here |
|
[c518150c6483] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Don't need to include sudoers_version.h here. |
|
[8abb31102119] |
|
|
|
2013-03-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/check.c: |
|
DEFAULT_LECTURE is no longer used. |
|
[f565c00a68c1] |
|
|
|
* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: |
|
Move sudo_conv into policy.c |
|
[f699aee7136b] |
|
|
|
* plugins/sudoers/pwutil.c: |
|
cosmetic fixes |
|
[930e60389ca8] |
|
|
|
* plugins/sudoers/match.c: |
|
RHEL (and perhaps other Linux distros) use the string "(none)" |
|
instead of an empty string when there is no actual NIS-style domain |
|
name. Bug #596 |
|
[11aec11489ac] |
|
|
|
* plugins/sudoers/match.c: |
|
Fix return values when NAME_MATCH is defined. |
|
[ce030be9ccef] |
|
|
|
2013-03-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h: |
|
Update copyright year. |
|
[7e4b8d49addd] |
|
|
|
* plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, |
|
plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h: |
|
Add sudo_set_grlist(), currently unused by the back end. |
|
[b37ac1d0e8fc] |
|
|
|
* plugins/sudoers/pwutil.c: |
|
Remove unused macros, fix a debug_decl |
|
[6136fb4a0d3b] |
|
|
|
* include/missing.h: |
|
Tru64 Unix doesn't prototype innetgr() or getdomainname(). |
|
[585ac1874dfe] |
|
|
|
* include/missing.h: |
|
Whitespace fixes |
|
[0bb28cd91d97] |
|
|
|
* common/error.c: |
|
Don't need to include setjmp.h here, error.h already includes it. |
|
[fd05ab00e186] |
|
|
|
2013-03-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/Makefile.in, plugins/sudoers/Makefile.in: |
|
regen depends |
|
[57991f5e16b4] |
|
|
|
* plugins/sudoers/check.h: |
|
Rename guard define. |
|
[ccf4dba241d6] |
|
|
|
* plugins/sudoers/check.c, plugins/sudoers/check.h, |
|
plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: |
|
Move contents of timestamp.h into check.h. |
|
[c139757a9283] |
|
|
|
* plugins/sudoers/sudoers.h: |
|
expand_prompt() is now in prompt.c sudo_printf extern is now in |
|
error.h |
|
[219bd74ca62b] |
|
|
|
* plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.h, |
|
plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h, |
|
plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h, |
|
plugins/sudoers/insults.h, plugins/sudoers/interfaces.h, |
|
plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h, |
|
plugins/sudoers/parse.h, plugins/sudoers/pwutil.h, |
|
plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.h, |
|
plugins/sudoers/toke.h: |
|
Change multiple inclusion guards to be _SUDOERS_FOO_H |
|
[faace6d55e78] |
|
|
|
2013-03-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, |
|
src/po/nl.mo, src/po/nl.po, src/po/tr.mo, src/po/tr.po: |
|
New Dutch translation for sudo and sudoers New Turkish translation |
|
for sudo From translationproject.org |
|
[bc918b7b23a4] |
|
|
|
2013-03-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure, configure.in: |
|
Fix a typo in a comment and make sure we don't mistakenly include |
|
_PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in |
|
[694d12ac70ec] |
|
|
|
2013-03-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Don't build check_symbols if we are linking sudoers in statically. |
|
[f6602723bab7] |
|
|
|
* configure, configure.in: |
|
Use $host_os not $host when we only care about the os name and |
|
version. |
|
[05e4f4fcba06] |
|
|
|
* aclocal.m4, configure, configure.in: |
|
Suppress duplicate -L and -I flags. |
|
[228f2f581aed] |
|
|
|
* common/Makefile.in, compat/regress/fnmatch/fnm_test.c: |
|
Fix regress tests on non-OpenBSD platforms. |
|
[9d91bc859c50] |
|
|
|
* configure, configure.in: |
|
If we find sasl/sasl.h there's no need to check for sasl.h too |
|
[889efaa86012] |
|
|
|
* aclocal.m4, configure, configure.in: |
|
Add -R flags at the very end after configure link tests are done |
|
since we can only count on libtool to accept -R, the compiler front |
|
end may not. Also unify the libldap and libibmldap tests using |
|
AC_SEARCH_LIBS and check for -lCsup on HP-UX which is needed by |
|
libibmldap (but is not an explicit dependency). |
|
[ab1451894351] |
|
|
|
2013-03-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Back out changes that broke detection of skey, opie and ldap |
|
libraries. |
|
[ffa82b8f8641] |
|
|
|
* plugins/sudoers/regress/testsudoers/test1.sh, |
|
plugins/sudoers/regress/testsudoers/test2.sh, |
|
plugins/sudoers/regress/testsudoers/test3.sh, |
|
plugins/sudoers/regress/testsudoers/test4.sh, |
|
plugins/sudoers/regress/testsudoers/test5.sh, |
|
plugins/sudoers/regress/visudo/test1.sh, |
|
plugins/sudoers/regress/visudo/test2.sh, |
|
plugins/sudoers/regress/visudo/test3.sh: |
|
Add explicit "exit 0" to prevent the check target from ending |
|
prematurely. |
|
[cca411b492bd] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Fix exit values in check target so we don't have to ignore errors. |
|
[cbc429c409e9] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Fail a test if there is unexpected stderr output. |
|
[4fc24d536bec] |
|
|
|
* MANIFEST: |
|
Fix path to sudo.conf manuals; remove non-existant test2.err.ok |
|
[6b8bcd60dd85] |
|
|
|
* src/load_plugins.c: |
|
Fix compilation in dynamic mode. |
|
[679856fa0774] |
|
|
|
* configure, configure.in: |
|
On HP-UX, libibmldap has a hidden dependency on libCsup |
|
[22994709d77c] |
|
|
|
* compat/dlopen.c: |
|
Pass BIND_VERBOSE to shl_load() |
|
[0060b9cfa9ab] |
|
|
|
* configure, configure.in: |
|
Only create static helper libs when --disable-shared is specified. |
|
[1fcdb1a437e0] |
|
|
|
* src/load_plugins.c: |
|
Ubreak static build. |
|
[4ac9f96be285] |
|
|
|
* INSTALL, aclocal.m4, configure, configure.in: |
|
Replace --with-rpath and --with-blibpath with --disable-rpath. Now |
|
that we use libtool for linking we can just use the -R flag and have |
|
libtool translate it to the proper linker flag. |
|
[09798fad6888] |
|
|
|
2013-03-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_pty.c: |
|
Bump I/O buffer size 32K |
|
[4ef793225309] |
|
|
|
2013-03-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in, doc/sudo.conf.cat, doc/sudo.conf.man.in, |
|
doc/sudo.conf.mdoc.in: |
|
Document sesh Path setting. |
|
[34b0b903b4f8] |
|
|
|
* src/exec.c, src/exec_common.c: |
|
Move exec_cmnd to exec.c to fix a compilation issue with sesh.c |
|
[06aa1956f38d] |
|
|
|
* common/sudo_conf.c, configure, configure.in, include/sudo_conf.h, |
|
src/selinux.c: |
|
Make sesh path configurable in sudo.conf |
|
[91d331f273b7] |
|
|
|
* configure, configure.in: |
|
Use -fno-pie and -nopie if supported when --disable-pie is |
|
specified. |
|
[777138c04dcc] |
|
|
|
2013-03-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: |
|
Document direct execution of the command if the policy plugin has no |
|
close function. |
|
[6a14145c6e80] |
|
|
|
2013-03-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Only delete creds if we actually established them. Print an error if |
|
pam_setcred() fails and we actually authenticated. |
|
[1e015314903b] |
|
|
|
* common/Makefile.in, plugins/group_file/Makefile.in: |
|
regen |
|
[dd8cee2a5e1b] |
|
|
|
* common/alloc.c, include/alloc.h: |
|
Convert efree() to a macro that just casts to void * and does |
|
free(). If the system free() can't handle free(NULL) this may crash |
|
but C89 was a long time ago. |
|
[efd0ff9270fb] |
|
|
|
* configure, configure.in: |
|
Define _REENTRANT for HP-UX when we add -lpthread to SUDO_LIBS. |
|
Fixes a problem with errno sometimes not being set on error on HP- |
|
UX. |
|
[54b419d58320] |
|
|
|
* common/sudo_debug.c: |
|
Fix debug logging from the plugin when there is no error number. |
|
This was broken in the big debugging reorg for 1.8.7. |
|
[2ea7e145e928] |
|
|
|
2013-03-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in, plugins/group_file/Makefile.in, |
|
plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, |
|
plugins/system_group/Makefile.in, src/load_plugins.c: |
|
Always install plugins with a .so extension regardless of what |
|
extension the system uses for shared libraries. That way the |
|
group_plugin sudoers setting can be shared between heterogenous |
|
systems. |
|
[a7e6ecff6fdf] |
|
|
|
* plugins/sudoers/match.c: |
|
Mac OS X has netgroup functions in netdb.h. |
|
[243881a974aa] |
|
|
|
* plugins/sudoers/parse.h: |
|
Tags in struct cmndtag can be set to IMPLIED as well. |
|
[cb6926988cc8] |
|
|
|
* plugins/sudoers/parse.c: |
|
Quiet a compiler warning. |
|
[14e608c2001d] |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Quiet an llvm checker warning. |
|
[2eeb9f3d08f3] |
|
|
|
* plugins/sudoers/parse.c: |
|
Quiet gcc -Wuninitialized false positive |
|
[643ad987503d] |
|
|
|
2013-03-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, |
|
doc/sudoers.mdoc.in: |
|
Document group_file and system_group plugins. |
|
[b56511e79230] |
|
|
|
* NEWS: |
|
Sudo 1.8.7 |
|
[e95183b8fa27] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Try to clarify that sudoedit in sudoers should not include a leading |
|
pathname. |
|
[7b2beac92a9c] |
|
|
|
* plugins/sudoers/pwutil_impl.c: |
|
Make sure groupname_len is at least 32 just to be on the safe side. |
|
It is better to allocate a little extra and not need it than to have |
|
to reallocate and start over. |
|
[6d3e1ba47de9] |
|
|
|
* include/alloc.h, include/missing.h: |
|
Add __malloc_like macro to apply __malloc__ attribute to emalloc, |
|
ecalloc and estrdup. It cannot be applied to realloc since that may |
|
return the same pointer. |
|
[8d70cb81d1f1] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Fix potential double free in an error path. |
|
[657573feb6a4] |
|
|
|
* src/exec_pty.c: |
|
When running the command in a pty, defer the call to exec_setup() |
|
until just before we exec the command. This is consistent with the |
|
non-pty path. As a side effect, the monitor process runs as root |
|
and not the runas user. |
|
[e2a7f8c7ee4c] |
|
|
|
2013-03-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/closefrom.c: |
|
Update copyright year. |
|
[9b652af4dfc0] |
|
|
|
2013-03-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/closefrom.c: |
|
Use pst_highestfd from pstat_getproc() on HP-UX. |
|
[09f3fea46a3d] |
|
|
|
2013-02-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in, common/Makefile.in, doc/Makefile.in, |
|
plugins/sudoers/Makefile.in: |
|
Clean up generated test files and other minor housekeeping. |
|
[f5f4fdd908e1] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Add back gettimeofday() call inadvertantly removed in e1abb9810a83 |
|
[675cce8401ae] |
|
|
|
* config.h.in, configure, configure.in, src/ttyname.c: |
|
Use pstat() on HP-UX to determine the tty device. |
|
[2884af22a9df] |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Fix PAM compilation: def_pam_session, not just pam_session. |
|
[5417d7acc6ea] |
|
|
|
* doc/fixmdoc.sh: |
|
Don't remove the -S option description when trimming out selinux. |
|
Bug #592 |
|
[8a94f2cfa0a0] |
|
|
|
2013-02-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update for Sudo 1.8.6p7 |
|
[0858a73e9c40] |
|
|
|
2013-02-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: |
|
Document when sudo may exec the command directly instead of forking. |
|
[da41951edc28] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in: |
|
Document that close and version be NULL for plugin API >= 1.3 and |
|
that sudo may execute the command directly if there is no close, or |
|
pty or timeout needed. |
|
[e5f929ddeaf8] |
|
|
|
* plugins/sudoers/auth/sudo_auth.c: |
|
Fix debug_decl for sudo_auth_begin_session and |
|
sudo_auth_end_session. |
|
[58243392c0df] |
|
|
|
* configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, |
|
doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, |
|
plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, |
|
plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: |
|
Add pam_session sudoers option. |
|
[d994465db9f1] |
|
|
|
* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/policy.c, |
|
plugins/sudoers/sudoers.h: |
|
Dummy out close function if there is no end_session for the auth |
|
method and the front-end can handle a NULL close function. Avoids |
|
the extra sudo process when we don't actually need it. |
|
[74886d5b0fb6] |
|
|
|
2013-02-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in, aclocal.m4: |
|
Add m4/ to paths m4_include parameters so we don't need to use |
|
autoconf's -I flag. |
|
[4fd86e7a84f3] |
|
|
|
* src/exec.c, src/exec_common.c, src/exec_pty.c, src/sudo_exec.h, |
|
src/sudo_plugin_int.h: |
|
If the policy plugin does not provide a close function, there is no |
|
command timeout and no pty is required, skip the event loop and just |
|
exec the command directly. |
|
[ad532f107170] |
|
|
* src/sudo.c: |
* src/sudo.c: |
Fixed a format string vulnerability when the sudo binary (or a | Do not crash if the plugin close and version functions are not |
symbolic link to the sudo binary) contains printf format escapes | defined. If there is no policy close function, simply print a |
and the -D (debugging) flag is used. | warning that the command was not found. |
| [c789a9dd54e8] |
|
|
|
2013-02-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/parse.c: |
|
Fix typos in selinux/solaris privs specific code. |
|
[9af3999361b4] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in, src/parse_args.c: |
|
Pass the default plugin directory to the plugin via the settings |
|
list. Could be used by a stacking plugin. |
|
[688e771fc145] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Completely ignore time stamp file if it is set to the epoch, |
|
regardless of what gettimeofday() returns. |
|
[df58842af660] |
|
|
|
* doc/CONTRIBUTORS: |
|
Add Nikolai Kondrashov |
|
[df59791438f9] |
|
|
|
* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: |
|
Use userpw_matches() for username matching so #uid works for |
|
sudoRunAsUser. |
|
[a124062334df] |
|
|
|
* plugins/sudoers/sssd.c: |
|
Avoid calling realloc3() with a zero size parameter when all |
|
retrieved sssd rules fail. Otherwise we'll get a run-time error due |
|
to malloc(0) checking. |
|
[84dfcb73ebd7] |
|
|
|
* plugins/sudoers/sssd.c: |
|
Do not send error mail if a user is not found in SSSD. Local users |
|
can run sudo too. From Nikolai Kondrashov |
|
[3d2ae99ee468] |
|
|
|
2013-02-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/regress/sudo_conf/test4.in, |
|
common/regress/sudo_conf/test4.out.ok: |
|
Test setting disable_coredump to illegal value. |
|
[3c71c6c49027] |
|
|
|
* common/sudo_conf.c: |
|
Fix atobool() usage. |
|
[d40c9f4d06b0] |
|
|
|
* common/regress/sudo_conf/conf_test.c: |
|
Remove unused variable. |
|
[328b524b365b] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Make "sudo -l non_existent_command" warn that non_existent_command |
|
doesn't exist, not the "list" pseudo-command. |
|
[9dc0388fc4f3] |
|
|
|
* plugins/sudoers/parse.c: |
|
Make sudoers file long list output better match the format used by |
|
ldap sudoers. Tags are now converted to options and there is a |
|
single command per line. |
|
[6e6dc3f20d84] |
|
|
|
* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, |
|
doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Use the correct the sudoers policy symbol names and undo an editor |
|
goof committed when adding max_groups to sudo.conf. |
|
[2a6f7ddf5cc3] |
|
|
|
* plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c: |
|
For "sudo -l" start a new line if the runas list changes to make the |
|
output easier to read. |
|
[7dc3d724c924] |
|
|
|
2013-02-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c: |
|
For "sudo -l" and "sudo -ll" only print the runas info for |
|
subsequent commands in a list if the runas info has changed. If we |
|
have new runas info, print out the tags again so as to be less |
|
confusing to the user. For "sudo -ll" set the line continuation |
|
indent to 8. |
|
[b5ec02fe7fc1] |
|
|
|
2013-02-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, Makefile.in, configure, configure.in, doc/sudoers.cat, |
|
doc/sudoers.man.in, doc/sudoers.mdoc.in, |
|
plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, |
|
plugins/group_file/group_file.c, plugins/group_file/group_file.exp, |
|
plugins/group_file/plugin_test.c, plugins/sample_group/Makefile.in, |
|
plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, |
|
plugins/sample_group/sample_group.c, |
|
plugins/sample_group/sample_group.exp: |
|
Rename sample_group plugin to group_file. Install group_file and |
|
system_group plugins by default. |
|
[951b3e446fae] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, |
|
plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, |
|
plugins/sudoers/def_data.in, plugins/sudoers/iolog.c, |
|
plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h: |
|
Add maxseq sudoers option to limit the max number of I/O log files. |
|
[e1abb9810a83] |
|
|
|
2013-02-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/iolog.c: |
|
Log lines and columns in the iolog file. |
|
[03adb6230e05] |
|
|
|
2013-02-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/Makefile.in, common/regress/sudo_conf/conf_test.c, |
|
common/regress/sudo_conf/test1.in, |
|
common/regress/sudo_conf/test1.out.ok, |
|
common/regress/sudo_conf/test2.in, |
|
common/regress/sudo_conf/test2.out.ok, |
|
common/regress/sudo_conf/test3.in, |
|
common/regress/sudo_conf/test3.out.ok, common/sudo_conf.c, |
|
include/sudo_conf.h, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c, |
|
src/sudo.c: |
|
Add simple regress tests for sudo.conf parsing. |
|
[3c36b61bf61c] |
|
|
|
* src/sudo.c: |
|
Always display the I/O plugin version as long as its open functions |
|
doesn't return an error. Previously it was only displayed if the |
|
plugin open returned 1. |
|
[4b0277db3f8c] |
|
|
|
* plugins/sudoers/pwutil_impl.c: |
|
Use sysconf(_SC_LOGIN_NAME_MAX) to find max username length instead |
|
of poking around in struct utmpx. |
|
[2c0cc5c42958] |
|
|
|
* plugins/sudoers/pwutil_impl.c, src/parse_args.c, src/sudo.c: |
|
#include "sudo_usage.h" not <sudo_usage.h> so we get the one in the |
|
build directory and not the src dir when using a separate build |
|
directory. |
|
[1fcb7ba13018] |
|
|
|
2013-02-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/fileops.c: |
|
If a line was longer that 0x80000000 the bit hack to round to the |
|
next power of two would roll over to zero. |
|
[f4f729cf6f0f] |
|
|
|
* plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, |
|
plugins/sudoers/sudoers.h, src/sudo.c: |
|
Use max_groups in front-end and plugin. |
|
[bf1e74166831] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in, src/parse_args.c: |
|
Pass max_groups to plugin in settings list. |
|
[d7d76e8651f4] |
|
|
|
* common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, |
|
doc/sudo.conf.mdoc.in, include/sudo_conf.h: |
|
Add max_groups setting to sudo.conf (currently unused) and remove |
|
unused return value from setters. |
|
[f6494f71e1f0] |
|
|
|
2013-02-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* INSTALL: |
|
Reorganize configure options |
|
[23475de8039f] |
|
|
|
2013-02-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Add Sudo 1.8.6p7 |
|
[5192fc511cbe] |
|
|
|
2013-02-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* INSTALL.configure: |
|
Sync with autoconf 2.68 |
|
[985e5c8efa4e] |
|
|
|
* INSTALL, README: |
|
Remove obsolete OS notes and move build requirements to INSTALL. |
|
[bf0dd53ca164] |
|
|
|
2013-02-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in: |
|
Sort elements of the settings, user_info and command_info lists. |
|
[663062ada5b7] |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: |
|
Remove trailing white space |
|
[027916a6c8e7] |
|
|
|
* plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: |
|
Store the session ID in the tty ticket file too. A tty may only be |
|
in one session at a time so if the session ID doesn't match we |
|
ignore the ticket. |
|
[4eb2cb8df48b] |
|
|
|
2013-02-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers.c, src/sudo.c: |
|
Move tzset() call from sudoers plugin to sudo front end. |
|
[3c058dad8772] |
|
|
|
* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, |
|
doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, |
|
doc/sudoers.ldap.mdoc.in: |
|
Mention line continuation |
|
[399873f8c805] |
|
|
|
* MANIFEST, common/Makefile.in, common/fileops.c, |
|
common/regress/sudo_parseln/parseln_test.c, |
|
common/regress/sudo_parseln/test1.in, |
|
common/regress/sudo_parseln/test1.out.ok, |
|
common/regress/sudo_parseln/test2.in, |
|
common/regress/sudo_parseln/test2.out.ok, |
|
common/regress/sudo_parseln/test3.in, |
|
common/regress/sudo_parseln/test3.out.ok, |
|
common/regress/sudo_parseln/test4.in, |
|
common/regress/sudo_parseln/test4.out.ok, |
|
common/regress/sudo_parseln/test5.in, |
|
common/regress/sudo_parseln/test5.out.ok, |
|
common/regress/sudo_parseln/test6.in, |
|
common/regress/sudo_parseln/test6.out.ok, common/sudo_conf.c, |
|
include/fileops.h, plugins/sudoers/env.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/sudo_nss.c: |
|
Add line continuation support to sudo_parseln() and make it use |
|
getline() instead of fgets() internally. |
|
[d02bf3973fc5] |
|
|
|
2013-02-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sample/sample_plugin.c: |
|
Fix memory leak in error path; found by llvm checker |
|
[d090c26a5b00] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Remove useless store detected by llvm checker. |
|
[12a4db91651a] |
|
|
|
* configure, configure.in, doc/UPGRADE, mkpkg, src/Makefile.in, |
|
src/load_plugins.c, sudo.pp: |
|
Sudo now stores its libexec files in a "sudo" subdirectory instead |
|
of in libexec itself. For backwards compatibility, if the plugin is |
|
not found in the default plugin directory, sudo will check the |
|
parent directory default directory ends in "/sudo". |
|
[5de67de76489] |
|
|
|
* plugins/sample/sample_plugin.c, plugins/sample_group/sample_group.c, |
|
plugins/system_group/system_group.c: |
|
Add missing __dso_public to plugin structs so they are exported. |
|
[dde703577621] |
|
|
|
* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: |
|
Mention that sudoers has its own plugins too. |
|
[0a6c6203b512] |
|
|
|
2013-02-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: |
|
Correct last change date. |
|
[45894291d792] |
|
|
|
* doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, |
|
doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, |
|
doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, |
|
doc/sudoers.mdoc.in: |
|
Remove duplicated sudo.conf info in the sudo, sudoers and |
|
sudo_plugin manuals and cross-reference the new sudo.conf manual. |
|
[b808ba29cf3a] |
|
|
|
* doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: |
|
Fix typos |
|
[0e70964150c6] |
|
|
|
* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, |
|
doc/sudoers.ldap.mdoc.in: |
|
Fix some typos. |
|
[94ae045cfbc6] |
|
|
|
* MANIFEST, doc/Makefile.in, doc/sudo.conf.cat, doc/sudo.conf.man.in, |
|
doc/sudo.conf.mdoc.in: |
|
Add standalone sudo.conf manual page. |
|
[d64d949b700c] |
|
|
|
* doc/sample.sudo.conf: |
|
add group_source example |
|
[118c1ba1c014] |
|
|
|
* configure, configure.in, doc/sample.sudo.conf, doc/sudo.man.in, |
|
doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, |
|
doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf. |
|
[f5bd6006dc1c] |
|
|
|
* plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/it.mo, |
|
src/po/it.po: |
|
Sync with translationproject.org |
|
[a6f2b9aac371] |
|
|
|
2013-02-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/fi.mo, |
|
src/po/fi.po, src/po/gl.mo, src/po/gl.po, src/po/vi.mo, |
|
src/po/vi.po: |
|
Sync with translationproject.org |
|
[ba546666969d] |
|
|
|
2013-02-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo, |
|
plugins/sudoers/po/eo.po, src/po/da.po, src/po/eo.mo, src/po/eo.po, |
|
src/po/es.po, src/po/gl.po: |
|
Sync with translationproject.org |
|
[cdc454e34c03] |
|
|
|
2013-01-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Clarify ttyname changes. |
|
[cbf2f80fe582] |
|
|
|
* NEWS: |
|
Add 1.8.6p6 |
|
[3aa591e98b3b] |
|
|
|
* src/ttyname.c: |
|
Remove ttyname() fall back code on systems where we can query the |
|
kernel for the tty device via /proc or sysctl(). If there is no |
|
controlling tty, it is better to just treat the tty as unknown |
|
rather than to blindly use what is hooked up to std{in,out,err}. |
|
[b2bd3005d2e4] |
|
|
|
2013-01-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_conf.c, include/sudo_conf.h, src/sudo.c: |
|
Add group_source setting in sudo.conf to allow the admin to specify |
|
how a user's groups are looked up. Legal values are static (just |
|
the kernel list from getgroups), dynamic (whatever the group |
|
database includes) and adaptive (only use group db if kernel group |
|
list is full). |
|
[87a5b02e22ad] |
|
|
|
* plugins/sudoers/policy.c: |
|
Pass back exec_background to front end if it is enabled in sudoers. |
|
[8230e1cd0bbd] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Mention that exec_background is for 1.8.7 and higher only. |
|
[fdf0d5a3e182] |
|
|
|
2013-01-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST: |
|
Add missing test files. |
|
[1165389aa5e6] |
|
|
|
* plugins/sudoers/regress/visudo/test3.err.ok, |
|
plugins/sudoers/regress/visudo/test3.out.ok, |
|
plugins/sudoers/regress/visudo/test3.sh: |
|
Add regress test for bug 361 |
|
[54c7fb61b82d] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Add __dso_public to extern declaration of declaration to match |
|
actual definition. |
|
[4695ded501e6] |
|
|
|
* NEWS: |
|
Add 1.8.6p5 |
|
[b07b28c5c4d7] |
|
|
|
2013-01-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/regress/visudo/test2.err.ok, |
|
plugins/sudoers/regress/visudo/test2.out.ok, |
|
plugins/sudoers/regress/visudo/test2.sh: |
|
Add test for visudo cycle check core dump; test case from Daniel |
|
Kopecek |
|
[41074541147a] |
|
|
|
* plugins/sudoers/visudo.c: |
|
Fix potential stack overflow due to infinite recursion in alias |
|
cycle detection. From Daniel Kopecek. |
|
[d7e018a87434] |
|
|
|
* common/sudo_conf.c, include/sudo_conf.h, src/load_plugins.c: |
|
Ignore duplicate entries in sudo.conf and report the line number |
|
when there is an error. Warn, don't abort if there is more than one |
|
policy plugin. |
|
[dfcb5a698f0a] |
|
|
|
* plugins/sudoers/tsgetgrpw.c: |
|
Use strtoul() not atoi(). |
|
[58a52cf9b6b8] |
|
|
|
2013-01-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/Makefile.in: |
|
regen depends for to add compat/nss_dbdefs.h for getgrouplist.lo |
|
[9b44e9d26d16] |
|
|
|
* compat/nss_dbdefs.h: |
|
Fix typo that breaks the build on HP-UX. |
|
[b9ab6ba23485] |
|
|
|
* MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in, |
|
configure, configure.in: |
|
Use nss_search() to implement getgrouplist() where available. |
|
Tested on Solaris and HP-UX. We need to include a compatibility |
|
header for HP-UX which uses the Solaris nsswitch implementation but |
|
doesn't ship nss_dbdefs.h. |
|
[d29dbc4dc06d] |
|
|
|
2013-01-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.h: |
|
Remove extra flag to sudo_sigaction(). We want to trap the signal |
|
regardless of whether or not it is ignored by the underlying command |
|
since there's no way to know what signal handlers the command will |
|
install. Now we just use sudo_sigaction() to set a flag in |
|
saved_signals[] to indicate whether a signal needs to be restored |
|
before exec. |
|
[c042d52c7192] |
|
|
|
2013-01-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/getgrouplist.c, config.h.in, configure, configure.in: |
|
Use _getgroupsbymember() on Solaris to get the groups list. Fixes |
|
performance problems with the getgroupslist() compat on Solaris |
|
systems with network-based group databases. |
|
[287d3ae2ce8d] |
|
|
|
2013-01-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in: |
|
Document signal handler behavior in plugin API 1.3 |
|
[20dc9d1c105f] |
|
|
|
* MANIFEST, include/sudo_plugin.h, src/Makefile.in, src/exec.c, |
|
src/exec_pty.c, src/signal.c, src/sudo.c, src/sudo.h: |
|
Move signal code into its own source file and add sudo_sigaction() |
|
wrapper that has an extra flag to check the saved_signals list to |
|
only install the handler if the signal is not already ignored. Bump |
|
plugin API version for the new front-end signal behavior. |
|
[5d2f27a1b404] |
|
|
|
* plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c, src/sudo.h, |
|
src/sudo_exec.h: |
|
Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute |
|
the command. If we get SIGINT or SIGQUIT, call the plugin close() |
|
functions as if the command was interrupted. If we get SIGTSTP, |
|
uninstall the handler and deliver SIGTSTP to ourselves. |
|
[332baf3a81b7] |
|
|
|
* src/exec.c, src/exec_pty.c: |
|
Rename handle_signals() to dispatch_signals(). Block other signals |
|
in handler() so we don't have to worry about the write() being |
|
interrupted. |
|
[666e95c9a0f1] |
|
|
|
2013-01-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/tgetpass.c: |
|
Rename signal handler to avoid name clash with one in exec.c |
|
[8913101a29b6] |
|
|
|
2013-01-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/sudo.c: |
|
Add missing call to save_signals(). |
|
[47d075d7326b] |
|
|
|
2013-01-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
Fill in the comment block at the top of the .pot files and preserve |
|
it when regenerating them. |
|
[6449497b76db] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, |
|
doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, |
|
plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, |
|
plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h: |
|
Add exec_background option in plugin command info and a sudoers |
|
option to match. When set, commands are started in the background |
|
and automatically foregrounded as needed. There are issues with |
|
some ill-mannered programs (like Linux su) so this is not the |
|
default. |
|
[c0b32b0938f2] |
|
|
|
* common/Makefile.in: |
|
regen |
|
[2b2b220e7aea] |
|
|
|
* src/Makefile.in: |
|
Add SESH_OBJS variable for sesh object files. |
|
[d3e04ae8fd1f] |
|
|
|
* configure.in, doc/LICENSE, plugins/sudoers/redblack.c: |
|
Update copyright year. |
|
[61a0f0cedb13] |
|
|
|
* src/exec_pty.c: |
|
Always resume the command in the foreground if sudo itself is the |
|
foreground process. This helps work around poorly behaved programs |
|
that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP. At |
|
worst, sudo will go into the background but upon resume the command |
|
will be runnable. Otherwise, we can get into a situation where the |
|
command will immediately suspend itself. |
|
[c368ac3eb2e4] |
|
|
|
* configure, configure.in: |
|
Use -fstack-protector-all in preference to -fstack-protector where |
|
supported. |
|
[f930c95ceb51] |
|
|
|
2013-01-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Only test for -fstack-protector and -fvisibility=hidden on GNU |
|
compatible compilers. |
|
[796f4696d863] |
|
|
|
2013-01-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Add Sudo 1.8.6p4 |
|
[8a928de8e717] |
|
|
|
* common/Makefile.in, compat/Makefile.in, configure, configure.in, |
|
plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, |
|
plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, |
|
src/Makefile.in: |
|
Break out stack smashing protector options into SSP_CFLAGS and |
|
SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS). |
|
[01be114fc9fb] |
|
|
|
2013-01-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS, plugins/sudoers/redblack.c: |
|
In rbrepair(), make sure we never try to change the color of the |
|
sentinel node, which is the first entry, not the root. From Michael |
|
King |
|
[3fc4dc4004ec] |
|
|
|
2012-12-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_pty.c: |
|
No need to restore default signal handler for SIGSTOP as it is not |
|
catchable. Attempting to do so is harmless but sigaction() will |
|
fail and set errno to EINVAL which makes it looks like there is an |
|
error. |
|
[be7c0b759e9a] |
|
|
|
* src/exec.c: |
|
Print SIGCONT_FG and SIGCONT_BG properly in debug output. |
|
[93e59e301c8f] |
|
|
|
2012-12-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Disable PIE on FreeBSD/ia64, otherwise sudo will segfault. |
|
[9ed48f696595] |
|
|
|
2012-12-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* include/missing.h: |
|
Add howmany() macro since some systems have this in sys/param.h |
|
which we no longer include. |
|
[2c5efaa16c45] |
|
|
|
2012-12-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/regress/sudoers/test11.toke.out.ok: |
|
Remove errant file. |
|
[a91699beffc6] |
|
|
|
2012-12-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/regress/check_symbols/check_symbols.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/regress/parser/check_fill.c: |
|
Remove obsolete sudoers_cleanup() stubs. |
|
[89153025a2ae] |
|
|
|
* common/alloc.c, common/atobool.c, common/fileops.c, |
|
common/fmt_string.c, common/lbuf.c, common/secure_path.c, |
|
common/sudo_conf.c, common/sudo_debug.c, common/term.c, |
|
compat/closefrom.c, compat/getcwd.c, compat/glob.c, |
|
compat/snprintf.c, include/missing.h, |
|
plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, |
|
plugins/sample_group/plugin_test.c, |
|
plugins/sample_group/sample_group.c, plugins/sudoers/alias.c, |
|
plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, |
|
plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, |
|
plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, |
|
plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, |
|
plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, |
|
plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, |
|
plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c, |
|
plugins/sudoers/check.c, plugins/sudoers/defaults.c, |
|
plugins/sudoers/env.c, plugins/sudoers/find_path.c, |
|
plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, |
|
plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/logging.c, plugins/sudoers/match.c, |
|
plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, |
|
plugins/sudoers/policy.c, plugins/sudoers/prompt.c, |
|
plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, |
|
plugins/sudoers/redblack.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, |
|
plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, |
|
plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, |
|
plugins/system_group/system_group.c, src/conversation.c, src/exec.c, |
|
src/exec_common.c, src/exec_pty.c, src/get_pty.c, |
|
src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/sudo.c, |
|
src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c: |
|
Don't include <sys/param.h>. We only needed it for MAXPATHLEN, |
|
MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and |
|
HOST_NAME_MAX throughout without falling back on MAXPATHLEN or |
|
MAXHOSTNAMELEN and define our own MIN/MAX macros as needed. |
|
[f4807d46f504] |
|
|
|
* include/missing.h, plugins/sudoers/match.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sudo.c: |
|
Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN |
|
(sys/param.h or netdb.h). |
|
[2544f5e306dd] |
|
|
|
2012-11-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/logging.c: |
|
Move debug_decl() in log_failure() to be after the variable |
|
declarations for C89. |
|
[f48d2035ab44] |
|
|
|
2012-11-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/error.c, include/error.h, plugins/sudoers/iolog.c, |
|
plugins/sudoers/logging.c, plugins/sudoers/policy.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
|
Cannot wrap sigsetjmp() or we end up returning to the wrong place. |
|
Use a macro instead. |
|
[749ee6acdad8] |
|
|
|
2012-11-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/policy.c: |
|
Fix return in sudoers_policy_open that should be debug_return. |
|
[a78b795b6846] |
|
|
|
2012-11-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/ttyname.c: |
|
Define sudo_ttyname_dev() for the HAVE_STRUCT_PSINFO_PR_TTYDEV case |
|
too. |
|
[acfa891c229e] |
|
|
|
* src/solaris.c: |
|
Quiet a gcc warning and add comment about needing to keep the handle |
|
open. |
|
[f954f228960f] |
|
|
|
2012-11-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* INSTALL: |
|
mention --disable-shared |
|
[6954d39e2d0f] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in: |
|
Add missing command_info argument in I/O plugin open() prototype. |
|
Bug #579 |
|
[72beb07aba0e] |
|
|
|
2012-11-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/gram.c: |
|
Regen for proper line numbers. |
|
[6cf6e132e764] |
|
|
|
* configure, configure.in: |
|
Add locale_stub.o to SUDO_OBJS, not locale_stub.lo. |
|
[d604dc8ca38a] |
|
|
|
* common/sudo_printf.c: |
|
Include missing.h for __printflike. |
|
[a33640600faf] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Saner loop invariant in io_mkdirs (cosmetic only). |
|
[dc30274afe38] |
|
|
|
* MANIFEST, common/Makefile.in, common/error.c, common/sudo_printf.c, |
|
configure, configure.in, include/error.h, mkdep.pl, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/locale.c, |
|
plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, |
|
plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, |
|
src/Makefile.in, src/error.c, src/exec_pty.c, src/locale_stub.c, |
|
src/sesh.c: |
|
Move warn/error into common and make static builds work. |
|
[4d3f374f4e4c] |
|
|
|
* MANIFEST, common/Makefile.in, common/sudo_debug.c, |
|
common/sudo_printf.c, include/error.h, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, |
|
plugins/sudoers/policy.c, |
|
plugins/sudoers/regress/check_symbols/check_symbols.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/regress/parser/check_fill.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, |
|
src/Makefile.in, src/conversation.c, src/sesh.c: |
|
Move _sudo_printf from src/conversation.c to common/sudo_printf.c. |
|
Add sudo_printf function pointer that is initialized to |
|
_sudo_printf() instead of requiring a sudo_conv function pointer |
|
everywhere. The plugin will reset sudo_printf to point to the |
|
version passed in via the plugin open function. Now plugin_error.c |
|
can just call sudo_printf in all cases. The sudoers binaries no |
|
longer need their own version of sudo_printf. |
|
[9b09d3f63790] |
|
|
|
* plugins/sudoers/iolog.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
|
Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't |
|
need error_jmp to be extern. Also add plugin_clearjmp() that clears |
|
a flag so error()/errorx() knows when to call exit() vs. longjmp(). |
|
[5a4617148e70] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Let warning() call gettext() for us. |
|
[ab8d502ba4ac] |
|
|
|
* include/error.h, plugins/sudoers/plugin_error.c, src/error.c: |
|
Do locale swapping in the warning()/error() macros themselves |
|
instead of in the underlying functions. |
|
[4cd205540e17] |
|
|
|
* common/alloc.c, common/list.c, include/error.h, |
|
plugins/sudoers/env.c, plugins/sudoers/plugin_error.c, |
|
plugins/sudoers/regress/check_symbols/check_symbols.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c, |
|
src/hooks.c: |
|
Rename warning2()/error2() -> warning_nodebug()/error_nodebug(). |
|
[48346393634d] |
|
|
|
* common/sudo_conf.c, plugins/sudoers/auth/fwtk.c, |
|
plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, |
|
plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c, |
|
plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, |
|
plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, |
|
plugins/sudoers/policy.c, plugins/sudoers/sssd.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l, |
|
plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/error.c, |
|
src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c, |
|
src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, |
|
src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c: |
|
Call gettext() on parameters for warning()/warningx() instead of |
|
having warning() do it for us. |
|
[c71088bc9d3e] |
|
|
|
* Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.y, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l, plugins/sudoers/toke_util.c: |
|
Call gettext() in sudoerserror() in the user's locale and pass the |
|
untranslated string to it. |
|
[cdbfc231b848] |
|
|
|
* plugins/sudoers/Makefile.in, plugins/sudoers/locale.c, |
|
plugins/sudoers/logging.h, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: |
|
Allow sudoers programs (visudo, sudoreplay, visudo) to use |
|
plugin_error.c instead of the error.c from the front-end. This |
|
means sudoers_setlocale() needs to be independent of the sudo_user |
|
struct and the defaults table. The sudoers locale is now updated |
|
via a callback. |
|
[e356f5f8cd6a] |
|
|
|
* plugins/sudoers/iolog.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
|
Include setjmp.h in sudoers.h Move error_jmp into plugin_error.c |
|
Rename sudoers_plugin_cleanup sudoers_cleanup Make sudoers |
|
warning/error functions work when sudo_conv is NULL |
|
[7365ee24a779] |
|
|
|
* src/error.c: |
|
No need to change locale in front-end warning()/error(). |
|
[23dc1df7f93b] |
|
|
|
* plugins/sudoers/tsgetgrpw.c: |
|
Ignore bad lines in passwd/group file instead if stopping processing |
|
when we hit one. |
|
[79b790559075] |
|
|
|
* plugins/sudoers/regress/testsudoers/test2.sh, |
|
plugins/sudoers/regress/testsudoers/test3.sh, |
|
plugins/sudoers/regress/testsudoers/test5.sh: |
|
Bash doesn't let you set UID to use MYUID instead. |
|
[5be56335f059] |
|
|
|
* plugins/sudoers/visudo.c: |
|
Avoid NULL deref for unknown Defaults in strict mode. |
|
[545c21c1e7d6] |
|
|
|
* common/sudo_conf.c, common/sudo_debug.c: |
|
See DEFAULT_TEXT_DOMAIN |
|
[3d723e1d27db] |
|
|
|
2012-11-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* .hgignore: |
|
Add signame.c and mksigname. |
|
[d59bbf423f00] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Fold preinstall into install-plugin and pass the path to the plugin |
|
binary to the preinstall command. |
|
[2c2205af8bb7] |
|
|
|
* pp: |
|
sync with upstream |
|
[a4b7336b3256] |
|
|
|
* src/sudo.h: |
|
repair spacing |
|
[f5c1255ce514] |
|
|
|
2012-11-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_debug.c: |
|
Set group on sudo_debug when creating it to gid 0 so systems without |
|
BSD group semantics don't get the invoking user's group. |
|
[7dda01196554] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Rename mkdir_parents() io_mkdirs() and add a flag to specify whether |
|
path is a temporary, in which case the final component is created |
|
via mkdtemp() instead of mkdir(). |
|
[79c0c4e7ed58] |
|
|
|
* plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h: |
|
For PERM_ROOT set egid to 0 so log files are not created with the |
|
gid of the user. |
|
[5b964ea43474] |
|
|
|
* plugins/sudoers/logging.c: |
|
Add calls to set_perms(PERM_ROOT) becore logging to a file. We |
|
should already be root but since we cache the current permission |
|
status it is basically free. That way, if more of sudoers runs as |
|
non-root in the future logging will still work correctly. |
|
[c591d4973f41] |
|
|
|
* common/sudo_conf.c, config.h.in, configure, configure.in, |
|
include/gettext.h, plugins/sudoers/locale.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, |
|
src/error.c, src/exec.c, src/sesh.c, src/sudo.c: |
|
#unifdef HAVE_SETLOCALE, it is C89 so no need to check for it. |
|
[41f6bb4926f4] |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, |
|
doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in: |
|
Mention that sudo.conf is parsed in the C locale. |
|
[f711c416e30c] |
|
|
|
* common/sudo_conf.c: |
|
Parse sudo.conf in the "C" locale. |
|
[776658f651ea] |
|
|
|
* plugins/sudoers/locale.c, plugins/sudoers/logging.h, |
|
plugins/sudoers/sudoers.h: |
|
Fix compilation on systems w/o setlocale() |
|
[6940d1c1c1ce] |
|
|
|
* doc/TROUBLESHOOTING: |
|
Sudo now includes a workaround for the Solaris 11 locale issue. |
|
[ab93787a552c] |
|
|
|
2012-11-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* include/gettext.h, plugins/sudoers/iolog_path.c, |
|
plugins/sudoers/locale.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, |
|
src/error.c, src/exec.c, src/sesh.c, src/sudo.c, src/sudo.h: |
|
Always include locale.h from gettext.h so we no longer need to |
|
include locale.h from the .c files. |
|
[93d39182ccfa] |
|
|
|
* MANIFEST, config.h.in, configure, configure.in, mkdep.pl, |
|
plugins/sudoers/Makefile.in, src/Makefile.in, src/openbsd.c, |
|
src/solaris.c, src/sudo.c, src/sudo.h: |
|
Add os-specific initialization functions for solaris (workaround |
|
setuid locale problem in Solaris 11) and openbsd (set malloc_options |
|
if SUDO_DEVEL). Also move set_project() to solaris.c. |
|
[1d6581afbaf4] |
|
|
|
2012-11-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/policy.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: |
|
Avoid strerror() when possible and just rely on warning/error to |
|
handle errno in the proper locale. |
|
[bf612caae97c] |
|
|
|
* plugins/sudoers/logging.c: |
|
Set sudoers locale in log_allowed() |
|
[2dd0ac704cae] |
|
|
|
* plugins/sudoers/check.c: |
|
Make the sudo lecture translatable. |
|
[3cdfc183d72d] |
|
|
|
* Makefile.in: |
|
Add the values of badpass_message, passprompt and mailsub to |
|
sudoers.pot so they can be translated. |
|
[51cbe8adcb94] |
|
|
|
* plugins/sudoers/logging.c: |
|
Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked |
|
up by xgettext. |
|
[c5b74115caf0] |
|
|
|
2012-11-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/check.c, plugins/sudoers/prompt.c, |
|
plugins/sudoers/sudoers.h: |
|
Make expand_prompt() args const and free the prompt when we are done |
|
with it. |
|
[995ef8519fe6] |
|
|
|
* plugins/sudoers/policy.c: |
|
Fix cut and pasto |
|
[e002921c1d15] |
|
|
|
* plugins/sudoers/defaults.c, plugins/sudoers/logging.c: |
|
Expand def_mailsub in the sudoers locale, not the user's. |
|
[a4775f2fb385] |
|
|
|
* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, |
|
plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, |
|
plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, |
|
plugins/sudoers/env.c, plugins/sudoers/iolog.c, |
|
plugins/sudoers/locale.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/logging.h, plugins/sudoers/parse.c, |
|
plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/timestamp.c: |
|
Call gettext inside log_error et al instead of having the caller do |
|
it. This way we can display any messages to the user in their own |
|
locale but log in the sudoers local. |
|
[286e0444f785] |
|
|
|
* common/sudo_conf.c, plugins/sudoers/auth/fwtk.c, |
|
plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, |
|
plugins/sudoers/defaults.c, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, |
|
plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, |
|
plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, |
|
plugins/sudoers/policy.c, plugins/sudoers/sssd.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l, |
|
plugins/sudoers/visudo.c, src/error.c, src/exec.c, |
|
src/exec_common.c, src/exec_pty.c, src/load_plugins.c, |
|
src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, |
|
src/sudo.c, src/sudo_edit.c, src/tgetpass.c: |
|
Display warning/error messages in the user's locale. |
|
[00a04165c0cf] |
|
|
|
* plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c, |
|
plugins/sudoers/logging.c, plugins/sudoers/sudoers.c: |
|
audit_failure() now calls gettext itself using the sudoers locale. |
|
[d77f1d78799a] |
|
|
|
* plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/sudoers.c: |
|
Convert setlocale() to sudoers_setlocale() in the sudoers module. |
|
This only converts existing uses, there are more places where we |
|
need to sprinkle sudoers_setlocale() calls. |
|
[8ee0cbf0d0a9] |
|
|
|
* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c, |
|
plugins/sudoers/locale.c, plugins/sudoers/logging.h, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
|
Add simple locale switching to make it easy to switch from the |
|
user's locale to the sudoers locale without making excessive |
|
setlocale() calls when we don't need to. |
|
[5c61582fdeee] |
|
|
|
* common/sudo_debug.c, include/error.h, include/sudo_debug.h, |
|
plugins/sudoers/plugin_error.c, src/error.c: |
|
Add variants of warn/error and sudo_debug_printf that take a va_list |
|
instead of a variable number of args. |
|
[00392bdc063c] |
|
|
|
* INSTALL, doc/TROUBLESHOOTING: |
|
Document Solaris 11 locale issues and workarounds. |
|
[05f7d34af3ae] |
|
|
|
* Makefile.in, configure, configure.in: |
|
Solaris gettext() looks in lang.UTF-8, not just lang for UTF-8 |
|
locales. Make links from localdir/lang -> localdir/lang.UTF-8 |
|
[5ca9326480e2] |
|
|
|
2012-11-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/audit.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/logging.h, plugins/sudoers/sudoers.c: |
|
Do not inform the user that the command was not permitted by the |
|
policy if they do not successfully authenticate. This is a |
|
regression introduced in sudo 1.8.6. |
|
[c1279df08bfb] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup |
|
the rpath in HP-UX SOM shared libraries for the LDAP libs. |
|
[b07185657b42] |
|
|
|
* src/parse_args.c: |
|
The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A. |
|
[22c73cbe3ff9] |
|
|
|
2012-10-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* INSTALL, configure, configure.in: |
|
Allow the user to specify and alternate libtool |
|
[c9d6fc9521fd] |
|
|
|
2012-10-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c: |
|
Allow sudo to be build with sss support without also including ldap |
|
support. From Stephane Graber. |
|
[b992a80ebea1] |
|
|
|
2012-10-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_path.c, |
|
plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, |
|
plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/visudo.c: |
|
Refactor policy plugin interface code from sudoers.c into policy.c |
|
[393e62910b8a] |
|
|
|
* plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: |
|
Refactor command_info setting into its own function. |
|
[a952b948324c] |
|
|
|
* plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, |
|
plugins/sudoers/match_addr.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: |
|
Make interfaces pointer private to interfaces.c and add |
|
get_interfaces() accessor. |
|
[b69b9334ed3c] |
|
|
|
2012-10-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/sudoers.h: |
|
Make user_cwd const since it is either a string literal or passed in |
|
from the front-end. |
|
[90751b81e8bc] |
|
|
|
* configure, configure.in: |
|
sudo 1.8.7 |
|
[bf727adb8af0] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Avoid nested strtok() calls. |
|
[9d9f22ab52a9] |
|
|
|
2012-10-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, |
|
plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h: |
|
Move expand_prompt() into its own source file for easier unit |
|
testing. |
|
[b419b48a436f] |
|
|
|
* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, |
|
plugins/sudoers/check.h, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: |
|
Make check.c independent of the underlying timestamp implementation. |
|
[895071bd6065] |
|
|
|
* plugins/sudoers/iolog_path.c: |
|
Add SUDOERS_NO_SEQ define to allow ${seq} to be disabled. |
|
[8ac38f02dd6d] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Use a list for the possible values of Tag_Spec with a minimal indent |
|
to improve readability. In the pod version, these were =head3. Also |
|
use .St -p1003.1 instead of just POSIX when talking about glob() and |
|
fnmatch(). |
|
[361a6f7a5c44] |
|
|
|
2012-10-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/ttyname.c: |
|
sudo_ttyname_dev() is unused if there is no /proc or sysctl(). |
|
[6598dbf81e16] |
|
|
|
* compat/mksiglist.c, compat/mksigname.c, |
|
compat/regress/fnmatch/fnm_test.c, compat/regress/glob/globtest.c, |
|
plugins/sample_group/plugin_test.c, |
|
plugins/sudoers/regress/check_symbols/check_symbols.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/regress/parser/check_fill.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c: |
|
Explicitly mark main() as public in executables to avoid an HP-UX ld |
|
warning. |
|
[72a40ce218be] |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: |
|
Remove grep from SEE ALSO section. |
|
[c7cafee1621f] |
|
|
|
* common/alloc.c: |
|
If vasprintf() fails, just use the errno it sets instead of assuming |
|
ENOMEM. |
|
[1be5bfdc0cab] |
|
|
|
2012-09-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/TROUBLESHOOTING: |
|
Mention HP-UX pam.conf settings. |
|
[8b8e745b49fd] |
|
|
|
2012-09-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, |
|
plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c, |
|
plugins/sudoers/timestamp.h: |
|
Split off timestamp functions into their own source file. |
|
[d5833332511d] |
|
|
|
2012-09-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Mention how !foo is not the same as ALL,!foo |
|
[51f8e470757d] |
|
|
|
2012-09-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_pty.c: |
|
Start commands in the background when I/O logging is enabled. We |
|
can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2) |
|
which returns EINTR on signal instead of restarting automatically. |
|
[83b1d59146f7] |
|
|
|
* src/exec_pty.c: |
|
Handle SIGCONT_FG and SIGCONT_BG when converting signal number to |
|
string in deliver_signal(). |
|
[2cefea7a976e] |
|
|
|
2012-09-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_pty.c: |
|
Fix running commands that need the terminal in the background when |
|
I/O logging is enabled. E.g. "sudo vi &". When the command is |
|
foregrounded, it will now resume properly. |
|
[0bc13a253429] |
|
|
|
* plugins/sudoers/match.c: |
|
Add rudimentary support for name-based matching as a compile-time |
|
option. This unsafe when used in conjunction with the '!' operator. |
|
[f93bc8e6db15] |
|
|
|
2012-09-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pwutil.c, |
|
plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c: |
|
Split out implementation-specific back end code out of pwutil.c into |
|
pwutil_impl.c. This will allow the main pwutil code to be used for |
|
lookup methods other than getpw* and getgr*. |
|
[999c2dde60e4] |
|
|
|
2012-09-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.in: |
|
sudo 1.8.6p3 |
|
[97fef3d9ed65] |
|
|
|
2012-09-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/fixman.sh: |
|
Don't use embedded newline when matching, use \n. This got expanded |
|
at some point. Bug #573 |
|
[6652f834b8f5] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y: |
|
Rename yyerror() to sudoerserror() to match yacc prefix changes. Not |
|
really needed due to the #defines that yacc makes but it is less |
|
confusing this way as the lexer calls sudoerserror(). |
|
[a0577be6527d] |
|
|
|
* common/alloc.c, plugins/sample_group/plugin_test.c, |
|
plugins/sudoers/env.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, |
|
src/exec_common.c, src/parse_args.c, src/sudo.c: |
|
No need to translate "unable to allocate memory" when we can just |
|
use the system translation via strerror(). |
|
[377499e5827c] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not |
|
all file systems support d_type. Bug #572 |
|
[8b861c62945f] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Avoid calling fclose(NULL) in the error path when we cannot open an |
|
I/O log file. |
|
[9401d5c4bb05] |
|
|
|
2012-09-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.in: |
|
Sudo 1.8.6p2 |
|
[6e32496280f2] |
|
|
|
* src/exec.c: |
|
When setting the signal handler for SIGTSTP to the default value in |
|
non-I/O log mode, store the old handler value for when we restore it |
|
after resume. |
|
[242628694e42] |
|
|
|
* plugins/sudoers/env.c: |
|
Replace the guts of sudo_setenv_nodebug() with our old setenv.c |
|
which supports non-standard BSD and glibc semantics. sudo_setenv() |
|
now simply calls sudo_setenv2(). |
|
[57ffb6c9efaa] |
|
|
|
2012-09-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, |
|
doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Document non-Unix group support in LDAP sudoers. |
|
[33c89f3aeee6] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Enable non-Unix group support for LDAP sudoers. We now check for |
|
non-Unix groups and netgroups with the same query in the second |
|
pass. Bug #571 |
|
[eb98fdff54d9] |
|
|
|
2012-09-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.h, plugins/sudoers/parse.c, |
|
plugins/sudoers/regress/parser/check_fill.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.h, |
|
plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, |
|
plugins/sudoers/visudo.c: |
|
Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers. |
|
[cb6c0d93215e] |
|
|
|
2012-09-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Mention support for SUCCESS=return in /etc/nsswitch.conf |
|
[ef1f35aa0863] |
|
|
|
* NEWS, configure, configure.in: |
|
sudo 1.8.6p1 |
|
[73a5e1f004b3] |
|
|
|
2012-09-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/env.c: |
|
Avoid setting LOGNAME, USER and USERNAME variables twice when |
|
set_logname is enabled. |
|
[0de4f5fbd1d4] |
|
|
|
* plugins/sudoers/env.c: |
|
Fix duplicate detection in sudo_putenv(), do not prune out the |
|
variable we just set when overwriting an existing instance. Fixes |
|
bug #570 |
|
[854ee714c831] |
|
|
|
* plugins/sudoers/env.c: |
|
Add some debuggging |
|
[a25cd3305823] |
|
|
|
2012-09-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudo_nss.c: |
|
Disable word wrap in list mode when stdout is a pipe to make "sudo |
|
-l | grep ..." more useful. Adapted from a diff by Daniel Kopecek. |
|
[65ade04511fd] |
|
|
|
* common/lbuf.c: |
|
Print a trailing newline in lbuf_print() when there is not enough |
|
space to do word wrapping and the lbuf does not end with a newline. |
|
[c0200e19cd09] |
|
|
|
* plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c: |
|
Add support for [SUCCESS=return] in nsswitch.conf; from Daniel |
|
Kopecek |
|
[5c480316e3ce] |
|
|
|
* MANIFEST: |
|
Add sssd.c |
|
[9cadd014ef97] |
|
|
|
2012-09-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo, |
|
plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo, |
|
plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo, |
|
src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo: |
|
regen .po files |
|
[62423d4d143d] |
|
|
|
* MANIFEST, plugins/sudoers/po/vi.mo: |
|
Add Vietnamese sudoers translation from translationproject.org |
|
[33666a605525] |
|
|
|
* NEWS: |
|
mention PIE |
|
[05032e5304c6] |
|
|
|
* MANIFEST, plugins/sudoers/po/vi.po: |
|
Add Vietnamese sudoers translation from translationproject.org |
|
[015c2204bae2] |
|
|
|
2012-08-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in, compat/Makefile.in, mkdep.pl: |
|
Add missing signame dependency |
|
[e493bfb01929] |
|
|
|
* src/exec.c, src/ttyname.c: |
|
Silence compiler warnings. |
|
[1c5374b66d9b] |
|
|
|
* MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c, |
|
config.h.in, configure, configure.in, include/missing.h, mkdep.pl, |
|
src/exec.c, src/exec_pty.c: |
|
Replace strsigname() with sig2str(), emulating it as needed. |
|
[1e348cca1fa6] |
|
|
|
* config.h.in, configure, configure.in, src/utmp.c: |
|
Use fseeko() for legacy utmp handling if available. |
|
[b4bbd8d2c0e9] |
|
|
|
2012-08-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/strsigname.c, config.h.in, configure, configure.in: |
|
Detect sys_sigabbrev[] and use it in place of sys_signame[] if |
|
present. For some reason glibc does not declare sys_sigabbrev so we |
|
must add an extern definition of our own. |
|
[b38f3fbd7078] |
|
|
|
* compat/strsignal.c, compat/strsigname.c: |
|
Handle NULL entries in sys_siglist and sys_signame. |
|
[a388959d9654] |
|
|
|
* compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c, |
|
compat/mksigname.h, compat/strsignal.c, compat/strsigname.c: |
|
Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name} |
|
[711e41aba59a] |
|
|
|
2012-08-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
sync |
|
[5a2522488754] |
|
|
|
* src/exec.c: |
|
Pass on SIGTSTP to the command if it was sent by a user process (not |
|
the kernel or the terminal) when we are not I/O logging and set the |
|
default SIGTSTP handler when we re-send the signal to ourself, |
|
restoring our handler after we resume. |
|
[4259c47e31c0] |
|
|
|
* src/exec.c: |
|
Shells typically change their process group when they start up so |
|
that they can implement job control. Most well-behaved shells |
|
change the pgrp back to its original value before suspending so we |
|
must not try to restore in that case, lest we race with the child |
|
upon resume, potentially stopping sudo with SIGTTOU while the |
|
command continues to run. Some shells, such as pdksh, just suspend |
|
the shell by sending SIGSTOP to themselves without restoring the |
|
pgrp. In this case we need to change the pgrp back for them. Should |
|
fix bug #568 |
|
[6ac6751ffd17] |
|
|
|
2012-08-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, compat/Makefile.in, compat/mksigname.c, |
|
compat/mksigname.h, compat/strsignal.c, compat/strsigname.c, |
|
config.h.in, configure, configure.in, include/missing.h, mkdep.pl, |
|
src/exec.c, src/exec_pty.c: |
|
Use strsigname() to print signal names in the debug output. If the |
|
system has no strsigname(), use our own. |
|
[0735f18906b9] |
|
|
|
2012-08-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/regress/testsudoers/test5.inc, |
|
plugins/sudoers/regress/testsudoers/test5.sh: |
|
Remove generated file and change path for temporary include file. |
|
[4e9fa830c6b5] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
When running regress tests, list pass/fail rate for each dir |
|
(testsudoers and visudo) instead of the total. Also prevent the |
|
result files from clobbering each other by keeping them in the |
|
relevant directories. |
|
[6aac53baff7d] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Don't print an error message in yyerror() if open_sudoers() fails, |
|
we've already printed an error message. Also restore the check for |
|
sudoers_warnings in yyerror(). |
|
[aa6036df5fb2] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.h, |
|
plugins/sudoers/toke.l: |
|
Avoid printing the >>> parse error <<< message for testsudoers when |
|
the -t flag is specified. |
|
[76f3433c8992] |
|
|
|
2012-08-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/parse.c: |
|
Fix NULL deref when an entry has no Runas_Entry |
|
[4b14983ff6e7] |
|
|
|
* plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po, |
|
src/po/zh_CN.mo, src/po/zh_CN.po: |
|
sync with translationproject.org |
|
[440e9c9b37de] |
|
|
|
* NEWS: |
|
sync |
|
[3142ba2dce60] |
|
|
|
* plugins/sudoers/check.c: |
|
Correct the check_user() comment header. |
|
[73da30308fff] |
|
|
|
* plugins/sudoers/auth/sudo_auth.c: |
|
Change a log_fatal() into log_error() when no auth methods are |
|
configured. The caller already checks the return value. |
|
[05f5c39793a7] |
|
|
|
* plugins/sudoers/logging.c: |
|
Add missing debug_return |
|
[3a76bb7c2fe7] |
|
|
|
2012-08-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, |
|
doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, |
|
doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Make the capitalization consistent for .Ss and .Sx |
|
[5c5735ee4b2f] |
|
|
|
* doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat, |
|
doc/sudo.man.in, doc/sudo.mdoc.in: |
|
Add COMMAND EXECUTION section that describes how sudo runs the |
|
command, the extra sudo processes and signal handling. |
|
[dff2d88e984e] |
|
|
|
2012-08-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in: |
|
Happy Easter |
|
[4b9d697c6b83] |
|
|
|
2012-08-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/Makefile.in: |
|
Don't echo the awk command when building siglist.in |
|
[21daa72921e6] |
|
|
|
* doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, |
|
doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Cosmetic changes. |
|
[19259528e9ad] |
|
|
|
* doc/Makefile.in: |
|
The HISTORY, LICENSE and CONTRIBUTORS files are not longer |
|
generated. |
|
[ea6ac9e981e6] |
|
|
|
* MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo, |
|
plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po, |
|
plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po, |
|
src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po, |
|
src/po/uk.po, src/po/vi.po: |
|
Sync with translationproject.org and add Italian sudoers |
|
translation. |
|
[9276740aea59] |
|
|
|
2012-08-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Expand description of fqdn to talk about systems where the hosts |
|
file is searched before DNS. |
|
[4ee812ca6116] |
|
|
|
2012-08-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/Makefile.in: |
|
For cat pages there is nothing to make unless DEVEL is set. |
|
[fab4a5b68708] |
|
|
|
* configure, configure.in, doc/Makefile.in: |
|
Always use mandoc to format cat pages and remove now-extraneous |
|
nroff configure tests. |
|
[5747f4ed5762] |
|
|
|
* pp: |
|
sync polypkg from git |
|
[89ddf6ea3e3f] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Use AI_FQDN instead of AI_CANONNAME if available since "canonical" |
|
is not always the same as "fully qualified". |
|
[7c1d9c098386] |
|
|
|
2012-08-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.mdoc.in: |
|
Fix some typos. Describe error messages not related to policy |
|
permissions. |
|
[f5ebf9030d85] |
|
|
|
* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, |
|
plugins/sudoers/visudo.c: |
|
Add new check_defaults() function to check (but not update) the |
|
Defaults entries. Visudo can now use this instead of |
|
update_defaults to check all the defaults regardless instead of just |
|
the global Defaults entries. |
|
[3fa879ce1b65] |
|
|
|
2012-08-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Document sudoers log format. |
|
[08998a7061ab] |
|
|
|
* NEWS: |
|
Update for sudo 1.8.5p3 |
|
[6e102a5d4e8d] |
|
|
|
* src/load_plugins.c: |
|
Add missing check for I/O plugin API version when checking for the |
|
presence of I/O plugin hooks. |
|
[ef05c7eeaf81] |
|
|
|
* src/hooks.c: |
|
Can't call debug code in the process_hooks_xxx functions() since |
|
ctime() may look up the timezone via the TZ environment variable. |
|
[2179fb26bd8e] |
|
|
|
2012-08-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_common.c, src/sesh.c, src/utmp.c: |
|
Include signal.h before sudo_exec.h since it uses sigset_t * in the |
|
fork_pty prototype. |
|
[94fc0d859600] |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, |
|
doc/visudo.man.in, doc/visudo.mdoc.in: |
|
Remove OPTIONS section; options now go inside DESCRIPTION |
|
[a619fc58a746] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[44719d80bc06] |
|
|
|
* MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, |
|
plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, |
|
plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po, |
|
src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po: |
|
Sync with translationproject.org and add new Slovenian translation. |
|
[34b4b966bbac] |
|
|
|
* common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c, |
|
plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/testsudoers.c: |
|
Reduce the number of "internal error, foo overflow" messages that |
|
need to be translated. |
|
[93ffa2b3d53f] |
|
|
|
* NEWS: |
|
Mention HP-UX reboot fix. |
|
[1e39b5aa32ac] |
|
|
|
* INSTALL, NEWS, common/sudo_debug.c, configure, configure.in, |
|
doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c, |
|
plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c: |
|
Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers |
|
data source. From Daniel Kopecek and Pavel Brezina. |
|
[3f85e95d6928] |
|
|
|
2012-08-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_conf.c, src/load_plugins.c: |
|
If sudo.conf contains an I/O plugin but no policy plugin, use |
|
sudoers for the policy plugin. If a policy plugin is specified |
|
without an I/O plugin, only the policy plugin will be loaded. |
|
[ea192df2439d] |
|
|
|
* doc/Makefile.in, doc/sudoers.man.in: |
|
Do not modify the .Os section when building the .man.in file from |
|
.mdoc.in. |
|
[a9f9628e147f] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Add a note about wildcards matching multiple words and include an |
|
example. Also mention that for sudoedit, a wildcard in command line |
|
args does not match a slash. |
|
[fcb9fbac14e0] |
|
|
|
2012-08-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_pty.c, src/sudo_exec.h: |
|
Fix a comment, update a variable name in a prototype; all cosmetic. |
|
[e89f10cbd6e1] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Cast 2nd argument of lseek() to off_t if it is a constant for |
|
systems with 64-bit off_t but without a proper lseek() prototype. |
|
[d8779da135d0] |
|
|
|
* compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c, |
|
plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/visudo.c: |
|
Fix some warnings from clang checker-267 |
|
[1e44ef7860b5] |
|
|
|
* plugins/sample/sample_plugin.c: |
|
Fix memory leak found by clang checker-267 |
|
[f8a43617fdfb] |
|
|
|
2012-08-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h: |
|
If we receive a signal from the command we executed, do not forward |
|
it back to the command. This fixes a problem with BSD-derived |
|
versions of the reboot command which send SIGTERM to all other |
|
processes, including the sudo process. Sudo would then deliver |
|
SIGTERM to reboot which would die before calling the reboot() system |
|
call, effectively leaving the system in single user mode. |
|
[4ffab9ab9e98] |
|
|
|
2012-08-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/fixman.sh, doc/fixmdoc.sh: |
|
Remove section about Solaris 10 on other systems. Add missing |
|
sudoers.man.in bit to fixman.sh. |
|
[176559199ba7] |
|
|
|
2012-08-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Expand section on Solaris privileges. |
|
[3a1bfa2f1743] |
|
|
|
* NEWS: |
|
Expand a bit on the Solaris priv set changes. |
|
[bffb78b4a520] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/parse.c, plugins/sudoers/parse.h, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: |
|
The second argument to init_parser() is now bool. |
|
[fb727a4fb651] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y: |
|
Fix printing of parse error message to stderr. |
|
[dea6b420b84f] |
|
|
|
* plugins/sudoers/check.c, plugins/sudoers/defaults.c, |
|
plugins/sudoers/match.c, plugins/sudoers/parse.c, |
|
plugins/sudoers/parse.h, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c: |
|
If a command matches using an empty Runas_List (i.e. Runas_List is |
|
present but empty) and the -u option was not specified, set runas_pw |
|
to user_pw instead of using runas_default. This is intended to be |
|
used in conjunction with the Solaris Privilege Set support for rules |
|
that grant privileges without changing the user. |
|
[e84a081f3c11] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, |
|
plugins/sudoers/gram.c, plugins/sudoers/gram.h, |
|
plugins/sudoers/gram.y, plugins/sudoers/match.c, |
|
plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h: |
|
Add support for parsing an empty Runas_List, which only allows the |
|
command to be run as the invoking user. This can be used in |
|
conjunction with the Solaris Privilege Set support to grant |
|
privileges without changing the user. |
|
[dc34373792fc] |
|
|
|
2012-08-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/fixman.sh: |
|
Fix HP-UX, just use ".TH name section" like the vendor manuals. |
|
[559738237c92] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Fix compilation on Solaris |
|
[2d310302207c] |
|
|
|
* .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, |
|
doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh, |
|
doc/sudoers.mdoc.sh: |
|
Generate a sed script file when munging *.mdoc or *.man instead of |
|
passing sed expressions on the command line. Older seds do not |
|
support \n in a replacement so generate and run a sed script |
|
instead. |
|
[0bcce3f1ca18] |
|
|
|
* doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in, |
|
doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in, |
|
doc/visudo.man.in: |
|
Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION" |
|
[fe0f10b63776] |
|
|
|
2012-07-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c: |
|
When checking whether a signal is user-generated, compare si_code |
|
against SI_USER instead of <= 0 since on HP-UX, terminal-related |
|
signals get a code of 0. |
|
[4e9021243343] |
|
|
|
* src/sudo.c: |
|
SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX |
|
interchangably. This causes problems when setting RLIMIT_NPROC to |
|
RLIM_INFINITY due to a bug in bash where bash tries to honor the |
|
value of _SC_CHILD_MAX but treats a value of -1 as an error, and |
|
uses a default value of 32 instead. |
|
|
|
Previously, we just checked RLIMIT_NPROC and, if it was unlimited, |
|
restored the previous value of RLIMIT_NPROC. However, that makes it |
|
impossible to set nproc to unlimited. We now only restore the nproc |
|
resource limit if sysconf(_SC_CHILD_MAX) is negative. In most |
|
cases, pam_limits will set RLIMIT_NPROC for us. |
|
[cb71cc8d0b08] |
|
|
|
2012-07-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
Active Directory apparently requires that tenths of a second be |
|
present in a date so append .0 to the "now" value in the time |
|
filter. Also remove space for the global AND from TIMEFILTER_LENGTH |
|
since it was not being used consistently. Buffers of |
|
TIMEFILTER_LENGTH now need to account for the terminating NUL byte. |
|
[d28619ff6e45] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Fix SELinux build |
|
[cc0d1f4e851b] |
|
|
|
2012-07-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST: |
|
Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they |
|
were not being kept in sync. |
|
[fc3ad1847cb1] |
|
|
|
* doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod, |
|
doc/license.pod: |
|
Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they |
|
were not being kept in sync. |
|
[950363dffe3a] |
|
|
|
2012-07-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/logging.c: |
|
Fix printing of the permission denied message to standard error when |
|
a user is not allowed to run a command. This got broken by the |
|
recent logging changes. |
|
[b7af63da3ca1] |
|
|
|
* plugins/sudoers/sudoers_version.h: |
|
Bump grammar version for Solaris privs. |
|
[2a2baf024477] |
|
|
|
* doc/schema.ActiveDirectory: |
|
Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder |
|
were added. From David Hicks. |
|
[3fc432a8edb4] |
|
|
|
2012-07-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Remove lex.yy.c when building toke.c |
|
[72bb9e62b289] |
|
|
|
* doc/Makefile.in: |
|
Fix building docs in a build dir. |
|
[7a6f435af022] |
|
|
|
* doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod, |
|
doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod, |
|
doc/sudoreplay.pod, doc/visudo.pod: |
|
Remove pod versions of the manual; we now use mdoc. |
|
[5c967d2dd5db] |
|
|
|
* MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh, |
|
doc/sudoers.man.sh, doc/sudoers.mdoc.sh: |
|
Add post-processing scripts to strip out login class, BSD auth, |
|
SELinux and privilege set bits when they are not supported. |
|
[d0d51f72f597] |
|
|
|
* NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in, |
|
doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in, |
|
doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod, |
|
plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, |
|
plugins/sudoers/def_data.in, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.h, plugins/sudoers/gram.y, |
|
plugins/sudoers/parse.c, plugins/sudoers/parse.h, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l, src/sudo.c, src/sudo.h: |
|
Merge in Solaris privilege support by Darren Moffat and John |
|
Zolnowsky |
|
[3aa0a64f2f5c] |
|
|
|
2012-07-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/contributors.pod: |
|
Sync with CONTRIBUTORS file |
|
[9a0852306ad9] |
|
|
|
* doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, |
|
doc/sudoers.man.in, doc/sudoreplay.man.in: |
|
Regen .man.in files with my private mandoc. |
|
[dc3c9fc449eb] |
|
|
|
* doc/Makefile.in: |
|
add MANDOC variable |
|
[35527e66afc5] |
|
|
|
2012-07-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, |
|
doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in: |
|
Regen .man.in files with hacked mandoc to avoid issues with historic |
|
nroff. |
|
[d45cfa7d665f] |
|
|
|
2012-07-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.mdoc.in, doc/sudoers.mdoc.in: |
|
Fix groff warnings. |
|
[111d522ca807] |
|
|
|
* doc/Makefile.in: |
|
Fix dependencies for .man.in files. |
|
[aefeffe1af2b] |
|
|
|
* .hgignore: |
|
Add doc/*.mdoc to ignore file |
|
[1e4de6ef2ad8] |
|
|
|
* INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in, |
|
doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, |
|
doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, |
|
doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, |
|
doc/visudo.man.in, doc/visudo.mdoc.in: |
|
Build .man.in and .cat files from .mdoc.in files. Add new --with-man |
|
and --with-mdoc configure options. |
|
[c963fd7e8f80] |
|
|
|
2012-07-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in, |
|
doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in: |
|
Sudo manuals formatted in mdoc, to replace the pod versions. |
|
[e6dca4030451] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, |
|
doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, |
|
doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod, |
|
doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, |
|
doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod: |
|
More minor costmetic fixes. |
|
[a7287a68385a] |
|
|
|
2012-07-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: |
|
Minor cosmetic fixes. |
|
[9c48bdaf3946] |
|
|
|
2012-07-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot: |
|
Use "a password is required" instead of "password required" when the |
|
-n flag is used and we need to read a password. |
|
[a3c30fc41648] |
|
|
|
2012-07-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Mention logging changes. |
|
[8238fd6e02e8] |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
regen |
|
[e2cf634ba63b] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: |
|
Document that other mail_* flags have precedence over mail_badpass. |
|
[9f4cc9188f40] |
|
|
|
* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, |
|
plugins/sudoers/logging.c, plugins/sudoers/logging.h, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
|
Move log_denial() calls and logic to log_failure(). Move |
|
authentication failure logging to log_auth_failure(). Both of these |
|
call audit_failure() for us. |
|
|
|
This subtly changes logging for commands that are denied by sudoers |
|
but where the user failed to enter the correct password. |
|
Previously, these would be logged as "N incorrect password attempts" |
|
but now are logged as "command not allowed". Fixes bug #563 |
|
[cad35f0b3ad7] |
|
|
|
2012-07-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/aix.c: |
|
Do not set a resource limit to zero when we are unable to fetch a |
|
value from /etc/security/limits. |
|
[62bfb0a7895e] |
|
|
|
2012-07-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Add "Provides: sudo" to debian sudo-ldap package |
|
[beb8afa0beb2] |
|
|
|
2012-07-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in, zlib/Makefile.in: |
|
Define NO_VIZ for zlib when gcc doesn't support symbol visibility |
|
attributes. |
|
[9fdcbf526386] |
|
|
|
* configure, configure.in: |
|
Use the autoconf cache when checking for symbol export control |
|
support. |
|
[03c2cce8711f] |
|
|
|
* INSTALL, common/Makefile.in, compat/Makefile.in, configure, |
|
configure.in, mkpkg, plugins/sample/Makefile.in, |
|
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
|
plugins/system_group/Makefile.in, src/Makefile.in: |
|
Add configure check for building PIE executables instead of doing it |
|
in mkpkg. |
|
[02b5b78ef258] |
|
|
|
* sudo.pp: |
|
MacOS pp backend doesn't like modes longer than 4 characters. |
|
[01b49022bf01] |
|
|
|
2012-07-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding |
|
-fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool |
|
will strip -fstack-protector from the linker flags and we always |
|
link with libtool. |
|
[0a0a0250ac2b] |
|
|
|
2012-06-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, |
|
doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: |
|
Regen for sudo 1.8.6 |
|
[1657ee28b496] |
|
|
|
* NEWS, doc/sudoers.ldap.pod: |
|
Document improved Tivoli Directory Server support. |
|
[fb411edf4687] |
|
|
|
* config.h.in, configure, configure.in, plugins/sudoers/ldap.c: |
|
Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf |
|
option to specify Tivoli key db password. Allow TLS ciphers to be |
|
configured for Tivoli. |
|
[737e17c91e60] |
|
|
|
2012-06-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
Tivoli Directory Server 6.3 libs always return a (bogus) error when |
|
setting LDAP_OPT_CONNECT_TIMEOUT. |
|
[504406637c38] |
|
|
|
* NEWS: |
|
Update |
|
[687a755604e8] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the |
|
same as LDAP_OPT_CONNECT_TIMEOUT (OpenSSH). Don't make failure to a |
|
set an ldap option fatal. |
|
[17cf93ae3304] |
|
|
|
2012-06-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Zero pointers in sudo_user struct after freeing, just in case. |
|
[8eff1f80b943] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Free user_gids in close function if it has not already been freed. |
|
[cbce28877f37] |
|
|
|
* plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h: |
|
Defer group ID to name resolution until we actually need it. |
|
[463e75b81e89] |
|
|
|
* src/sudo.c: |
|
It is safe to read in sudo.conf before calling user_info(). |
|
[3290b6434e3c] |
|
|
|
* plugins/sudoers/env.c, plugins/sudoers/ldap.c: |
|
Use MAX_UID_T_LEN + 1 for uid/gid buffers, not MAX_UID_T_LEN to |
|
prevent potential truncation. Bug #562. |
|
[29d9fc4e0c4e] |
|
|
|
2012-06-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
If installing with installp, error out if there is already an |
|
instance of the rpm package installed. |
|
[ec24c6faba22] |
|
|
|
* mkpkg: |
|
Add --disable-nls for AIX |
|
[192ac2f7d65e] |
|
|
|
2012-06-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Debian sudo-ldap packages should now depend on libldap-2.4-2, not |
|
libldap2. |
|
[cbcec71e6b58] |
|
|
|
2012-06-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Add Homepage and Bugs to debian control file. |
|
[0f19d7d14e66] |
|
|
|
2012-06-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* mkpkg: |
|
fix typo when setting aix_freeware |
|
[2fd6feb50195] |
|
|
|
* common/Makefile.in, compat/Makefile.in, configure, configure.in, |
|
doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, |
|
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
|
plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in: |
|
Don't run regress tests or sudoers sanity check (using the newly- |
|
built visudo) when cross compiling. Bug #560 |
|
[0c4e3f68b2f5] |
|
|
|
* MANIFEST, configure, configure.in, plugins/sample/Makefile.in, |
|
plugins/sample/sample_plugin.exp, plugins/sample/sample_plugin.map, |
|
plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in, |
|
plugins/sample_group/sample_group.exp, |
|
plugins/sample_group/sample_group.map, |
|
plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/sudoers.exp, plugins/sudoers/sudoers.map, |
|
plugins/sudoers/sudoers.sym, plugins/system_group/Makefile.in, |
|
plugins/system_group/system_group.exp, |
|
plugins/system_group/system_group.map, |
|
plugins/system_group/system_group.sym: |
|
Rename foo.sym -> foo.exp Remove foo.map from the repo and generate |
|
it on demand Use a loader option file for HP-UX ld to explicitly |
|
export symbols |
|
[2402ff5302ab] |
|
|
|
* src/Makefile.in: |
|
Remove extraneous backslash |
|
[8ca054de138c] |
|
|
|
* plugins/sudoers/regress/check_symbols/check_symbols.c: |
|
Don't check for errorx as an exported symbols as it is now a macro. |
|
Check for user_in_group() instead. |
|
[7b02c8ecd3ea] |
|
|
|
2012-06-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Adjust ld map file support to use an anonymous scope to match the |
|
updated .map files. |
|
[49be44282d9e] |
|
|
|
2012-06-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure, configure.in, include/gettext.h: |
|
Older versions of Solaris lack ngettext() |
|
[028af10dfa5f] |
|
|
|
* configure, configure.in: |
|
Move the check for -static-libgcc until after AC_LANG_WERROR has |
|
been called and use AX_CHECK_COMPILE_FLAG(). |
|
[a7b09120e7ff] |
|
|
|
* include/gettext.h: |
|
Sudo defines HAVE_SETLOCALE not HAVE_LOCALE_H |
|
[3aa2780d4a4e] |
|
|
|
* include/error.h, include/sudo_debug.h: |
|
Fix gcc 2.x variant macro support. |
|
[8e71c2370997] |
|
|
|
* plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c: |
|
Fix compilation on gcc 2.95 and other compilers that only allow |
|
variable declarations at the beginning of a block. |
|
[9d80c802bb46] |
|
|
|
* configure, configure.in, plugins/sudoers/Makefile.in: |
|
Link check_symbols with SUDO_LIBS to make sure we link with the |
|
requisite libraries to successfully dlopen sudoers.so. This is |
|
needed on HP-UX where a program dlopen()ing a shared object that |
|
uses pthreads must also be linked with pthreads (and HP-UX LDAP uses |
|
pthreads). |
|
[b8961cd82337] |
|
|
|
* plugins/sudoers/regress/check_symbols/check_symbols.c: |
|
Add check for exported local symbols. This will cause a "make |
|
check" failure on systems where we don't support symbol hiding. |
|
[8aa549389bb1] |
|
|
|
* configure, configure.in: |
|
Additional ${foo} -> $(foo) Makefile tweaks. |
|
[046bbde18f52] |
|
|
|
* plugins/sample/sample_plugin.map, |
|
plugins/sample_group/sample_group.map, plugins/sudoers/sudoers.map, |
|
plugins/system_group/system_group.map: |
|
No need to provide a name for the scope in the map file since we |
|
don't use the it for versioning. |
|
[5ed4b997560d] |
|
|
|
2012-06-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/regress/check_symbols/check_symbols.c: |
|
Add regress test for symbol visibility. |
|
[9adddd4e0518] |
|
|
|
2012-06-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.in: |
|
sudo 1.8.6 |
|
[57008a7afb77] |
|
|
|
* configure, configure.in, include/missing.h: |
|
Add support for controlling symbol visibility using the HP and |
|
Solaris C compilers. |
|
[46d5b468979e] |
|
|
|
* plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/sudoers.h: |
|
Use the expanded io log dir when updating the sequence number. |
|
Includes a workaround for older versions of sudo where the sequence |
|
number was stored in the unexpanded io log dir. |
|
[210797dab9a8] |
|
|
|
2012-06-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/parse_args.c: |
|
Simplify "sudo -s" argv rewriting. |
|
[7be143dae7c5] |
|
|
|
* MANIFEST, configure, configure.in, plugins/sample/Makefile.in, |
|
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
|
plugins/system_group/Makefile.in, src/Makefile.in, |
|
src/sudo_noexec.map: |
|
Don't use a map file for sudo_noexec.so since Solaris ld doesn't |
|
allow '*' in the global section. The libtool export flag is now |
|
added to LT_LDFLAGS instead of commenting/uncommenting lines. |
|
[38fc37a66b04] |
|
|
|
2012-06-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure, configure.in, include/missing.h: |
|
The visibility attribute was actually added in gcc 3.3.x, not 4.0. |
|
Just assume that if -fvisibility=hidden works that the attribute is |
|
usable. |
|
[d3904d6faf14] |
|
|
|
* plugins/sudoers/check.c, plugins/sudoers/iolog.c, |
|
plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/match.c, plugins/sudoers/pwutil.c, |
|
plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/sudoers.map, |
|
plugins/sudoers/sudoers.sym, plugins/sudoers/testsudoers.c, |
|
plugins/system_group/system_group.c: |
|
Export group cache from sudoers.so for system_group.so to use. |
|
[16695d207fc5] |
|
|
|
* MANIFEST, configure, configure.in, include/missing.h, |
|
plugins/sample/Makefile.in, plugins/sample/sample_plugin.map, |
|
plugins/sample_group/Makefile.in, |
|
plugins/sample_group/sample_group.map, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.map, plugins/system_group/Makefile.in, |
|
plugins/system_group/system_group.map, src/sudo_noexec.c, |
|
src/sudo_noexec.map: |
|
Use gcc's visibility attribute to specify when symbols are visible |
|
or hidden, if available. If not available, use an ELF version |
|
script if it is supported. If all else fails, fall back to using |
|
libtool's -export-symbols. |
|
[64e889921727] |
|
|
|
2012-06-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Add mode for installed locale files but leave the directories with |
|
default mode and owner. |
|
[142237dbb31f] |
|
|
|
2012-06-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* mkpkg, sudo.pp: |
|
Install AIX packages under /opt/freeware with links in /usr/bin and |
|
/usr/sbin. This matches the layout of the sudo package from AIX |
|
freeware. |
|
[0b79d47bbe01] |
|
|
|
* Makefile.in, configure, configure.in, plugins/sample/Makefile.in, |
|
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
|
plugins/system_group/Makefile.in, src/Makefile.in, sudo.pp: |
|
Install shared objects with mode 0644 except on HP-UX which needs |
|
the executable bit set. |
|
[ae416af0ba6c] |
|
|
|
* Makefile.in, doc/Makefile.in, include/Makefile.in, |
|
plugins/sudoers/Makefile.in, src/Makefile.in: |
|
Make installed file modes consistent with the file modes in the sudo |
|
package. |
|
[307386373289] |
|
|
|
2012-06-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.pod: |
|
Add "%:" prefix when talking about QAS non-Unix group support. |
|
[7cb25f6861f8] |
|
|
|
* pp, sudo.pp: |
|
Fix packaging of symbolic links on HP-UX when the link source |
|
already exists in the filesystem. |
|
[c9bb48031596] |
|
|
|
* mkpkg: |
|
Only specify prefix if we are overriding the default value. Fixes |
|
the man dir (/usr/local/man vs. /usr/local/share/man). |
|
[65351b6c1697] |
|
|
|
* sudo.pp: |
|
Fix setting of sudoedit_man variable. |
|
[9beed9ae5bba] |
|
|
|
* doc/Makefile.in: |
|
Echo the command when linking the sudoedit manual. |
|
[6c83b5657b55] |
|
|
|
2012-06-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* mkpkg, sudo.pp: |
|
Build .deb packages with selinux support. |
|
[3fd9cb1b4526] |
|
|
|
2012-06-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Don't list paths for unstripped binaries in the lintial overrides. |
|
[4c8e16f1773b] |
|
|
|
* pp: |
|
Add support for Installed-Size header in control file, required by |
|
newer debian versions. |
|
[e97d76234bee] |
|
|
|
* pp: |
|
Fix extended description in .deb files. |
|
[d35e27ace146] |
|
|
|
* sudo.pp: |
|
Add Depends, Replaces and Conflicts headers for .deb packages. |
|
[76eb6c4b3278] |
|
|
|
2012-06-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudo_nss.c: |
|
If there are no privs to print, write the message to the lbuf |
|
instead of printing it directly. |
|
[ecd56226abb7] |
|
|
|
2012-05-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Set -e in %pos and %preun for debian to quiet a lintian warning. |
|
[8bb908514df9] |
|
|
|
* doc/Makefile.in, src/Makefile.in, sudo.pp: |
|
Install sudoedit and the sudoedit manual as symbolic links, not hard |
|
links and package them as such. |
|
[f317ff3cf3e7] |
|
|
|
* sudo.pp: |
|
Make sudo binary permissions 755 instead of 111 Add lintian |
|
overrides file for .deb files. |
|
[991cd7d7f0e1] |
|
|
|
* configure, configure.in, doc/Makefile.in, mkpkg: |
|
Replace out of date MAN_POSTINSTALL with MANCOMPRESS and |
|
MANCOMPRESSEXT which can be used to compress the installed manual |
|
pages. Compress the man pages for .deb files to appease lintian. |
|
[4e34083b41d2] |
|
|
|
* sudo.pp: |
|
Debian fixes: |
|
* fix modes to be more in line with what Debian expects |
|
* add section |
|
* install LICENSE as copyright and ChangeLog as changelog |
|
* create stub changelog.debian |
|
[7f6c5647f588] |
|
|
|
* pp: |
|
Fix find command to properly skip files in the DEBIAN dir when |
|
building md5sums. |
|
[8918bde941fa] |
|
|
|
* pp, sudo.pp: |
|
Use a debian-compliant package maintainer field. |
|
[fc51a94170eb] |
|
|
|
2012-05-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
No need to loop over atomic_writev(), it guarantees to write all |
|
data or return an error. |
|
|
|
Fix handling of stdout/stderr that contains "\r\n" and handle a |
|
"\r\n" pair that spans a buffer. |
|
[8aaf02d90c45] |
|
|
|
2012-05-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update for sudo 1.8.5p2 |
|
[d369d4d40a19] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Instead of doing extra write()s when replaying stdout, build up a |
|
vector for writev() instead. This results in far fewer system |
|
calls. |
|
[303d866c025c] |
|
|
|
2012-05-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/env_hooks.c, src/sudo.h, src/tgetpass.c: |
|
Provide unhooked version of getenv() and use it when looking up |
|
DISPLAY and SUDO_ASKPASS in the environment. |
|
[04dbdccf4a14] |
|
|
|
2012-05-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
When replaying a log of stdout or stderr, do newline to carriage |
|
return + linefeed conversion. We cannot have termios do this for us |
|
since we've disabled output postprocessing (POST) when setting raw |
|
mode. |
|
[61352a7d996f] |
|
|
|
2012-05-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
When checking for -fstack-protector, treat warnings as fatal errors. |
|
[4124cd12d511] |
|
|
|
2012-05-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Fix test for -z relro |
|
[548bdb6f5c4a] |
|
|
|
* MANIFEST: |
|
Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4 |
|
[ed063264a2a1] |
|
|
|
* INSTALL, aclocal.m4, configure, configure.in, |
|
m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4: |
|
Build with -fstack-protector and link with -zrelo where supported. |
|
Added --disable-hardening option to disable hardening options. |
|
[0b6c1a1ceb03] |
|
|
|
2012-05-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/Makefile.in, |
|
plugins/sudoers/regress/testsudoers/test1.sh, |
|
plugins/sudoers/regress/testsudoers/test2.sh, |
|
plugins/sudoers/regress/testsudoers/test3.sh, |
|
plugins/sudoers/regress/testsudoers/test4.out.ok, |
|
plugins/sudoers/regress/testsudoers/test4.sh, |
|
plugins/sudoers/regress/testsudoers/test5.inc, |
|
plugins/sudoers/regress/testsudoers/test5.out.ok, |
|
plugins/sudoers/regress/testsudoers/test5.sh, |
|
plugins/sudoers/testsudoers.c: |
|
Add tests for sudoers mode, owner and group checks. |
|
[a7607443aba0] |
|
|
|
* plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: |
|
If sudoers_mode is group-readable but the actual sudoers file is |
|
not, open the file as uid 0, not uid 1. This fixes a problem when |
|
sudoers has a more restrictive mode than what sudo expects to find. |
|
In older versions, sudo would silently chmod the file to add the |
|
group-readable bit. |
|
[c056b6003e6f] |
|
|
|
* INSTALL, common/secure_path.c, config.h.in, configure, configure.in: |
|
No longer throw an error if sudoers is a symbolic link. Deprecated |
|
the --with-stow option as that is now (effectively) the default. |
|
[8ce783e54886] |
|
|
|
2012-05-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/Makefile.in, |
|
plugins/sudoers/regress/testsudoers/test2.inc, |
|
plugins/sudoers/regress/testsudoers/test2.out.ok, |
|
plugins/sudoers/regress/testsudoers/test2.sh, |
|
plugins/sudoers/regress/testsudoers/test3.d/root, |
|
plugins/sudoers/regress/testsudoers/test3.out.ok, |
|
plugins/sudoers/regress/testsudoers/test3.sh: |
|
Add basic tests for #include and #includedir |
|
[b303e4218951] |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Add -U sudoers_uid option to testsudoers. |
|
[3f8ed13501ba] |
|
|
|
2012-05-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.in: |
|
Update for 1.8.5p1 |
|
[c33c49bf5b4b] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Fix #includedir; from Mike Frysinger |
|
[d4833d4e39a0] |
|
|
|
* plugins/sudoers/check.c: |
|
Don't prompt for a password if the user is in the exempt group, is |
|
root, or is running the command as themselves even if the -k option |
|
was specified. This makes "sudo -k command" consistent with the |
|
behavior one would get if the user ran "sudo -k" immediately before |
|
running the command. |
|
[632b3961df00] |
|
|
|
2012-05-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* INSTALL: |
|
Fix capitalization |
|
[7258aa977caf] |
|
|
|
* mkpkg: |
|
Build PIE executable on Mac OS X 10.5 and above. |
|
[2a5c7ef92182] |
|
|
|
2012-05-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update for sudo 1.8.4p5 |
|
[21164f508b68] |
|
|
|
* plugins/sudoers/match_addr.c: |
|
Add missing break between AF_INET and AF_INET6 in |
|
addr_matches_if_netmask() |
|
[672a4793931a] |
|
|
|
* plugins/sudoers/mon_systrace.c: |
|
Move systrace monitor code to the attic |
|
[d6faf4754e9c] |
|
|
|
2012-05-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c: |
|
The pointer to the siginfo_t struct in a signal handler may be NULL. |
|
[41a4ee934b53] |
|
|
|
2012-05-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/pwutil.c: |
|
Fix an alignment problem on NetBSD systems with a 64-bit time_t and |
|
strict alignment. Based on a patch from Martin Husemann. |
|
[1e5ba3c18f17] |
|
|
|
* include/missing.h: |
|
Add offsetof macro for those without it. |
|
[e44cb51d2587] |
|
|
|
* MANIFEST: |
|
add system_group plugin |
|
[6169793b510c] |
|
|
|
2012-05-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/dlopen.c: |
|
Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX. |
|
[85bd03bc5d94] |
|
|
|
2012-05-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Mention system_group plugin |
|
[05393dd4bdb8] |
|
|
|
* Makefile.in, plugins/sudoers/Makefile.in, |
|
plugins/system_group/Makefile.in: |
|
update depends |
|
[6feb0b824fc4] |
|
|
|
* plugins/system_group/system_group.c: |
|
Only call gr_delref() when use sudo's password caching functions. |
|
[1103442e21fa] |
|
|
|
* plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in: |
|
Add missing dependency on libreplace.la |
|
[05bfd9d4657f] |
|
|
|
* compat/dlopen.c: |
|
Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and |
|
PROG_HANDLE. |
|
[2382d0693acc] |
|
|
|
* Makefile.in, configure, configure.in, |
|
plugins/system_group/Makefile.in, |
|
plugins/system_group/system_group.c, |
|
plugins/system_group/system_group.sym: |
|
Add group plugin that does lookups by name using the system group |
|
database. |
|
[2ddbb604112f] |
|
|
|
* plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo, |
|
src/po/pl.po: |
|
sync with translationproject.org |
|
[4ef05df4226d] |
|
|
|
2012-05-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po, |
|
src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po, |
|
src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po, |
|
src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, |
|
src/po/zh_CN.mo, src/po/zh_CN.po: |
|
sync with translationproject.org |
|
[115c3f828fc5] |
|
|
|
2012-05-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Add mode for docdir and use '-' (default) for localedir mode. Fixes |
|
a problem on Linux when building in a directory with the setgid bit |
|
set. |
|
[582279c8bcb1] |
|
|
|
2012-04-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* pp: |
|
Match CentOS 6.0 |
|
[1e99ef210f98] |
|
|
|
2012-04-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update with recent changes |
|
[c5fc220ba696] |
|
|
|
* pp: |
|
Fix version check on AIX |
|
[d272e39112f4] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[72b23509465a] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP |
|
SDK. |
|
[87b685e70b9a] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Fix printing of invalid uri |
|
[645aa53acdde] |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Pass PAM_SILENT when deleting creds to remove an annoying warning |
|
message on Solaris. |
|
[1dd0301ef293] |
|
|
|
2012-04-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/utmp.c: |
|
Fix the setutxent and endutxent compatibility defines (this time |
|
correctly) when only setutent and endutent are available. |
|
[d136d2867db9] |
|
|
|
* plugins/sudoers/ldap.c: |
|
sudo_ldap_set_options_global() should not take an LDAP handle as an |
|
argument since the options affect the global settings. |
|
[1dc39b9d20f2] |
|
|
|
* mkpkg: |
|
Debian sudo has not been built with --with-exempt=sudo since 1.6.8. |
|
[c7716291a856] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, |
|
plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c, |
|
src/sudo.h: |
|
Call the policy's init_session() function before we fork the child. |
|
That way, the session is created and destroyed in the same process, |
|
which is needed by some modules, such as pam_mount. |
|
[ece552ba002e] |
|
|
|
* doc/TROUBLESHOOTING: |
|
Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is |
|
not specified. |
|
[bd293e100b28] |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Delete creds after closing the PAM session. |
|
[5158d726d6a5] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Provide a more useful error message if using a Mozilla-style LDAP |
|
SDK and you forgot to specify TLS_CERT in ldap.conf. |
|
[7cb78feb899c] |
|
|
|
* src/exec_pty.c: |
|
Add missing initialization of a sigaction structure when I/O |
|
logging. Fixes a potential problem when suspending the command. |
|
[f4480f2ba816] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Split global and per-connection LDAP options into separate arrays. |
|
Set global LDAP options before calling ldap_initialize() or |
|
ldap_init(). After we have an LDAP handle, set the per-connection |
|
options. Fixes a problem with OpenLDAP using the nss crypto backend; |
|
bug #342 |
|
[265c9d2dc12b] |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po, |
|
src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: |
|
sync with translationproject.org |
|
[6d7fe44be21e] |
|
|
|
2012-04-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/sudo.c, src/sudo.h: |
|
Move struct passwd pointer into struct command details. |
|
[d6fb1eff2065] |
|
|
|
2012-04-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* pp: |
|
Sync with upstream for Mac OS X (and other) fixes. |
|
[c2f4998d01b0] |
|
|
|
* mkpkg: |
|
Only built Mac intel universal binary on an intel machine. |
|
[0009e0b7e5a8] |
|
|
|
* src/Makefile.in: |
|
Do not pass libtool the -static-libtool-libs option when building |
|
sudo and sesh. Otherwise, libtool may prefer a static version of an |
|
installed library over a dynamic one when linking. |
|
[6fbac9adc885] |
|
|
|
2012-04-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo, |
|
plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po: |
|
Add German translation for sudo Add Croatian translation for sudoers |
|
[fa4da1a6530c] |
|
|
|
* plugins/sudoers/iolog.c: |
|
typo fix in comment |
|
[abd721d1288e] |
|
|
|
2012-04-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update with recent changes |
|
[6fa11e8448b9] |
|
|
|
* Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
Sort xgettext output by file name. |
|
[f650841810f0] |
|
|
|
* doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod: |
|
Clarify what "sudoreplay -l" displays and mention that it is sorted. |
|
[84031c117bd6] |
|
|
|
* config.h.in, configure, configure.in, src/ttyname.c: |
|
Use AC_HEADER_MAJOR to determine where major/minor are defined. |
|
[3c949650a223] |
|
|
|
* config.h.in, configure, configure.in, src/ttyname.c: |
|
Include sys/mkdev.h if present instead of sys/sysmacros.h for |
|
minor(). This is needed on Solaris (at least) where the makedev |
|
macros in sysmacros.h are obsolete and library functions should be |
|
used instead. |
|
[343928acf81e] |
|
|
|
* mkpkg: |
|
When building on Mac OS X, only set SDK_FLAGS if specified osversion |
|
doesn't match host. |
|
[d84c6efac872] |
|
|
|
2012-04-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/ttyname.c: |
|
Add back buf and tty variables for _ttyname() case that were |
|
inadvertantly removed. |
|
[a4a820b22a44] |
|
|
|
2012-04-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
regen |
|
[5446b12c1250] |
|
|
|
* configure, configure.in: |
|
Remove b8 from version number. |
|
[5adc4dcec061] |
|
|
|
* src/ttyname.c: |
|
remove some XXX |
|
[187579a5f593] |
|
|
|
* src/ttyname.c: |
|
When looking for a device match, do a breadth-first search instead |
|
of depth-first. We already special case /dev/pts/ so chances are |
|
good that if it is not a pseudo-tty it is in the base of /dev/. Also |
|
avoid a stat(2) when possible if struct dirent has d_type. |
|
[0183f8a1b278] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, |
|
src/sudo.c, src/sudo.h: |
|
Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list. |
|
[f0574d878491] |
|
|
|
* src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo, |
|
src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo, |
|
src/po/vi.mo: |
|
sync with translationproject.org |
|
[4527ea78fbd5] |
|
|
|
* MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po, |
|
src/po/hr.mo, src/po/hr.po: |
|
New Croatian and Galician translations from translationproject.org |
|
[ad4bd924b4de] |
|
|
|
* src/ttyname.c: |
|
Add depth-first traversal of /dev/ for the /proc case when not |
|
/dev/pts/N |
|
[499bd3456774] |
|
|
|
* config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c: |
|
If struct dirent has d_type, use it to avoid an extra stat(). |
|
[741dabbe4bcd] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Sort output of "sudoreplay -l" |
|
[c0615795bd4b] |
|
|
|
2012-04-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Fix duplicate free introduced in last rev |
|
[efdaabe69d75] |
|
|
|
2012-04-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Instead of treating ^C from tgetpass() specially, always return |
|
AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL |
|
like PAM_AUTH_ERR which Mac OS X returns this when there is no tty. |
|
[a3b17298d4d0] |
|
|
|
* config.h.in, configure, configure.in, src/ttyname.c: |
|
Rototill code to determine the tty. For Linux, we now look up the |
|
tty device in /proc/pid/stat instead of trying to open |
|
/proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given |
|
device number to a string. On BSD, we can use devname(). On |
|
Solaris, _ttyname_dev() does what we want. TODO: write /dev/ |
|
traversal code for the generic sudo_ttyname_dev(). |
|
[6b22be4d09f0] |
|
|
|
2012-04-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/ttyname.c: |
|
Define PRNODEV for those w/o it. |
|
[f17290e64559] |
|
|
|
* config.h.in, configure, configure.in, src/ttyname.c: |
|
Check for SVR4-style struct psinfo.pr_ttydev and use that to |
|
determine the tty if std{in,out,err} are not ttys. |
|
[76ad33a91f4b] |
|
|
|
* src/ttyname.c: |
|
Better support for SVR4-style /proc entries where we can't use |
|
ttyname() on the /proc/pid/fd/[0-2] entries. We can, however, |
|
attempt to map the device number back to the correct pseudo-tty |
|
slave device. |
|
[4f9f48cc79eb] |
|
|
|
* src/ttyname.c: |
|
When trying to determine the tty name, check parent's stderr in |
|
addition to its stdin and stdout. |
|
[604644056c7d] |
|
|
|
* src/exec_pty.c: |
|
Treat a tty read failure like EOF as it usually means the pty has |
|
gone away. Handle write() on the tty returning EIO. |
|
[16957f4a706f] |
|
|
|
* src/exec.c, src/exec_pty.c: |
|
Linux select() may return ENOMEM if there is a kernel resource |
|
shortage. Older Solaris select() may return EIO instead of EBADF |
|
when the tty goes away. If we get an unhandled select() failure, |
|
kill the child and exit cleanly. |
|
[d93940a311ab] |
|
|
|
* src/ttyname.c: |
|
Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might |
|
block in open. |
|
[a9f809d09d52] |
|
|
|
2012-04-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Fix restoration of AIX permissions. |
|
[30c717115988] |
|
|
|
* src/parse_args.c: |
|
Allow the -k flag to be used along with the -i and -s flags. |
|
[0653b17c97f1] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Plug memory leak in parse_logfile() in the error path. |
|
[9cce86fa833b] |
|
|
|
* plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po, |
|
src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po, |
|
src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po, |
|
src/po/zh_CN.mo, src/po/zh_CN.po: |
|
sync with translationproject.org |
|
[14af43d0b170] |
|
|
|
2012-04-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/regress/glob/globtest.c, config.h.in, configure, |
|
configure.in, plugins/sudoers/match.c: |
|
Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the |
|
glob() and fnmatch() results to be consistent. |
|
[4226750d73c2] |
|
|
|
2012-04-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in, |
|
src/ttysize.c: |
|
Move ttysize.c to common so sudoreplay can use it. |
|
[b4a0aa514cd4] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
If I/O log file includes rows + cols, warn if the user's tty is not |
|
big enough. |
|
[b980ef89efff] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Fix printing of TSID in "sudoreplay -l" |
|
[4221e3e108b4] |
|
|
|
* common/sudo_debug.c, include/sudo_debug.h, |
|
plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c, |
|
src/exec_pty.c: |
|
Log the process id in the debug file output. Since we don't want to |
|
keep calling getpid(), stash the value at init time and when we |
|
fork(). |
|
[2782d30c024d] |
|
|
|
* src/exec_pty.c: |
|
Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It |
|
is better to receive EIO from read()/write() than to be suspended |
|
when we don't expect it. Fixes a problem when our terminal is |
|
revoked which can happen when, e.g. our sshd is killed |
|
unceremoniously. Also, only change the value of "alive" from true to |
|
false, never from false to true. It is possible for us to receive |
|
notification of the child having stopped after it is already dead. |
|
This does not mean it has risen from the grave. |
|
[26c9fe8ce0f9] |
|
|
|
* src/exec_pty.c: |
|
Distinguish between signals we received from the parent vs. those |
|
delivered explicitly to the monitor process in debugging info. |
|
[40716cb180e5] |
|
|
|
2012-04-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/check.c: |
|
In Solaris 11, /dev/pts under the "dev" filesystem, not "devices". |
|
Update tty_is_devpts() to match so we can determine when the tty has |
|
been reused. |
|
[2689665df027] |
|
|
|
* common/sudo_debug.c, include/error.h, include/sudo_debug.h: |
|
Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf() |
|
and use a new flag, SUDO_DEBUG_FILENO to specify when to use it. |
|
This allows consumers of sudo_debug_printf() to log that data |
|
without having to specify it manually. |
|
[7c94c4879208] |
|
|
|
* src/exec_pty.c: |
|
Make this compile after last change. |
|
[ee09034f3266] |
|
|
|
* src/exec_pty.c: |
|
Don't try to restore the terminal if we are not the foreground |
|
process. Otherwise, we may be stopped by SIGTTOU when we try to |
|
update the terminal settings when cleaning up. |
|
[c48b24335456] |
|
|
|
* src/exec.c: |
|
If select() return EBADF in the main event loop, one of the ttys |
|
must have gone away so perform any I/O we can and close the bad fds. |
|
[3bc8678c03ce] |
|
|
|
* common/sudo_debug.c, include/error.h, include/sudo_debug.h, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.h, |
|
plugins/sudoers/toke.l: |
|
Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the |
|
function, file and line number in the debug log for warning() and |
|
error(). |
|
[894cd131f11d] |
|
|
|
2012-04-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_debug.c, include/error.h, include/sudo_debug.h, |
|
src/conversation.c: |
|
Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno. |
|
Use this flag when wrapping error() and warning() so the debug |
|
output includes the error string. |
|
[1e2c67adaf1f] |
|
|
|
2012-03-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update for sudo 1.8.5 |
|
[7d2b62b823fe] |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
regen |
|
[718ad9de92cd] |
|
|
|
* doc/CONTRIBUTORS: |
|
sync |
|
[f48013aea641] |
|
|
|
* plugins/sudoers/pwutil.c: |
|
Use ecalloc() |
|
[fabd23c1f271] |
|
|
|
* src/exec_pty.c: |
|
Don't need zero_bytes() after ecalloc() |
|
[1a9d95cd10ef] |
|
|
|
* config.h.in, configure, configure.in, src/sudo_noexec.c: |
|
Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to |
|
sudo_noexec.c. |
|
[cbaa1d4b0f8a] |
|
|
|
* src/utmp.c: |
|
Fix compat setutxent and endutxent macros for systems with |
|
setutent() but not setutxent(). From Gustavo Zacarias |
|
[d7ce622fc5f2] |
|
|
|
2012-03-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure.in: |
|
Add ignore_result definition to AH_BOTTOM |
|
[8d4096838a98] |
|
|
|
* common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c, |
|
src/exec.c, src/exec_pty.c, src/tgetpass.c: |
|
Fix compiler warnings on some platforms and provide a better method |
|
of defeating gcc's warn_unused_result attribute. |
|
[9a8f804fcc75] |
|
|
|
* configure, configure.in: |
|
Fix building the builtin zlib from a build dir. When a zlib dir was |
|
specified, prepend its include path instead of appending so we get |
|
the right zlib headers. |
|
[5f61d591b186] |
|
|
|
* doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h, |
|
zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c, |
|
zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h, |
|
zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in, |
|
zlib/zlib.h, zlib/zutil.c, zlib/zutil.h: |
|
Update zlib to version 1.2.6 |
|
[173c4bc4d4fc] |
|
|
|
2012-03-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* include/missing.h: |
|
g/c __unused which is no longer used |
|
[7ef3f23edcd6] |
|
|
|
* src/env_hooks.c: |
|
Fix compilation if RTLD_NEXT is not defined. |
|
[d5605f468b71] |
|
|
|
* src/po/sr.mo, src/po/sr.po: |
|
sync with translationproject.org |
|
[27d559f7985d] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, |
|
doc/sudoers.man.in: |
|
regen |
|
[f9f63ce478b6] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[59035d82d15a] |
|
|
|
* Makefile.in: |
|
Ignore Project-Id-Version when comparing pot files. |
|
[22feb9ede46b] |
|
|
|
* plugins/sudoers/bsm_audit.c: |
|
Use error() instead of log_fatal() |
|
[54130bda4b50] |
|
|
|
* plugins/sudoers/env.c: |
|
Fix signedness of didvar in env_update_didvar() |
|
[77048a80b3e4] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Quiet a compiler warning on some platforms. |
|
[8fdcaece0400] |
|
|
|
* compat/fnmatch.c: |
|
cast ctype(3) function/macro arguments from char to unsigned char to |
|
avoid potential negative subscripting. |
|
[bdcf7eef21ef] |
|
|
|
* common/setgroups.c: |
|
Quiet a warning on systems where the gids array in setgroups() is |
|
not prototyped as being const, even though it really is. |
|
[fdd758c6302d] |
|
|
|
* src/env_hooks.c: |
|
Quiet a compiler warning on systems where the argument to putenv(3) |
|
is const. |
|
[51bae2193b53] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Undo an incorrect int -> bool conversion. |
|
[b9a4ce320f14] |
|
|
|
* MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, |
|
src/po/sv.mo, src/po/sv.po: |
|
Add Swedish sudo and sudoers translations from |
|
translationproject.org |
|
[f7ce1de9073f] |
|
|
|
* plugins/sudoers/env.c: |
|
No need to preserve ODMDIR on AIX now that we always read |
|
/etc/environment. |
|
[4aa04b2f0125] |
|
|
|
2012-03-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.pod, plugins/sudoers/env.c: |
|
When initializing the environment for env_reset, start out with the |
|
contents of /etc/environment on AIX and login.conf on BSD. |
|
[5717bdc321e2] |
|
|
|
* doc/TROUBLESHOOTING, src/sudo.c: |
|
If we are not running with an effective uid of 0, try to give the |
|
user enough information to debug the problem. |
|
[fa4894896d8a] |
|
|
|
* plugins/sudoers/getdate.c, plugins/sudoers/gram.c: |
|
Quiet a clang-analyzer false positive. |
|
[c4c0c1b9c8b0] |
|
|
|
* src/tgetpass.c: |
|
If there is nothing to read from the askpass program, set errno to |
|
EINTR. This makes the cancel button behave like the user entered ^C |
|
at the password prompt when PAM is used. |
|
[594302cb9caf] |
|
|
|
* src/sudo.h, src/tgetpass.c: |
|
Fetch the value of "askpass" from the sudo conf struct. |
|
[4593ee8f1bd3] |
|
|
|
* common/sudo_conf.c: |
|
Fix matching of "Path askpass" and "Path noexec" |
|
[4df28d62afb9] |
|
|
|
2012-03-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo.c: |
|
Quiet a clang-analyzer dead store warning. |
|
[dd90bf385a3f] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
If the "timestampowner" user cannot be resolved, use ROOT_UID |
|
instead of exiting with a fatal error. |
|
[8d62aae99715] |
|
|
|
* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, |
|
plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, |
|
plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c, |
|
plugins/sudoers/check.c, plugins/sudoers/env.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/logging.h, plugins/sudoers/parse.c, |
|
plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: |
|
Remove the NO_EXIT flag to log_error() and add a log_fatal() |
|
function that exits and is marked no_return. Fixes false positives |
|
from static analyzers and is easier for humans to read too. |
|
[a0fe785c2a3d] |
|
|
|
2012-03-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, |
|
src/po/eo.po: |
|
sync with translationproject.org |
|
[df5e8777de13] |
|
|
|
2012-03-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/po/da.mo, src/po/da.po: |
|
sync with translationproject.org |
|
[629d99548b78] |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: |
|
sync with translationproject.org |
|
[9d122a2860d6] |
|
|
|
2012-03-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/po/it.mo, src/po/it.po: |
|
sync with translationproject.org |
|
[6397593b15cf] |
|
|
|
* common/sudo_conf.c, plugins/sudoers/alias.c, |
|
plugins/sudoers/defaults.c, plugins/sudoers/env.c, |
|
plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c, |
|
src/load_plugins.c: |
|
Use ecalloc() when allocating structs. |
|
[8b5888868db2] |
|
|
|
* common/alloc.c, include/alloc.h: |
|
Add ecalloc() and commented out recalloc(). Use inline strnlen() |
|
instead of strlen() in estrndup(). |
|
[7fb9aa46c1e0] |
|
|
|
2012-03-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po, |
|
src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po, |
|
src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, |
|
src/po/zh_CN.mo, src/po/zh_CN.po: |
|
sync with translationproject.org |
|
[45a032c37334] |
|
|
|
2012-03-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Remove unused label |
|
[2660bb0c1313] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: |
|
Document what changed in each plugin API revision |
|
[59b30a6fc4d1] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Remove bogus optimization that could lead to a double free of the |
|
group list. |
|
[b0bfbd2a83a8] |
|
|
|
2012-03-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/TROUBLESHOOTING: |
|
Expand AIX /etc/security/privcmds entry. |
|
[9f3f072e034e] |
|
|
|
* NEWS: |
|
Update for sudo 1.8.5 |
|
[086049011f25] |
|
|
|
* common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat, |
|
doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, |
|
doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat, |
|
doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h, |
|
include/sudo_plugin.h, src/load_plugins.c, src/sudo.c, |
|
src/sudo_plugin_int.h: |
|
Rename plugin "args" to "options" |
|
[f25624951bd2] |
|
|
|
* doc/CONTRIBUTORS: |
|
Add Lithuanian and Vietnamese translators |
|
[2b4c075b69e3] |
|
|
|
* Makefile.in: |
|
Ignore comments when comparing new and old pot files. |
|
[f872999347b3] |
|
|
|
* src/Makefile.in: |
|
regen |
|
[c8193b1b11c7] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in: |
|
regen |
|
[15e3c17e8a3a] |
|
|
|
* doc/sudo_plugin.pod, include/sudo_plugin.h, |
|
plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, |
|
plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c, |
|
src/sudo.c, src/sudo.h: |
|
Pass a pointer to user_env in to the init_session policy plugin |
|
function so session setup can modify the user environment as needed. |
|
For PAM authentication, merge the PAM environment with the user |
|
environment at init_session time. We no longer need to swap in the |
|
user_env for environ during session init, nor do we need to disable |
|
the env hooks at init_session time. |
|
[3f5277b359d8] |
|
|
|
* plugins/sample/sample_plugin.c: |
|
Add explicit NULL entries for init_session, register_hooks and |
|
deregister_hooks with appropriate comments. |
|
[727a57978b40] |
|
|
|
* compat/pw_dup.c: |
|
Quiet a gcc "used uninitialized in this function" false positive. |
|
[f14b68379ce9] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
We should always call warning() with a format string or a string |
|
literal. In this case, the argument (path) is not user-controlled. |
|
[e9ef51224024] |
|
|
|
2012-03-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/selinux.c: |
|
Include sudo_exec.h for the sudo_execve() prototype. |
|
[769e58065edc] |
|
|
|
* config.h.in, configure, configure.in: |
|
Add check for pam_getenvlist() |
|
[36bde3f26c60] |
|
|
|
* common/sudo_conf.c: |
|
Set args to NULL in default plugin info struct when there is no |
|
Plugin line in sudo.conf. |
|
[93ec67708f01] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[a9287677795c] |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, |
|
doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: |
|
regen |
|
[a242769d7962] |
|
|
|
* configure, configure.in: |
|
Bump version to 1.8.5 |
|
[e8618f0c2505] |
|
|
|
* doc/sudo_plugin.pod: |
|
Document hooks API |
|
[e6ad07d27958] |
|
|
|
2012-03-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris. |
|
[fd72340042d3] |
|
|
|
* include/sudo_plugin.h: |
|
Use sudo_hook_fn_t in struct sudo_hook. |
|
[938f93112d6e] |
|
|
|
* doc/TROUBLESHOOTING: |
|
If cross compiling, --host must include the OS in the tuple. E.g. |
|
--host powerpc-unknown-linux |
|
[b8c010070c1e] |
|
|
|
2012-03-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/parse.c: |
|
Fix bogus int -> bool conversion; tags can have a value of -1. |
|
[e63d6434a303] |
|
|
|
* plugins/sudoers/env.c: |
|
Add env_should_keep() and env_should_delete() wrapper functions to |
|
simplify things a bit and hide the fact that matches_env_check() is |
|
not bool. |
|
[7a03d7a12b50] |
|
|
|
* sudo.pp: |
|
Fix application of debian-specific sudoers mods when building |
|
packages as non-root. |
|
[34bf4c52c425] |
|
|
|
* plugins/sudoers/env.c: |
|
matches_env_check() returns int, not boolean |
|
[0ad915b8d5cb] |
|
|
|
* src/sudo_edit.c: |
|
Fix compilation when seteuid() is not available. |
|
[8a722f998000] |
|
|
|
* src/ttyname.c: |
|
Simply move the free of ki_proc outside the realloc() loop. |
|
[217b786da760] |
|
|
|
* src/ttyname.c: |
|
Bring back the erealloc() for the ENOMEM loop and just zero the |
|
pointer after we free it. |
|
[29a016e45127] |
|
|
|
* src/ttyname.c: |
|
Don't try to erealloc() a potentially freed pointer; Mateusz Guzik |
|
[266e08844065] |
|
|
|
2012-03-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Use normal error path if unable to set sudoers gid. |
|
[01c816918c99] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Make this work again on systems w/o seteuid(). |
|
[2e67f7421e97] |
|
|
|
2012-03-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Fix compilation if no seteuid/setreuid/setresuid available. |
|
[d0b3c1f88eb4] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Better error messages, and added debugging throughout. Fixed |
|
seteuid() version of set_perms()/restore_perms(). Fixed logic bug in |
|
AIX version of restore_perms(). Added checks to avoid changing |
|
uid/gid when we don't have to. Never set gid/uid state to -1, use |
|
the old value instead. |
|
[29188d469b5c] |
|
|
|
* src/exec_pty.c, src/ttyname.c: |
|
Fix format string warning on Solaris with gcc 3.4.3. |
|
[d1eeb6e1dd0f] |
|
|
|
* src/sudo.c: |
|
Always declare environ now that we swap it around unilaterally. |
|
[aaa3e92e7d0d] |
|
|
|
* src/Makefile.in: |
|
Honor LDFLAGS when linking sesh; from Vita Cizek |
|
[498b41438f6e] |
|
|
|
* src/sesh.c: |
|
Include alloc.h for estrdup() prototype; from Vita Cizek |
|
[93203655a320] |
|
|
|
2012-03-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Don't read /etc/environment on Linux when using PAM, PAM should set |
|
the environment variables as needed via pam_env. |
|
[b1ef62cb2d40] |
|
|
|
* INSTALL: |
|
Fix editor goof. |
|
[0c3dd3bb8b57] |
|
|
|
* src/hooks.c, src/sudo.c, src/sudo.h: |
|
Disable environment hooks after we get user_env back to make sure a |
|
plugin can't to modify user_env after we "own" it. This is kind of |
|
a hack but we don't want the init_session plugin function to modify |
|
user_env. |
|
[8e6d119452a5] |
|
|
|
* src/hooks.c, src/sudo.c: |
|
Add support for deregistering hooks. If an I/O log plugin fails to |
|
initialize, deregister its hooks (if any). |
|
[ac00c93900c5] |
|
|
|
2012-03-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers.c, src/sudo.c: |
|
Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook |
|
setenv. |
|
[e75469dd9908] |
|
|
|
* MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in, |
|
compat/setenv.c, compat/unsetenv.c, config.h.in, configure, |
|
configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl, |
|
plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c, |
|
plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c, |
|
src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h, |
|
src/sudo_plugin_int.h: |
|
Initial cut at a hooks implementation. The plugin can register |
|
hooks for getenv, putenv, setenv and unsetenv. This makes it |
|
possible for the plugin to trap changes to the environment made by |
|
authentication methods such as PAM or BSD auth so that such changes |
|
are reflected in the environment passed back to sudo for execve(). |
|
[61cffa06f863] |
|
|
|
2012-03-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, src/po/vi.mo, src/po/vi.po: |
|
Add Vietnamese sudo translation from translationproject.org |
|
[96df426790d5] |
|
|
|
2012-03-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod, |
|
doc/sudoers.pod: |
|
List sudo_noexec.so not noexec.so in the sample sudo.conf |
|
[53844e190ec5] |
|
|
|
* common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod, |
|
doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h, |
|
include/sudo_plugin.h, plugins/sample/sample_plugin.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c, |
|
src/sudo_plugin_int.h: |
|
Add support for plugin args at the end of a Plugin line in |
|
sudo.conf. Bump the minor number accordingly and update the |
|
documentation. A plugin must check the sudo front end's version |
|
before using the plugin_args parameter since it is only supported |
|
for API version 1.2 and higher. |
|
[587f1f819536] |
|
|
|
2012-03-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/Makefile.in: |
|
update depends |
|
[6d2da44e11e5] |
|
|
|
* MANIFEST: |
|
secure_path.c is in common, not compat |
|
[619c4a663dde] |
|
|
|
* configure, configure.in: |
|
Add check for variadic macro support in cpp. |
|
[756854caf675] |
|
|
|
2012-02-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/secure_path.c, common/sudo_conf.c, include/secure_path.h, |
|
plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Add type param to sudo_secure_path() and add sudo_secure_file() and |
|
sudo_secure_dir() wrappers which get by #includedir in sudoers. |
|
[2ec2d3d8df04] |
|
|
|
2012-02-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/visudo.pod, plugins/sudoers/visudo.c: |
|
Check the owner and mode in -c (check) mode unless the -f option is |
|
specified. Previously, the owner and mode were checked on the main |
|
sudoers file when the -s (strict) option was given, but this was not |
|
documented. |
|
[b2d6ee1e547a] |
|
|
|
* config.h.in, configure, configure.in, src/ttyname.c: |
|
Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some |
|
versions of OpenBSD versions that have KERN_PROC2 but not KERN_PROC. |
|
[159f6a50456a] |
|
|
|
2012-02-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS: |
|
Add Eric Lakin for patch in bug #538 |
|
[490c29c234c6] |
|
|
|
* src/exec_pty.c: |
|
Fix typo in safe_close() made while converting to debug framework |
|
that prevented it from actually closing anything. |
|
[a66422a62afd] |
|
|
|
* src/exec_pty.c: |
|
Add some more debugging. |
|
[b5667947dda9] |
|
|
|
* common/Makefile.in, compat/Makefile.in, doc/Makefile.in, |
|
include/Makefile.in: |
|
We need sysconfdir in compat/Makfile to get the proper sudo.conf |
|
path. Add standard prefix and foodir expansion in all Makefiles to |
|
avoid this problem in the future. |
|
[62b6ce4ecae9] |
|
|
|
2012-02-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po: |
|
New Lithuanian sudoers translation from translationproject.org |
|
[10436b649035] |
|
|
|
* plugins/sudoers/po/ja.po: |
|
Update from translationproject.org |
|
[acb8db5f8ef1] |
|
|
|
2012-02-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
When adding gids to the LDAP filter, only add the primary gid once. |
|
This is consistent with the space computation/allocation. From Eric |
|
Lakin |
|
[35d9d99c92c6] |
|
|
|
* doc/TROUBLESHOOTING: |
|
Add entry for AIX enhanced RBAC config. |
|
[5e10b6f8def7] |
|
|
|
* mkpkg: |
|
Target Mac OS X 10.5 when building packages. |
|
[06fce9bbebee] |
|
|
|
2012-02-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/Makefile.in, common/secure_path.c, |
|
common/sudo_conf.c, include/secure_path.h, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c: |
|
Relax the user/group/mode checks on sudoers files. As long as the |
|
file is owned by the right user, not world-writable and not writable |
|
by a group other than the one specified at configure time (gid 0 by |
|
default), the file is considered OK. Note that visudo will still |
|
set the mode to the value specified at configure time. |
|
[241174babfcc] |
|
|
|
2012-02-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Add AIX-specific version of permission setting code to make sure |
|
that the saved uid gets restored properly. |
|
[9a6f5d22c301] |
|
|
|
* config.h.in, configure, configure.in, src/exec_common.c: |
|
Check for LD_PRELOAD variants in configure instead of checkign cpp |
|
symbols. In disable_execute(), compute the length of the new envp |
|
and allocate it once instead of reallocating on demand. Also append |
|
old value of LD_PRELOAD (if any) to the new value. |
|
[680266346917] |
|
|
|
* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: |
|
Fix the description of noexec. |
|
[6a6d142f3c80] |
|
|
|
* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: |
|
The "op" parameter to set_default() must be int, not bool since it |
|
is set to '+' or '-' for list add and subtract. |
|
[8da5b137bea2] |
|
|
|
* sudo.pp: |
|
Make sure sudoers is writable before calling ed script. |
|
[95352ab6336b] |
|
|
|
2012-02-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS, doc/contributors.pod: |
|
Update contributors. Now includes translators and authors of compat |
|
code. |
|
[4fb5b616b50a] |
|
|
|
2012-02-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/po/sudo.pot: |
|
regen |
|
[2c86e2c328fe] |
|
|
|
* pp, sudo.pp: |
|
Build flat packages, not package bundles, on Mac OS X. |
|
[57bda3cd5520] |
|
|
|
2012-02-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Move macos section to be with the other OS-specific sections. |
|
[51423bb2973a] |
|
|
|
* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: |
|
Sync with translationproject.org |
|
[8ce41cbb8da0] |
|
|
|
* configure, configure.in: |
|
Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS |
|
[fa979aa6fe7d] |
|
|
|
* sudo.pp: |
|
Add Mac OS X support, printing the latest chunk of the NEWS file and |
|
the license text in the installer. |
|
[ffeab72387c0] |
|
|
|
* sudo.pp: |
|
Add explicit file modes that match those used by "make install" |
|
[7eb37242c920] |
|
|
|
* pp: |
|
Sync with upstream for Mac OS X fixes. |
|
[97cba179041e] |
|
|
|
* plugins/sudoers/Makefile.in, src/Makefile.in: |
|
Got back to using "install-sh -M" for files installed as non- |
|
readable by owner. This fixes "make install" as non-root for |
|
package building. |
|
[967804ee77d6] |
|
|
|
2012-02-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, |
|
plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po: |
|
Sync with translationproject.org |
|
[0e53db12039a] |
|
|
|
* Makefile.in, doc/Makefile.in, include/Makefile.in, |
|
plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, |
|
plugins/sudoers/Makefile.in, src/Makefile.in: |
|
Use -m not -M for install-sh for everything except setuid. Install |
|
locale .mo files mode 0444, not 0644. If timedir parent doesn't |
|
exist, use default dir mode, not 0700. |
|
[8b6f64c92090] |
|
|
|
2012-02-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* pp: |
|
Re-sync with upstream; no longer need a local patch. |
|
[97a2c7be5e59] |
|
|
|
* mkpkg: |
|
Add support for building Mac OS X packages. |
|
[94d49ac223a4] |
|
|
|
* pp: |
|
Sync with upstream |
|
[1c97654fc841] |
|
|
|
* src/Makefile.in: |
|
No longer need to define _PATH_SUDO_CONF here. |
|
[2560905b7482] |
|
|
|
* src/exec_common.c: |
|
Fix noexec for Mac OS X. |
|
[b7a744bca2c0] |
|
|
|
2012-02-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/Makefile.in: |
|
Move _PATH_SUDO_CONF override to common to match sudo_debug.c |
|
[f0788972a63a] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
More complete fix for LDR_PRELOAD on AIX. The addition of |
|
set_perm(PERM_ROOT) before calling the nss open functions (needed to |
|
avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective |
|
and then real uid to 0 for PERM_ROOT works around the issue. |
|
[5888eda051af] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[997fe403e219] |
|
|
|
* src/sudo.c: |
|
Set real uid to root before calling sudo_edit() or run_command() so |
|
that the monitor process is owned by root and not by the user. |
|
Otherwise, on AIX at least, the monitor process shows up in ps as |
|
belonging to the user (and can be killed by the user). |
|
[d4772d7d2fc5] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
For PERM_ROOT when using setreuid(), only set the euid to 0 prior to |
|
the call to setuid(0) if the current euid is non-zero. This |
|
effectively restores the state of things prior to rev 7bfeb629fccb. |
|
Fixes a problem on AIX where LDR_PRELOAD was not being honored for |
|
the command being executed. |
|
[b9b40325b4dc] |
|
|
|
* MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in, |
|
include/missing.h, src/sudo.c: |
|
Make a copy of the struct passwd in exec_setup() to make sure |
|
nothing in the policy init modifies it. |
|
[b721261c921f] |
|
|
|
2012-02-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.pod: |
|
update copyright |
|
[f9d229d1f65e] |
|
|
|
* common/sudo_debug.c, include/sudo_debug.h: |
|
g/c now-unused debug subsystems |
|
[8f21726e698f] |
|
|
|
* doc/sudo.pod, doc/sudoers.pod: |
|
Enumerate the debug subsystems used by sudo and sudoers. |
|
[ac4f84293d14] |
|
|
|
2012-02-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod, |
|
include/sudo_conf.h, src/sudo.c: |
|
Normally, sudo disables core dumps while it is running. This |
|
behavior can now be modified at run time with a line in sudo.conf |
|
like "Set disable_coredumps false" |
|
[ad14e0508b0d] |
|
|
|
* NEWS: |
|
Mention Spanish translation |
|
[600f3205bd6e] |
|
|
|
* common/sudo_debug.c: |
|
Make sure we don't try to fall back to using the conversation |
|
function for debugging in the main sudo process if we are unable to |
|
open the debug file. |
|
[ffa329aa908c] |
|
|
|
* MANIFEST, src/po/es.mo, src/po/es.po: |
|
Add sudo Spanish translation from translationproject.org |
|
[c1906654e740] |
|
|
|
2012-02-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/iolog.c: |
|
Better debug subsystem usage |
|
[1a31f115743c] |
|
|
|
* src/sudo.c: |
|
Remove duplicate function prototypes |
|
[ae04b00532eb] |
|
|
|
2012-02-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Error out if user specified --with-pam but we can't find the headers |
|
or library. Also throw an error if the headers are present but the |
|
library is not and vice versa. |
|
[d6bf3e3d0aae] |
|
|
|
2012-01-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Fix the sudoers permission check when the expected sudoers mode is |
|
owner-writable. |
|
[8b0b7e770a22] |
|
|
|
2012-01-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Verify that we can link executables built with -D_FORTIFY_SOURCE |
|
before using it. |
|
[7578215d1a95] |
|
|
|
* src/exec_common.c: |
|
Fix potential off-by-one when making a copy of the environment for |
|
LD_PRELOAD insertion. Fixes bug #534 |
|
[cc699cd551b6] |
|
|
|
* configure, configure.in: |
|
Add rudimentary check for _FORTIFY_SOURCE support by checking for |
|
__sprintf_chk, one of the functions used by gcc to support it. |
|
[a992673d2ef8] |
|
|
|
* compat/stdbool.h, config.h.in, configure, configure.in: |
|
Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves. |
|
[8ba1370884b3] |
|
|
|
2012-01-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[1e0b38397705] |
|
|
|
2012-01-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c, src/sudo.c: |
|
The change in 818e82ecbbfc that caused to exit when the monitor dies |
|
created a race condition between the monitor exiting and the status |
|
being read. All we really want to do is make sure that select() |
|
notifies us that there is a status change when the monitor dies |
|
unexpectedly so shutdown the socketpair connected to the monitor for |
|
writing when it dies. That way we can still read the status that is |
|
pending on the socket and select() on Linux will tell us that the fd |
|
is ready. |
|
[7fb5b30ea48d] |
|
|
|
* MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c, |
|
src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, |
|
src/sudo_exec.h: |
|
Refactor disable_execute() and my_execve() into exec_common.c for |
|
use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of |
|
disabling exec in exec_setup(), disable it immediately before |
|
executing the command. Adapted from a diff by Arno Schuring. |
|
[ec4d8b53db6b] |
|
|
|
2012-01-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* aclocal.m4, configure, configure.in: |
|
Add custom version of AC_CHECK_LIB that uses the extra libs in the |
|
cache value name. With this we no longer need to rely on a modified |
|
version of autoconf. |
|
[1c3b1d482d6c] |
|
|
|
2012-01-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Better handling of network functions that need -lsocket -lnsl |
|
[cc386342ec2b] |
|
|
|
* src/sudo.c: |
|
When setting up the execution environment, set groups before |
|
gid/egid like sudo 1.7 did. |
|
[928e1c5fa6c1] |
|
|
|
* configure, configure.in: |
|
Remove "WARNING: unable to find foo() trying -lsocket -lnsl" |
|
[84b23cdf138f] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
For "sudo -g" prepend the specified group ID to the beginning of the |
|
groups list. This matches BSD convention where the effective gid is |
|
the first entry in the group list. This is required on newer |
|
FreeBSD where the effective gid is not tracked separately and thus |
|
setgroups() changes the egid if this convention is not followed. |
|
Fixes bug #532 |
|
[782d6909108b] |
|
|
|
2012-01-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Fix sh warning; use "test" instead of "[" |
|
[c6ee3407f65e] |
|
|
|
* src/exec.c: |
|
When not logging I/O, use a signal handler that only forwards |
|
SIGINT, SIGQUIT and SIGHUP when they are user-generated signals. |
|
Fixes a race in the non-I/O logging path where the command may |
|
receive two keyboard-generated signals; one from the kernel and one |
|
from the sudo process. |
|
[9638684e786a] |
|
|
|
* src/exec.c: |
|
Back out change that put the command in its own pgrp when not |
|
logging I/O. It causes problems with pipelines. |
|
[4fc9c6e1e770] |
|
|
|
2012-01-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/Makefile.in, configure, configure.in: |
|
Only run compat regress tests on compat objects we actually build. |
|
Fixes "make check" in the compat dir for systems that don't |
|
implement character classes in fnmatch() or glob(). Bug #531 |
|
[a7addc305e83] |
|
|
|
2012-01-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: |
|
Update po files from translationproject.org |
|
[5ea066af1356] |
|
|
2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com> |
2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* sudo.pp: |
* sudo.pp: |
Include parent directories in case they don't already exist. This |
Include parent directories in case they don't already exist. This |
fixes a directory permissions problem with the AIX package when the |
fixes a directory permissions problem with the AIX package when the |
/usr/local directories don't already exist. |
/usr/local directories don't already exist. |
|
[a14f783dc827] |
|
|
|
* pp: |
|
sync with git version |
|
[2f79d0543661] |
|
|
|
* common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: |
|
regen dependencies |
|
[24c92ca6c64d] |
|
|
|
* MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c: |
|
Move tty name lookup code to its own file. |
|
[58faf072cbf4] |
|
|
|
2012-01-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update with latest sudo 1.8.4 changes. |
|
[a4ffe4f42528] |
|
|
|
* config.h.in, configure, configure.in: |
|
Remove obsolete template for HAVE_TIMESPEC |
|
[75709007c906] |
|
|
|
* src/sudo.c: |
|
Add a check for devname() returning a fully-qualified pathname. None |
|
of the devname() implementations do this today but you never know |
|
when this might change. |
|
[16813ace38f9] |
|
|
|
2012-01-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo.c: |
|
For "visudo -c" also list include files that were checked when |
|
everything is OK. |
|
[ad6f85b35c9c] |
|
|
|
* src/sudo.c: |
|
The device name returned by devname() does not include the /dev/ |
|
prefix so we need to add it ourselves. |
|
[b55285abb7ed] |
|
|
|
* src/sudo.c: |
|
Add debug warning if KERN_PROC sysctl fails or devname() can't |
|
resolve the tty device to a name. |
|
[b5a23916ba3a] |
|
|
|
* common/sudo_debug.c: |
|
The result of writev() is never checked so just cast to NULL. |
|
[4be4e9b58d5b] |
|
|
|
* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po: |
|
Update Esperanto, Finnish, Polish and Ukrainian translations from |
|
translationproject.org. |
|
[bb91bc6ad7e9] |
|
|
|
2012-01-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure, configure.in, src/sudo.c: |
|
Add support for determining tty via sysctl on other BSD variants. |
|
[fd15f63f719a] |
|
|
|
* configure, configure.in: |
|
Only check for struct kinfo_proc.ki_tdev on systems that support |
|
sysctl. |
|
[109b3f07a39d] |
|
|
|
* src/sudo.c: |
|
For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on |
|
ttyname() of std{in,out,err}. |
|
[95969b70bd68] |
|
|
|
2012-01-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure, configure.in, src/sudo.c: |
|
On newer FreeBSD we can get the parent's tty name via sysctl(). |
|
[3207290501ee] |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Include locale.h |
|
[a602cd0b8c2d] |
|
|
|
* src/sudo.c: |
|
Silence a gcc warning. |
|
[8c6d0e3cd534] |
|
|
|
* plugins/sudoers/bsm_audit.c: |
|
Need to include gettext.h and sudo_debug.h; from John Hein |
|
[447912aa7300] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Initialize the debug framework from the I/O plugin too. |
|
[ce1bf44d96d2] |
|
|
|
2012-01-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Enable debugging via sudo.conf. |
|
[d85669c749d0] |
|
|
|
2012-01-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo.c: |
|
Use SUDO_DEBUG_ALIAS for alias checking functions. |
|
[fb84af30dc76] |
|
|
|
* configure, configure.in: |
|
More complete test for getaddrinfo() that doesn't rely on the |
|
network libraries already being added to LIBS. |
|
[cbaf2369f4f0] |
|
|
|
2012-01-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/aix.c: |
|
Add debug support. |
|
[def1bdf24485] |
|
|
|
* configure, configure.in: |
|
Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least. |
|
[a2ea1c2eac61] |
|
|
|
* compat/getaddrinfo.c: |
|
Include errno.h and missing.h |
|
[7d15e17cc2f2] |
|
|
|
* .hgignore: |
|
ignore doc/varsub |
|
[417f9fc3231b] |
|
|
|
* configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/gram.y, plugins/sudoers/match.c, |
|
plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c, |
|
src/parse_args.c, src/sudo.c, src/sudo.h: |
|
Update copyright year. |
|
[5d0ffc7dd567] |
|
|
|
* NEWS: |
|
Update for sudo 1.8.4 |
|
[841e3eff9844] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen pot files |
|
[c509cb45b66a] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Enable debugging via sudo.conf. |
|
[5087aaee8484] |
|
|
|
* plugins/sudoers/visudo.c: |
|
Enable debugging via sudo.conf. |
|
[04b067c16ed3] |
|
|
|
* plugins/sudoers/visudo.c: |
|
Allow "visudo -c" to work when we only have read-only access to the |
|
sudoers include files. |
|
[d8c6713fe5c1] |
|
|
|
* doc/sudo.pod, doc/visudo.pod: |
|
Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add |
|
HISTORY section in sudo that points to HISTORY file. |
|
[d1f1bcb051c5] |
|
|
|
* doc/sudo.pod, doc/sudo_plugin.pod: |
|
Document Debug setting in sudo.conf and debug_flags in plugin. |
|
[acfc505aa4a9] |
|
|
|
2012-01-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/match.c: |
|
Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a |
|
bug where a pattern like "/usr/*" include /usr/bin/ in the results, |
|
which would be incorrectly be interpreted as if the sudoers file had |
|
specified a directory. From Vitezslav Cizek. |
|
[0cdb6252188c] |
|
|
|
* INSTALL, config.h.in, configure, configure.in, |
|
plugins/sudoers/auth/kerb5.c: |
|
Add --enable-kerb5-instance configure option to allow people using |
|
Kerberos V authentication to use a custom instance. Adapted from a |
|
diff by Michael E Burr. |
|
[e83af8bb7aa7] |
|
|
|
* doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h: |
|
Remove -D debug_level option. |
|
[cbcd05094347] |
|
|
|
* doc/LICENSE: |
|
Update copyright year. |
|
[9f43dd7aa852] |
|
|
|
2012-01-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/visudo.c: |
|
parse_error is now bool, not int |
|
[5ea7fb6fda38] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/parse.c: |
|
Print a more sensible error if yyparse() returns non-zero but |
|
yyerror() was not called. |
|
[d44ec88f1183] |
|
|
|
* plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c, |
|
plugins/sudoers/gram.c: |
|
Replace y.tab.c with the correct filename in #line directives. |
|
[3c84fcb7e959] |
|
|
|
2012-01-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/sudo.c: |
|
When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2} |
|
if the main process's fds 0-2 are not hooked up to a tty. Adapted |
|
from a diff by Zdenek Behan. |
|
[b9dfce12af85] |
|
|
|
* src/exec.c: |
|
When not logging I/O, put command in its own pgrp and make that the |
|
controlling pgrp if the command is in the foreground. Fixes a race |
|
in the non-I/O logging path where the command may receive two |
|
keyboard-generated signals; one from the kernel and one from the |
|
sudo process. |
|
[d0e263ce496c] |
|
|
|
2011-12-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/sudo_edit.c: |
|
Quiet a bogus gcc warning. |
|
[2009669e0608] |
|
|
|
* src/parse_args.c, src/sudo.h: |
|
Fix warnings related to sudo.conf accessors. |
|
[08ddc29ba50b] |
|
|
|
* common/sudo_conf.c, include/sudo_conf.h: |
|
Separate sudo.conf parsing from plugin loading and move the parse |
|
functions into the common lib so that visudo, etc. can use them. |
|
[f1fc659a8079] |
|
|
|
* MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c, |
|
src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h: |
|
Separate sudo.conf parsing from plugin loading and move the parse |
|
functions into the common lib so that visudo, etc. can use them. |
|
[e1f2cf6bd57a] |
|
|
|
* doc/sudoers.pod, plugins/sudoers/def_data.c, |
|
plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, |
|
plugins/sudoers/sudoers.c, src/sudo.c: |
|
Remove support for noexec_file in sudoers and the plugin API |
|
[3e2fd58879b5] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Don't dump interfaces if there are none. |
|
[9081bb4d3e9e] |
|
|
|
* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: |
|
Add missing %s printf escape to the group_plugin, iolog_dir and |
|
iolog_file descriptions. |
|
[7db03f2b737e] |
|
|
|
2011-12-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c: |
|
Fix typo in visiblepw description; from Joel Pickett |
|
[2fb4b26d5c2c] |
|
|
|
2011-12-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, configure, configure.in, mkdep.pl, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/env.c, |
|
plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, src/sudo.c: |
|
When running a login shell with a login_class specified, use |
|
LOGIN_SETENV instead of rolling our own login.conf setenv support |
|
since FreeBSD's login.conf has more than just setenv capabilities. |
|
This requires us to swap the plugin-provided envp for the global |
|
environ before calling setusercontext() and then stash the resulting |
|
environ pointer back into the command details, which is kind of a |
|
hack. |
|
[ad4f1190143b] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
If srcdir is "." just use the basename of the yacc/lex file when |
|
generating the C version. This matches the generated files |
|
currently in the repo. |
|
[0b11c3df87a8] |
|
|
|
* doc/Makefile.in, plugins/sudoers/Makefile.in: |
|
Clean up the DEVEL noise |
|
[9de2afe457fd] |
|
|
|
* src/exec.c: |
|
Handle different Unix domain socket (actually socketpair) semantics |
|
in BSD vs. Linux. In BSD if one end of the socketpair goes away |
|
select() returns the fd as readable and the read will fail with |
|
ECONNRESET. This doesn't appear to happen on Linux so if we notice |
|
that the monitor process has died when I/O logging is enabled, |
|
behave like the command has exited. This means we log the wait |
|
status of the monitor, not the command, but there is nothing else we |
|
can do at that point. This should only be an issue if SIGKILL is |
|
sent to the monitor process. |
|
[818e82ecbbfc] |
|
|
|
* src/exec_pty.c: |
|
Catch common signals in the monitor process so they get passed to |
|
the command. Fixes a problem when the entire login session is |
|
killed when ssh is disconnected or the terminal window is closed. |
|
Previously, the monitor would exit and plugin's close method would |
|
not be called. |
|
[0e4658263138] |
|
|
|
* INSTALL, configure, configure.in: |
|
Mention how to configure pam_hpsec on HP-UX to play nicely with |
|
sudo. |
|
[a7294cd8ce98] |
|
|
|
2011-12-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
Escape values in the search expression as per RFC 4515. |
|
[c2adbc5db92b] |
|
|
|
* doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, |
|
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
|
src/Makefile.in: |
|
No need for install target to depend explicitly on install-dirs, the |
|
install-foo targets all depend on it. |
|
[62a36ed98279] |
|
|
|
2011-12-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* .hgignore: |
|
ignore src/sesh |
|
[463d492f6782] |
|
|
|
* MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl, |
|
plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/env.c, |
|
plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, src/Makefile.in: |
|
Add support for setenv entries in login.conf. We can't use |
|
LOGIN_SETENV since the plugin sets up the envp the command is |
|
executed with. Also regen the Makefile.in files while here. Fixes |
|
bug #527 |
|
[088d507926e2] |
|
|
|
2011-12-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h, |
|
config.h.in, configure, configure.in, plugins/sudoers/sudoers.c, |
|
src/net_ifs.c: |
|
Add getaddrinfo() for those without it, written by Russ Allbery |
|
[4cf9ac831222] |
|
|
|
* doc/Makefile.in: |
|
Restore PACKAGE_TARNAME, it is used in docdir |
|
[9d65e893edb1] |
|
|
|
* MANIFEST, compat/stdbool.h: |
|
SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to |
|
the MANIFEST |
|
[e67700dc5621] |
|
|
|
* common/atobool.c, common/term.c, src/exec.c: |
|
Remove duplicate return statements. |
|
[48a20d5215fd] |
|
|
|
* plugins/sudoers/auth/bsdauth.c: |
|
Remove inaccurate comment |
|
[e7f0265cf657] |
|
|
|
* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c: |
|
Fetch the login class for the user we authenticate specifically when |
|
using BSD authentication. That user may have a different login |
|
class than what we will use to run the command. When setting the |
|
login class for the command, use the target user's struct passwd, |
|
not the invoking user's. Fixes bug 526 |
|
[21bf0af892f7] |
|
|
|
* compat/Makefile.in, configure, configure.in, doc/Makefile.in, |
|
plugins/sudoers/Makefile.in: |
|
Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1" |
|
[8ee6e0891f27] |
|
|
|
* plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/regress/parser/check_fill.c: |
|
Fix "make check" fallout from the sudo_conv changes in sudo_debug. |
|
[b0aaa63c9081] |
|
|
|
* common/fileops.c, common/sudo_debug.c, configure, configure.in, |
|
include/fileops.h, plugins/sample/Makefile.in, |
|
plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in, |
|
plugins/sample_group/sample_group.c, plugins/sudoers/alias.c, |
|
plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, |
|
plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, |
|
plugins/sudoers/env.c, plugins/sudoers/find_path.c, |
|
plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, |
|
plugins/sudoers/ldap.c, plugins/sudoers/match.c, |
|
plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, |
|
plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, |
|
plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.h, |
|
plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, |
|
plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, |
|
src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, |
|
src/sudo_plugin_int.h, src/utmp.c: |
|
Use stdbool.h instead of rolling our own TRUE/FALSE macros. |
|
[dcb0bbc42fc9] |
|
|
|
2011-12-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/stdbool.h, config.h.in, configure, configure.in: |
|
Add stdbool.h for systems without it. |
|
[18bd9dda1dcd] |
|
|
|
* aclocal.m4, config.h.in, configure, configure.in: |
|
No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default |
|
includes have unistd.h in them. Add check for socklen_t for |
|
upcoming getaddrinfo compat. |
|
[d705465bef69] |
|
|
|
* common/fileops.c, compat/nanosleep.c, config.h.in, configure, |
|
configure.in, plugins/sudoers/interfaces.c, |
|
plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c, |
|
plugins/sudoers/sudoreplay.c, src/net_ifs.c: |
|
Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of |
|
HAVE_TIMESPEC and HAVE_IN6_ADDR respectively. |
|
[fa187c9bd2be] |
|
|
|
* src/sudo_noexec.c: |
|
No longer need to include time.h here as missing.h does not use |
|
time_t. |
|
[fa3a089bf5b1] |
|
|
|
2011-11-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo.c: |
|
Fix mode on sudoers as needed when the -f option is not specified. |
|
[7a1c40b0dc03] |
|
|
|
* MANIFEST, src/po/sr.mo, src/po/sr.po: |
|
Add Serbian translation for sudo from translationproject.org |
|
[9a0c25e25cba] |
|
|
|
* common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c, |
|
src/parse_args.c: |
|
No longer pass debug_file to plugin, plugins must now use |
|
CONV_DEBUG_MSG |
|
[810cda1abb0b] |
|
|
|
* mkpkg: |
|
Build PIE executables for newer Debian and Ubuntu |
|
[1c5f25f8904a] |
|
|
|
* common/sudo_debug.c: |
|
Include time.h for ctime() prototype. |
|
[10090cf3bca1] |
|
|
|
2011-11-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_debug.c, include/sudo_debug.h, src/exec.c, |
|
src/exec_pty.c: |
|
Do not close error pipe or debug fd via closefrom() as we need them |
|
to report an exec error should one occur. |
|
[732f6587fafa] |
|
|
|
* doc/sudoers.ldap.pod: |
|
Document that a sudoUser may now be a group ID. |
|
[2fef46b9d3d3] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Add support for permitting access by group ID in addition to group |
|
name. |
|
[b9450fdf1f69] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Older Netscape LDAP SDKs don't prototype ldapssl_set_strength() |
|
[d62a1e7cff4f] |
|
|
|
* compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE: |
|
Replace UCB fnmatch.c with a non-recursive version written by |
|
William A. Rowe Jr. |
|
[354d3384adb8] |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Fix typo, return_debug vs. debug_return |
|
[1b522efcbb0d] |
|
|
|
2011-11-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po: |
|
Update Japanese sudoers translation from translationproject.org |
|
[ec0f2beaad36] |
|
|
|
* doc/sudoers.pod: |
|
Make the env_reset descriptions consistent. |
|
[41c056f02688] |
|
|
|
2011-11-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Do multiple expansion when expanding paths to the noexec file, sesh |
|
and the plugin directory. Adapted from a diff by Mike Frysinger |
|
[d7e16c876c66] |
|
|
|
* common/Makefile.in: |
|
regen |
|
[9d729e09c186] |
|
|
|
2011-11-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* .hgignore: |
|
Add ignore file; from Mike Frysinger |
|
[1fa8d52425f8] |
|
|
|
* mkdep.pl: |
|
no longer save old Makefile.in to .old |
|
[378dd2395545] |
|
|
|
* plugins/sudoers/Makefile.in, src/Makefile.in: |
|
regen |
|
[769faf517720] |
|
|
|
* config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4, |
|
m4/ltoptions.m4, m4/ltversion.m4: |
|
Update to libtool 2.4.2 |
|
[9dac78d84b4f] |
|
|
|
2011-11-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers_version.h: |
|
Bump grammar version for #include and #includedir relative path |
|
support. |
|
[82a4f7cd8f71] |
|
|
|
2011-11-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Add support for relative paths in #include and #includedir |
|
[4d6e3bd0c24f] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Fix install-plugin when shared objects are unsupported or disabled. |
|
[cbdd770a7a1b] |
|
|
|
* plugins/sudoers/goodpath.c: |
|
Don't write to sbp if it is NULL |
|
[fc438f8e8570] |
|
|
|
2011-11-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in: |
|
Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set, |
|
only install matching .mo files |
|
[c1dc30ab4ebc] |
|
|
|
2011-11-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c, |
|
plugins/sudoers/sudoers.c, src/conversation.c: |
|
Fix non-dynamic (no dlopen) sudo build. |
|
[b0bd3fa925a3] |
|
|
|
* configure, configure.in: |
|
Don't error out if the user specified --disable-shared |
|
[cf035dd1e5cc] |
|
|
|
* common/sudo_debug.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, |
|
src/conversation.c: |
|
Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to |
|
the debug file. |
|
[640c62f83251] |
|
|
|
* plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, |
|
plugins/sudoers/sudoers.h: |
|
Make sudo_goodpath() return value bolean |
|
[fea2d59a6e55] |
|
|
|
* INSTALL, MANIFEST, configure, configure.in, mkdep.pl, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c: |
|
Remove obsolete securid auth method. |
|
[4e54f860214b] |
|
|
|
* plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, |
|
plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, |
|
plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, |
|
plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, |
|
plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, |
|
plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, |
|
plugins/sudoers/auth/sudo_auth.h: |
|
Prefix authentication functions with a "sudo_" prefix to avoid |
|
namespace problems. |
|
[581d74063ea1] |
|
|
|
* INSTALL, MANIFEST, config.h.in, configure, configure.in, |
|
doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c, |
|
plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c: |
|
Remove the old Kerberos IV support |
|
[2e4b4a44209d] |
|
|
|
2011-11-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/check.c: |
|
Don't print garbage at the end of the custom lecture. |
|
[44bb788fafaa] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Add lexer tracing as debug@parser |
|
[d850f3f9d414] |
|
|
|
* plugins/sudoers/alias.c, plugins/sudoers/defaults.c, |
|
plugins/sudoers/defaults.h, plugins/sudoers/gram.c, |
|
plugins/sudoers/match.c, plugins/sudoers/parse.c, |
|
plugins/sudoers/regress/parser/check_fill.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, |
|
plugins/sudoers/visudo.c: |
|
Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and |
|
<def_data.h> and not "def_data.h" when generating the parser in a |
|
build dir. |
|
[7da701def753] |
|
|
|
2011-11-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* mkdep.pl, plugins/sudoers/Makefile.in: |
|
Better devdir support in mkdep.pl |
|
[7dcec57bd155] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Add devdir before srcdir in include path and fix up dependecies |
|
accordingly. |
|
[6e9958eca485] |
|
|
|
* plugins/sudoers/alias.c, plugins/sudoers/defaults.c, |
|
plugins/sudoers/defaults.h, plugins/sudoers/match.c, |
|
plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l, |
|
plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: |
|
#include "gram.h" not <gram.h> and "def_data.h" and not |
|
<def_data.h>. |
|
[003bdb078a15] |
|
|
|
* sudo.pp: |
|
Mark libexec files as optional. If we build without shared object |
|
support, libexec is not used. |
|
[4bffcf482219] |
|
|
|
* src/load_plugins.c: |
|
Change Debug sudo.conf setting to take a program name as the first |
|
argument. In the future, this will allow visudo and sudoreplay to |
|
use their own Debug entries. |
|
[cfb8f7e4867c] |
|
|
|
* src/sudo.c: |
|
fix sudo_debug_printf priority |
|
[dcb67e965609] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
add missing debug_return_int |
|
[d88ec450c592] |
|
|
|
2011-11-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_debug.c, include/error.h, include/sudo_debug.h, |
|
plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c: |
|
Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR |
|
[dcee8efc294f] |
|
|
|
* doc/UPGRADE: |
|
Add missing word in HOME security note. |
|
[fd844fdcc1ac] |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Prevent "testsudoers -d username" from trying to malloc(0). |
|
[839126e56e8c] |
|
|
|
2011-11-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/regress/sudoers/test10.in, |
|
plugins/sudoers/regress/sudoers/test10.out.ok, |
|
plugins/sudoers/regress/sudoers/test10.toke.ok, |
|
plugins/sudoers/regress/sudoers/test10.toke.out.ok, |
|
plugins/sudoers/regress/sudoers/test11.in, |
|
plugins/sudoers/regress/sudoers/test11.out.ok, |
|
plugins/sudoers/regress/sudoers/test11.toke.ok, |
|
plugins/sudoers/regress/sudoers/test11.toke.out.ok, |
|
plugins/sudoers/regress/sudoers/test12.in, |
|
plugins/sudoers/regress/sudoers/test12.out.ok, |
|
plugins/sudoers/regress/sudoers/test12.toke.ok, |
|
plugins/sudoers/regress/sudoers/test13.in, |
|
plugins/sudoers/regress/sudoers/test13.out.ok, |
|
plugins/sudoers/regress/sudoers/test13.toke.ok, |
|
plugins/sudoers/regress/sudoers/test9.in, |
|
plugins/sudoers/regress/sudoers/test9.out.ok, |
|
plugins/sudoers/regress/sudoers/test9.toke.ok, |
|
plugins/sudoers/regress/sudoers/test9.toke.out.ok: |
|
Tests for empty sudoers (should parse OK) and syntax errors within a |
|
line (should report correct line number) both with and without the |
|
trailing newline. |
|
[d57c879c4718] |
|
|
|
* plugins/sudoers/regress/sudoers/test4.out.ok, |
|
plugins/sudoers/regress/sudoers/test5.out.ok, |
|
plugins/sudoers/regress/sudoers/test7.out.ok, |
|
plugins/sudoers/regress/sudoers/test8.out.ok, |
|
plugins/sudoers/testsudoers.c: |
|
Print line number when there is a parser error. |
|
[5444ef6ac6dc] |
|
|
|
2011-11-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Keep track of the last token returned. On error, if the last token |
|
was COMMENT, decrement sudolineno since the error most likely |
|
occurred on the preceding line. Previously we always uses |
|
sudolineno-1 which will give the wrong line number for errors within |
|
a line. |
|
[d661a03a64da] |
|
|
|
2011-11-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
update with sudo 1.8.3p1 info |
|
[0f79ff31f602] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Fix crash when "sudo -g group -i" is run. Fixes bug 521 |
|
[a3087ae337c4] |
|
|
|
2011-10-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo.c: |
|
Make alias_remove_recursive() return TRUE/FALSE as its callers |
|
expect and remove two unused arguments. Fixes bug 519. |
|
[2ee3b2882844] |
|
|
|
* plugins/sudoers/regress/visudo/test1.out.ok, |
|
plugins/sudoers/regress/visudo/test1.sh: |
|
Add regress test for bugzilla 519 |
|
[48000ebedf97] |
|
|
|
* plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/regress/parser/check_fill.c: |
|
Disable warning/error wrapping in regress tests. |
|
[373c589ba561] |
|
|
2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in: |
|
Do compile-po as part of sync-po so that the .mo files get rebuild |
|
automatically when we sync with translationproject.org |
|
[83f3cbfc2f33] |
|
|
* plugins/sudoers/Makefile.in: |
* plugins/sudoers/Makefile.in: |
check_addr needs to link with the network libraries on Solaris |
check_addr needs to link with the network libraries on Solaris |
[322bd70e316e] |
[322bd70e316e] |
Line 29
|
Line 6001
|
process. Fixes a crash in the monitor on Solaris; bugzilla #518 |
process. Fixes a crash in the monitor on Solaris; bugzilla #518 |
[e82809f86fb3] |
[e82809f86fb3] |
|
|
2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com> | 2011-10-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* .hgtags: | * src/exec.c: |
Added tag SUDO_1_8_3 for changeset 82bec4d3a203 | Get rid of done: label. If the child exits we still need to close |
[6c953ef6f577] <1.8> | the pty, update utmp and restore the SELinux tty context. |
| [cc127bf48405] |
|
|
* Update Japanese sudoers translation from translationproject.org | 2011-10-22 Todd C. Miller <Todd.Miller@courtesan.com> |
[82bec4d3a203] [SUDO_1_8_3] <1.8> | |
|
|
|
* common/Makefile.in, common/atobool.c, common/fileops.c, |
|
common/fmt_string.c, common/lbuf.c, common/list.c, |
|
common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/alias.c, plugins/sudoers/audit.c, |
|
plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, |
|
plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, |
|
plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, |
|
plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, |
|
plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, |
|
plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, |
|
plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, |
|
plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c, |
|
plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, |
|
plugins/sudoers/defaults.c, plugins/sudoers/env.c, |
|
plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, |
|
plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, |
|
plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, |
|
plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/logwrap.c, plugins/sudoers/match.c, |
|
plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, |
|
plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, |
|
plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.h, |
|
plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, |
|
src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c, |
|
src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, |
|
src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, |
|
src/tgetpass.c, src/ttysize.c, src/utmp.c: |
|
Add debug_decl/debug_return (almost) everywhere. Remove old |
|
sudo_debug() and convert users to sudo_debug_printf(). |
|
[8f3bbf907b67] |
|
|
|
* common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/visudo.c, src/error.c: |
|
Wrap error/errorx and warning/warningx functions with debug |
|
statements. Disable wrapping for standalone sudoers programs as well |
|
as memory allocation functions (to avoid infinite recursion). |
|
[562ed7b5ae8d] |
|
|
|
* README, config.h.in, configure, configure.in: |
|
Add checks for __func__ and __FUNCTION__ and mention that we now |
|
require a cpp that supports variadic macros. |
|
[314cfe4c5d23] |
|
|
|
* MANIFEST, common/Makefile.in, common/sudo_debug.c, |
|
include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c, |
|
src/load_plugins.c, src/parse_args.c, src/sudo.c, |
|
src/sudo_plugin_int.h: |
|
New debug framework for sudo and plugins using /etc/sudo.conf that |
|
also supports function call tracing. |
|
[cded741e9f10] |
|
|
|
2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po: |
|
Update Japanese sudoers translation from translationproject.org |
|
[c24725775e32] |
|
|
2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Override and ignore the --disable-static option. Sudo already runs |
Override and ignore the --disable-static option. Sudo already runs |
libtool with -tag=disable-static where applicable and we need non- |
libtool with -tag=disable-static where applicable and we need non- |
PIC objects to build the executables. |
PIC objects to build the executables. |
[dff177464029] <1.8> | [aff1227b853a] |
|
|
2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* NEWS: |
* NEWS: |
Add sudoedit fix |
Add sudoedit fix |
[3238dc7e4fb2] <1.8> | [74655c7ccad1] |
|
|
* plugins/sudoers/po/sudoers.pot: |
* plugins/sudoers/po/sudoers.pot: |
regen pot files |
regen pot files |
[7981d6cbf1ab] <1.8> | [28d89a831ed3] |
|
|
* Ignore set_logname (which is now the default) for sudoedit since we | * plugins/sudoers/env.c: |
| Ignore set_logname (which is now the default) for sudoedit since we |
want the LOGNAME, USER and USERNAME environment variables to refer |
want the LOGNAME, USER and USERNAME environment variables to refer |
to the calling user since that is who the editor runs as. This |
to the calling user since that is who the editor runs as. This |
allows the editor to find the user's startup files. Fixes bugzilla |
allows the editor to find the user's startup files. Fixes bugzilla |
#515 |
#515 |
[3b9486e5fddb] <1.8> | [6c5dddf5ff05] |
|
|
* Instead of trying to grow the buffer in make_grlist_item(), simply | * plugins/sudoers/pwutil.c: |
| Instead of trying to grow the buffer in make_grlist_item(), simply |
increase the total length, free the old buffer and allocate a new |
increase the total length, free the old buffer and allocate a new |
one. This is less error prone and saves us from having to adjust |
one. This is less error prone and saves us from having to adjust |
all the pointers in the buffer. This code path is only taken when |
all the pointers in the buffer. This code path is only taken when |
there are groups longer than the length of the user field in struct |
there are groups longer than the length of the user field in struct |
utmp or utmpx, which should be quite rare. |
utmp or utmpx, which should be quite rare. |
[cb7c5ac834b5] <1.8> | [5587dc8cffaf] |
|
|
* Add Italian translation for sudo from translationproject.org | * src/po/it.mo: |
[c7876fccbc38] <1.8> | Add Italian translation for sudo from translationproject.org |
| [1b3dd886e7e3] |
|
|
* NEWS: | * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, |
| src/po/ja.mo, src/po/ja.po: |
Japanese translation for sudo and sudoers from |
Japanese translation for sudo and sudoers from |
translationproject.org |
translationproject.org |
[9945a3ef7ff7] <1.8> | [c06dd866be6e] |
|
|
2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* sudoreplay depends on timestr.lo too; from Mike Frysinger | * plugins/sudoers/Makefile.in: |
[ad9ae493205f] <1.8> | sudoreplay depends on timestr.lo too; from Mike Frysinger |
| [b9e73214b2f1] |
|
|
2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* plugins/sudoers/po/sudoers.pot: |
* plugins/sudoers/po/sudoers.pot: |
Regen sudoers pot file. |
Regen sudoers pot file. |
[2c4d99361994] <1.8> | [019588bafdb3] |
|
|
* NEWS: |
* NEWS: |
Update with latest sudo 1.8.3 news |
Update with latest sudo 1.8.3 news |
[4e7f59d339d4] <1.8> | [6868042a88e9] |
|
|
* ldap_start_tls_s() on Debian (at least) sets the effective and saved | * plugins/sudoers/sudoers.c: |
uids to the same value as the real uid. This prevents sudo from | It appears that LDAP or NSS may modify the euid so we need to be |
setting the uid or gid later on. As a workaround, we now set perms | root for the open(). We restore the old perms at the end of |
to root during sudoers_policy_open(). | sudoers_policy_open(). |
[eb4c4f15833a] <1.8> | [2da67a5497ef] |
|
|
* Better warning message on setuid() failure for the setreuid() | * plugins/sudoers/set_perms.c: |
| Better warning message on setuid() failure for the setreuid() |
version of set_perms(). |
version of set_perms(). |
[308c72f601e4] <1.8> | [07abcfe7bd9a] |
|
|
2011-10-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Combine new translations in NEWS item |
|
[0aa07471a5e6] <1.8> |
|
|
|
2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Delref auth_pw at the end of check_user() instead of getting a ref | * plugins/sudoers/check.c: |
| Delref auth_pw at the end of check_user() instead of getting a ref |
twice. |
twice. |
[1c882f2fb46c] <1.8> | [cb665f55e6a5] |
|
|
* Make sudo_auth_{init,cleanup} return TRUE on success and check for | * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c: |
| Make sudo_auth_{init,cleanup} return TRUE on success and check for |
sudo_auth_init() return value in check_user(). |
sudo_auth_init() return value in check_user(). |
[573bf35ecac9] <1.8> | [92631c919356] |
|
|
* Do not return without restoring permissions. | * plugins/sudoers/auth/sudo_auth.c: |
[2444a0b96469] <1.8> | Do not return without restoring permissions. |
| [59ef40b6696a] |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
regen pot files |
regen pot files |
[d286bce8dbb1] <1.8> | [9f320a340b7c] |
|
|
* NEWS: | * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c, |
Update for latest release candidate | plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, |
[63d184ba6263] <1.8> | plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, |
| plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, |
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: | plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, |
regen pot files | plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, |
[ac3ec1315df7] <1.8> | plugins/sudoers/check.c, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoers.h: |
* Modify the authentication API such that the init and cleanup | Modify the authentication API such that the init and cleanup |
functions are always called, regardless of whether or not we are |
functions are always called, regardless of whether or not we are |
going to verify a password. This is needed for proper PAM session |
going to verify a password. This is needed for proper PAM session |
support. |
support. |
[ea281ca46d94] <1.8> | [19a53f3fb596] |
|
|
* Add missing dependency for getspwgen other depends. | * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: |
[9c124272910d] <1.8> | Add missing dependency for getspwuid.lo and regen other depends. |
| [f7f70eae819a] |
|
|
* Fix a PAM_USER mismatch in session open/close. We update PAM_USER | * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, |
| plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c: |
| Fix a PAM_USER mismatch in session open/close. We update PAM_USER |
to the target user immediately before setting resource limits, which |
to the target user immediately before setting resource limits, which |
is after the monitor process has forked (so it has the old value). |
is after the monitor process has forked (so it has the old value). |
Also, if the user did not authenticate, there is no pamh in the |
Also, if the user did not authenticate, there is no pamh in the |
monitor so we need to init pam here too. This means we end up |
monitor so we need to init pam here too. This means we end up |
calling pam_start() twice, which should be fixed, but at least the |
calling pam_start() twice, which should be fixed, but at least the |
session is always properly closed now. |
session is always properly closed now. |
[d0866ee5f190] <1.8> | [fbc063a2a872] |
|
|
* Add check for old being NULL in utmp_setid(); from Steven McDonald | * src/utmp.c: |
[30cc283ac2b4] <1.8> | Add check for old being NULL in utmp_setid(); from Steven McDonald |
| [e87126442f2e] |
|
|
2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* If the invoking user cannot be resolved by uid fake the struct | * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoers.h: |
| If the invoking user cannot be resolved by uid fake the struct |
passwd and store it in the cache so we can delref it on exit. |
passwd and store it in the cache so we can delref it on exit. |
[19d44f44d45d] <1.8> | [a27e2f8b9f5e] |
|
|
2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Don't error out if the group plugin cannot be loaded, just warn. | * plugins/sudoers/sudoers.c: |
[e91d9912c9a0] <1.8> | Don't error out if the group plugin cannot be loaded, just warn. |
| [0fbfcd381e33] |
|
|
2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Quiet a false positive found by several static analysis tools. These | * plugins/sudoers/sudoers.c: |
| Quiet a false positive found by several static analysis tools. These |
tools don't know that log_error() does not return (it longjmps to |
tools don't know that log_error() does not return (it longjmps to |
error_jmp which returns to the sudo front-end). |
error_jmp which returns to the sudo front-end). |
[3cc319e31ed6] <1.8> | [33d0469df21b] |
|
|
2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add Italian translation for sudo from translationproject.org Regen | * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo, |
| plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo, |
| plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po: |
| Add Italian translation for sudo from translationproject.org Regen |
.mo files |
.mo files |
[c0b27f9d7e57] <1.8> | [c3c888a82be6] |
|
|
* .hgtags: |
|
Added tag SUDO_1_8_2 for changeset 3682e51af1d0 |
|
[f0be566e9ea2] <1.8> |
|
|
|
2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Update to current reality and add bit about ssh auth | * doc/TROUBLESHOOTING: |
[48dcb86ce9be] <1.8> | Update to current reality and add bit about ssh auth |
| [184a1e7c2eeb] |
|
|
* Make "verbose" static; fixes a namespace clash with | * plugins/sudoers/gram.c, plugins/sudoers/gram.y: |
| Make "verbose" static; fixes a namespace clash with |
pam_ssh_agent_auth (and it doesn't need to be extern these days). |
pam_ssh_agent_auth (and it doesn't need to be extern these days). |
[b60fdd82de94] <1.8> | [cc38d2eb2f4c] |
|
|
* configure, configure.in: | * config.h.in, configure, configure.in, src/get_pty.c: |
FreeBSD has libutil.h not util.h |
FreeBSD has libutil.h not util.h |
[c03b121e0193] <1.8> | [dab4c94b6d4f] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD |
Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD |
[002e3e0bb173] <1.8> | [41c362f0a92a] |
|
|
* Update po files from translationproject.org | 2011-09-20 Todd C. Miller <Todd.Miller@courtesan.com> |
[2b36af902213] <1.8> | |
|
|
|
* plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po: |
|
Update po files from translationproject.org |
|
[1e99e147c7fa] |
|
|
2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* NEWS: | * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: |
Mention DEREF support | |
[dfeb152f1686] <1.8> | |
| |
* plugins/sudoers/po/sudoers.pot: | |
sync pot files | |
[1fba22e927a3] <1.8> | |
| |
* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: | |
Add support for DEREF in ldap.conf. |
Add support for DEREF in ldap.conf. |
[fe1cf6ad0add] <1.8> | [3c1937a98547] |
|
|
* Makefile.in: |
* Makefile.in: |
install target should depend on ChangeLog too, not just install-doc |
install target should depend on ChangeLog too, not just install-doc |
[f54e2ab633b8] <1.8> | [1a7c83941175] |
|
|
* NEWS, configure.in, doc/sudoers.cat, doc/sudoers.man.in: | * doc/sudoers.pod: |
Only iolog_file (not iolog_dir) supports mktemp-style suffixes. |
Only iolog_file (not iolog_dir) supports mktemp-style suffixes. |
[44a25099594e] <1.8> | [0eca47d60a2c] |
|
|
* configure.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: | * NEWS: |
regen pot files | Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes. |
[e14ee85cf49b] <1.8> | [0501415cc5ff] |
|
|
|
* doc/UPGRADE: |
|
Document group lookup change and possible side effects. |
|
[585743e1ebf7] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Fix some square brackets in case statements that needed to be |
Fix some square brackets in case statements that needed to be |
doubled up. While here, use $OSMAJOR when it makes sense. |
doubled up. While here, use $OSMAJOR when it makes sense. |
[853c6e5f994c] <1.8> | [8973343f4696] |
|
|
* Fix a crash in make_grlist_item() on 64-bit machines with strict | * plugins/sudoers/pwutil.c: |
| Fix a crash in make_grlist_item() on 64-bit machines with strict |
alignment. |
alignment. |
[e877c89ae32f] <1.8> | [c89508c73c46] |
|
|
* Remove list_options() function that is no longer used now that "sudo | * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: |
| Remove list_options() function that is no longer used now that "sudo |
-L" is gone. |
-L" is gone. |
[f31543c80b98] <1.8> | [fcc6a776c135] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Error message if user tries --with-CC |
Error message if user tries --with-CC |
[0ed7558b8924] <1.8> | [ec5b478f813a] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Check for -libmldap too when looking for ldap libs, which is the |
Check for -libmldap too when looking for ldap libs, which is the |
Tivoli Directory Server client library. |
Tivoli Directory Server client library. |
[831e32d1453c] <1.8> | [bb3007a97206] |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen pot files for 1.8.3 |
|
[df2fb085cff2] <1.8> |
|
|
|
* NEWS, configure, configure.in, doc/sudo.cat, doc/sudo.man.in, |
|
doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, |
|
doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, |
|
doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, |
|
doc/visudo.man.in: |
|
Update for version 1.8.3 |
|
[38cf153add0a] <1.8> |
|
|
|
2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Honor NOPASSWD tag for denied commands too. | * plugins/sudoers/parse.c: |
[f473c443ad54] <1.8> | Honor NOPASSWD tag for denied commands too. |
| [8dd92656db92] |
|
|
|
2011-09-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* INSTALL, configure, configure.in: |
* INSTALL, configure, configure.in: |
Remove --with-CC option; it doesn't work correctly now that we use |
Remove --with-CC option; it doesn't work correctly now that we use |
libtool. Users can get the same effect by setting the CC |
libtool. Users can get the same effect by setting the CC |
environment variable when running configure. |
environment variable when running configure. |
[4f04869d74fd] <1.8> | [ec22bd1a55e0] |
|
|
2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: | * config.h.in, configure, configure.in, plugins/sudoers/visudo.c, |
| src/sudo_edit.c: |
Assume all modern systems support fstat(2). |
Assume all modern systems support fstat(2). |
[0422b19dced3] <1.8> | [6a5a8985f6a0] |
|
|
2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: | * compat/regress/glob/globtest.c, config.h.in, configure, |
| configure.in, include/missing.h, plugins/sudoers/sudoers.h, |
| src/sudo.h, src/sudo_noexec.c: |
Add configure test for missing errno declaration and only declare it |
Add configure test for missing errno declaration and only declare it |
ourselves if it is missing. |
ourselves if it is missing. |
[6d26974f7e16] <1.8> | [456e76c809a2] |
|
|
* Include errno.h before sudo.h to avoid conflicting with the system | * plugins/sudoers/alias.c: |
| Include errno.h before sudo.h to avoid conflicting with the system |
definition of errno. |
definition of errno. |
[8000bdc0968f] <1.8> | [d0b97e392512] |
|
|
2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Only print individual check status when there is a failure. | * plugins/sudoers/regress/parser/check_addr.c: |
[bbdd669e7615] <1.8> | Only print individual check status when there is a failure. |
| [2ac704c91441] |
|
|
* Add calls to setprogname() for test programs. | * plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
[c721f3466a3a] <1.8> | plugins/sudoers/regress/logging/check_wrap.c, |
| plugins/sudoers/regress/parser/check_addr.c: |
| Add calls to setprogname() for test programs. |
| [a8d9b420e826] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Add -Wall and -Werror after all tests so they don't cause failures. |
Add -Wall and -Werror after all tests so they don't cause failures. |
[20d75ce40086] <1.8> | [2661188ff3fa] |
|
|
* Actually run check_addr in the check target | * plugins/sudoers/Makefile.in: |
[dcd96ef0dc57] <1.8> | Actually run check_addr in the check target |
| [0b2778bc86bf] |
|
|
* Split out address matching into its own file and add regression | * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c, |
| plugins/sudoers/match_addr.c, |
| plugins/sudoers/regress/parser/check_addr.c, |
| plugins/sudoers/regress/parser/check_addr.in: |
| Split out address matching into its own file and add regression |
tests for it. |
tests for it. |
[863f28589c24] <1.8> | [12b9a2bf8dba] |
|
|
2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix matching a network number with netmask when the network number | * plugins/sudoers/match.c: |
is not the first address in the CIDR block. | When matching an address with a netmask in sudoers, AND the mask and |
[719942c986e9] <1.8> | addr before checking against the local addresses. |
| [9747bb6d7b1c] |
|
|
2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Don't assume all editors support the +linenumber command line | * plugins/sudoers/match.c: |
| Fix netmask matching. |
| [a3c8f8cc1464] |
| |
| * plugins/sudoers/visudo.c: |
| Don't assume all editors support the +linenumber command line |
argument, use a whitelist of known good editors. |
argument, use a whitelist of known good editors. |
[d8d884af3b05] <1.8> | [21d43a91fd10] |
|
|
2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Silence compiler warnings on Solaris with gcc 3.4.3 | * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c, |
[8047cdb5d6a1] <1.8> | src/exec_pty.c, src/sudo.c: |
| Silence compiler warnings on Solaris with gcc 3.4.3 |
| [da620bae6fdb] |
|
|
* Fix building on RHEL 3 | * mkpkg: |
[6bb0464a7450] <1.8> | Fix building on RHEL 3 |
| [f3227fb2a252] |
|
|
* INSTALL, configure, configure.in: |
* INSTALL, configure, configure.in: |
Add --enable-werror configure option. |
Add --enable-werror configure option. |
[aa40fd459836] <1.8> | [fec2cdb95543] |
|
|
* setgroups() proto lives in grp.h on RHEL4, perhaps others. | * common/setgroups.c: |
[92f98cbaebf0] <1.8> | setgroups() proto lives in grp.h on RHEL4, perhaps others. |
| [de91c0de5a98] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Use PAM by default on AIX 6 and higher. |
Use PAM by default on AIX 6 and higher. |
[7ef53d5ac819] <1.8> | [e16493208e5f] |
|
|
2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add new Esperanto translation from translationproject.org | * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
[109ed683b885] <1.8> | src/po/eo.mo, src/po/eo.po: |
| Add new Esperanto translation from translationproject.org |
| [0d9a59e04c64] |
|
|
2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Quiet an innocuous valgrind warning. | * plugins/sudoers/iolog_path.c: |
[fc453e49f9dd] <1.8> | Quiet an innocuous valgrind warning. |
| [0582b6027161] |
|
|
2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix expansion of strftime() escapes in log_dir and add a regress | * plugins/sudoers/iolog_path.c, |
| plugins/sudoers/regress/iolog_path/data: |
| Fix expansion of strftime() escapes in log_dir and add a regress |
test that exhibited the problem. |
test that exhibited the problem. |
[784e60d21f11] <1.8> | [a5c7c1c4c589] |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: | * plugins/sudoers/Makefile.in: |
Fix "make check" return value. |
Fix "make check" return value. |
[d3608efd8da6] <1.8> | [33b58e175230] |
|
|
2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* plugins/sudoers/po/sudoers.pot: | * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
Regen pot files |
Regen pot files |
[3682e51af1d0] [SUDO_1_8_2] <1.8> | [063841aac19b] |
|
|
* Makefile.in: |
* Makefile.in: |
Fix logic inversion in pot file up to date check. |
Fix logic inversion in pot file up to date check. |
[343dbbca9422] <1.8> | [f6a8ca8654df] |
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudoers.cat, |
|
doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, |
|
doc/visudo.cat, doc/visudo.man.in: |
|
regen docs |
|
[96234478bde2] <1.8> |
|
|
|
2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Add caching for gettext() checks. |
Add caching for gettext() checks. |
[4039d21424c3] <1.8> | [01b7200f6105] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Better handling of libintl header and library mismatch. |
Better handling of libintl header and library mismatch. |
[cc9faee8e486] <1.8> | [9a49b1d4db69] |
|
|
2011-08-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
sync |
|
[73649a44d934] <1.8> |
|
|
|
2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Also check sudoers gid if sudoers is group writable. | * plugins/sudoers/sudoers.c: |
[3d345347f6ac] <1.8> | Also check sudoers gid if sudoers is group writable. |
| [23ef96ca0d33] |
|
|
* NEWS: |
|
Update for 1.8.2 final |
|
[441c22fea363] <1.8> |
|
|
|
2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
If dlopen is present but libtool doesn't find it, error out since it |
If dlopen is present but libtool doesn't find it, error out since it |
probably means that libtool doesn't support the system. |
probably means that libtool doesn't support the system. |
[6fc7c0de4f6d] <1.8> | [a9da0a5f7941] |
|
|
* configure args on the command line should override builtin defaults. | * mkpkg: |
| configure args on the command line should override builtin defaults. |
Disable NLS for non-Linux/Solaris unless explicitly enabled. |
Disable NLS for non-Linux/Solaris unless explicitly enabled. |
[0ef165f892c2] <1.8> | [b2fb05614504] |
|
|
* Fix loop that calls authenticate(). If there was an error message | * plugins/sudoers/auth/aix_auth.c: |
| Fix loop that calls authenticate(). If there was an error message |
from authenticate(), display it. |
from authenticate(), display it. |
[f0686011ff2e] <1.8> | [063a0c4f0b9a] |
|
|
2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: | * m4/libtool.m4, m4/ltversion.m4: |
Update to autoconf 2.68 and libtool 2.4 |
Update to autoconf 2.68 and libtool 2.4 |
[00df5f3647e1] <1.8> | [5a912a6eb67b] |
|
|
* Fix typo; OPT should be OTP | * config.guess, config.sub, configure, configure.in, ltmain.sh: |
[31da1f989740] <1.8> | Update to autoconf 2.68 and libtool 2.4 |
| [931ab56aecf6] |
|
|
* Rename libsudoers convenience library to libparsesudoers to avoid | * doc/sudoers.pod: |
| Fix typo; OPT should be OTP |
| [e97bd2e46544] |
| |
| * plugins/sudoers/Makefile.in: |
| Rename libsudoers convenience library to libparsesudoers to avoid |
libtool confusion. |
libtool confusion. |
[e9ae9d611dd5] <1.8> | [2a89a613f537] |
|
|
2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add Danish sudoers translation from translationproject.org | * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: |
[fa9cd9758249] <1.8> | Add Danish sudoers translation from translationproject.org |
| [27b96e85eb13] |
|
|
* Add dedicated callback function for runas_default sudoers setting | * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: |
| Add dedicated callback function for runas_default sudoers setting |
that only sets runas_pw if no runas user or group was specified by |
that only sets runas_pw if no runas user or group was specified by |
the user. |
the user. |
[3fb4b18525de] <1.8> | [b8382d8eea34] |
|
|
2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Update Finish, Polish, Russian and Ukrainian translations from | * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
| plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
| plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo, |
| src/po/ru.po: |
| Update Finish, Polish, Russian and Ukrainian translations from |
translationproject.org. |
translationproject.org. |
[0fcd8f6aff0a] <1.8> | [f9339aff664e] |
|
|
* Makefile.in: | * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c, |
| plugins/sudoers/testsudoers.c: |
Go back to using a callback for runas_default to keep runas_pw in |
Go back to using a callback for runas_default to keep runas_pw in |
sync. This is needed to make per-entry runas_default settings work |
sync. This is needed to make per-entry runas_default settings work |
with LDAP-based sudoers. Instead of declaring it a callback in |
with LDAP-based sudoers. Instead of declaring it a callback in |
def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a |
def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a |
bit naughty, but avoids requiring stub functions in visudo and the |
bit naughty, but avoids requiring stub functions in visudo and the |
tests. |
tests. |
[4e8e70832f06] <1.8> | [9aaefb908415] |
|
|
2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
Regen pot files |
|
[ca5c58c599a6] <1.8> |
|
|
|
* Makefile.in: |
* Makefile.in: |
Add check for out of date message catalogs when doing "make dist". |
Add check for out of date message catalogs when doing "make dist". |
[36414e5c762b] <1.8> | [e45a29b612f4] |
|
|
2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: | * configure: |
| regen |
| [d6f9ad26774a] |
| |
| * configure.in: |
Make sure compiler supports static-libgcc before using it. |
Make sure compiler supports static-libgcc before using it. |
[6c98e8809291] <1.8> | [b01bd9566e50] |
|
|
2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc | * src/Makefile.in: |
[a0a3a3fa6470] <1.8> | Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc |
| [c99c7ab3edef] |
|
|
2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add new Russian sudo translation from translationproject.org and | * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo, |
| plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo, |
| plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po, |
| src/po/zh_CN.mo: |
| Add new Russian sudo translation from translationproject.org and |
rebuild the other translation files. |
rebuild the other translation files. |
[e953d7d1ca6d] <1.8> | [e20015459056] |
|
|
2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Update Finish and Polish translations from translationproject.org | * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po: |
[17e408d73c85] <1.8> | Update Finish and Polish translations from translationproject.org |
| [4e3dbba4a1de] |
|
|
* Go back to escaping the command args for "sudo -i" and "sudo -s" | * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c: |
| Go back to escaping the command args for "sudo -i" and "sudo -s" |
before calling the plugin. Otherwise, spaces in the command args |
before calling the plugin. Otherwise, spaces in the command args |
are not treated properly. The sudoers plugin will unescape non- |
are not treated properly. The sudoers plugin will unescape non- |
spaces to make matching easier. |
spaces to make matching easier. |
[f666191a4e80] <1.8> | [dfa2c4636f33] |
|
|
2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix some potential problems found by the clang static analyzer, none | * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c, |
| plugins/sudoers/ldap.c, plugins/sudoers/parse.c, |
| plugins/sudoers/set_perms.c, plugins/sudoers/toke.c, |
| plugins/sudoers/toke.l: |
| Fix some potential problems found by the clang static analyzer, none |
serious. |
serious. |
[c1ab4b940980] <1.8> | [ff64aa74aae6] |
|
|
* Updated Ukranian and Chinese (simplified) po files from | * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po, |
| src/po/zh_CN.po: |
| Updated Ukranian and Chinese (simplified) po files from |
translationproject.org |
translationproject.org |
[792a66672715] <1.8> | [ec792becb48e] |
|
|
2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Updated Polish translation from translationproject.org | * plugins/sudoers/po/pl.po: |
[5f434cc04482] <1.8> | Updated Polish translation from translationproject.org |
| [a3af53cb649c] |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
Rebuild pot files |
Rebuild pot files |
[639230dbd741] <1.8> | [c650524c0f0a] |
|
|
* Don't try to audit failure if the runas user does not exist. We | * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c: |
| Don't try to audit failure if the runas user does not exist. We |
don't have the user's command at this point so there is nothing to |
don't have the user's command at this point so there is nothing to |
audit. Add a NULL check in audit_success() and audit_failure() just |
audit. Add a NULL check in audit_success() and audit_failure() just |
to be on the safe side. |
to be on the safe side. |
[2bfb96a32b00] <1.8> | [2a0007c2022f] |
|
|
* Add -g to CFLAG for PIE builds. | * mkpkg: |
[e4c94977ca4e] <1.8> | Add -g to CFLAG for PIE builds. |
| [32a0a9693c9c] |
|
|
2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Remove fallback to per-group lookup when matching groups in sudoers. | * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoers.h, src/sudo.c: |
| Remove fallback to per-group lookup when matching groups in sudoers. |
The sudo front-end will now use getgrouplist() to get the user's |
The sudo front-end will now use getgrouplist() to get the user's |
list of groups if getgroups() fails or returns zero groups so we |
list of groups if getgroups() fails or returns zero groups so we |
always have a list of the user's groups. For systems with |
always have a list of the user's groups. For systems with |
mbr_check_membership() which support more that NGROUPS_MAX groups |
mbr_check_membership() which support more that NGROUPS_MAX groups |
(Mac OS X), skip the call to getgroups() and use getgrouplist() so |
(Mac OS X), skip the call to getgroups() and use getgrouplist() so |
we get all the groups. |
we get all the groups. |
[168d6d4a386b] <1.8> | [51b3ed8c600b] |
|
|
2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix setgroups() fallback code on EINVAL. | * common/setgroups.c: |
[dd1310945ab3] <1.8> | Fix setgroups() fallback code on EINVAL. |
| [2b6faecd56a4] |
|
|
* Fix two PERM_INITIAL cases that were still using user_gids. | * plugins/sudoers/set_perms.c: |
[d497d0d47a23] <1.8> | Fix two PERM_INITIAL cases that were still using user_gids. |
| [9680bab0acc6] |
|
|
* Add Polish sudo message catalog | * MANIFEST: |
[1a0aa3f9f179] <1.8> | Add Polish sudo message catalog |
| [8bb40c3ba576] |
|
|
* user_group is no longer used, remove it | * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
[379185a76094] <1.8> | user_group is no longer used, remove it |
| [9acede0fe6c5] |
|
|
2011-07-21 Todd C. Miller <Todd.Miller@courtesan.com> | 2011-07-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add Polish translation from translationproject.org | * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po: |
[2e7cdfe4ef41] <1.8> | Add Polish translation from translationproject.org |
| [afac5c638573] |
|
|
* Add a wrapper for setgroups() that trims off extra groups and | * MANIFEST, common/Makefile.in, common/setgroups.c, |
| plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c, |
| src/sudo.h, src/sudo_edit.c: |
| Add a wrapper for setgroups() that trims off extra groups and |
retries if setgroups() fails. Also add some missing addrefs for |
retries if setgroups() fails. Also add some missing addrefs for |
PERM_USER and PERM_FULL_USER. |
PERM_USER and PERM_FULL_USER. |
[bacb4170a510] <1.8> | [224dfd8aae5c] |
|
|
* configure, configure.in: | * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in, |
| configure, configure.in, include/missing.h, mkdep.pl, |
| plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c, |
| plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, |
| plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c: |
Instead of keeping separate groups and gids arrays, create struct |
Instead of keeping separate groups and gids arrays, create struct |
group_info and use it to store both, along with a count for each. |
group_info and use it to store both, along with a count for each. |
Cache group info on a per-user basis using getgrouplist() to get the |
Cache group info on a per-user basis using getgrouplist() to get the |
groups. We no longer need special to special case the user or list |
groups. We no longer need special to special case the user or list |
user for user_in_group() and thus no longer need to reset the groups |
user for user_in_group() and thus no longer need to reset the groups |
list when listing another user. |
list when listing another user. |
[f1d8962821a0] <1.8> | [0ad849a8b2d5] |
|
|
* Don't rely on NULL since we don't include a header for it. | * src/preload.c: |
[ed46286f848b] <1.8> | Don't rely on NULL since we don't include a header for it. |
| [b40937f1890c] |
|
|
* Fix typo | 2011-07-19 Todd C. Miller <Todd.Miller@courtesan.com> |
[a38b8fbb0e70] <1.8> | |
|
|
* Do not shadow global sudo_mode with a local variable in set_cmnd() | * doc/sudoers.pod: |
[8e462ebafea4] <1.8> | Fix typo |
| [c1035360e169] |
|
|
|
2011-07-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Do not shadow global sudo_mode with a local variable in set_cmnd() |
|
[0c72969503ad] |
|
|
2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* bash 2.x doesd not support the -l flag and exits with an error if it | * plugins/sudoers/sudoers.c: |
| bash 2.x doesd not support the -l flag and exits with an error if it |
is specified so use --login instead. This causes an error with bash |
is specified so use --login instead. This causes an error with bash |
1.x (which uses -login instead) but this version is hopefully less |
1.x (which uses -login instead) but this version is hopefully less |
used than 2.x. |
used than 2.x. |
[73020a67b9d5] <1.8> | [5c4c296e30e6] |
|
|
* Add Polish translation from translationproject.org | * src/po/pl.mo, src/po/pl.po: |
[8cac0da9ffb1] <1.8> | Add Polish translation from translationproject.org |
| [48592dd6edcf] |
|
|
2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Make error strings translatable. | * plugins/sudoers/set_perms.c: |
[d1ff594f27b5] <1.8> | Make error strings translatable. |
| [414c5c484768] |
|
|
* Only run configure with --with-pam-login for RHEL 5 and above. | * mkpkg: |
[2f1a0ff5230e] <1.8> | Only run configure with --with-pam-login for RHEL 5 and above. |
| [6c16e4de4026] |
|
|
* Fix typo in summary | * sudo.pp: |
[1e1d7dcae9ab] <1.8> | Fix typo in summary |
| [9ac618c9a749] |
|
|
2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add missing logwrap.c | * plugins/sudoers/logwrap.c: |
[abcd28c194d2] <1.8> | Add missing logwrap.c |
| [c12a413ecc1d] |
|
|
* Split out log file word wrap code into its own file and add unit | * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c, |
| plugins/sudoers/logging.h, |
| plugins/sudoers/regress/logging/check_wrap.c, |
| plugins/sudoers/regress/logging/check_wrap.in, |
| plugins/sudoers/regress/logging/check_wrap.out.ok: |
| Split out log file word wrap code into its own file and add unit |
tests. Fixes an off-by one in the word wrap when the log line |
tests. Fixes an off-by one in the word wrap when the log line |
length matches loglinelen. |
length matches loglinelen. |
[0ae1c7aa9ef1] <1.8> | [52ed277f6690] |
|
|
2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* For SuSE, only use /usr/lib64 as libexec if generating 64-bit | * mkpkg: |
| For SuSE, only use /usr/lib64 as libexec if generating 64-bit |
binaries. |
binaries. |
[4448fa1c639f] <1.8> | [645ab903cf77] |
|
|
* Fix build error when --without-noexec configure option is used. | * src/load_plugins.c, src/sudo.c: |
[f6bfd748ae45] <1.8> | Fix build error when --without-noexec configure option is used. |
| [b994f7b0d8b4] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX |
Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX |
5.3 and above. |
5.3 and above. |
[9d957ae1840d] <1.8> | [c2a6f9b472f3] |
|
|
2011-07-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, doc/UPGRADE: |
|
Document group lookup change and possible side effects. |
|
[fe4b2d2701b2] <1.8> |
|
|
|
2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Resolve the list of gids passed in from the sudo frontend (the | * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c, |
| plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, |
| plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
| Resolve the list of gids passed in from the sudo frontend (the |
result of getgroups()) to names and store both the group names and |
result of getgroups()) to names and store both the group names and |
ids in the sudo_user struct. When matching groups in the sudoers |
ids in the sudo_user struct. When matching groups in the sudoers |
file, match based on the names in the groups list first and only do |
file, match based on the names in the groups list first and only do |
Line 637
|
Line 6752
|
group name (as it is listed in sudoers) instead of id (which we |
group name (as it is listed in sudoers) instead of id (which we |
would have to resolve) we save a lot of group lookups for sudoers |
would have to resolve) we save a lot of group lookups for sudoers |
files with a lot of groups in them. |
files with a lot of groups in them. |
[c10d208bd7e5] <1.8> | [8dc19353f148] |
|
|
2011-06-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update for 1.8.2rc5 |
|
[f6a3aa2edf7a] <1.8> |
|
|
|
2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Workaround for "sudo -i command" and newer versions of bash which | * plugins/sudoers/sudoers.c: |
| Workaround for "sudo -i command" and newer versions of bash which |
don't go into login mode when -c is specified unless -l is too. |
don't go into login mode when -c is specified unless -l is too. |
[381e74d35006] <1.8> | [9393762b80f3] |
|
|
2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Rewrite logfile word wrapping code to be more straight-forward and | * plugins/sudoers/logging.c: |
| Rewrite logfile word wrapping code to be more straight-forward and |
actually wrap at the correct place. |
actually wrap at the correct place. |
[8a7862d6a82f] <1.8> | [f712a0c90f55] |
|
|
2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* NEWS: | * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c: |
Fix typo | Set use_pty=true in command details when use_pty is set in sudoers. |
[2456ad2ad3e3] <1.8> | |
| |
* NEWS: | |
Mention use_pty bug fix | |
[f4eab5193452] <1.8> | |
| |
* Set use_pty=true in command details when use_pty is set in sudoers. | |
From Ludwig Nussel |
From Ludwig Nussel |
[abaafc5793d9] <1.8> | [8d95a163dfc1] |
|
|
2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Sync Chinese (simplified) PO files from translationproject.org | * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
[a4cf84dd9ddf] <1.8> | src/po/zh_CN.mo, src/po/zh_CN.po: |
| Sync Chinese (simplified) PO files from translationproject.org |
| [acce8eb7be18] |
|
|
2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add Danish translation from translationproject.org and add missing | * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo, |
| plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo: |
| Add Danish translation from translationproject.org and add missing |
Basque mo files. |
Basque mo files. |
[672b88adcc34] <1.8> | [0c22bb21b9c4] |
|
|
* Makefile.in, configure, configure.in: |
* Makefile.in, configure, configure.in: |
No longer need to specify LINGUAS in configure, "make install-nls" |
No longer need to specify LINGUAS in configure, "make install-nls" |
now just installs all the .mo files it finds. |
now just installs all the .mo files it finds. |
[c226a39ece48] <1.8> | [fcd45cf04885] |
|
|
2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Build CONTRIBUTORS from newly-added contributors.pod | * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod: |
[b8871dd293ff] <1.8> | Build CONTRIBUTORS from newly-added contributors.pod |
| [8b192f2720f4] |
|
|
* Rework the wording in the leading paragraph | * doc/CONTRIBUTORS: |
[d8b081dedeb3] <1.8> | Rework the wording in the leading paragraph |
| [312044145cdd] |
|
|
2011-06-16 Todd C. Miller <Todd.Miller@courtesan.com> | 2011-06-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add a CONTRIBUTORS file with the names of folks who have contributed | * MANIFEST, doc/CONTRIBUTORS: |
| Add a CONTRIBUTORS file with the names of folks who have contributed |
code or patches to sudo since I started maintaining it (plus the |
code or patches to sudo since I started maintaining it (plus the |
original authors). |
original authors). |
[8b064e8996af] <1.8> | [b8bdd8b59528] |
|
|
2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Preserve SHELL variable for "sudo -s". Otherwise we can end up with | * plugins/sudoers/env.c: |
| Preserve SHELL variable for "sudo -s". Otherwise we can end up with |
a situation where the SHELL variable and the actual shell being run |
a situation where the SHELL variable and the actual shell being run |
do not match. |
do not match. |
[8f5bb61a8b76] <1.8> | [b8b3974aee3e] |
|
|
2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Only enable Solaris project support when setproject() is present in |
Only enable Solaris project support when setproject() is present in |
libproject. |
libproject. |
[bf370ff3c194] <1.8> | [49ad7857ab89] |
|
|
* Explicitly set mode and owner of /etc/sudoers instead of relying on | * sudo.pp: |
| Explicitly set mode and owner of /etc/sudoers instead of relying on |
"cp -p" to work in the postinstall script. On AIX 6.1 at least the |
"cp -p" to work in the postinstall script. On AIX 6.1 at least the |
postinstall script runs before the final file permissions are set. |
postinstall script runs before the final file permissions are set. |
[7a4a87405349] <1.8> | [e41ffc0212b2] |
|
|
* Refer the user to the "Command Environment" section in description | 2011-06-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * doc/sudo.pod, doc/sudoers.pod: |
| Refer the user to the "Command Environment" section in description |
of sudo's -i option. |
of sudo's -i option. |
[1a063eaf9670] <1.8> | [263cc3be7eef] |
|
|
* Fix typo | * doc/sudo.pod: |
[442c50370c44] <1.8> | Fix typo |
| [35dfac450f4d] |
|
|
* If there is no old dependency for an object file, use the MANIFEST | 2011-06-08 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * mkdep.pl: |
| If there is no old dependency for an object file, use the MANIFEST |
to find its source. |
to find its source. |
[d95c77ad283f] <1.8> | [d15e3b9899f9] |
|
|
* Remove dependency for getgrouplist.lo as we don't ship that source | * compat/Makefile.in: |
| Remove dependency for getgrouplist.lo as we don't ship that source |
file. |
file. |
[bbede77e6256] <1.8> | [312a6d5fe6b0] |
|
|
* Do not declare yyparse() static as the actual function generated by | 2011-06-07 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: |
| Do not declare yyparse() static as the actual function generated by |
yacc is extern. |
yacc is extern. |
[8e615bd15a4c] <1.8> | [9017b79dcf55] |
|
|
|
2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Makefile.in: |
* Makefile.in: |
Remove locale files in "make uninstall" |
Remove locale files in "make uninstall" |
[9791be90d5ac] <1.8> | [201ff261ecbe] |
|
|
2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com> | * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po, |
| plugins/sudoers/po/uk.po, src/po/eu.po: |
* configure.in: | |
Add Basque translation and sync Finish and Ukranian translations. |
Add Basque translation and sync Finish and Ukranian translations. |
[64af34789164] <1.8> | [66d2c78c8a13] |
|
|
* NEWS: |
|
Update PAM change to reflect latest checkin. |
|
[657cddf2077a] <1.8> |
|
|
|
* configure, configure.in: |
* configure, configure.in: |
FreeBSD no longer needs the main sudo binary to link with -lpam now |
FreeBSD no longer needs the main sudo binary to link with -lpam now |
that plug-ins are loaded with RTLD_GLOBAL. |
that plug-ins are loaded with RTLD_GLOBAL. |
[573a6f4b29af] <1.8> | [96c710df2457] |
|
|
* Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes | * plugins/sudoers/group_plugin.c, src/load_plugins.c: |
| Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes |
problems with pam modules not having access to symbols provided by |
problems with pam modules not having access to symbols provided by |
libpam on some platforms. Affects FreeBSD and SLES 10 at least. |
libpam on some platforms. Affects FreeBSD and SLES 10 at least. |
[4ec864fdba46] <1.8> | [0d016983ec84] |
|
|
* Makefile.in: |
* Makefile.in: |
Move xgettext invocation out of update-po target into update-pot |
Move xgettext invocation out of update-po target into update-pot |
[421ac1a073ea] <1.8> | [19a73c6d017c] |
|
|
2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
Regenerate .pot files for 1.8.2rc2 |
Regenerate .pot files for 1.8.2rc2 |
[d2a891e3d3dd] <1.8> | [c3037f591dd8] |
|
|
* Makefile.in: | * Makefile.in, common/Makefile.in, compat/Makefile.in, |
| doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, |
| plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
| src/Makefile.in, zlib/Makefile.in: |
Move nls targets to the top level Makefile so the paths in the pot |
Move nls targets to the top level Makefile so the paths in the pot |
file are saner |
file are saner |
[6c256cb77f78] <1.8> | [65b9285cd8d9] |
|
|
* NEWS: | * src/po/fi.mo: |
Update 1.8.2 news | Add compiled version of sudo Finish translation |
[17bd04278b04] <1.8> | [8f2405384ea3] |
|
|
* Add compiled version of sudo Finish translation | * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo: |
[ff9d20a02aa0] <1.8> | Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo |
| |
* Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo | |
files |
files |
[60c4f3b3829c] <1.8> | [a165e70fa9ec] |
|
|
* configure, configure.in: | * configure, configure.in, plugins/sudoers/po/fi.po: |
Add Finish translation from translationproject.org |
Add Finish translation from translationproject.org |
[ade788a35521] <1.8> | [4466f8a96ceb] |
|
|
* The group named by exempt_group should not have a % prefix. | 2011-06-03 Todd C. Miller <Todd.Miller@courtesan.com> |
[1f74c691c1e1] <1.8> | |
|
|
* Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin" | * doc/sudoers.pod: |
[58d36c0e76f9] <1.8> | The group named by exempt_group should not have a % prefix. |
| [df084d6b32c8] |
|
|
* Fix compressed io log corruption in background mode by using _exit() | 2011-06-01 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * doc/sudoers.pod: |
| Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin" |
| [5113699a3f8b] |
| |
| 2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * src/exec.c, src/exec_pty.c: |
| Fix compressed io log corruption in background mode by using _exit() |
instead of exit() to avoid flushing buffers twice. |
instead of exit() to avoid flushing buffers twice. |
|
|
Improved background mode support. When not allocating a pty, the |
Improved background mode support. When not allocating a pty, the |
command is run in its own process group. This prevents write access |
command is run in its own process group. This prevents write access |
to the tty. When running in a pty, stdin is not hooked up and we |
to the tty. When running in a pty, stdin is not hooked up and we |
never read from /dev/tty, which results in similar behavior. |
never read from /dev/tty, which results in similar behavior. |
[fe50d6a5c5b9] <1.8> | [87c15149894c] |
|
|
2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com> | * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: |
| Clean up regress files Generate proper dependencies for regress objs |
* Clean up regress files Generate proper dependencies for regress objs | |
in compat |
in compat |
[264196584549] <1.8> | [88bfc728c1e7] |
|
|
* Add missing dependency for check_fill.o. | * plugins/sudoers/Makefile.in: |
[c41f4e6ff078] <1.8> | Add missing dependency for check_fill.o. |
| [0bd6362e3e17] |
|
|
2011-05-30 Todd C. Miller <Todd.Miller@courtesan.com> | 2011-05-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* INSTALL, configure, configure.in: |
* INSTALL, configure, configure.in: |
Add support for --enable-nls[=location] |
Add support for --enable-nls[=location] |
[0ea8e7bd1739] <1.8> | [b90db44a050f] |
|
|
2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Include gettext.h | * plugins/sudoers/linux_audit.c: |
[fe8bab6403c6] <1.8> | Include gettext.h |
| [7f909a6e48cb] |
|
|
* Quiet gcc warnings. | * plugins/sudoers/ldap.c, plugins/sudoers/parse.c: |
[aa16d09710a7] <1.8> | Quiet gcc warnings. |
| [b41a6cdca583] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Don't install .mo files if gettext was not found. |
Don't install .mo files if gettext was not found. |
[c6b233e829aa] <1.8> | [1397b34cc165] |
|
|
2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Always allocate a pty when running a command in the background but | * src/exec.c: |
| Always allocate a pty when running a command in the background but |
call setsid() after forking to make sure we don't end up with a |
call setsid() after forking to make sure we don't end up with a |
controlling tty. |
controlling tty. |
[77c6b2923714] <1.8> | [b6454ba172e8] |
|
|
* Add missing space between command name and the first command line | * plugins/sudoers/iolog.c: |
| Add missing space between command name and the first command line |
argument. |
argument. |
[d0a36b9c0f38] <1.8> | [fe217f0a36d4] |
|
|
* Quiet a compiler warning on some platforms. | * plugins/sudoers/sudoreplay.c: |
[654e76cf0574] <1.8> | Quiet a compiler warning on some platforms. |
| [de9f2849f236] |
|
|
* README file that directs people to translationproject.org | * plugins/sudoers/po/README, src/po/README: |
[5545e9a5ae37] <1.8> | README file that directs people to translationproject.org |
| [30c0fc323281] |
|
|
* Sync translations with TP | * plugins/sudoers/po/uk.po, src/po/fi.po: |
[b054ce577022] <1.8> | Sync translations with TP |
| [1d7d64559cba] |
|
|
* Makefile.in: |
* Makefile.in: |
Add 'sync-po' target to top-level Makefile to rsync the po files |
Add 'sync-po' target to top-level Makefile to rsync the po files |
from translationproject.org. |
from translationproject.org. |
[87a5011b0410] <1.8> | [20508211aaa3] |
|
|
* install nls files from install target | * plugins/sudoers/Makefile.in: |
[a3feba9ef323] <1.8> | install nls files from install target |
| [5fc07b6cab38] |
|
|
* Makefile.in: | * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp: |
Include .mo files in sudo binary packags. |
Include .mo files in sudo binary packags. |
[bc3ee7e7fb44] <1.8> | [278d4821a916] |
|
|
* configure, configure.in: | * configure, configure.in, plugins/sudoers/po/zh_CN.mo, |
| plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po: |
Add simplified chinese translation |
Add simplified chinese translation |
[c22e6842c766] <1.8> | [2b33ffc755b9] |
|
|
2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: | * configure, configure.in, plugins/sudoers/po/uk.mo, |
| plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po: |
Add ukranian translation |
Add ukranian translation |
[0bb9e6437f0f] <1.8> | [2d8102688e93] |
|
|
* refer to siglist.c, not ./siglist.c since not all makes will treat | * compat/Makefile.in: |
| refer to siglist.c, not ./siglist.c since not all makes will treat |
foo and ./foo the same. |
foo and ./foo the same. |
[909051ff6061] <1.8> | [6639d293ffba] |
|
|
* Set def_preserve_groups before searching for the command when the -P | * plugins/sudoers/sudoers.c: |
| Set def_preserve_groups before searching for the command when the -P |
flag is specified. |
flag is specified. |
[08e9378f50e4] <1.8> | [0edc7942f875] |
|
|
* Makefile.in: | * Makefile.in, compat/Makefile.in, mkdep.pl, |
| plugins/sudoers/Makefile.in: |
Add dependency for siglist.lo in compat. This is a generated file |
Add dependency for siglist.lo in compat. This is a generated file |
so "make depend" needs to depend on it. |
so "make depend" needs to depend on it. |
[e6c0daf36af0] <1.8> | [28d0932f8b50] |
|
|
* More dependency fixes. | * compat/Makefile.in: |
[7fed03624689] <1.8> | More dependency fixes. |
| [aad0d05cd020] |
|
|
* Fix a few dependencies. | * compat/Makefile.in: |
[7cb86c721961] <1.8> | Fix a few dependencies. |
| [eb21aa35a032] |
|
|
* Place compiled mo files in the src dir, not the build dir. When | * plugins/sudoers/Makefile.in, src/Makefile.in: |
| Place compiled mo files in the src dir, not the build dir. When |
installing compiled mo files, display a status message. |
installing compiled mo files, display a status message. |
[b87aa18a9968] <1.8> | [e15634c29cd3] |
|
|
2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Tivoli Directory Server requires that seconds be present in a | * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: |
| Tivoli Directory Server requires that seconds be present in a |
timestamp, even though RFC 4517 states that they are optional. |
timestamp, even though RFC 4517 states that they are optional. |
[47ebf110ea7a] <1.8> | [55fe23dd4ef9] |
|
|
* Add missing bit of copyright | * plugins/sudoers/sudo_nss.h: |
[d05d28a91bc4] <1.8> | Add missing bit of copyright |
| [d2eba3c364ca] |
|
|
* Mention cycle detection warnings | * doc/visudo.pod: |
[ee8231aa1aed] <1.8> | Mention cycle detection warnings |
| [a76bef15ab67] |
|
|
* When checking aliases, also check the contents of the alias in case | * plugins/sudoers/visudo.c: |
| When checking aliases, also check the contents of the alias in case |
there are problems with an alias that is referenced inside another. |
there are problems with an alias that is referenced inside another. |
Replace the self reference check with real alias cycle detection. |
Replace the self reference check with real alias cycle detection. |
[abcfe1bc95d8] <1.8> | [a66c904cf53b] |
|
|
* Set errno to ELOOP in alias_find() if there is a cycle. Set errno to | * plugins/sudoers/alias.c: |
| Set errno to ELOOP in alias_find() if there is a cycle. Set errno to |
ENOENT in alias_find() and alias_remove() if the entry could not be |
ENOENT in alias_find() and alias_remove() if the entry could not be |
found. |
found. |
[e73d169f4e9b] <1.8> | [b4f0b89e433c] |
|
|
* Increment alias_seqno before calls to alias_remove_recursive() to | * plugins/sudoers/visudo.c: |
| Increment alias_seqno before calls to alias_remove_recursive() to |
avoid false positives with the alias loop detection. Fixes spurious |
avoid false positives with the alias loop detection. Fixes spurious |
warnings about unused aliases when they are nested. |
warnings about unused aliases when they are nested. |
[ac094820ef19] <1.8> | [a344483b8193] |
|
|
* add mkdep.pl | * MANIFEST: |
[3721e9654ba6] <1.8> | add mkdep.pl |
| [86b7ed33eab2] |
|
|
* Add dependency on convenience libs to binaries | * plugins/sudoers/Makefile.in: |
[8a4db8226dfe] <1.8> | Add dependency on convenience libs to binaries |
| [cd3078b3c997] |
|
|
* Makefile.in: |
* Makefile.in: |
mkdep.pl only works when run from the src dir |
mkdep.pl only works when run from the src dir |
[2480427a0680] <1.8> | [f35a5e47c944] |
|
|
* Makefile.in: | * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl, |
| plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, |
| plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: |
Auto-generate Makefile dependencies with a perl script. |
Auto-generate Makefile dependencies with a perl script. |
[ef5f56907d97] <1.8> | [a3e4afcd7975] |
|
|
2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* If the user specifies a runas group via sudo's -g option that | * plugins/sudoers/match.c: |
| If the user specifies a runas group via sudo's -g option that |
matches the runas user's group in the passwd database and that group |
matches the runas user's group in the passwd database and that group |
is not denied in the Runas_Spec, allow it. Thus, if user root's gid |
is not denied in the Runas_Spec, allow it. Thus, if user root's gid |
in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if |
in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if |
no groups are present in the Runas_Spec. |
no groups are present in the Runas_Spec. |
[942e1e7c5090] <1.8> | [e3f9732dc564] |
|
|
2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* NEWS: | * plugins/sudoers/Makefile.in, src/Makefile.in: |
Mention what is new in 1.8.2 (for now) | Add dependencies on gettext.h |
[d44b26eceee5] <1.8> | [a3a9dc51f78b] |
|
|
* Add dependencies on gettext.h | * plugins/sudoers/Makefile.in, src/Makefile.in: |
[32c61c6af852] <1.8> | Fix install-nls target with HP-UX sh when gettext is not present. |
| [0c6b9655cd41] |
|
|
* Fix install-nls target with HP-UX sh when gettext is not present. |
|
[3441cece9638] <1.8> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, |
|
doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: |
|
Regen for sudo 1.8.2 |
|
[9ea124b542cc] <1.8> |
|
|
|
2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: | * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot, |
| src/Makefile.in, src/po/sudo.pot: |
regenerate .pot files for lbuf changes |
regenerate .pot files for lbuf changes |
[a8a9cc62c3a5] <1.8> | [918ded125a0b] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Add missing "checking" message for gettext when using the cache. |
Add missing "checking" message for gettext when using the cache. |
[4136bc346576] <1.8> | [9c21187ad1d2] |
|
|
* Add primitive format string support to the lbuf code to make | * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c, |
| plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c, |
| src/parse_args.c: |
| Add primitive format string support to the lbuf code to make |
translations simpler. |
translations simpler. |
[22fc74618d09] <1.8> | [ee71c7ef5299] |
|
|
* configure, configure.in, plugins/sudoers/po/sudoers.pot, | * MANIFEST, plugins/sudoers/Makefile.in, |
src/po/sudo.pot: | plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot: |
Bump version to 1.8.2 | Add message catalog template files for sudo and the sudoers module. |
[999de1ac5b3e] <1.8> | [f3f8acb1f014] |
|
|
* Add message catalog template files for sudo and the sudoers module. | * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c, |
[6afad75e7afa] <1.8> | config.h.in, configure.in, doc/Makefile.in, include/gettext.h, |
| plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, |
* configure.in: | plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
| plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c, |
| src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h: |
Add gettext.h convenience header. This is similar to but distinct |
Add gettext.h convenience header. This is similar to but distinct |
from the one included with the gettext package. |
from the one included with the gettext package. |
[5ae5a86e0d06] <1.8> | [930a0591f73c] |
|
|
|
2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Add checks for nroff -c and -Tascii flags |
Add checks for nroff -c and -Tascii flags |
[580c21905280] <1.8> | [19ca990b3149] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Add check for HP bundled C Compiler (which cannot create shared |
Add check for HP bundled C Compiler (which cannot create shared |
libs) |
libs) |
[34f616cbb0f3] <1.8> | [517716a7072d] |
|
|
* Fix C format warnings. | * plugins/sudoers/sudoreplay.c: |
[f20a43a817f0] <1.8> | Fix C format warnings. |
| [6514326013fa] |
|
|
* Add __printflike | * include/error.h: |
[76bf8a4bf075] <1.8> | Add __printflike |
| [e1749a30a406] |
|
|
* Translate help / usage strings. | * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, |
[16c5b7902d4c] <1.8> | plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c, |
| plugins/sudoers/visudo.c, src/parse_args.c: |
| Translate help / usage strings. |
| [ee1cc9b1a8bd] |
|
|
* Set --msgid-bugs-address to the bugzilla url | * plugins/sudoers/Makefile.in, src/Makefile.in: |
[3e3cfa7b4ceb] <1.8> | Set --msgid-bugs-address to the bugzilla url |
| [5a0aa250ca21] |
|
|
* INSTALL, Makefile.in, README, configure, configure.in: | * Makefile.in, common/Makefile.in, compat/Makefile.in, configure, |
| configure.in, doc/Makefile.in, include/Makefile.in, |
| plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, |
| plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: |
Add scaffolding to update .po files and install .mo files. |
Add scaffolding to update .po files and install .mo files. |
[a51e60b35e47] <1.8> | [f05f4eed1fe1] |
|
|
* Minor warning/error cleanup | * doc/license.pod: |
[593144ac87ff] <1.8> | update copyright year |
| [fa0c62523875] |
|
|
* configure.in: | * INSTALL, README: |
| No need to include version number at the top of these files. |
| [9f2981325351] |
| |
| 2011-05-18 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c, |
| plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c, |
| plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, |
| plugins/sudoers/visudo.c: |
| Minor warning/error cleanup |
| [9236dc85aeab] |
| |
| * config.h.in, configure.in: |
Emulate ngettext for the non-nls case |
Emulate ngettext for the non-nls case |
[7cdf82de4dee] <1.8> | [13571d63fa36] |
|
|
* Do not mark untranslatable strings for translation | * plugins/sudoers/ldap.c: |
[088271ed02d0] <1.8> | Do not mark untranslatable strings for translation |
| [735f5d4413fe] |
|
|
* Use ROOT_UID not 0. | * plugins/sudoers/check.c: |
[f901fa2fdaf2] <1.8> | Use ROOT_UID not 0. |
| [09a268db8da4] |
|
|
* Minor warning/error message cleanup | * plugins/sudoers/check.c, plugins/sudoers/iolog.c, |
[b99c7ef46236] <1.8> | plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c, |
| src/load_plugins.c, src/sudo.c, src/sudo_edit.c: |
| Minor warning/error message cleanup |
| [3c7b1a7939b5] |
|
|
* cannot -> "unable to" in warning/error messages can't -> "unable to" | * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c, |
in warning/error messages | plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, |
[5119140fabc7] <1.8> | plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c, |
| plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c, |
| src/exec_pty.c, src/net_ifs.c, src/selinux.c: |
| cannot -> "unable to" in warning/error messages |
| [31c3897649e9] |
|
|
|
* plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c, |
|
plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c, |
|
src/sudo.c, src/utmp.c: |
|
can't -> "unable to" in warning/error messages |
|
[127b75f15291] |
|
|
* configure, configure.in: |
* configure, configure.in: |
FreeBSD needs the main sudo executable to link with -lpam when |
FreeBSD needs the main sudo executable to link with -lpam when |
loading dynaic pam modules for some reason. |
loading dynaic pam modules for some reason. |
[738b6778a505] <1.8> | [944522cc9bef] |
|
|
* We don't want to translate debugging messages. | 2011-05-17 Todd C. Miller <Todd.Miller@courtesan.com> |
[357a575c2dfd] <1.8> | |
|
|
* configure, configure.in: | * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c: |
| We don't want to translate debugging messages. |
| [56a1a365815a] |
| |
| * configure, configure.in, plugins/sudoers/Makefile.in, |
| plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, |
| plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
| plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, |
| src/Makefile.in, src/sesh.c, src/sudo.c: |
Add calls to bindtextdomain() and textdomain() Currently there are |
Add calls to bindtextdomain() and textdomain() Currently there are |
two domains, one for the sudo front-end and one for the sudoers |
two domains, one for the sudo front-end and one for the sudoers |
plugin and its associated utilities. |
plugin and its associated utilities. |
[907f39439d80] <1.8> | [0426138f789e] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Fix caching of libc gettext check. |
Fix caching of libc gettext check. |
[e229c21f412f] <1.8> | [942142d2c43a] |
|
|
* Mark defaults descriptions for translation | * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c, |
[65e03d1f8203] <1.8> | plugins/sudoers/mkdefaults: |
| Mark defaults descriptions for translation |
| [5b27f018e6cf] |
|
|
* NEWS: |
* NEWS: |
Update for sudo 1.8.1p2 |
Update for sudo 1.8.1p2 |
[89c31f2aa11e] <1.8> | [747c4dee2ca7] |
|
|
* Quiet compiler warning when SELinux is enabled. | 2011-05-16 Todd C. Miller <Todd.Miller@courtesan.com> |
[51b1d7c8aa86] <1.8> | |
|
|
* dd missing includes of libintl.h. | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
[25662143d36d] <1.8> | Quiet compiler warning when SELinux is enabled. |
| [1fbf77dda240] |
|
|
* Fix gettext marker. | * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c, |
[7618856ba5de] <1.8> | src/error.c, src/net_ifs.c, src/sesh.c: |
| Add missing includes of libintl.h. |
| [bc1d66316082] |
|
|
* Include libint.h where needed. | * plugins/sudoers/auth/pam.c: |
[cc256b297b9d] <1.8> | Fix gettext marker. |
| [a5cf4ed66c66] |
|
|
* Prepare sudoers module messages for translation. | * common/aix.c, common/alloc.c, compat/strsignal.c, |
[1b7f0bbaa55f] <1.8> | plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h: |
| Include libint.h where needed. |
| [2b0e5a663c7b] |
|
|
* Only check gid of sudoers file if it is group-readable. | * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c, |
[f3cae943f35a] <1.8> | plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, |
| plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c, |
| plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, |
| plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, |
| plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, |
| plugins/sudoers/defaults.c, plugins/sudoers/env.c, |
| plugins/sudoers/find_path.c, plugins/sudoers/gram.c, |
| plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, |
| plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, |
| plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, |
| plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, |
| plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c, |
| plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, |
| plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, |
| plugins/sudoers/toke.c, plugins/sudoers/toke.l, |
| plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: |
| Prepare sudoers module messages for translation. |
| [7212ae1909c5] |
|
|
* For AIX, keep calling authenticate() until reenter reaches 0. | * plugins/sudoers/sudoers.c: |
[e412676bac73] <1.8> | Only check gid of sudoers file if it is group-readable. |
| [50e3bc0cb242] |
|
|
|
* plugins/sudoers/auth/aix_auth.c: |
|
For AIX, keep calling authenticate() until reenter reaches 0. |
|
[e240815b74b1] |
|
|
|
2011-05-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Cache the status of the initial gettext() check. |
Cache the status of the initial gettext() check. |
[c32281768c0f] <1.8> | [32751ebe1704] |
|
|
* INSTALL, configure, configure.in: |
* INSTALL, configure, configure.in: |
Add --disable-nls flag and improve checks for gettext. |
Add --disable-nls flag and improve checks for gettext. |
[b39674c1e538] <1.8> | [c7e6b17052de] |
|
|
* configure, configure.in: |
* configure, configure.in: |
When building with gcc on HP-UX, use -march=1.1 to produce portable |
When building with gcc on HP-UX, use -march=1.1 to produce portable |
binaries on a pa-risc2 host. Previously, the +Dportable option was |
binaries on a pa-risc2 host. Previously, the +Dportable option was |
used for the HP-UX C compiler but gcc always produced native |
used for the HP-UX C compiler but gcc always produced native |
binaries. |
binaries. |
[41351c23ad41] <1.8> | [8f4c749324d7] |
|
|
* Prepare sudo front end messages for translation. | 2011-05-06 Todd C. Miller <Todd.Miller@courtesan.com> |
[7807d6f74dac] <1.8> | |
|
|
* configure, configure.in: | * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c, |
Add initial scaffolding to support localization via gettext() | src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c, |
[cdbbff7e6376] <1.8> | src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c, |
| src/sudo_edit.c, src/tgetpass.c, src/utmp.c: |
| Prepare sudo front end messages for translation. |
| [2fc2fabceccb] |
|
|
2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/license.pod: |
|
update copyright year |
|
[d681661f03cc] <1.8> |
|
|
|
* INSTALL, README: |
|
No need to include version number at the top of these files. |
|
[7e11f673f773] <1.8> |
|
|
|
* README: |
|
This is sudo 1.8.1 not 1.8.0 |
|
[4d674f230d8a] <1.8> |
|
|
|
2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Don't let the fnmatch/glob macros expand the function prototype. | * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c: |
[d449e9a8f447] <1.8> | Add initial scaffolding to support localization via gettext() |
| [7d47b59fcf95] |
|
|
|
* compat/fnmatch.h, compat/glob.h: |
|
Don't let the fnmatch/glob macros expand the function prototype. |
|
[a9014aa0288e] |
|
|
2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Resolve namespace collisions on HP-UX ia64 and possibly others by | * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h: |
| Resolve namespace collisions on HP-UX ia64 and possibly others by |
adding a rpl_ prefix to our fnmatch and glob replacements and |
adding a rpl_ prefix to our fnmatch and glob replacements and |
#defining rpl_foo to foo in the header files. |
#defining rpl_foo to foo in the header files. |
[d23889375b21] <1.8> | [caa9b690a15d] |
|
|
2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Split ALL, ROLE and TYPE into their own actions. Since you can only | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Split ALL, ROLE and TYPE into their own actions. Since you can only |
have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in |
have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in |
the non-SELinux case. This is safe because the actions are in one |
the non-SELinux case. This is safe because the actions are in one |
big switch() statement. |
big switch() statement. |
[0bd9b7e37ab1] <1.8> | [7473fc2cfa2c] |
|
|
* Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie. | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
[8dec97b359e0] <1.8> | Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie. |
| [9be3480c2865] |
|
|
* askpass moved from sudoers to sudo.conf in sudo 1.8.0 | 2011-04-27 Todd C. Miller <Todd.Miller@courtesan.com> |
[1001d87d82ed] <1.8> | |
|
|
* Remove obsolete warning about runas_default and ordering. Move | * doc/UPGRADE, doc/sudoers.pod: |
| askpass moved from sudoers to sudo.conf in sudo 1.8.0 |
| [b2c2956cec4e] |
| |
| * doc/sudoers.pod: |
| Remove obsolete warning about runas_default and ordering. Move |
syslog facility and priority lists into the section where the |
syslog facility and priority lists into the section where the |
relevant options are described. |
relevant options are described. |
[1286b9624021] <1.8> | [e57b8dc3f779] |
|
|
2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix SIA support; we no longer have access to the real argc and argv | * plugins/sudoers/auth/sia.c: |
| Fix SIA support; we no longer have access to the real argc and argv |
so allocate space for a fake one and use the argv passed to the |
so allocate space for a fake one and use the argv passed to the |
plugin with "sudo" for argv[0]. |
plugin with "sudo" for argv[0]. |
[7c11eeffb91c] <1.8> | [1c0552772ad2] |
|
|
* Remove useless realloc when trying to get the buffer size right. | 2011-04-23 Todd C. Miller <Todd.Miller@courtesan.com> |
[58128e7f4e28] <1.8> | |
|
|
* Be explicit when setting euid to 0 before call to setreuid(0, 0) | * src/net_ifs.c: |
[95769a564ab8] <1.8> | Remove useless realloc when trying to get the buffer size right. |
| [792225380a62] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Be explicit when setting euid to 0 before call to setreuid(0, 0) |
|
[7bfeb629fccb] |
|
|
2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* NEWS: |
|
sudo 1.8.1p1 updates |
|
[de3d688b5bb1] <1.8> |
|
|
|
* configure, configure.in: |
* configure, configure.in: |
Need to do checks for krb5_verify_user, krb5_init_secure_context and |
Need to do checks for krb5_verify_user, krb5_init_secure_context and |
krb5_get_init_creds_opt_alloc regardless of whether or | krb5_get_init_creds_opt_alloc regardless of whether or not |
notkrb5-config is present. | krb5-config is present. |
[456c4a9cd5d6] <1.8> | [9d1b98ece1d3] |
|
|
2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Work around weird AIX saved uid semantics on setuid() and | * plugins/sudoers/set_perms.c: |
| Work around weird AIX saved uid semantics on setuid() and |
setreuid(). On AIX, setuid() will only set the saved uid if the euid |
setreuid(). On AIX, setuid() will only set the saved uid if the euid |
is already 0. |
is already 0. |
[5d0a69e9d181] <1.8> | [069fc08150ca] |
|
|
2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* update copyright year | * sudo.pp: |
[fa8da6d55783] <1.8> | update copyright year |
| [1c42d579ba6e] |
|
|
* Treat a missing includedir like an empty one and do not return an | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Treat a missing includedir like an empty one and do not return an |
error. |
error. |
[5fd9fe004728] <1.8> | [92f71d8cbfd4] |
|
|
2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix ARCH setting in cross-compile Solaris packages. | * pp: |
[8ce40940f6c9] <1.8> | Fix ARCH setting in cross-compile Solaris packages. |
| [b0de281cc889] |
|
|
* Fix aix version setting. | * sudo.pp: |
[02a9e25d46ba] <1.8> | Fix aix version setting. |
| [98437dbfb085] |
|
|
* Remove extraneous parens in LDAP filter when sudoers_search_filter | * plugins/sudoers/ldap.c: |
| Remove extraneous parens in LDAP filter when sudoers_search_filter |
is enabled that causes a search error. From Matthew Thomas. |
is enabled that causes a search error. From Matthew Thomas. |
[b67be9b51ec6] <1.8> | [1d75bf1fc8d9] |
|
|
2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Correct sizeof() to fix test failure. | * plugins/sudoers/regress/iolog_path/check_iolog_path.c: |
[a11b89fd13f9] <1.8> | Correct sizeof() to fix test failure. |
| [fd2f7c0c0572] |
|
|
* "install" target should depend on "install-dirs". Fixes "make -j" | * plugins/sudoers/Makefile.in: |
| "install" target should depend on "install-dirs". Fixes "make -j" |
problem and closes bz #487. From Chris Coleman. |
problem and closes bz #487. From Chris Coleman. |
[06ab0558f848] <1.8> | [083902d38edb] |
|
|
2011-04-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* .hgtags: |
|
Added tag SUDO_1_8_1 for changeset 0ed6281995f0 |
|
[543d41a163e9] <1.8> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, |
|
doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: |
|
Regen man pages for 1.8.1 |
|
[0ed6281995f0] [SUDO_1_8_1] <1.8> |
|
|
|
2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add HAVE_RFC1938_SKEYCHALLENGE | * config.h.in: |
[c0d7eb39799d] <1.8> | Add HAVE_RFC1938_SKEYCHALLENGE |
| [a94cb33758a8] |
|
|
2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Mention plugin loading and libgcc changes | * NEWS: |
[b74929cba37c] <1.8> | Mention plugin loading and libgcc changes |
| [e11b30b5026a] |
|
|
* Load plugins after parsing arguments and potentially printing the | * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: |
| Load plugins after parsing arguments and potentially printing the |
version. That way, an error loading or initializing a plugin |
version. That way, an error loading or initializing a plugin |
doesn't break "sudo -h" or "sudo -V". |
doesn't break "sudo -h" or "sudo -V". |
[c1ecb5979cf0] <1.8> | [1b76f2b096a2] |
|
|
* Makefile.in: |
* Makefile.in: |
When using a sub-shell to invoke the sub-make, exec make instead of |
When using a sub-shell to invoke the sub-make, exec make instead of |
running it inside the shell to avoid an extra process. |
running it inside the shell to avoid an extra process. |
[9439f016c993] <1.8> | [fd2c04a71fbf] |
|
|
* Stop testing unspecified behavior in fnmatch Make glob test more | * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c: |
| Stop testing unspecified behavior in fnmatch Make glob test more |
portable |
portable |
[87a91d76fbff] <1.8> | [229803093725] |
|
|
* No need to add current dir to include path and having it breaks the | * compat/Makefile.in: |
| No need to add current dir to include path and having it breaks the |
test programs that expect to get the system glob.h and fnmatch.h |
test programs that expect to get the system glob.h and fnmatch.h |
[3ae7f9e7b710] <1.8> | [68085f624be4] |
|
|
* configure, configure.in: | * INSTALL, configure, configure.in: |
Fix and document --with-plugindir; partially from Diego Elio Petteno |
Fix and document --with-plugindir; partially from Diego Elio Petteno |
[0220a0c2606f] <1.8> | [07edc52ea89e] |
|
|
* Fix fnmatch and glob tests to not use hard-coded flag values in the | * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c, |
| compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c, |
| compat/regress/glob/globtest.in: |
| Fix fnmatch and glob tests to not use hard-coded flag values in the |
input file. Link test programs with libreplace so we get our |
input file. Link test programs with libreplace so we get our |
replacement verions as needed. |
replacement verions as needed. |
[66bab80241e0] <1.8> | [c2cca448f660] |
|
|
* Makefile.in: |
* Makefile.in: |
If make in a subdir fails, fail the target in the upper level |
If make in a subdir fails, fail the target in the upper level |
Makefile too. Adapted from a patch from Diego Elio Petteno |
Makefile too. Adapted from a patch from Diego Elio Petteno |
[bc35b7813507] <1.8> | [76fc9a0d96fd] |
|
|
* configure, configure.in: | * configure, configure.in, plugins/sudoers/auth/rfc1938.c: |
Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also |
Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also |
has this. Adapted from a patch from Diego Elio Petteno |
has this. Adapted from a patch from Diego Elio Petteno |
[bb6228f484b9] <1.8> | [a97279a59b93] |
|
|
* Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@ | * plugins/sudoers/Makefile.in: |
| Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@ |
directly. |
directly. |
[47e6d5fadc6d] <1.8> | [47b884029b3b] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Fix warnings when -without-skey, --without-opie, --without-kerb4, |
Fix warnings when -without-skey, --without-opie, --without-kerb4, |
--without-kerb5 or --without-SecurID were specified. |
--without-kerb5 or --without-SecurID were specified. |
[1b75035dd129] <1.8> | [71ad150f4d24] |
|
|
* Add plugins/sudoers/sudoers_version.h | * MANIFEST: |
[1d470c6033ca] <1.8> | Add plugins/sudoers/sudoers_version.h |
| [7423966de440] |
|
|
* configure, configure.in: | * configure, configure.in, plugins/sample/Makefile.in, |
| plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: |
Back out the --with-libpath addition to SUDOERS_LDFLAGS since that |
Back out the --with-libpath addition to SUDOERS_LDFLAGS since that |
now include LDFLAGS in the sudoers Makefile.in. Add missing settng |
now include LDFLAGS in the sudoers Makefile.in. Add missing settng |
of @LDFLAGS@ in plugin Makefile.in files. |
of @LDFLAGS@ in plugin Makefile.in files. |
[dd237f43aa12] <1.8> | [b835826f889c] |
|
|
2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Mention %#gid support in User_List and Runas_List | * NEWS: |
[37e259b9181b] <1.8> | Mention %#gid support in User_List and Runas_List |
| [5a983dff017a] |
|
|
* Keep track of sudoers grammar version and report it in the -V | * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h, |
| plugins/sudoers/visudo.c: |
| Keep track of sudoers grammar version and report it in the -V |
output. |
output. |
[0e0b891dd8a4] <1.8> | [52901a3c0296] |
|
|
* Add multiple inclusion guard | * plugins/sudoers/sudo_nss.h: |
[ec6884f51ea8] <1.8> | Add multiple inclusion guard |
| [50853aed046e] |
|
|
* configure, configure.in: | * configure, configure.in, plugins/sample/Makefile.in, |
| plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: |
The --with-libpath option now adds to SUDOERS_LDFLAGS as well as |
The --with-libpath option now adds to SUDOERS_LDFLAGS as well as |
LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and |
LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and |
set it to -Wc,-static-libgcc if not using GNU ld so we don't |
set it to -Wc,-static-libgcc if not using GNU ld so we don't |
have a dependency on the shared libgcc in sudoers.so. |
have a dependency on the shared libgcc in sudoers.so. |
[28d03f3eb0d2] <1.8> | [66ad8bc5e32d] |
|
|
* Fix typo; from Petr Uzel | * doc/sudoers.pod: |
[d19b9bd92bd3] <1.8> | Fix typo; from Petr Uzel |
| [f9a7afd80892] |
|
|
2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* In dump-only mode, use "root" as the default username instead of | * plugins/sudoers/testsudoers.c: |
| In dump-only mode, use "root" as the default username instead of |
"nobody" as the latter may not be available on all systems. |
"nobody" as the latter may not be available on all systems. |
[b304111616dd] <1.8> | [0c48e6414337] |
|
|
2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Remove NewArgv/NewArgc, they are no longer needed. | * plugins/sudoers/testsudoers.c: |
[c0a36a42a68c] <1.8> | Remove NewArgv/NewArgc, they are no longer needed. |
| [16e18f734c7e] |
|
|
* Fix setting of user_args | * plugins/sudoers/testsudoers.c: |
[529e79ea95d1] <1.8> | Fix setting of user_args |
| [aa29e0d0a54a] |
|
|
* Add '!' token to lex tracing | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
[aef295d428e7] <1.8> | Add '!' token to lex tracing |
| [5227ad266235] |
|
|
* Use group bin in test, not wheel as most systems have the bin group | * plugins/sudoers/regress/testsudoers/test1.sh: |
| Use group bin in test, not wheel as most systems have the bin group |
but the same is no longer true of wheel. |
but the same is no longer true of wheel. |
[350347f09c1a] <1.8> | [718802b3b45e] |
|
|
* Avoid using pre or post increment in a parameter to a ctype(3) | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Avoid using pre or post increment in a parameter to a ctype(3) |
function as it might be a macro that causes the increment to happen |
function as it might be a macro that causes the increment to happen |
more than once. |
more than once. |
[8a94ebdd53b8] <1.8> | [78e281152c3a] |
|
|
2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Strip off the beta or release candidate version when building AIX | * sudo.pp: |
| Strip off the beta or release candidate version when building AIX |
packages. |
packages. |
[00ad950764e2] <1.8> | [28fe31668559] |
|
|
* configure, configure.in: |
* configure, configure.in: |
We need to include OSDEFS in CFLAGS when doing the utmp/utmpx |
We need to include OSDEFS in CFLAGS when doing the utmp/utmpx |
structure checks for glibc which only has __e_termination visible |
structure checks for glibc which only has __e_termination visible |
when _GNU_SOURCE is *not* defined. |
when _GNU_SOURCE is *not* defined. |
[1d58420a4a4a] <1.8> | [59ae1698911f] |
|
|
* getuserattr(user, ...) will fall back to the "default" entry | * common/aix.c: |
| getuserattr(user, ...) will fall back to the "default" entry |
automatically, there's no need to check "default" manually. |
automatically, there's no need to check "default" manually. |
[cefffa82967d] <1.8> | [3c7a47a61fdb] |
|
|
* Document parser changes. |
|
[5038238f60eb] <1.8> |
|
|
|
2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Makefile.in: | * doc/UPGRADE: |
| Document parser changes. |
| [ec415503308d] |
| |
| * Makefile.in, common/Makefile.in, compat/Makefile.in, |
| doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, |
| plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
| src/Makefile.in, zlib/Makefile.in: |
If there is an existing sudoers file, only install if it passes a |
If there is an existing sudoers file, only install if it passes a |
syntax check. |
syntax check. |
[b1e4c9c56fe0] <1.8> | [37427c73e8cb] |
|
|
* Add runasgroup support to testsudoers | * plugins/sudoers/regress/sudoers/test6.out.ok, |
[30838590e9de] <1.8> | plugins/sudoers/testsudoers.c: |
| Add runasgroup support to testsudoers |
| [047ea5571f33] |
|
|
* For "make check", keep going even if a test fails. | * plugins/sudoers/Makefile.in: |
[d3a72f67227e] <1.8> | For "make check", keep going even if a test fails. |
| [ce6a0a73c372] |
|
|
* More useful exit codes: | * plugins/sudoers/testsudoers.c: |
| More useful exit codes: |
* 0 - parsed OK and command matched. |
* 0 - parsed OK and command matched. |
* 1 - parse error |
* 1 - parse error |
* 2 - command not matched |
* 2 - command not matched |
* 3 - command denied |
* 3 - command denied |
[59301e0769cd] <1.8> | [1d2ce1361903] |
|
|
* Document %#gid, and %:#nonunix_gid syntax. | * doc/sudoers.pod: |
[39ee15af58e9] <1.8> | Document %#gid, and %:#nonunix_gid syntax. |
| [492d4f9696c4] |
|
|
* Add support to user_in_group() for treating group names that begin | * plugins/sudoers/pwutil.c: |
| Add support to user_in_group() for treating group names that begin |
with a '#' as gids. |
with a '#' as gids. |
[0eb19980cf5f] <1.8> | [20240c94a134] |
|
|
* configure, configure.in: | * config.h.in, configure, configure.in, src/utmp.c: |
Add explicit check for struct utmpx.ut_exit.e_termination and struct |
Add explicit check for struct utmpx.ut_exit.e_termination and struct |
utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update |
utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update |
ut_exit if we detect one or the other. |
ut_exit if we detect one or the other. |
[ab5b665fc04b] <1.8> | [b4e8cab777e6] |
|
|
2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add back missing #include of config.h | * plugins/sudoers/toke.c: |
[9c82bec81018] <1.8> | Add back missing #include of config.h |
| [9ab3897a1b2e] |
|
|
* Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like | * plugins/sudoers/iolog_path.c, |
| plugins/sudoers/regress/iolog_path/data: |
| Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like |
strftime() does. |
strftime() does. |
[1ae630470f8a] <1.8> | [93395762cdcd] |
|
|
* Quote first argument to AC_DEFUN(); from Elan Ruusamae | * aclocal.m4: |
[c467e9e3b399] <1.8> | Quote first argument to AC_DEFUN(); from Elan Ruusamae |
| [97f53ad31d77] |
|
|
2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* add new sudoers tests | * MANIFEST: |
[05f2a0924acc] <1.8> | add new sudoers tests |
| [476af91b3da3] |
|
|
* Add test for a newline in the middle of a string when no line | * plugins/sudoers/regress/sudoers/test8.in, |
| plugins/sudoers/regress/sudoers/test8.out.ok, |
| plugins/sudoers/regress/sudoers/test8.toke.ok: |
| Add test for a newline in the middle of a string when no line |
continuation character is used. |
continuation character is used. |
[24b79be5822b] <1.8> | [de2394bc86ab] |
|
|
* Use bitwise AND instead of modulus to check for length being odd. A | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Use bitwise AND instead of modulus to check for length being odd. A |
newline in the middle of a string is an error unless a line |
newline in the middle of a string is an error unless a line |
continuation character is used. |
continuation character is used. |
[65c468599688] <1.8> | [bdb1d762a1d5] |
|
|
* Move lexer globals initialization into init_lexer. | * plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
[07a1171a1853] <1.8> | plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Move lexer globals initialization into init_lexer. |
| [1ce62211aadb] |
|
|
* Fix a potential crash when a non-regular file is present in an | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Fix a potential crash when a non-regular file is present in an |
includedir. Fixes bz #452 |
includedir. Fixes bz #452 |
[5057cb9516e4] <1.8> | [1586760c3525] |
|
|
* On some Linux systems, "uname -p" contains detailed processor info | * pp: |
| On some Linux systems, "uname -p" contains detailed processor info |
so check "uname -m" first and then "uname -p" if needed. Recognize |
so check "uname -m" first and then "uname -p" if needed. Recognize |
PLD Linux. |
PLD Linux. |
[56226c84a060] <1.8> | [b8535cb9012e] |
|
|
2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Don't need all sudoers.h here. | * plugins/sudoers/redblack.c: |
[43b6ae5999c5] <1.8> | Don't need all sudoers.h here. |
| [8c0929f42dab] |
|
|
* Print sudo version early, in case policy plugin init fails. | * src/sudo.c: |
[620f2d0ec4b1] <1.8> | Print sudo version early, in case policy plugin init fails. |
| [47cddc4358bc] |
|
|
2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Update to match change in input. | * plugins/sudoers/regress/sudoers/test4.toke.ok: |
[69540f84721d] <1.8> | Update to match change in input. |
| [4a3af8e68790] |
|
|
* Make an empty group or netgroup a syntax error. | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
[4b85bddc494e] <1.8> | Make an empty group or netgroup a syntax error. |
| [66f51ddc2ff6] |
|
|
* An empty group or netgroup should be a syntax error. | * plugins/sudoers/regress/sudoers/test7.in, |
[6ec796972eff] <1.8> | plugins/sudoers/regress/sudoers/test7.out.ok, |
| plugins/sudoers/regress/sudoers/test7.toke.ok: |
| An empty group or netgroup should be a syntax error. |
| [bd5bf1e2edce] |
|
|
* Check that uids work in per-user and per-runas Defaults Check that | * plugins/sudoers/regress/sudoers/test6.in, |
| plugins/sudoers/regress/sudoers/test6.out.ok, |
| plugins/sudoers/regress/sudoers/test6.toke.ok: |
| Check that uids work in per-user and per-runas Defaults Check that |
uids and gids work in a Command_Spec |
uids and gids work in a Command_Spec |
[68cf62353420] <1.8> | [c5e848e6082b] |
|
|
* Test empty string in User_Alias and Command_Spec | * plugins/sudoers/regress/sudoers/test5.in, |
[017d487c31be] <1.8> | plugins/sudoers/regress/sudoers/test5.out.ok, |
| plugins/sudoers/regress/sudoers/test5.toke.ok: |
| Test empty string in User_Alias and Command_Spec |
| [3a084d777e03] |
|
|
* Allow a group ID in the User_Spec. | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
[37e0bf69c8d8] <1.8> | Allow a group ID in the User_Spec. |
| [bc2859eb71dc] |
|
|
* Return an error for the empty string when a word is expected. Allow |
|
an ID for per-user or per-runas Defaults. |
|
[4c9020779582] <1.8> |
|
|
|
2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix printing "User_Alias FOO = ALL" | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
[97c9fd7caeb7] <1.8> | Return an error for the empty string when a word is expected. Allow |
| an ID for per-user or per-runas Defaults. |
| [915c259b00ff] |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Fix printing "User_Alias FOO = ALL" |
|
[ba58c3d548b3] |
|
|
2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Better error message about invalid -C argument | * src/parse_args.c: |
[2301e7a3835b] <1.8> | Better error message about invalid -C argument |
| [c9a8d15bbf5d] |
|
|
* fix typo | * NEWS: |
[c5acde62a309] <1.8> | fix typo |
| [cdcfbafed013] |
|
|
* Fix placement of equal size ('=') in user specification summary. | * doc/sudoers.pod: |
[4d0ffef77ae4] <1.8> | Fix placement of equal size ('=') in user specification summary. |
| [5ad7178b230d] |
|
|
2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* update to match sudoers regress | * MANIFEST: |
[0efb8dc9092a] <1.8> | update to match sudoers regress |
| [e04db0648717] |
|
|
* Restore ability to define TRACELEXER and have trace output go to | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Restore ability to define TRACELEXER and have trace output go to |
stderr. |
stderr. |
[441c8b372217] <1.8> | [d9531e4d1b20] |
|
|
* Restore old behavior of setting sawspace = TRUE for command line | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Restore old behavior of setting sawspace = TRUE for command line |
args when a line continuation character is hit to avoid causing |
args when a line continuation character is hit to avoid causing |
problems for existing sudoers files. |
problems for existing sudoers files. |
[963ded6ce070] <1.8> | [fd930ad25550] |
|
|
* Add test for line continuation and aliases | * plugins/sudoers/regress/sudoers/test4.in, |
[5703d11a3c46] <1.8> | plugins/sudoers/regress/sudoers/test4.out.ok, |
| plugins/sudoers/regress/sudoers/test4.toke.ok: |
| Add test for line continuation and aliases |
| [29ab538ca6bb] |
|
|
* Make test output line up nicely for parse vs. toke | * plugins/sudoers/Makefile.in: |
[15321ce2d7d9] <1.8> | Make test output line up nicely for parse vs. toke |
| [257ef82c1434] |
|
|
* plugins/sudoers/regress/testsudoers/test1.ok, | * plugins/sudoers/Makefile.in, |
| plugins/sudoers/regress/sudoers/test1.in, |
| plugins/sudoers/regress/sudoers/test1.out.ok, |
| plugins/sudoers/regress/sudoers/test1.toke.ok, |
| plugins/sudoers/regress/sudoers/test2.in, |
| plugins/sudoers/regress/sudoers/test2.out.ok, |
| plugins/sudoers/regress/sudoers/test2.toke.ok, |
| plugins/sudoers/regress/sudoers/test3.in, |
| plugins/sudoers/regress/sudoers/test3.out.ok, |
| plugins/sudoers/regress/sudoers/test3.toke.ok, |
| plugins/sudoers/regress/testsudoers/test1.ok, |
| plugins/sudoers/regress/testsudoers/test1.out.ok, |
| plugins/sudoers/regress/testsudoers/test1.sh, |
plugins/sudoers/regress/testsudoers/test2.out, |
plugins/sudoers/regress/testsudoers/test2.out, |
plugins/sudoers/regress/testsudoers/test2.sh, |
plugins/sudoers/regress/testsudoers/test2.sh, |
plugins/sudoers/regress/testsudoers/test3.ok, |
plugins/sudoers/regress/testsudoers/test3.ok, |
Line 1511
|
Line 7829
|
plugins/sudoers/regress/visudo/test1.sh: |
plugins/sudoers/regress/visudo/test1.sh: |
Move parser tests to sudoers directory and test the tokenizer output |
Move parser tests to sudoers directory and test the tokenizer output |
too. |
too. |
[111c1ccda334] <1.8> | [44f529b3cdb6] |
|
|
* If we match a rule anchored to the beginning of a line after parsing | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| If we match a rule anchored to the beginning of a line after parsing |
a line continuation character, return an ERROR token. It would be |
a line continuation character, return an ERROR token. It would be |
nicer to use REJECT instead but that substantially slows down the |
nicer to use REJECT instead but that substantially slows down the |
lexer. |
lexer. |
[67e54b14aa9d] <1.8> | [355478293f8c] |
|
|
* Move LEXTRACE macro to toke.h so we can use it in yyerror(). | * plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
[e6e04037deed] <1.8> | plugins/sudoers/toke.c, plugins/sudoers/toke.h, |
| plugins/sudoers/toke.l: |
| Move LEXTRACE macro to toke.h so we can use it in yyerror(). |
| [72ee7a06d3ca] |
|
|
* Make lex tracing settable at run-time in testsudoers via the -t | 2011-03-20 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, |
| plugins/sudoers/toke.l: |
| Make lex tracing settable at run-time in testsudoers via the -t |
flag. Trace output goes to stderr. Will be used by regress tests |
flag. Trace output goes to stderr. Will be used by regress tests |
to check lexer. |
to check lexer. |
[a973f43cc0c2] <1.8> | [93bd53c413c8] |
|
|
* Allow whitespace after the modifier in a Defaults entry. E.g. | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Allow whitespace after the modifier in a Defaults entry. E.g. |
"Defaults: username set_home" |
"Defaults: username set_home" |
[bf876c9fc5bb] <1.8> | [9dfcf8dd8a3a] |
|
|
2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Don't set CC when cross-compiling. | * mkpkg: |
[d3c33dcb02f2] <1.8> | Don't set CC when cross-compiling. |
| [4b95b0c04e1c] |
|
|
* Credit Matthew Thomas for the sudoers_search_filter changes. | * NEWS: |
[2209b80664af] <1.8> | Credit Matthew Thomas for the sudoers_search_filter changes. |
| [a65998ab09f7] |
|
|
* Add the .sym files to the MANIFEST | * MANIFEST: |
[bb452b28a009] <1.8> | Add the .sym files to the MANIFEST |
| [f599225cc861] |
|
|
* Update for sudo 1.8.1 beta | * NEWS: |
[700d42d80e00] <1.8> | Update for sudo 1.8.1 beta |
| [71021e854c49] |
|
|
* user_shell -> run_shell to avoid confusion with the user's SHELL | * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c: |
| user_shell -> run_shell to avoid confusion with the user's SHELL |
variable. |
variable. |
[451b96d5f97e] <1.8> | [dc0ac6dafc21] |
|
|
* Save the controlling tty process group before suspending in pty | * src/exec_pty.c: |
| Save the controlling tty process group before suspending in pty |
mode. Previously, we assumed that the child pgrp == child pid |
mode. Previously, we assumed that the child pgrp == child pid |
(which is usually, but not always, the case). |
(which is usually, but not always, the case). |
[b0841d861191] <1.8> | [10b2883b7875] |
|
|
* Add support for sudoers_search_filter setting in ldap.conf. This | * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: |
| Add support for sudoers_search_filter setting in ldap.conf. This |
can be used to restrict the set of records returned by the LDAP |
can be used to restrict the set of records returned by the LDAP |
query. |
query. |
[70c5f496e2b3] <1.8> | [b0f1b721d102] |
|
|
2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Remove the hack to disable -g in CFLAGS unless --with-devel |
Remove the hack to disable -g in CFLAGS unless --with-devel |
[9459839f50ba] <1.8> | [89822cf84ef4] |
|
|
* The '@' character does not normally need to be quoted. | * doc/sudoers.pod: |
[e66c4c64e514] <1.8> | The '@' character does not normally need to be quoted. |
| [7823f5ed829a] |
|
|
* We normaly transition from GOTDEFS to STARTDEFS on whitespace, but | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| We normaly transition from GOTDEFS to STARTDEFS on whitespace, but |
if that whitespace is followed by a comma, we want to treat it as |
if that whitespace is followed by a comma, we want to treat it as |
part of a list and not transition. |
part of a list and not transition. |
[52ae2df9959d] <1.8> | [1ca6943e1824] |
|
|
* Add check for whitespace when a User_List is used for a per-user | * plugins/sudoers/regress/testsudoers/test3.ok, |
| plugins/sudoers/regress/testsudoers/test3.sh: |
| Add check for whitespace when a User_List is used for a per-user |
Defaults entry. |
Defaults entry. |
[44a4db95be86] <1.8> | [91f75e6dd19a] |
|
|
* Expand quoted name checks to cover recent fixes. | * plugins/sudoers/regress/testsudoers/test2.out, |
[bd494b5c2bed] <1.8> | plugins/sudoers/regress/testsudoers/test2.sh: |
| Expand quoted name checks to cover recent fixes. |
| [ce4f76bca146] |
|
|
* Fix parsing of double-quoted names in Defaults and Aliases which was | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Fix parsing of double-quoted names in Defaultd and Aliases which was |
broken in 601d97ea8792. |
broken in 601d97ea8792. |
[dfdd58c3eb3b] <1.8> | [424b0d6c1dc4] |
|
|
* toke_util.c lives in $(srcdir) not $(devdir) | * plugins/sudoers/Makefile.in: |
[94f8f024782e] <1.8> | toke_util.c lives in $(srcdir) not $(devdir) |
| [94866bebee83] |
|
|
2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Update version to 1.8.1 | Change trunk version to 1.8.x to distinguish from real 1.8.0. |
[531a7d520f18] <1.8> | [a9781e61d064] |
|
|
* Document major changes in 1.8.1 and add upgrade notes. | * NEWS, doc/UPGRADE: |
[116821646140] <1.8> | Document major changes in 1.8.1 and add upgrade notes. |
| [f2cf51b0d9ce] |
|
|
* Be careful not to deref user_stat if it is NULL. This cannot | * plugins/sudoers/match.c: |
| Be careful not to deref user_stat if it is NULL. This cannot |
currently happen in sudo but might in other programs using the |
currently happen in sudo but might in other programs using the |
parser. |
parser. |
[d72a9c7151c4] <1.8> | [06a2334dd674] |
|
|
* configure will not add -O2 to CFLAGS if it is already defined to add | * mkpkg: |
| configure will not add -O2 to CFLAGS if it is already defined to add |
-O2 to the CFLAGS we pass in when PIE is being used. |
-O2 to the CFLAGS we pass in when PIE is being used. |
[2c7fe82be93d] <1.8> | [1ce6481ece59] |
|
|
* Warn about the dangers of log_input and mention iolog_file and | * doc/sudoers.pod: |
| Warn about the dangers of log_input and mention iolog_file and |
iolog_dir in the log_input and log_output descriptions. |
iolog_dir in the log_input and log_output descriptions. |
[edc6aa59aa45] <1.8> | [ae854ffb0768] |
|
|
* sync with git version | * pp: |
[b121cf739c77] <1.8> | sync with git version |
| [a993e39ce3cb] |
|
|
* It seems that h comes after i | * doc/sudoers.pod: |
[99ad15015f05] <1.8> | It seems that h comes after i |
| [0f621109220d] |
|
|
* Move log_input and log_output to their proper, sorted, location. | * doc/sudoers.pod: |
| Move log_input and log_output to their proper, sorted, location. |
Document set_utmp and utmp_runas. |
Document set_utmp and utmp_runas. |
[216ce8b0ae1a] <1.8> | [273b234b9c34] |
|
|
* Save the controlling tty process group before suspending so we can | * src/exec.c: |
| Save the controlling tty process group before suspending so we can |
restore it when we resume. Fixes job control problems on Linux |
restore it when we resume. Fixes job control problems on Linux |
caused by the previous attemp to fix resuming a shell when I/O |
caused by the previous attemp to fix resuming a shell when I/O |
logging not enabled. |
logging not enabled. |
[dfe038f733be] <1.8> | [f03a660315ee] |
|
|
* Fix printing of the remainder after a newline. Fixes "sudo -l" | * common/lbuf.c: |
| Fix printing of the remainder after a newline. Fixes "sudo -l" |
output corruption that could occur in some cases. |
output corruption that could occur in some cases. |
[ab2f0a629e0d] <1.8> | [25d83fb501fc] |
|
|
* Add support for ut_exit | 2011-03-15 Todd C. Miller <Todd.Miller@courtesan.com> |
[7039ec6a73fa] <1.8> | |
|
|
* Add support for controlling whether utmp is updated and which user | * config.h.in, configure, configure.in, src/exec_pty.c, |
| src/sudo_exec.h, src/utmp.c: |
| Add support for ut_exit |
| [b574c13f1bba] |
| |
| * doc/sudo_plugin.pod, plugins/sudoers/def_data.c, |
| plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, |
| plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c, |
| src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c: |
| Add support for controlling whether utmp is updated and which user |
is listed in the entry. |
is listed in the entry. |
[1b008ce71eab] <1.8> | [44a81632133f] |
|
|
* Fix typo; tupple vs. tuple | * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h, |
[67bb5c67ae3d] <1.8> | plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults, |
| plugins/sudoers/parse.c: |
| Fix typo; tupple vs. tuple |
| [697744acb710] |
|
|
* For legacy utmp, strip the /dev/ prefix before trying to determine | * src/utmp.c: |
| For legacy utmp, strip the /dev/ prefix before trying to determine |
slot since the ttys file does not include the /dev/ prefix. |
slot since the ttys file does not include the /dev/ prefix. |
[8f597114381d] <1.8> | [7ad5b81ff90c] |
|
|
* Add check for _PATH_UTMP | * aclocal.m4, configure, configure.in, pathnames.h.in: |
[fe7e2456f017] <1.8> | Add check for _PATH_UTMP |
| [21e638029bfd] |
|
|
* Adapt check_iolog_path to sessid changes | 2011-03-14 Todd C. Miller <Todd.Miller@courtesan.com> |
[3016201869b6] <1.8> | |
|
|
* Redo utmp handling. If no getutent()/getutxent() is available, | * plugins/sudoers/regress/iolog_path/check_iolog_path.c: |
| Adapt check_iolog_path to sessid changes |
| [728b5fe2be6f] |
| |
| * config.h.in, configure, configure.in, src/Makefile.in, |
| src/exec_pty.c, src/sudo_exec.h, src/utmp.c: |
| Redo utmp handling. If no getutent()/getutxent() is available, |
assume a ttyslot-based utmp. If getttyent() is available, use that |
assume a ttyslot-based utmp. If getttyent() is available, use that |
directly instead of ttyslot() so we don't have to do the stdin dup2 |
directly instead of ttyslot() so we don't have to do the stdin dup2 |
dance. |
dance. |
[817490c7c20e] <1.8> | [18aa455cd140] |
|
|
* Move utmp handling into utmp.c | 2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com> |
[e4729d9259e9] <1.8> | |
|
|
* Update copyright years. | * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h, |
[1065afc00233] <1.8> | src/utmp.c: |
| Move utmp handling into utmp.c |
| [f6eae6c8e012] |
|
|
2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com> | * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c, |
| common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c, |
| compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c, |
| compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, |
| compat/utimes.c, doc/sudo.pod, doc/visudo.pod, |
| include/sudo_plugin.h, plugins/sample/sample_plugin.c, |
| plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, |
| plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, |
| plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, |
| plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, |
| plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, |
| plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, |
| plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, |
| plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, |
| plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c, |
| plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c, |
| plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, |
| plugins/sudoers/logging.c, plugins/sudoers/parse.c, |
| plugins/sudoers/parse.h, plugins/sudoers/redblack.c, |
| plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c, |
| plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c, |
| src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c, |
| src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c, |
| src/sudo_plugin_int.h, src/tgetpass.c: |
| Update copyright years. |
| [16aa39f9060a] |
|
|
* Add "user_shell" boolean as a way to indicate to the plugin that the | * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoers.h, src/parse_args.c: |
| Add "user_shell" boolean as a way to indicate to the plugin that the |
-s flag was given. |
-s flag was given. |
[6e8bc49b7ea7] <1.8> | [fb1ef0897b32] |
|
|
* Move sessid out of sudo_user. | * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, |
[00d67d5ba894] <1.8> | plugins/sudoers/sudoers.h: |
| Move sessid out of sudo_user. |
| [ba298ddb57f4] |
|
|
* Log the TSID even if it is not a simple session ID. | * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, |
[490cf0adae29] <1.8> | plugins/sudoers/logging.c, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoers.h: |
| Log the TSID even if it is not a simple session ID. |
| [d7cc1b9c513c] |
|
|
* Document noexec in sample.sudo.conf and add back noexec_file section | * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod: |
| Document noexec in sample.sudo.conf and add back noexec_file section |
in sudoers with a note that it is deprecated. |
in sudoers with a note that it is deprecated. |
[c7a2d8d0c563] <1.8> | [4a6e961e494d] |
|
|
* Fix running commands as non-root on systems where setreuid() changes | * plugins/sudoers/set_perms.c: |
| Fix running commands as non-root on systems where setreuid() changes |
the saved uid based on the effective uid we are changing to. |
the saved uid based on the effective uid we are changing to. |
[f3b27db56ba6] <1.8> | [df0769b71b34] |
|
|
2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Move noexec path into sudo.conf now that sudo itself handles noexec. | * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c, |
| src/sudo.h: |
| Move noexec path into sudo.conf now that sudo itself handles noexec. |
Currently can be configured in sudoers too but is now undocumented |
Currently can be configured in sudoers too but is now undocumented |
and will be removed in a future release. |
and will be removed in a future release. |
[9c5f64709994] <1.8> | [6fa8befdc110] |
|
|
* Document "Path noexec ..." in sudo.conf. No longer document | * doc/sudo.pod, doc/sudoers.pod: |
| Document "Path noexec ..." in sudo.conf. No longer document |
noexec_file in sudoers, it will be removed in a future release. |
noexec_file in sudoers, it will be removed in a future release. |
[959fa6b5217b] <1.8> | [24eee3a0b3e5] |
|
|
* Move noexec handling to sudo front-end where it is documented as | * plugins/sudoers/env.c, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h: |
| Move noexec handling to sudo front-end where it is documented as |
being. |
being. |
[ef6cd4a40c61] <1.8> | [3ed4f10d7052] |
|
|
* Add support for disabling exec via solaris privileges. Includes | * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c, |
| src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, |
| src/sudo_exec.h: |
| Add support for disabling exec via solaris privileges. Includes |
preparation for moving noexec support out of sudoers and into front |
preparation for moving noexec support out of sudoers and into front |
end as documented. |
end as documented. |
[d9c05ba9a24f] <1.8> | [dec843ed553e] |
|
|
* Only export the symbols corresponding to the plugin structs. | * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym, |
[cb07af1d9b39] <1.8> | plugins/sample_group/Makefile.in, |
| plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in, |
| plugins/sudoers/sudoers.sym: |
| Only export the symbols corresponding to the plugin structs. |
| [8d8d03b0ca54] |
|
|
* Install plugins manually instead of using libtool. This works | * configure, configure.in, plugins/sample/Makefile.in, |
| plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: |
| Install plugins manually instead of using libtool. This works |
around a problem on AIX where libtool will install a .a file |
around a problem on AIX where libtool will install a .a file |
containing the .so file instead of the .so file itself. |
containing the .so file instead of the .so file itself. |
[1ccf5af58c05] <1.8> | [796971cfbddb] |
|
|
* Makefile.in: |
* Makefile.in: |
Move check into its own rule since some versions of make will run |
Move check into its own rule since some versions of make will run |
both targets as the default rule. |
both targets as the default rule. |
[7159f37eb552] <1.8> | [34d759979176] |
|
|
* Update to libtool 2.2.10 | * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, |
[9e49773b32b7] <1.8> | m4/ltversion.m4, m4/lt~obsolete.m4: |
| Update to libtool 2.2.10 |
| [34c130de6af7] |
|
|
* In handle_signals(), restart the read() on EINTR to make sure we | 2011-03-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * src/exec.c: |
| In handle_signals(), restart the read() on EINTR to make sure we |
keep up with the signal pipe. Don't return -1 on EAGAIN, it just |
keep up with the signal pipe. Don't return -1 on EAGAIN, it just |
means we have emptied the pipe. |
means we have emptied the pipe. |
[dc2926097b2d] <1.8> | [d5b9c8eb9000] |
|
|
* Reorder functions to quiet a compiler warning. | * compat/mktemp.c: |
[5201367e5db4] <1.8> | Reorder functions to quiet a compiler warning. |
| [c9e9a23729f0] |
|
|
* Use the Sun Studio C compiler on Solaris if possible | * mkpkg: |
[b8d43b423fb9] <1.8> | Use the Sun Studio C compiler on Solaris if possible |
| [11a86e27891e] |
|
|
2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix default setting of osversion variable. | * mkpkg: |
[e12905851be5] <1.8> | Fix default setting of osversion variable. |
| [52e49ca1cedd] |
|
|
* Make two login_class entris consistent. | * doc/sudo_plugin.pod: |
[0671d7b204be] <1.8> | Make two login_class entris consistent. |
| [18ff1fa94a91] |
|
|
* Add support for adding a utmp entry when allocating a new pty. | * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c, |
| src/sudo_exec.h: |
| Add support for adding a utmp entry when allocating a new pty. |
Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent(). |
Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent(). |
Currently only creates a new entry if the existing tty has a utmp |
Currently only creates a new entry if the existing tty has a utmp |
entry. |
entry. |
[40ff30099e79] <1.8> | [32db72b81d80] |
|
|
* Avoid pulling in headers we don't need on Linux For getutx?id(), | * plugins/sudoers/boottime.c: |
| Avoid pulling in headers we don't need on Linux For getutx?id(), |
call setutx?ent() first and always call endutx?ent(). |
call setutx?ent() first and always call endutx?ent(). |
[b86f7a13aae9] <1.8> | [5dad21e1ee1b] |
|
|
* Add some more libs to SUDOERS_LIBS instead of relying on them to be | * configure, configure.in: |
| Add some more libs to SUDOERS_LIBS instead of relying on them to be |
pulled in by SUDO_LIBS. |
pulled in by SUDO_LIBS. |
[bcbd16ec56c6] <1.8> | [18a7c21c09a7] |
|
|
* Fix return value of "sudo -l command" when command is not allowed, | * plugins/sudoers/sudoers.c: |
| Fix return value of "sudo -l command" when command is not allowed, |
broken in [c7097ea22111]. The default return value is now TRUE and |
broken in [c7097ea22111]. The default return value is now TRUE and |
a bad: label is used when permission is denied. Also fixed missing |
a bad: label is used when permission is denied. Also fixed missing |
permissions restoration on certain errors. On error()/errorx(), the |
permissions restoration on certain errors. On error()/errorx(), the |
password and group files are now closed before returning. |
password and group files are now closed before returning. |
[757c941a47b2] <1.8> | [4f2d0e869ae5] |
|
|
2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix passing of login class back to sudo front end. | * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: |
[5e649de6b7f5] <1.8> | Fix passing of login class back to sudo front end. |
| [6f70a784ce48] |
|
|
* Add --osversion flag to specify OS instead of running "pp | * mkpkg: |
| Add --osversion flag to specify OS instead of running "pp |
--probeonly" |
--probeonly" |
[8a03943ac5e8] <1.8> | [a8efdccb7bc1] |
|
|
* Fix expr usage w/ GNU expr | * sudo.pp: |
[bdecfa1f54fc] <1.8> | Fix expr usage w/ GNU expr |
| [48895599ee63] |
|
|
2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix exit value for validate and list mode. | * plugins/sudoers/sudoers.c: |
[6f8b20199935] <1.8> | Fix exit value for validate and list mode. |
| [c7097ea22111] |
|
|
* Fix non-interactive mode with sudoers plugin. | * plugins/sudoers/sudoers.c: |
[cf5aca4fcbcf] <1.8> | Fix non-interactive mode with sudoers plugin. |
| [172f29597bd2] |
|
|
2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* sudoreplay can now find IDs other than %{seq} and display the | * doc/sudoreplay.pod: |
| sudoreplay can now find IDs other than %{seq} and display the |
session. |
session. |
[60396b417633] <1.8> | [fc3dd3be67e9] |
|
|
* Add support for replaying sessions when iolog_file is set to |
|
something other than %{seq}. |
|
[1cd2baa74d56] <1.8> |
|
|
|
2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* If we are killed by a signal, display the name of the signal that | * plugins/sudoers/sudoreplay.c: |
| Add support for replaying sessions when iolog_file is set to |
| something other than %{seq}. |
| [ca3131243874] |
| |
| * plugins/sudoers/visudo.c: |
| If we are killed by a signal, display the name of the signal that |
got us. |
got us. |
[1b38c4d42282] <1.8> | [994bb76a990e] |
|
|
* Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS | * configure, configure.in: |
| Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS |
where they belong. |
where they belong. |
[78e97a921104] <1.8> | [40f94b936fa4] |
|
|
* Fix bug in skey/opie check that could cause a shell warning. | * configure.in: |
[f20229a04f30] <1.8> | Fix bug in skey/opie check that could cause a shell warning. |
| [83c043072be5] |
|
|
* No longer need sudo_getepw() stubs. | * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: |
[795631ac7db0] <1.8> | No longer need sudo_getepw() stubs. |
| [bbee15c36912] |
|
|
2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix exit value of "sudo -l command" in sudoers module. | * plugins/sudoers/sudo_nss.c: |
[4a05d6019b3d] <1.8> | Fix exit value of "sudo -l command" in sudoers module. |
| [a6541867521b] |
|
|
2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Use fgets() not fgetln() for portability. | * compat/regress/glob/globtest.c: |
[1f2050745096] <1.8> | Use fgets() not fgetln() for portability. |
| [df1bb67fb168] |
|
|
* Don't use the beta or release candidate version as the rpm release. | * sudo.pp: |
[a5b049477646] <1.8> | Don't use the beta or release candidate version as the rpm release. |
| [d661ef78021a] |
2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com> | |
| |
* Makefile.in: | |
Adjust ChangeLog rule now that 1.8 is branched | |
[a994ac361e44] <1.8> | |
| |
* .hgtags: | |
Added tag SUDO_1_8_0 for changeset f6530d56f6ae | |
[99a2b3801419] <1.8> | |
|
|
2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|