version 1.1, 2012/02/21 16:23:01
|
version 1.1.1.6, 2014/06/15 16:12:53
|
Line 1
|
Line 1
|
2012-01-24 Todd C. Miller <Todd.Miller@courtesan.com> | 2014-05-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/getgrouplist.c, plugins/group_file/group_file.c, |
|
plugins/system_group/system_group.c: |
|
deal with NULL gr_mem here too |
|
[0db43ed71001] |
|
|
|
* NEWS, configure, configure.ac: |
|
Sudo 1.8.10p3 |
|
[3f415a180023] |
|
|
|
2014-05-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/event.c: |
|
Fix non-blocking mode. We only want to exit the event loop when |
|
poll() or select() returns 0 and there are no active events. This |
|
fixes a problem on some systems where the last buffer was not being |
|
written when the command exited. |
|
[deb6b1a7b241] |
|
|
|
2014-04-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h: |
|
Make get_boottime() return bool. |
|
[9ff15a995d01] |
|
|
|
* doc/CONTRIBUTORS, plugins/sudoers/boottime.c: |
|
Fix fd leak on Linux when determing boot time. This is usually |
|
masked by the closefrom() call in sudo. From Jamie Anderson. Bug |
|
#645 |
|
[0b4c430e8b88] |
|
|
|
2014-04-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS, plugins/sudoers/auth/pam.c: |
|
Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when |
|
changing the user. This is the correct flag to use with a program |
|
that changes the uid like su or sudo and fixes a role problem on |
|
Solaris. From Gary Winiger; Bug #642 |
|
[ec23c3bf41bb] |
|
|
|
* plugins/sudoers/defaults.c: |
|
pam_setcred should default to true; from Gary Winiger Bug #642 |
|
[23e6628ec546] |
|
|
|
2014-04-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/match.c, |
|
plugins/sudoers/regress/testsudoers/test6.out.ok, |
|
plugins/sudoers/regress/testsudoers/test6.sh, |
|
plugins/sudoers/regress/testsudoers/test7.out.ok, |
|
plugins/sudoers/regress/testsudoers/test7.sh: |
|
Fix matching of uids and gids broken in sudo 1.8.9. |
|
[315eff4add59] |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Fix -P option in usage() |
|
[50753b6222b7] |
|
|
|
2014-03-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/check.c, plugins/sudoers/prompt.c, |
|
plugins/sudoers/sudoers.h: |
|
Fix expansion of %p in the prompt for "sudo -l" when rootpw, runaspw |
|
or targetpw is set. Bug #639 |
|
[dff0208d1194] |
|
|
|
2014-03-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.ac: |
|
Sudo 1.8.10p2 |
|
[774ebec63b41] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Don't write an empty timestamp record when timestamp_timeout is |
|
zero. If we find an empty record in the timestamp file, overwrite it |
|
with a good one, truncating the file as needed. |
|
[9c226d81b660] |
|
|
|
2014-03-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: |
|
Fix typos in description of the -x option. Bug #637 |
|
[6ff2bfaaf99d] |
|
|
|
2014-03-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.ac: |
|
Sudo 1.8.10p1 |
|
[33828a3385ad] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Fix typo/thinko that prevented "Defaults !tty_tickets" from working. |
|
[f65cc29dbcc7] |
|
|
|
* plugins/sudoers/parse.c: |
|
Fix "sudo -l command" output when the matching command is negated. |
|
Bug #636 |
|
[b4a92803f733] |
|
|
|
2014-03-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/Makefile.in, common/regress/atofoo/atofoo_test.c, |
|
common/regress/sudo_conf/test5.err.ok, |
|
common/regress/tailq/hltq_test.c: |
|
The atofoo_test and hltq_test tests now display their own test error |
|
rate. Display pass/fail count separately for sudo_conf and |
|
sudo_parseln tests. Check stderr output for the sudo_conf test. |
|
[5c814709ac70] |
|
|
|
* src/Makefile.in: |
|
Don't run the check_ttyname test if cross compiling. |
|
[874ecc1c3db0] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
CWD no longer used. |
|
[13b2f3c4269b] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Fix diff of toke and err output files in "make check" |
|
[485cdf3c75e7] |
|
|
|
2014-03-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/po/de.mo, src/po/de.po: |
|
sync with translationproject.org |
|
[d246c72a2350] |
|
|
|
2014-03-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.ac: |
|
Check whether ber.h is needed before ldap.h even if we are not using |
|
any ber functions. Needed for older versions of nss ldap. |
|
[c2310324dc34] |
|
|
|
* plugins/sudoers/sssd.c: |
|
Fix compiler warning in debug code. |
|
[8ee4cb6cafad] |
|
|
|
* MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/ca.mo, src/po/ca.po: |
|
Catalan translation for sudo from translationproject.org. |
|
[d6af7d06ee36] |
|
|
|
2014-03-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Document negation fix in JSON output. |
|
[37a85423ae49] |
|
|
|
2014-03-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
Fix handling of '!' operator when converting sudoers. We now add a |
|
"negated" boolean flag to objects that have the '!' operator. |
|
[071926c10280] |
|
|
|
2014-03-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, NEWS, plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po: |
|
Czech translation for sudoers from translationproject.org |
|
[c0aae297f7c1] |
|
|
|
2014-02-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.ac: |
|
Try -libmldap before -lldap in case there is no link from |
|
libibmldap.so to libldap.so. Since IBM ldap is installed under /opt |
|
we should only be able to reach it if --with-ldap was given an |
|
explicit path. |
|
|
|
Only check for ber_set_option() if LBER_OPT_DEBUG_LEVEL is defined. |
|
[89d50c29d737] |
|
|
|
2014-02-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Fix typo in setreuid() PERM_ROOT error message. |
|
[533415f53165] |
|
|
|
* mkpkg: |
|
No longer need to disable setresuid() on debian. |
|
[96ba687c35f0] |
|
|
|
2014-02-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Fix conversion of timestamp_timeout from double to struct timeval. |
|
Also quiet a printf format warning on 32-bit systems. |
|
[59d1f3094dda] |
|
|
|
2014-02-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, NEWS, plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po: |
|
Serbian translation for sudoers from translationproject.org. |
|
[7134b386d658] |
|
|
|
2014-02-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS: |
|
Add Ingo Schwarze |
|
[114cdf286987] |
|
|
|
* NEWS, plugins/sudoers/visudo_json.c: |
|
When exporting sudoers in JSON format, use the same type of Options |
|
object for both Defaults and Cmnd_Specs. |
|
[caa57043e197] |
|
|
|
2014-02-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/inet_pton.c: |
|
Silence cppcheck false positive. |
|
[b2781c42a80f] |
|
|
|
* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po: |
|
sync with translationproject.org |
|
[baba43a6d682] |
|
|
|
* NEWS, doc/UPGRADE: |
|
Mention init.d scripts on AIX and HP-UX Mention sudoers group |
|
mismatch fix |
|
[0259cb1f7cae] |
|
|
|
* INSTALL: |
|
Talk about clearing files at boot time, not reboot time since it |
|
happens when the system comes up, not down. |
|
[e8e480bc34fd] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
We also need to open the sudoers file as root if there is a GID |
|
mismatch. |
|
[2fb2ba6fc4e6] |
|
|
|
* sudo.pp: |
|
Install /etc/rc.d/init.d/sudo and /etc/rc.d/rc2.d/S90sudo for AIX |
|
rpm packages. |
|
[4aca1d318599] |
|
|
|
2014-02-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/Makefile.in: |
|
Remove init.d file and link in uninstall target. |
|
[249a9f105cdd] |
|
|
|
* configure, configure.ac, sudo.pp: |
|
Fix INIT_DIR for real this time. |
|
[5444eb1afbc5] |
|
|
|
* configure, configure.ac, sudo.pp: |
|
Use correct init.d dir on HP-UX. Fix pp warnings from rc.d and |
|
init.d dirs. |
|
[809b54ef95f8] |
|
|
|
* .hgignore, MANIFEST, configure, configure.ac, init.d/aix.sh.in, |
|
init.d/hpux.sh.in, src/Makefile.in, sudo.pp: |
|
First cut add installing an init.d file for HP-UX and AIX to remove |
|
old sudo timestamp files at boot time. |
|
[ec6d35c62d88] |
|
|
|
2014-02-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: |
|
Use .Ar macro instead of "file ..." Use ".Cm -" instead of ".Li -" |
|
for the default login class. From Ingo Schwarze. |
|
[f13ea603760e] |
|
|
|
* doc/sudo.conf.mdoc.in, doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, |
|
doc/sudoers.ldap.mdoc.in, doc/sudoers.mdoc.in, |
|
doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in: |
|
Remove some extraneous markup; from Ingo Schwarze |
|
* No need to explicitly end a macro with No before | because | counts |
|
as middle punctuation and falls out of the macro, anyway. |
|
* No need to explicitly re-open in-line macros after | because | |
|
counts as middle punctuation and the macros resume afterwards, |
|
anyway. |
|
* Simplify the mnemonic remarks regarding the option letters, no need |
|
for manual font and spacing control with No and Ns. |
|
* Trim Ns No to just Ns, it already implies No. |
|
[cc63d66c6655] |
|
|
|
* doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Move zerowidth space in :alpha: after the colon for consistency. |
|
[799f6656c6e8] |
|
|
|
* doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, |
|
doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudoers.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, |
|
doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, |
|
doc/visudo.man.in: |
|
regen |
|
[14d682732b6f] |
|
|
|
* doc/sudo.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in: |
|
Remove extraneous keeps in SYNOPSIS now that mandoc does implied |
|
keeps when converting from mdoc to man. |
|
[0f48fc289f29] |
|
|
|
* doc/sudoers.mdoc.in: |
|
Properly escape the : in :alpha: |
|
[e41d4533a55f] |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: |
|
Replace some uses of .Sy with .Ar, .Ev and .Pa as appropriate. From |
|
Jan Stary. |
|
[90ec488905de] |
|
|
|
2014-02-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
Fix indentation of Defaults entries. The initial indent should be |
|
outside the loop iterating over the entries. |
|
[dc493c888fb2] |
|
|
|
2014-02-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, |
|
plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, |
|
plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po: |
|
sync with translationproject.org |
|
[fc517bc0908e] |
|
|
|
* common/aix.c, common/alloc.c, common/atoid.c, common/atomode.c, |
|
common/fatal.c, common/gidlist.c, common/sudo_conf.c, |
|
common/sudo_debug.c, compat/strsignal.c, compat/strtonum.c, |
|
plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c, |
|
plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, |
|
src/locale_stub.c, src/net_ifs.c, src/sesh.c, src/sudo.h: |
|
We must include gettext.h before missing.h as it includes system |
|
headers. Also add missing DEFAULT_TEXT_DOMAIN defines in sudoers |
|
audit code that does not include sudoers.h. |
|
[3ac4aa43ce40] |
|
|
|
* common/sudo_dso.c: |
|
When emulating DSO_NEXT with shl_get() we need to skip the program's |
|
handle. This used to be documented as being index -2 but now it |
|
seems to be index 0. As this is not guaranteed we need to look up |
|
the real handle value for PROG_HANDLE and skip it when interating |
|
through all the DSOs. Fixes infinite recursion on HP-UX in the |
|
getenv() replacement. |
|
[ade1b3045232] |
|
|
|
* src/env_hooks.c: |
|
Export getenv() so it is visible to shared objects we link with. |
|
[1ac08446a3a7] |
|
|
|
2014-02-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/regress/atofoo/atofoo_test.c, |
|
common/regress/sudo_conf/conf_test.c, |
|
common/regress/sudo_parseln/parseln_test.c, |
|
common/regress/tailq/hltq_test.c, |
|
plugins/sudoers/regress/parser/check_fill.c: |
|
Add some initprogname() calls to the test programs. |
|
[e4320585a88b] |
|
|
|
2014-02-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
regen |
|
[038d066a866d] |
|
|
|
* doc/UPGRADE: |
|
Mention that there is now a default LDAP search filter. |
|
[6351da3f8377] |
|
|
|
* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, |
|
doc/sudoers.ldap.mdoc.in: |
|
Minor word choice change. |
|
[7e59ab3eb453] |
|
|
|
* NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, |
|
plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, |
|
plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, |
|
plugins/sudoers/ldap.c, plugins/sudoers/match.c: |
|
Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup |
|
support requires an expensive substring match on the server. If |
|
netgroups are not needed, this option can be disabled to reduce the |
|
load on the LDAP server. |
|
[e6bd6c103390] |
|
|
|
2014-02-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
Update copyright year. |
|
[1299eed430a5] |
|
|
|
* NEWS: |
|
Mention LDAP changes. |
|
[512b1e363587] |
|
|
|
* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, |
|
doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c: |
|
Use a default LDAP search filter of (objectClass=sudoRole). When |
|
constructing the netgroup query, add (sudoUser=*) to the query so we |
|
don't fall below the 3 character OpenLDAP substring threshold. |
|
Otherwise the index for sudoUser will never be used for that query. |
|
Pointed out by Michael Stroeder. |
|
[54856973af41] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Don't warn about an insecure lecture dir twice. Display warnings in |
|
the user's locale. |
|
[2c56b8b6d6f9] |
|
|
|
2014-02-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Mention the fix for ^Z at the password prompt when sudo was started |
|
in the background. |
|
[352d52ad1f7d] |
|
|
|
* common/term.c, src/exec_pty.c: |
|
In term_restore(), only restores the terminal if we are in the |
|
foregroup process group. Instead of calling tcgetpgrp(), which is |
|
racy, we set a temporary handler for SIGTTOU and check whether it |
|
was received after a failed call to tcsetattr(). |
|
[94979d51daa2] |
|
|
|
* MANIFEST, compat/getaddrinfo.c, compat/inet_pton.c, config.h.in, |
|
configure, configure.ac, doc/LICENSE, include/missing.h, mkdep.pl, |
|
plugins/sudoers/interfaces.c, plugins/sudoers/match_addr.c: |
|
Use inet_pton() instead of inet_aton() and include a version from |
|
BIND for those without it. |
|
[fe61a27c76d3] |
|
|
|
* common/regress/atofoo/atofoo_test.c: |
|
Quiet a gcc warning. |
|
[f197821892ea] |
|
|
|
* compat/getaddrinfo.c: |
|
Need to include limits.h for USHRT_MAX. |
|
[d1d8bd9a0e01] |
|
|
|
2014-02-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/term.c, include/sudo_util.h: |
|
Use bool for function return values instead of 1 or 0. |
|
[99e357c0800b] |
|
|
|
* configure, configure.ac: |
|
Warn the user if the rundir needs to be cleared in the rc files. |
|
Neither AIX not HP-UX clear /var/run (if it even exists). |
|
[6cdbf57a2f9e] |
|
|
|
* NEWS: |
|
Update for sudo 1.8.9p5 |
|
[efb737c32615] |
|
|
|
* src/preserve_fds.c: |
|
When the closefrom limit is greater than any of the preserved fds, |
|
the pfds list will be non-empty but lastfd will be -1 triggering an |
|
ecalloc(0) assertion. Instead, test for lastfd being -1 and make |
|
sure we always update it, even if dup() fails. Also restore initial |
|
value of lowfd after we are done relocating. Fixes bug #633 |
|
[a11206a31f28] |
|
|
|
* common/term.c: |
|
Document function return values. |
|
[267bc85f6fbb] |
|
|
|
2014-02-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_pty.c: |
|
term_restore() now restarts itself so we don't need to do it |
|
ourselves. |
|
[a17e885d0b0a] |
|
|
|
* common/term.c: |
|
syscall restarting is broken on Mac OS X when interrupted by a tty |
|
signal so restart tcsetattr() by hand. For details, see. |
|
http://openradar.appspot.com/radar?id=6402578615107584 |
|
[3997b2a0577e] |
|
|
|
* MANIFEST, common/Makefile.in, common/regress/atofoo/atofoo_test.c: |
|
Add regress for atobool(), atoid() and atomode() |
|
[e1cbdf86d6e2] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Add back boottime.lo |
|
[0b7ddc31e13e] |
|
|
|
* INSTALL: |
|
Mention that rundir and vardir may be the same and what to do if |
|
they are. |
|
[301df9a31d43] |
|
|
|
* MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, |
|
plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/timestamp.c: |
|
Bring back boot time checking code and zero out time stamp files |
|
that predate the boot time. This should help systems w/o /var/run |
|
where the admin has setup rc.d to clear the timestamp directory. |
|
[e09389a8b1ca] |
|
|
|
* configure, configure.ac: |
|
Check libraries for inet_pton() if not in libc. |
|
[9f9bd83895e8] |
|
|
|
2014-02-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.ac: |
|
Fix clock_gettime() detection when it lives in librt. Some systems |
|
have inet_aton() in libresolv (older Solaris). |
|
[e5f7c8bc9a81] |
|
|
|
* sudo.pp: |
|
Avoid duplicate directories if vardir and rundir are the same. |
|
[c5df5ebc191b] |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
regen |
|
[740b2cc42fea] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Elaborate on time stamp error message causes. |
|
[2838fea2e21a] |
|
|
|
2014-02-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Remove the time stamp dir and its contents when uninstalling. We |
|
currently leave the lecture status files installed until there is a |
|
better way to detect upgrades. |
|
[61532b7113ff] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Update time stamp error messages and regen. |
|
[edf570c98cd5] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Restore warning when sudoers is unable to update the time stamp |
|
file. |
|
[86648a771250] |
|
|
|
* INSTALL, Makefile.in, configure, configure.ac, doc/sudoers.mdoc.in, |
|
m4/sudo.m4, plugins/sudoers/Makefile.in, sudo.pp: |
|
Replace --with-timedir and --with-lecture_dir with --with-rundir and |
|
--with-vardir which are the parent directories of the time stamp and |
|
lecture dirs. These directories need to be searchable by non-root so |
|
that the timestampowner setting can function. |
|
[5c38d77a2d0c] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Fix use of timestampowner in the new time stamp world order. Parent |
|
directories for timestampdir and lecture_dir are now created with |
|
the execute bit set so that we can traverse them as non-root. |
|
[9ff6f07c0a5d] |
|
|
|
2014-01-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/Makefile.in, plugins/sample/Makefile.in, |
|
plugins/sudoers/Makefile.in: |
|
Regen Makefiles. |
|
[59542bcdb222] |
|
|
|
* common/sudo_debug.c, config.h.in, include/sudo_util.h, |
|
plugins/sample/sample_plugin.c: |
|
Move ctim_get and mtim_get to sudo_util.h |
|
[d565391f5491] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
sprinkle some debug printfs and add function header comments |
|
[1842d9b8170d] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Properly handle the case where /var/run/sudo/ts doesn't exist. |
|
[895f3ad6ad60] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
fix typo |
|
[50041ebb6ce6] |
|
|
|
* NEWS: |
|
Mention "sudo -K" change. |
|
[e99bd7657aae] |
|
|
|
* doc/UPGRADE: |
|
Upgrade info for 1.8.10 |
|
[0867718b9af5] |
|
|
|
2014-01-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Warn on ftruncate failure(). |
|
[d2081876da25] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Fix checking of lecture status. |
|
[e12d78234d17] |
|
|
|
* mkpkg: |
|
Do not override timedir on Debian. |
|
[283fa2e69a0a] |
|
|
|
* common/event.c, common/event_select.c, include/missing.h, |
|
plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/visudo.c, src/sudo_edit.c: |
|
Use sudo_timeval macros and remove compat macros from missing.h |
|
[1de76d8b811e] |
|
|
|
* INSTALL, MANIFEST, NEWS, compat/Makefile.in, compat/clock_gettime.c, |
|
config.h.in, configure, configure.ac, doc/sudoers.cat, |
|
doc/sudoers.man.in, doc/sudoers.mdoc.in, include/missing.h, |
|
include/sudo_util.h, m4/sudo.m4, mkdep.pl, pathnames.h.in, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/boottime.c, |
|
plugins/sudoers/check.h, plugins/sudoers/def_data.c, |
|
plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, |
|
plugins/sudoers/defaults.c, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/timestamp.c, src/Makefile.in: |
|
Switch to new time stamp file format. Each user now has a single |
|
file which may contain multiple records when per-tty time stamps are |
|
in use (the default). The time stamps use a monotonic timer where |
|
available and are once again stored in /var/run/sudo. The lecture |
|
status is now stored separately from the time stamps in a different |
|
directory. |
|
[7e16eb37bacc] |
|
|
|
2014-01-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, |
|
plugins/sudoers/check.c: |
|
When listing a user's privileges, always prompt the user for their |
|
own password, regardless of the value of target_pw, root_pw or |
|
runas_pw. |
|
[73a13ccc7933] |
|
|
|
2014-01-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/atomode.c: |
|
Zero out errstr when there is no error; fixes bug #632 |
|
[74950ef1a0dc] |
|
|
|
2014-01-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.ac, plugins/sudoers/interfaces.c, |
|
plugins/sudoers/match_addr.c: |
|
Use inet_aton() instead of inet_addr() as it allows us to |
|
distinguish between the address (or mask 255.255.255.255) and an |
|
error. In the future we may consider switching to inet_pton() for |
|
IPv4 too. |
|
[b6b4e4c77e9a] |
|
|
|
2014-01-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* include/missing.h: |
|
Fix typo, ULONG_MAX vs. ULLONG_MAX |
|
[5d274daa9fb1] |
|
|
|
* plugins/sudoers/sudo_nss.c: |
|
Fix typo in the AIX case. |
|
[ee531c950fce] |
|
|
|
* plugins/sudoers/sudo_nss.c: |
|
Size pointer for sudo_parseln() should be size_t not ssize_t. This |
|
was already correct for the nsswitch.conf case. |
|
[cfaf895c1db4] |
|
|
|
2014-01-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, |
|
doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/net_ifs.c: |
|
It is now possible to disable network interface probing in sudo.conf |
|
by changing the value of the probe_interfaces setting. |
|
[e9dc28c7db60] |
|
|
|
2014-01-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/match_addr.c: |
|
If inet_addr() returns INADDR_NONE, return false instead of |
|
iterating through the interfaces looking for a match that will never |
|
happen. |
|
[1559c301caec] |
|
|
|
* configure, configure.ac, src/Makefile.in: |
|
Add explicit dependency on sudoers.la to sudo target when sudoers is |
|
compiled statically into the sudo binary. |
|
[d08cc66e18bd] |
|
|
|
2014-01-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, |
|
plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/timestr.c: |
|
Do not assume localtime(), gmtime() and ctime() always return non- |
|
NULL. |
|
[a1b5b67436de] |
|
|
|
2014-01-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in, common/Makefile.in, compat/Makefile.in, |
|
doc/Makefile.in, include/Makefile.in, |
|
plugins/group_file/Makefile.in, plugins/sample/Makefile.in, |
|
plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, |
|
src/Makefile.in, zlib/Makefile.in: |
|
Update copyright years |
|
[37d2aaa92544] |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
Eliminate dead store found by clang checker. |
|
[86874d5340f1] |
|
|
|
* NEWS, configure, configure.ac: |
|
Update for sudo 1.8.9p4 |
|
[f79ab7c6c1c5] |
|
|
|
* common/sudo_debug.c, include/sudo_debug.h, src/preserve_fds.c: |
|
When relocating fds, update the debug fd if it is set so we are |
|
guaranteed to get debugging output. |
|
[b1deaa472aa6] |
|
|
|
2014-01-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c: |
|
If the event loop exits due to an error and we are not logging I/O, |
|
kill the command if still running. Fixes a bug where sudo could exit |
|
while the command was still running. |
|
[844018ff8a8c] |
|
|
|
* src/preserve_fds.c: |
|
When relocating preserved fds, start with the highest ones first to |
|
avoid moving fds around more than we have to. Now uses a bitmap to |
|
keep track of which fds are being preserved. Fixes a bug where the |
|
debugging fd could be relocated to the same fd as the error |
|
backchannel temporarily, resulting in debugging output being printed |
|
to the backchannel if util@debug was enabled. |
|
[55e006dbeaf3] |
|
|
|
* src/preserve_fds.c: |
|
When restoring fds traverse list from high -> low, not low -> high |
|
to avoid implicitly closing an fd we want to relocate. |
|
[6351225f47d7] |
|
|
|
* src/exec.c: |
|
If not logging I/O we may get EOF when the command is executed and |
|
the other end of the backchannel is closed. Just remove the |
|
backchannel event in this case or we will continue to receive the |
|
event. Bug #631 |
|
[a204b69d91f7] |
|
|
|
* src/po/sr.mo, src/po/sr.po: |
|
sync with translationproject.org |
|
[987087ce4658] |
|
|
|
2014-01-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/ttyname.c: |
|
Fix strtonum() usage when parsing /proc/self/stat on Linux. Bug #630 |
|
[3448dffe9701] |
|
|
|
* NEWS, configure, configure.ac: |
|
Update for sudo 1.8.9p3 |
|
[22e5a6f69999] |
|
|
|
* plugins/sudoers/logwrap.c: |
|
Remove dead store; found by cppcheck |
|
[a59833af3401] |
|
|
|
2014-01-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/sesh.c: |
|
Quiet a cppcheck warning about a negative subscript. |
|
[ab98b72f5bdf] |
|
|
|
* src/exec_common.c, src/selinux.c, src/sesh.c, src/sudo_exec.h: |
|
Make noexec parameter to sudo_execve() bool. |
|
[daa75e4c248a] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Quiet a few innocuous cppcheck warnings. |
|
[90ffa16d27b1] |
|
|
|
* plugins/sudoers/sssd.c: |
|
Handle in_res being NULL for sudo_debug_printf() in |
|
sudo_sss_filter_result(). |
|
[8595cc05d2a8] |
|
|
|
* plugins/sudoers/iolog.c: |
|
When writing length to timing file, use %u not %d as it is unsigned. |
|
[a7f2fcb6919e] |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
Close export_fp in the error path too, but do not close stdout. |
|
[5c918718ab45] |
|
|
|
* plugins/sudoers/auth/secureware.c: |
|
Move right brace outside #ifdef HAVE_DISPCRYPT; found by cppcheck. |
|
[f2619d2eb7a8] |
|
|
|
2014-01-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/group_file/plugin_test.c: |
|
Make this compile again |
|
[f0ff8df475e8] |
|
|
|
* common/term.c: |
|
Add suppression line to quiet a bogus (inconclusive) cppcheck |
|
warning. |
|
[065207271e5d] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Do not leak old istack if realloc fails; found by cppcheck. Also |
|
modify yyless() to avoid a harmless cppcheck warning every time it |
|
is used. |
|
[021077017a23] |
|
|
|
* Makefile.in, common/Makefile.in, compat/Makefile.in, |
|
doc/Makefile.in, include/Makefile.in, |
|
plugins/group_file/Makefile.in, plugins/sample/Makefile.in, |
|
plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, |
|
src/Makefile.in, zlib/Makefile.in: |
|
Add cppcheck target to run cppcheck on all source files. |
|
[d207c2ef49a2] |
|
|
|
2014-01-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.ac: |
|
Update for sudo 1.8.9p2 |
|
[2e7fe6e371a4] |
|
|
|
* config.h.in, configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, |
|
m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4: |
|
Update to libtool-2.4.2.418 |
|
[d1dbed89d733] |
|
|
|
* config.guess, config.sub: |
|
Update from http://git.savannah.gnu.org/gitweb/?p=config.git |
|
[2b5e32d23be5] |
|
|
|
2014-01-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Sudo 1.8.9 also fixes bug #617 |
|
[cc5c18228719] |
|
|
|
2014-01-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
The fix for the hang was already in the 1.8.9 tarballs. |
|
[f038ebcc1071] |
|
|
|
* NEWS, configure, configure.ac: |
|
Update for sudo 1.8.9p1 |
|
[732fca0003cf] |
|
|
|
* common/atobool.c, common/event.c, plugins/sudoers/iolog.c, |
|
plugins/sudoers/parse.h, src/exec.c, src/preserve_fds.c: |
|
Update copyright year. |
|
[fdeb5956810e] |
|
|
|
* plugins/sudoers/parse.h: |
|
Go back to making the bit fields in struct cmndtag explicitly |
|
signed. This fixes a problem on gcc 4.8 (at least) which appears to |
|
be treating the value as unsigned by default. |
|
[46b9a7bb10ac] |
|
|
|
* common/atobool.c: |
|
Use debug_return_int() instead of bare return for debugging support. |
|
[c273f822de5f] |
|
|
|
2014-01-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/event.c: |
|
Fix infinite loop that could be triggered by sudo_ev_loopbreak() and |
|
sudo_ev_loopcontinue(). |
|
[1723561c46b0] |
|
|
|
* NEWS: |
|
Update for 1.8.9 final. |
|
[d49c14d21410] |
|
|
|
2014-01-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/iolog.c: |
|
Handle a sequence file with no trailing newline. |
|
[aa29306e4f6d] |
|
|
|
2014-01-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/iolog.c: |
|
Truncate io log and timing files on open when recycling them. Only |
|
an issue when the sequence number wraps around. |
|
[01b2dfe15ff0] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Repair reading of the iolog sequence number that got broken when |
|
adding stricter strtoul() checks. |
|
[e0f4a11c3437] |
|
|
|
* src/exec.c: |
|
If invoked as sudoedit we can't just exec the command directly since |
|
the temporary files need to be updated before sudo exits. |
|
[508503be1c4f] |
|
|
|
* src/preserve_fds.c: |
|
Fix restoration of the close-on-exec flag when moving a relocated fd |
|
back into its original position. |
|
[5572f1f8b48a] |
|
|
|
2014-01-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Add "see below" to reference "Secure editing" section in "Preventing |
|
shell escapes". |
|
[b2db990a36b3] |
|
|
|
2014-01-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Add initial "Secure editing" section. |
|
[0d7a192e0e25] |
|
|
|
* doc/LICENSE: |
|
Update copyright year. |
|
[4a639d9207a9] |
|
|
|
2013-12-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, src/po/eo.mo, |
|
src/po/eo.po, src/po/fi.mo, src/po/fi.po: |
|
sync with translationproject.org |
|
[5c15a411b10d] |
|
|
|
* plugins/sudoers/policy.c: |
|
Make user_cwd and user_tty dynamically allocated even for the |
|
"unknown" case. |
|
[015454bf97f8] |
|
|
|
2013-12-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.ac: |
|
Use -fstack-protector-strong in preference to -fstack-protector-all |
|
or -fstack-protector. |
|
[bdd1066eefc4] |
|
|
|
* doc/HISTORY: |
|
Dell acquired Quest |
|
[3d5b7d27a313] |
|
|
|
2013-12-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/ru.mo, |
|
src/po/ru.po, src/po/vi.mo, src/po/vi.po: |
|
sync with translationproject.org |
|
[f964671d08ce] |
|
|
|
2013-12-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, |
|
plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, |
|
plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/cs.mo, src/po/cs.po, src/po/da.mo, src/po/da.po, |
|
src/po/it.mo, src/po/it.po, src/po/pl.mo, src/po/pl.po, |
|
src/po/pt_BR.mo, src/po/pt_BR.po, src/po/uk.mo, src/po/uk.po, |
|
src/po/zh_CN.mo, src/po/zh_CN.po: |
|
sync with translationproject.org |
|
[5f5becf5fb7a] |
|
|
|
* doc/sudoers.ldap.cat: |
|
regen |
|
[77745e6bc0d5] |
|
|
|
* NEWS: |
|
Update for recent changes. |
|
[365b9084268a] |
|
|
|
* plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/visudo.c: |
|
Fix typo; we want setlocale(LC_ALL, "") since we are setting the |
|
locale for the first time. |
|
[e2b9660e9d48] |
|
|
|
2013-12-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/visudo.c: |
|
Use sudoers_initlocale() in main() startup, not sudoers_setlocal() |
|
as the latter assumes we are already in the user's locale which may |
|
not be the case. For sudoreplay, we can just use setlocale() |
|
directly as there is no sudoers locale. |
|
[12235e50dea0] |
|
|
|
2013-12-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/preserve_fds.c, src/sudo.c, src/sudo.h: |
|
Redo preserve_fds support to remap high fds so we can get the most |
|
out of closefrom(). The fds are then restored after closefrom(). |
|
[7d712ec49db7] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Fix install-plugin when sudoers is compiled statically. |
|
[36a8bf3b588d] |
|
|
|
2013-12-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/sudo_debug.c, doc/sudo_plugin.cat, |
|
doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, |
|
include/sudo_debug.h, include/sudo_plugin.h, src/Makefile.in, |
|
src/exec.c, src/exec_pty.c, src/preserve_fds.c, src/sudo.c, |
|
src/sudo.h, src/sudo_exec.h: |
|
Add support for preventing fds from getting clobbered by |
|
closefrom(). |
|
[269f45964ff0] |
|
|
|
2013-12-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/Makefile.in: |
|
regen |
|
[b8f458379b5b] |
|
|
|
2013-12-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/alloc.c: |
|
Need to include limits.h here too. |
|
[b53c6edef597] |
|
|
|
2013-12-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure, configure.ac, plugins/sudoers/parse.h: |
|
No need to use __signed. |
|
[05f9648d1953] |
|
|
|
* plugins/sudoers/regress/logging/check_wrap.c: |
|
Need limits.h here too. |
|
[54aac3bbf66a] |
|
|
|
* compat/closefrom.c: |
|
Still need limits.h here. |
|
[0abc6b2be208] |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
regen |
|
[386b47ced07f] |
|
|
|
* compat/closefrom.c: |
|
Go back to using /proc/self/fd instead of /proc/$$/fd as only AIX |
|
lacks /proc/self and it has F_CLOSEM. |
|
[b5735fbcfdce] |
|
|
|
2013-12-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
Use a switch to map digest type to name instead of an array of |
|
strings. |
|
[ab17ceb4dd60] |
|
|
|
* compat/closefrom.c: |
|
Use /dev/fd in closefrom() on FreeBSD < 8.0 and Mac OS X. |
|
[e70df3b3144b] |
|
|
|
* compat/snprintf.c: |
|
Remove _MAX and _MIN compat; we rely on missing.h for that. We |
|
already require the compiler handle long long so there's no need to |
|
use HAVE_LONG_LONG_INT everywhere. |
|
[2bda15071439] |
|
|
|
* common/ttysize.c, include/missing.h: |
|
Remove _MAX and _MIN defines that any system from the last 20 years |
|
should have. Add ULLONG_MAX in case it is missing. |
|
[2db0cee4aaa8] |
|
|
|
* doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, |
|
plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c: |
|
Change visudo -x to take a file name argument, which may be '-' to |
|
write the exported sudoers file to stdout. |
|
[84cb72c3c391] |
|
|
|
* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.y, plugins/sudoers/parse.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l, plugins/sudoers/visudo.c, |
|
plugins/sudoers/visudo_json.c, src/regress/ttyname/check_ttyname.c: |
|
Move symbol extern defs into sudoers.h |
|
[b631a0b57fae] |
|
|
|
* plugins/sudoers/regress/check_symbols/check_symbols.c, |
|
plugins/sudoers/regress/logging/check_wrap.c: |
|
Add missing sudo_util.h |
|
[ed0edc2e2d0c] |
|
|
|
2013-12-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Warn if the time stamp in the I/O log file does not fit in time_t. |
|
Warn if the info line is not well-formed instead of silently |
|
ignoring it. |
|
[37a050de5be5] |
|
|
|
2013-12-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: |
|
Rename libcommon libsudo_util |
|
[df3ffd4229e5] |
|
|
|
2013-12-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/Makefile.in, common/aix.c, common/atobool.c, |
|
common/atoid.c, common/atomode.c, common/fmt_string.c, |
|
common/gidlist.c, common/progname.c, common/setgroups.c, |
|
common/sudo_conf.c, common/term.c, common/ttysize.c, |
|
include/missing.h, include/sudo_util.h, |
|
plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/sudoreplay.c, plugins/system_group/Makefile.in, |
|
plugins/system_group/system_group.c, src/Makefile.in, src/sudo.h: |
|
Move prototypes for functions provided by libcommon that don't have |
|
their own header files into sudo_util.h. |
|
[43f423a24416] |
|
|
|
2013-12-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/def_data.c, |
|
plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, |
|
plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, |
|
plugins/sudoers/logging.c, plugins/sudoers/logging.h, |
|
plugins/sudoers/mkdefaults: |
|
Now that we have proper number parsing functions we should store |
|
T_UINT defaults values as unsigned int, not int. |
|
[67d8c2244f1d] |
|
|
|
* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: |
|
Don't use int where we really mean enum def_tuple. When this code |
|
was written it was assumed that we may have multiple tuple types. |
|
However, that hasn't happened and probably never will. |
|
[8491f970f343] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
Regen after string parsing changes. |
|
[fd6bf79c3286] |
|
|
|
* common/atoid.c, common/atomode.c, compat/strtonum.c, configure, |
|
configure.ac, include/missing.h, plugins/sudoers/defaults.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/sudoreplay.c, src/parse_args.c, src/ttyname.c: |
|
The OpenBSD strtonum() uses very short error strings that can't be |
|
translated usefully. Convert them to longer strings on error. Also |
|
use the longer strings for atomode() and atoid(). |
|
[dace028594da] |
|
|
|
2013-12-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/Makefile.in, common/atoid.c, common/atomode.c, |
|
plugins/sudoers/defaults.c, plugins/sudoers/policy.c, |
|
plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h: |
|
Add atomode() function for parsing a file mode. |
|
[44e29629aa5e] |
|
|
|
* common/sudo_conf.c, common/ttysize.c, compat/Makefile.in, |
|
compat/closefrom.c, compat/getaddrinfo.c, compat/strtonum.c, |
|
configure, configure.ac, include/missing.h, |
|
plugins/sudoers/boottime.c, plugins/sudoers/defaults.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/match_addr.c, plugins/sudoers/policy.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/sudoreplay.c, plugins/system_group/system_group.c, |
|
src/parse_args.c, src/sudo.c, src/ttyname.c: |
|
Use strtonum() instead of atoi(), strtol() or strtoul() where |
|
possible. |
|
[e4a1fc84b893] |
|
|
|
* MANIFEST, compat/Makefile.in, compat/strtonum.c, config.h.in, |
|
configure, configure.ac, include/missing.h, mkdep.pl: |
|
Add strtonum.c to compat for simpler number parsing. |
|
[a4c69b003da0] |
|
|
|
2013-12-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_common.c: |
|
Fix a warning on Solaris, we need to use debug_return_const_ptr. |
|
[932aa94c0cac] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
check_symbols needs to link with SUDO_LIBS in order to get -lpthread |
|
on HP-UX for libldap (which uses threads). It would be better to |
|
have a separate variable for the pthread library but this is no |
|
worse than it used to be. |
|
[94591b765371] |
|
|
|
2013-12-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: |
|
add missing comma |
|
[7dcbd1c6dd25] |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: |
|
Make -c option description more accurate. |
|
[3f305ae6037e] |
|
|
|
2013-12-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS, plugins/sudoers/sudoers.c: |
|
When checking whether a user may change the login class, just check |
|
pw_uid of the runas user, which was passed in to set_loginclass(). |
|
[aaf736440441] |
|
|
|
2013-12-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
Use atoid() when parsing user/group IDs and print them as unsigned |
|
int. |
|
[40c77459a36a] |
|
|
|
2013-12-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Correctly parse 64-bit times in I/O log files. |
|
[d053ee75adc3] |
|
|
|
* compat/getgrouplist.c, plugins/group_file/getgrent.c, |
|
plugins/sudoers/pwutil.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: |
|
Use atoid() not atoi() when parsing uids/gids. |
|
[491146596626] |
|
|
|
* plugins/sudoers/match.c, plugins/sudoers/match_addr.c, |
|
plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, |
|
plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c, |
|
plugins/sudoers/sudoers.h: |
|
Better match debugging. Sprinkle const in match functions. |
|
[4cd8d793f165] |
|
|
|
2013-12-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, |
|
doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, |
|
doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in: |
|
Document that plugins can be compiled statically into the sudo |
|
binary. |
|
[434061cf909f] |
|
|
|
2013-12-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sssd.c: |
|
sudo_sss_filter_user_netgroup(): fix comment typos, break out of |
|
loop early if we match ALL or netgroup. |
|
[0691731f4b12] |
|
|
|
* plugins/sudoers/sssd.c: |
|
When filtering netgroups, use the passwd struct stashed in the |
|
handle, not user_name since we may be listing another users |
|
privileges. |
|
[f2669cf7b70c] |
|
|
|
* mkpkg: |
|
RHEL 6 and above builds sudo with SSSD support |
|
[afc3d894851e] |
|
|
|
* plugins/sudoers/sssd.c: |
|
Avoid passing NULL domainname to sudo_debug_printf(). |
|
[b08abe5e6d23] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Document sssd debug subsystem. |
|
[250c3ab1bcf0] |
|
|
|
* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: |
|
Document "event" debug subsystem. |
|
[85d220b48edc] |
|
|
|
* plugins/sudoers/match.c: |
|
Use atoid() instead of atoi() when parsing uids/gids so we get |
|
proper range checking. |
|
[5c3e2f3f6cb9] |
|
|
|
* plugins/sudoers/sssd.c: |
|
Add user netgroup filtering for SSSD. Previously, rules for a |
|
netgroup were applied to all even when they did not belong to the |
|
specified netgroup. RedHat Bugzilla 880150. |
|
[784848b5462c] |
|
|
|
* plugins/sudoers/sssd.c: |
|
Fix several issues found by the clang static analyzer; Daniel |
|
Kopecek |
|
[520261dd7461] |
|
|
|
2013-12-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* README.LDAP: |
|
Mention how to dump sudoers info from LDAP. |
|
[a53c93790a30] |
|
|
|
* src/exec_common.c: |
|
On Solaris, disabling the proc_exec privilege appears to interfere |
|
with DAC file permissions. Adding DAC override permissions to the |
|
inheritable set works around this for commands run as root without |
|
giving extra permissions to other users. Bug #626 |
|
[391ad44026c3] |
|
|
|
2013-12-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/Makefile.in, common/progname.c, compat/Makefile.in, |
|
compat/getprogname.c, configure, configure.ac, include/missing.h, |
|
mkdep.pl, plugins/sample/sample_plugin.c, plugins/sudoers/policy.c, |
|
plugins/sudoers/regress/check_symbols/check_symbols.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/visudo.c, src/parse_args.c, |
|
src/regress/ttyname/check_ttyname.c, src/sudo.c: |
|
Instead of setprogname(), add initprogname() which gets the program |
|
name for getprogname() using /proc or pstat() if possible. |
|
[e2d48d81456f] |
|
|
|
2013-11-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/ttyname.c: |
|
Ignore EOVERFLOW from pstat_getproc(). The HP-UX kernel appears to |
|
return this in certain situations but it appears to be harmless at |
|
least insofar as retrieving the tty goes. |
|
[105bea4e1c20] |
|
|
|
* plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, |
|
plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/cs.mo, src/po/cs.po, src/po/eo.mo, src/po/eo.po, |
|
src/po/fi.mo, src/po/fi.po, src/po/it.mo, src/po/it.po, |
|
src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po, |
|
src/po/ru.mo, src/po/ru.po, src/po/uk.mo, src/po/uk.po, |
|
src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: |
|
Sync with translationproject.org |
|
[3694d7ad4c9d] |
|
|
|
2013-11-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo.c: |
|
Add missing newline in help message after export option. |
|
[1c0bff0c181e] |
|
|
|
2013-11-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.ac, plugins/sudoers/Makefile.in, |
|
src/Makefile.in: |
|
Do not add LIBDL to SUDO_LIBS or SUDOERS_LIBS in configure, do it in |
|
Makefile.in so we can make it last. Fixes a linking problem on |
|
Ubuntu precise. |
|
[f8d3bddbe742] |
|
|
|
2013-11-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, m4/ax_func_getaddrinfo.m4: |
|
Do not rely on NULL being defined for getaddrinfo() test. Fixes the |
|
check on HP-UX 11.23. |
|
[a5dcf0283693] |
|
|
|
2013-11-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
Regen for sudo 1.8.9b1 |
|
[945f27a7aa1c] |
|
|
|
* src/po/de.mo, src/po/de.po, src/po/sr.mo, src/po/sr.po: |
|
Sync with translationproject.org |
|
[52abae16ccfa] |
|
|
|
2013-11-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* INSTALL, MANIFEST, NEWS, common/Makefile.in, common/sudo_dso.c, |
|
compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c, config.h.in, |
|
configure, configure.ac, include/sudo_dso.h, mkdep.pl, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/group_plugin.c, |
|
plugins/sudoers/ldap.c, |
|
plugins/sudoers/regress/check_symbols/check_symbols.c, |
|
plugins/sudoers/sssd.c, plugins/system_group/Makefile.in, |
|
plugins/system_group/system_group.c, src/Makefile.in, |
|
src/env_hooks.c, src/load_plugins.c, src/preload.c, src/sudo.c, |
|
src/sudo.h: |
|
Add wrapper functions for dlopen() et al so that we can support |
|
statically compiling in the sudoers plugin but still allow other |
|
plugins to be loaded. The new --enable-static-sudoers configure |
|
option will cause the sudoers plugin to be compiled statically into |
|
the sudo binary. This does not prevent other plugins from being |
|
loaded as per sudo.conf. |
|
[9425770e9d2b] |
|
|
|
2013-11-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
Handle non-unix groups correctly. Get rid of runasuser and |
|
runasgroup types and use username and usergroup instead. The fact |
|
that the user or group is inside a Runas_List doesn't affect its |
|
underlying type. |
|
[ea1789258c11] |
|
|
|
2013-11-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
Simplify Defaults list option object. The name and value strings are |
|
superfluous. |
|
[5852b0184669] |
|
|
|
* compat/dlopen.c: |
|
Back out unintended change. |
|
[85156e49e96e] |
|
|
|
* MANIFEST, aclocal.m4, configure, configure.ac, |
|
m4/ax_func_getaddrinfo.m4: |
|
Add dedicated test for getaddrinfo(). Tru64 UNIX contains two |
|
versions of getaddrinfo and we must include netdb.h to get the |
|
proper definition. |
|
[9882e3e1e8e3] |
|
|
|
* compat/dlopen.c, |
|
plugins/sudoers/regress/check_symbols/check_symbols.c: |
|
Define RTLD_GLOBAL for older systems without it. Bug #621 |
|
[ed38ac84f1da] |
|
|
|
2013-11-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/snprintf.c, include/missing.h: |
|
Rename snprintf replacement rpl_snprintf since we may now replace |
|
the libc version and #define rpl_snprintf snprintf in missing.h so |
|
we get our version when needed. This is consistent with how we |
|
replace glob and fnmatch. |
|
[309aa17d0dfe] |
|
|
|
* common/Makefile.in, common/regress/sudo_conf/conf_test.c, |
|
common/regress/sudo_parseln/parseln_test.c, |
|
common/regress/tailq/hltq_test.c, src/Makefile.in: |
|
libcommon tests need locale_stub.lo to link. |
|
[baae40f36de5] |
|
|
|
* MANIFEST, aclocal.m4, compat/snprintf.c, config.h.in, configure, |
|
configure.ac, m4/ax_func_snprintf.m4: |
|
Add check for C99 compliant (v)snprintf function. |
|
[79e02551543c] |
|
|
|
* compat/sig2str.c, configure, configure.ac: |
|
Include unistd.h in sig2str.c for Tru64 as it defines SIGRTMIN and |
|
SIGRTMAX in terms of sysconf(), which is prototyped in unistd.h. Bug |
|
#621; from Daniel Richard G. |
|
[2a59ccb8c966] |
|
|
|
* include/gettext.h, plugins/sudoers/locale.c, src/locale_stub.c: |
|
Add definition of U_ for --disable-nsl Don't define warning_gettext |
|
if --disable-nsl Bug #621; from Daniel Richard G. |
|
[c0054eb89c2b] |
|
|
|
2013-11-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
When merging Defaults entries we need to check the type of the next |
|
entry and not just assume it is the same as the previous one. |
|
[e97d9b9cf0d5] |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
runasgroups not runasgroup in the Cmnd_Spec. |
|
[92ea5dc20e4d] |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
Fix some syntax errors and change how lists are handled. |
|
[027b8dea44b2] |
|
|
|
* common/sudo_debug.c, config.h.in, configure, configure.ac, |
|
include/fatal.h, include/sudo_debug.h: |
|
Allow sudo to compile without variadic macro support in cpp. |
|
Debugging support will be limited (no file info from warnings.) From |
|
Daniel Richard G.; Bug #621 |
|
[51b8b868cd4b] |
|
|
|
* Makefile.in, common/aix.c, common/fatal.c, common/gidlist.c, |
|
common/sudo_conf.c, include/fatal.h, include/gettext.h, |
|
include/missing.h, plugins/sudoers/auth/fwtk.c, |
|
plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, |
|
plugins/sudoers/bsm_audit.c, plugins/sudoers/defaults.c, |
|
plugins/sudoers/env.c, plugins/sudoers/group_plugin.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, |
|
plugins/sudoers/logging.c, plugins/sudoers/match.c, |
|
plugins/sudoers/policy.c, plugins/sudoers/prompt.c, |
|
plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, |
|
plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, |
|
plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, src/exec.c, |
|
src/exec_common.c, src/exec_pty.c, src/load_plugins.c, |
|
src/locale_stub.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, |
|
src/sesh.c, src/signal.c, src/solaris.c, src/sudo.c, |
|
src/sudo_edit.c, src/tgetpass.c, src/utmp.c: |
|
Add warning_gettext() wrapper function that changes to the user |
|
locale, then calls gettext(). Add U_ macro that calls |
|
warning_gettext() instead of gettext(). Rename warning2()/error2() |
|
back to warning_nodebug()/error_nodebug(). |
|
[f3bb207db201] |
|
|
|
2013-11-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/fileops.c, compat/getaddrinfo.c, compat/mktemp.c, |
|
compat/utimes.c, configure.ac, plugins/sudoers/boottime.c, |
|
plugins/sudoers/check.c, plugins/sudoers/getdate.c, |
|
plugins/sudoers/getdate.y, plugins/sudoers/group_plugin.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/logging.h, plugins/sudoers/sssd.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, |
|
plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/preload.c, |
|
src/sudo.c, src/sudo_edit.c, src/ttyname.c, src/utmp.c: |
|
Fix some #if vs. #ifdef and remove an extraneous semicolon. Bug |
|
#624; from Daniel Richard G. |
|
[b212e4694018] |
|
|
|
* include/sudo_debug.h, plugins/sudoers/defaults.c, |
|
plugins/sudoers/ldap.c, src/exec_common.c: |
|
Add debug_return_const_str and debug_return_const_ptr for returning |
|
a const string or pointer. Using const for the normal versions |
|
produces warnings with the Tru64 compiler. |
|
[45018a149cb4] |
|
|
|
* common/event_poll.c, compat/getaddrinfo.c, config.h.in, configure, |
|
configure.ac, m4/sudo.m4: |
|
Fixes for building under Tru64; from Daniel Richard G. Bug #624 |
|
[fc4a6cbae1ba] |
|
|
|
2013-11-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/logging.c: |
|
log_{fatal,warning} now logs to the debug file itself. |
|
log_{fatal,warning} now calls warningx2() after setting the locale |
|
itself instead of using the wrapper macros. This removes the only |
|
use of warningx(ngettext(...)). |
|
[930129361e0a] |
|
|
|
2013-11-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.ac: |
|
Add -Wpointer-arith to --enable-warnings |
|
[2043ae306d1b] |
|
|
|
* configure, configure.ac: |
|
Fix more instances of #include directives where the '#' was not in |
|
column 1. From Daniel Richard G. (bug #622) |
|
[75f36f39dcab] |
|
|
|
* MANIFEST, doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/visudo.c, |
|
plugins/sudoers/visudo_json.c: |
|
Add support to visudo to export sudoers in JSON format. |
|
[1697b2b4bfd2] |
|
|
|
2013-11-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/parse.h: |
|
Remove unused digest field from struct cmndspec, the digest really |
|
lives in struct sudo_command. |
|
[e9a1e2e112d6] |
|
|
|
* config.h.in, configure: |
|
Regen with autoconf 2.69 |
|
[275f69f98f9e] |
|
|
|
* MANIFEST, Makefile.in, config.h.in, configure.ac, configure.in, |
|
doc/Makefile.in: |
|
Rename configure.in -> configure.ac |
|
[0aeafe425373] |
|
|
|
* MANIFEST, aclocal.m4, autogen.sh, config.h.in, configure, |
|
configure.in, ltmain.sh, m4/sudo.m4: |
|
From Daniel Richard G. (bug #622) Add an autogen.sh script that |
|
rebuilds the autoconf world. Move old aclocal.m4 contents to |
|
m4/sudo.m4. New (generayed) aclocal.m4 contains the m4_include |
|
directives. Some tests had #include directives where the '#' was not |
|
in column 1. Updated obsolete macro usage via autoupdate. |
|
[5fe8de5a56df] |
|
|
|
2013-11-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/sudo_exec.h: |
|
Very old systems (pre XPG 4.2) may not support MSG_WAITALL. The |
|
likelihood of receiving a partial message is quite low so this is |
|
not a big deal. |
|
[900a304f9548] |
|
|
|
* configure, configure.in: |
|
HP-UX may require _XOPEN_SOURCE_EXTENDED to be defined for |
|
MSG_WAITALL to be visible. |
|
[f08b1a00a30a] |
|
|
|
* MANIFEST, plugins/sudoers/regress/visudo/test5.out.ok, |
|
plugins/sudoers/regress/visudo/test5.sh: |
|
Add regress test for bug #623 |
|
[8e83cfccaf14] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Cope with a comment on the last line of the file with no newline. |
|
Bug #623 |
|
[f826243bc4e6] |
|
|
|
* compat/getaddrinfo.c: |
|
Include arpa/inet.h for HP-UX; from Daniel Richard G. |
|
[d4d7a4303bae] |
|
|
|
* doc/Makefile.in: |
|
Add missing $(mansrcdir) to visudo.mdoc and visudo.man. From Daniel |
|
Richard G. |
|
[f664c8d2f961] |
|
|
|
2013-11-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* include/fatal.h: |
|
In v{warning,fatal}x?() make a new copy of ap for the debug |
|
functions. It is not legal to use ap twice without reinitializing |
|
it. Noticed by Daniel Richard G. |
|
[6ca8bc48ecb3] |
|
|
|
* include/fatal.h: |
|
Remove errant warning_restore_locale() call. |
|
[4ef7aecefcbb] |
|
|
|
* include/missing.h, plugins/sudoers/logging.c: |
|
Move va_copy compat macro to missing.h |
|
[c873e4cc4c8a] |
|
|
|
* common/Makefile.in, compat/Makefile.in, mkdep.pl, |
|
plugins/group_file/Makefile.in, plugins/sample/Makefile.in, |
|
plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, |
|
src/Makefile.in, zlib/Makefile.in: |
|
Uniquify header dependencies so we don't end up with duplicates when |
|
a header file includes other headers. The header dependencies are |
|
sorted so the generated order is stable. |
|
[95747db2f07a] |
|
|
|
* compat/Makefile.in, configure, configure.in, doc/CONTRIBUTORS, |
|
mkdep.pl: |
|
Add getaddrinfo.lo to LTLIBOBJS for systems that need it. From |
|
Daniel Richard G. |
|
[e94ee99a52a9] |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Fix pasto |
|
[5262735e78e0] |
|
|
|
2013-11-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.mdoc.in: |
|
Fix typo. |
|
[6b11a4eec6b6] |
|
|
|
2013-11-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/getdate.c, plugins/sudoers/gram.c: |
|
regen |
|
[995ca9f21862] |
|
|
|
* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c: |
|
Fix warnings from -Wold-style-definition |
|
[a748c5c7b423] |
|
|
|
* configure, configure.in: |
|
Add -Wold-style-definition to --enable-warnings |
|
[0484de0deb59] |
|
|
|
* common/event_poll.c: |
|
Extra debugging for ready fds. |
|
[91fb85cdecbb] |
|
|
|
* common/event_select.c: |
|
When deleting an event, check ev->events to determine whether to |
|
remove from readfds or writefds instead of blinding removing from |
|
both. Also fix highfd adjustment. |
|
[7384db65ca9c] |
|
|
|
2013-11-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/event_select.c: |
|
Only check an fd that is >= 0. Timeout-only events may have a |
|
negative fd. |
|
[fa0e5cbc3cc2] |
|
|
|
2013-11-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/event.c: |
|
Don't call sudo_ev_{add,del}_impl() for timeout-only events. This |
|
makes it possible to pass sudo_ev_alloc() an fd of -1 for events |
|
only use SUDO_EV_TIMEOUT. |
|
[6838657a1a2f] |
|
|
|
2013-10-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/alloc.c, common/event_select.c, include/sudo_event.h: |
|
Make a copy of readfds/writefds before calling select() instead of |
|
calculating it each time. Keep track of high fd in the base. |
|
[6048b78f2e94] |
|
|
|
2013-10-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS: |
|
Add Stephen Gelman |
|
[0028c7a91a4f] |
|
|
|
* plugins/sudoers/getdate.c, plugins/sudoers/gram.c: |
|
Fix sign comparison warning. |
|
[914cb36b9ed2] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Fix potential NULL dereference in non-interactive mode. |
|
[9233428d3f32] |
|
|
|
2013-10-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c, src/exec_pty.c: |
|
Use MSG_WAITALL when receiving struct command_status over the Unix |
|
domain socket since we no longer use datagrams. This should avoid |
|
the need to handle incomplete reads, though in theory it is still |
|
possible. |
|
[28a92888a908] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
SIGKILL is not catchable |
|
[79f82e4cb11d] |
|
|
|
* common/event.c, include/sudo_event.h, plugins/sudoers/sudoreplay.c: |
|
Add sudo_ev_get_timeleft() to get the amount of time left before an |
|
event times out and use it in sudoreplay. |
|
[d5b17ee30fa4] |
|
|
|
2013-10-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, |
|
plugins/sudoers/sudoreplay.c: |
|
If the user presses <return> or <enter> in sudoreplay, skip to the |
|
next event. Useful for skipping past long pauses in the data. |
|
[43343f45c94d] |
|
|
|
* common/event.c, common/event_poll.c, common/event_select.c: |
|
Fix sudo_ev_scan_impl() return value in event_poll.c. Make sure we |
|
clear active flag from unprocessed events if sudo_ev_loopbreak() or |
|
sudo_ev_loopcontinue() are used. Remove bogus optimization when the |
|
timeout is zero or negative; it could prevent an I/O event from |
|
being triggered. |
|
[a13603fb3134] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Move session replay into its own function. |
|
[e323f7729595] |
|
|
|
* common/event.c, common/event_poll.c, common/event_select.c, |
|
include/sudo_event.h: |
|
Get rid of cur and pending pointers in struct sudo_event_base. We |
|
now pop the first event off the active queue instead of using a |
|
foreach loop with deferred removal of the event. Add |
|
SUDO_EVQ_INSERTED and SUDO_EVQ_TIMEOUTS flags to indicate that the |
|
event on the event queue and timeouts queue respectively. No longer |
|
need to compare the timeout to {0,0} or compare the event's base |
|
pointer to NULL to determine queue membership. |
|
[f2b2251fd523] |
|
|
|
* common/event_poll.c: |
|
rename sudo_ev_loop_impl() -> sudo_ev_scan_impl() |
|
[614faaff04e3] |
|
|
|
* MANIFEST, common/event.c, common/event_poll.c, |
|
common/event_select.c, compat/Makefile.in, compat/nanosleep.c, |
|
config.h.in, configure, configure.in, include/missing.h, |
|
include/sudo_event.h, mkdep.pl, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/sudoreplay.c, src/exec.c, src/exec_pty.c: |
|
Add support for libevent-style timed events. Adding a timed event is |
|
currently O(n). The only consumer of timed events is sudoreplay |
|
which only used a singled one so O(n) == O(1) for now. This also |
|
allows us to remove the nanosleep compat function as we now use a |
|
timeout event instead. |
|
[db41c08e92dc] |
|
|
|
2013-10-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c, src/exec_pty.c: |
|
Now that sudo_ev_base_free() removes all events before freeing we |
|
don't need to do this by hand. |
|
[b59d43658c5f] |
|
|
|
* common/event.c, common/event_poll.c, common/event_select.c, |
|
include/sudo_event.h: |
|
Add a list of active events in the base that the back end sets when |
|
it calls poll or select. This allows the front end to iterate over |
|
the events instead of having that code in both back ends. It will |
|
also simplify support for timeout events. Also make sure we can't |
|
touch freed memory if a callback frees its own event. |
|
[933b99b3f2bc] |
|
|
|
* common/event.c: |
|
Remove any existing events before freeing the event base. |
|
[2543c6620cf1] |
|
|
|
2013-10-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_pty.c: |
|
mon_handler() should be static |
|
[b1a62ef65c96] |
|
|
|
2013-10-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
If user specified start_tls and ldaps, display a warning and ignore |
|
start_tls. There's no reason to make this a fatal error. |
|
[bf446dd1e740] |
|
|
|
* src/exec_pty.c: |
|
Add missing else when the connection from the monitor to the parent |
|
sudo process is broken (due to the parent dying). Prevents a |
|
spurious "unexpected reply type on backchannel" warning. |
|
[5c44053cef08] |
|
|
|
* src/exec_pty.c: |
|
When flushing output we don't care whether we are the foreground |
|
process or not, we still need to flush to /dev/tty. If we are in the |
|
background, it is OK to get SIGTTOU. |
|
[9716892d1fb5] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Should not attempt start_tls on an ldaps connection. |
|
[9d01d461c52c] |
|
|
|
2013-10-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/regress/parser/check_fill.c: |
|
Fix sign compare warning. |
|
[6130fa8df758] |
|
|
|
* doc/Makefile.in: |
|
Eliminate warning about circular dependency from GNU make. |
|
[7ed5df762089] |
|
|
|
* plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, |
|
src/ttyname.c: |
|
More sign compare fixes. On Solaris id_t is signed so use uid_t in |
|
the set_perms.c ID macro instead. |
|
[8166dcc50d0b] |
|
|
|
* common/fileops.c, common/lbuf.c, common/secure_path.c, |
|
common/sudo_debug.c, include/secure_path.h, |
|
plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, |
|
plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.h, |
|
plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, |
|
plugins/sudoers/ldap.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/match_addr.c, plugins/sudoers/parse.h, |
|
plugins/sudoers/policy.c, plugins/sudoers/prompt.c, |
|
plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l, |
|
plugins/sudoers/toke_util.c, src/load_plugins.c, src/sudo.c, |
|
src/ttyname.c: |
|
Quiet sign comparision warnings. |
|
[e34f45dad10c] |
|
|
|
* configure, configure.in: |
|
Add -Wsign-compare to --enable-warnings |
|
[d560e274a6ae] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Ignore SIGPIPE when connecting to the LDAP server so we can get a |
|
proper error message with the IBM LDAP libs. Also return |
|
LDAP_SUCCESS instead of 0 from most sudo_ldap_* functions that |
|
return an int. |
|
[611a4ed9b8ee] |
|
|
|
* plugins/sudoers/regress/parser/check_base64.c, |
|
plugins/sudoers/regress/parser/check_digest.c: |
|
Quiet compiler warnings. |
|
[7d82dcca7126] |
|
|
|
2013-10-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
sudo_ldap_parse_uri() should join multiple URIs in the string list |
|
together but it was clearing the host entry each time through the |
|
loop. Fixes a bug with multiple URI entries in ldap.conf where only |
|
the last one was being honored. |
|
[83cee19b136d] |
|
|
|
* src/exec_pty.c: |
|
Avoid a double free introduced when plugging a memory leak in |
|
safe_close(). A new ev_free_by_fd() function is used to remove and |
|
free any events sharing the specified fd. This can be used after |
|
safe_close() to make sure we don't try to select() on a closed fd. |
|
[54f48a281147] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y, src/exec.c: |
|
Quiet some llvm check false positives. The common idiom of using |
|
TAILQ_FIRST, TAILQ_REMOVE and free in a loop to free each entry in a |
|
TAILQ confuses llvm. Use TAILQ_FOREACH_SAFE instead (which is |
|
probably faster anyway). |
|
[bd1b8c11f416] |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
If pam_open_session() fails don't call pam_getenvlist() with a NULL |
|
pam handle. |
|
[352e0329acba] |
|
|
|
* plugins/sudoers/defaults.c: |
|
Fix newly introduced use after frees found by llvm checker. |
|
[a81080230f1f] |
|
|
|
* common/event_select.c: |
|
Remove an errant list_next() call that should have been removed in |
|
the TAILQ conversion. |
|
[3bbf8d117ce4] |
|
|
|
* MANIFEST, common/Makefile.in, common/list.c, |
|
common/regress/tailq/hltq_test.c, include/list.h, include/queue.h, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, |
|
plugins/sudoers/defaults.c, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.y, plugins/sudoers/match.c, |
|
plugins/sudoers/parse.c, plugins/sudoers/parse.h, |
|
plugins/sudoers/regress/parser/check_fill.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: |
|
Add "headless" tail queues and use them in place of the semi- |
|
circular lists in sudoers. Once the headless tail queue is built up |
|
it is converted to a normal TAILQ. This removes the last consumer of |
|
list.c and list.h so those can now be removed. |
|
[5986ba762a24] |
|
|
|
* common/Makefile.in, common/fatal.c, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, |
|
plugins/sudoers/env.c, plugins/sudoers/interfaces.c, |
|
plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c, |
|
plugins/sudoers/match_addr.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l, |
|
plugins/sudoers/visudo.c, src/Makefile.in, src/exec_pty.c, |
|
src/hooks.c: |
|
Use SLIST and STAILQ macros instead of doing headless singly linked |
|
lists manually. As a bonus we now use a tail queue for ldap.c and |
|
sudoreplay.c. |
|
[c31bc2d99082] |
|
|
|
* MANIFEST, common/Makefile.in, common/event.c, common/event_poll.c, |
|
common/event_select.c, common/list.c, |
|
common/regress/sudo_conf/conf_test.c, common/sudo_conf.c, |
|
doc/LICENSE, include/list.h, include/missing.h, include/queue.h, |
|
include/sudo_conf.h, include/sudo_event.h, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c, |
|
plugins/sudoers/parse.c, plugins/sudoers/parse.h, |
|
plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c, |
|
plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, |
|
src/Makefile.in, src/exec.c, src/exec_pty.c, src/load_plugins.c, |
|
src/sudo.c, src/sudo.h, src/sudo_plugin_int.h: |
|
Convert sudo to use BSD TAILQ macros instead of home ground tail |
|
queue functions. This includes a private queue.h header derived from |
|
FreeBSD. It is simpler to just use our own header rather than try to |
|
deal with macros that may or may not be present in various queue.h |
|
incarnations. |
|
[450bce095d7c] |
|
|
|
2013-10-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Fix AND operator broken by changes to fix OR. |
|
[a4d3485ee943] |
|
|
|
2013-10-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Fix OR operator. |
|
[f5c1c90ee284] |
|
|
|
2013-10-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_pty.c: |
|
Fix memory leak of I/O buffer events in safe_close(). |
|
[08cd790cfbba] |
|
|
|
2013-10-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_debug.c: |
|
Don't allow the debug subsystem to be initialized twice. Otherwise |
|
we can exhuast our stack when built in static mode. |
|
[fadacb6a4617] |
|
|
|
* common/event_poll.c: |
|
Make sure we do not try to usie index -1 in base->pfds[]. |
|
[beeb922aba3f] |
|
|
|
2013-10-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.in: |
|
Bump version to 1.8.9 |
|
[758dbb464796] |
|
|
|
2013-10-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_pty.c: |
|
Convert the monitor process to the event subsystem. |
|
[c4fe8e2ba53c] |
|
|
|
* src/exec.c, src/exec_pty.c, src/sudo_exec.h: |
|
Convert the main sudo event loop to use the event subsystem. Read |
|
events for I/O buffers are added before the loop starts. Write |
|
events are added on demand as the buffers are filled. |
|
[72a603e997e0] |
|
|
|
* INSTALL, MANIFEST, common/Makefile.in, common/event.c, |
|
common/event_poll.c, common/event_select.c, common/list.c, |
|
common/sudo_debug.c, config.h.in, configure, configure.in, |
|
include/list.h, include/sudo_debug.h, include/sudo_event.h, |
|
mkdep.pl, plugins/sudoers/Makefile.in, src/Makefile.in, |
|
src/exec_pty.c: |
|
Simple event subsystem that uses poll() or select(). Basically a |
|
simplied subset of libevent2. Currently only fd events are supported |
|
(since that's all we need). The poll() backend is used by default, |
|
except on Mac OS X where poll() is broken for devices (including |
|
/dev/tty and ptys). |
|
[8773142b4117] |
|
|
|
* src/exec.c, src/exec_pty.c: |
|
Use SOCK_STREAM for socketpair, not SOCK_DGRAM so we get consistent |
|
semantics when the other end closes. This should make the conversion |
|
to poll() less problematic. |
|
[b6a321722a91] |
|
|
|
2013-10-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_debug.c: |
|
Fix removal of trailing newlines in a debug message. |
|
[6f5ce5ac64e0] |
|
|
|
2013-10-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo.c: |
|
When checking for unused Runas_Aliases, count those used as part of |
|
a Runas Group too. Fixes a false positive warning. |
|
[f13271a4a377] |
|
|
|
2013-09-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* include/missing.h: |
|
Include stddef.h for rsize_t and errno_t on systems that support it |
|
natively. |
|
[bc547d47e9c6] |
|
|
|
* MANIFEST: |
|
Fix braino. |
|
[67b79747312f] |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/de.mo, |
|
plugins/sudoers/po/eo.mo, plugins/sudoers/po/fi.mo, |
|
plugins/sudoers/po/it.mo, plugins/sudoers/po/pl.mo, |
|
plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/uk.mo, |
|
plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_CN.mo: |
|
Rebuild message catalog files. |
|
[0a9befb0674e] |
|
|
|
* src/po/da.mo, src/po/eo.mo, src/po/fi.mo, src/po/it.mo, |
|
src/po/pl.mo, src/po/pt_BR.mo, src/po/ru.mo, src/po/uk.mo, |
|
src/po/vi.mo, src/po/zh_CN.mo: |
|
Rebuild message catalog files. |
|
[25191089ddf2] |
|
|
|
* MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/cs.mo, src/po/cs.po: |
|
Czech translation for sudo from translationproject.org. |
|
[8bc0ed069ddb] |
|
|
|
2013-09-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/da.po, plugins/sudoers/po/de.po, |
|
plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/it.po, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.po, src/po/da.po, |
|
src/po/eo.po, src/po/fi.po, src/po/it.po, src/po/pl.po, |
|
src/po/pt_BR.po, src/po/ru.po, src/po/uk.po, src/po/vi.po, |
|
src/po/zh_CN.po: |
|
Sync with translationproject.org |
|
[c16f9bb4579e] |
|
|
|
* NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: |
|
Change "next" back to 2. In the context of "next Friday" we really |
|
do want the friday of the upcoming (not current) week. |
|
Unfortunately, this means that things like "next week" and "next |
|
year" will match one more than we really want. Fixing this will |
|
require some fairly major changes to the grammar. |
|
[7f863c930121] |
|
|
|
* doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: |
|
Mention that relative times don't always do what you might expect. |
|
[710a9b0dd36f] |
|
|
|
2013-09-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS: |
|
Add diacritical for Zdenek Behan. |
|
[78d333f88e6c] |
|
|
|
2013-09-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/regress/ttyname/check_ttyname.c: |
|
Do not fail if ttyname() cannot determine the tty but sudo can. |
|
Should fix problems with running "make check" under pbuilder. |
|
[e6fc06a6c5cf] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Remove extraneous $$CWD; from Bdale Garbee |
|
[4d040ddd7446] |
|
|
|
2013-09-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: |
|
Make "this" and "next" qualifiers work a bit better. There is still |
|
room for improvement as "this week" will use the current time |
|
instead of the beginning of the week. That's a separate issue |
|
though. |
|
[e844c02f754a] |
|
|
|
2013-09-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/regress/sudo_conf/conf_test.c, |
|
common/regress/sudo_parseln/parseln_test.c: |
|
Mark main() public to silence a warning on HP-UX. |
|
[ac0b869b9842] |
|
|
|
2013-09-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/sudoers.pot, plugins/sudoers/timestamp.c: |
|
Be specific that we are talking about the Unix epoch; bug #615 |
|
[25887775371b] |
|
|
|
* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/po/sudoers.pot, |
|
src/po/sudo.pot, src/selinux.c: |
|
Do not use "setup" as a verb; bug #614 |
|
[17c4750aac5f] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Fix logic goof when checking open() status. |
|
[76ece1445d71] |
|
|
|
* plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, src/po/nl.mo, |
|
src/po/nl.po, src/po/ru.mo, src/po/ru.po: |
|
Sync with translationproject.org |
|
[21351498000f] |
|
|
|
* NEWS, plugins/sudoers/sudoreplay.c: |
|
Work around a bug in sudo 1.8.7 timing files where the indexes are |
|
off by two. |
|
[4aa0cd58af58] |
|
|
|
* MANIFEST, plugins/sudoers/iolog.c, plugins/sudoers/iolog.h, |
|
plugins/sudoers/sudoreplay.c: |
|
Repair writing of the I/O log file indices broken in sudo 1.8.7. |
|
[6a5f867884f5] |
|
|
|
2013-08-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Try to improve the PAGERS noexec example a bit. |
|
[226f11118daa] |
|
|
|
2013-08-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, |
|
doc/sudoers.ldap.mdoc.in: |
|
Document comment character in ldap.conf Clarify what is and is not |
|
supported in TLS_KEYPW Mention that gsk8capicmd can be used to |
|
create a stash file |
|
[fb8f06ab4458] |
|
|
|
2013-08-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
New bugs fixed for 1.8.8. |
|
[c158df7cd9d2] |
|
|
|
* plugins/sudoers/visudo.c: |
|
Fix setting of quiet flag when -q / --quiet is specified. Do not |
|
print "sudoers: parsed OK" in quiet mode. |
|
[df55acd57ce6] |
|
|
|
* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/fi.mo, |
|
src/po/fi.po, src/po/it.mo, src/po/it.po: |
|
Updated translations from translationproject.org |
|
[e9e8abd23a28] |
|
|
|
* plugins/sudoers/check.c: |
|
Don't allow root to change its SELinux role without a password. Bug |
|
#611 |
|
[f8b599acb29d] |
|
|
|
2013-08-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Mention new Mac OS X symbol interposition. |
|
[98293b7c4e0f] |
|
|
|
* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, |
|
src/po/eo.po, src/po/fr.mo, src/po/fr.po: |
|
Updated translations from translationproject.org |
|
[865be7454354] |
|
|
|
* config.h.in, configure, configure.in, src/sudo_noexec.c: |
|
Add configure checks for the exec functions we will dummy out. This |
|
is only really needed on Mac OS X when symbol interposition is being |
|
performed but won't hurt elsewhere. |
|
[49c20cf6bab0] |
|
|
|
2013-08-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure, configure.in, src/Makefile.in, |
|
src/sudo_noexec.c: |
|
Fix installation of sudo_noexec on Mac OS X. Use library symbol |
|
interposition on Mac OS X 10.4 and higher so we don't need to set |
|
DYLD_FORCE_FLAT_NAMESPACE=1. |
|
[a82999dff8e6] |
|
|
|
2013-08-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
Fix error display from ldap_ssl_client_init(). There are two error |
|
codes. The return value can be decoded via ldap_err2string() but the |
|
ssl reason code cannot (you have to look it up in a table online). |
|
[0267125ce9f0] |
|
|
|
2013-08-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, |
|
doc/sudoers.ldap.mdoc.in: |
|
Fix typo in tls_key example for Tivoli |
|
[36599f424ac4] |
|
|
|
* src/parse_args.c: |
|
Don't escape '$' when running "sudo -i command". Bug #564 |
|
[17542d52f714] |
|
|
|
* plugins/sudoers/iolog_path.c: |
|
Fix typo in comment. |
|
[d0510ed5eaba] |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Fix comment. |
|
[4e89e0bfd6af] |
|
|
|
* plugins/sudoers/timestr.c, plugins/sudoers/visudo.c: |
|
Quiet some gcc -Wformat=2 false positives |
|
[28a2014b9822] |
|
|
|
2013-08-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Remove now-obsolete arg to env_merge() |
|
[ba015cf5d935] |
|
|
|
* plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po, |
|
src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, |
|
src/po/zh_CN.mo, src/po/zh_CN.po: |
|
Updated translations from translationproject.org |
|
[72b6aeaba505] |
|
|
|
* MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/fr.mo, src/po/fr.po: |
|
French translation for sudo from translationproject.org. |
|
[a72321771860] |
|
|
|
* plugins/sudoers/logging.h: |
|
Add __printflike to audit_failure. |
|
[1686b3699d41] |
|
|
|
* include/missing.h: |
|
Use __nonnull__ attribute in __printflike. |
|
[d123613a1fb6] |
|
|
|
2013-08-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/env.c, plugins/sudoers/sudoers.h: |
|
When merging the PAM environment, allow environment variables set in |
|
PAM to override ones set by sudo as long as they do not match the |
|
env_keep or env_check lists. |
|
[f3c64967fed7] |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Call pam_getenvlist() after we've opened the session to get the |
|
session-specific environment variables. |
|
[b413fb9e1c77] |
|
|
|
2013-08-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
option not flag |
|
[08c31af7b818] |
|
|
|
* compat/getopt_long.c, config.h.in, configure, configure.in: |
|
Don't redefine opterr, optind, optopt, optarg in getopt_long.c. Add |
|
a check for optreset which is a BSD extension and provide a |
|
definition in getopt_long.c if it is not present. |
|
[3393e8d83400] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[f38f65830118] |
|
|
|
* plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c: |
|
Use lower case for the long option arguments to match the manual. |
|
This is inconsistent with GNU but it is better to match the sudo |
|
documentation. |
|
[8fac2d64f5d2] |
|
|
|
* NEWS: |
|
Sudo 1.8.8 |
|
[105c73752474] |
|
|
|
* src/parse_args.c: |
|
Use lower card for the long option arguments to match the manual. |
|
This is inconsistent with GNU but it is better to match the sudo |
|
documentation. |
|
[af243dd39850] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in: |
|
Describe how remote command execution can be implemented. |
|
[3eba7f93b7f6] |
|
|
|
* doc/sudoers.ldap.cat: |
|
Bump version. |
|
[0ee7f02f3627] |
|
|
|
2013-08-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* src/sudo.c: |
* src/sudo.c: |
Fixed a format string vulnerability when the sudo binary (or a | Make it a fatal error if the plugin returns invalid or out of range |
symbolic link to the sudo binary) contains printf format escapes | command info. |
and the -D (debugging) flag is used. | [8a7e56c7584a] |
|
|
|
* plugins/sudoers/policy.c: |
|
Use strtol() instead of atoi() and perform error checking of |
|
parameters passed from the sudo front-end. |
|
[05e05be3c6c4] |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
It is not possible for auth to be NULL here. |
|
[771500e776e9] |
|
|
|
* plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: |
|
Initialize user_runhost and user_srunhost to user_host and |
|
user_shost in visudo and testsudoers. |
|
[c47cca74e1fc] |
|
|
|
* MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c, |
|
common/error.c, common/fatal.c, common/gidlist.c, common/lbuf.c, |
|
common/list.c, common/sudo_conf.c, common/sudo_debug.c, |
|
compat/Makefile.in, compat/getopt_long.c, include/error.h, |
|
include/fatal.h, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/bsm_audit.c, plugins/sudoers/hexchar.c, |
|
plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, |
|
plugins/sudoers/regress/check_symbols/check_symbols.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, |
|
src/Makefile.in, src/locale_stub.c, src/net_ifs.c, |
|
src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h: |
|
Rename error.h -> fatal.h now that there is no error() function. |
|
[3a3827f10f04] |
|
|
|
* common/sudo_debug.c, include/sudo_debug.h: |
|
Add support to the debug subsystem for zero-length strings. This can |
|
happen for things like warning(NULL) or fatal(NULL) where we just |
|
want to log the errno string. |
|
[3ed739c5cc91] |
|
|
|
* include/error.h: |
|
Add __printflike for vfatal, vfatalx, vwarning and vwarningx. |
|
[57e65ed595d2] |
|
|
|
* plugins/sudoers/audit.c: |
|
Need to include gettext.h for BSM audit. |
|
[a87fda2d0123] |
|
|
|
* common/alloc.c, plugins/sudoers/env.c, src/exec_common.c, |
|
src/parse_args.c, src/sudo.c: |
|
Change some fatalx(NULL) that should be fatal(NULL). |
|
[8b1efda9f578] |
|
|
|
* include/error.h, include/missing.h: |
|
Use __printf0like for warning() and fatal() since the fmt string may |
|
be NULL. |
|
[858a890f00ad] |
|
|
|
* compat/pw_dup.c: |
|
Quiet a gcc "used uninitialized in this function" false positive. |
|
[98f47f89ce60] |
|
|
|
* mkpkg: |
|
Enable bsm audit on Mac OS X and Solaris >= 11. |
|
[8607488f986c] |
|
|
|
* plugins/sudoers/bsm_audit.c: |
|
Fix compilation on Solaris 11. |
|
[01aa46298ed7] |
|
|
|
* plugins/sudoers/bsm_audit.c: |
|
Add missing missing.h |
|
[080de69a55a1] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Move the -C (user_closefrom) check until after set_cmnd() so that |
|
closefrom_override can be used in a command-specific Defaults line. |
|
Fixes bug #610 from Mengtao Sun. |
|
[413565c6ff6b] |
|
|
|
2013-08-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c: |
|
If not using a pty and the child process gets SIGTTOU or SIGTTIN and |
|
sudo is the foreground process, make the child the foreground |
|
process and continue it. |
|
[5ff433443bc4] |
|
|
|
* src/sudo.c: |
|
If sudo is not setuid and was not invoked with a full path, look in |
|
the user's PATH for the sudo binary to give a better error message. |
|
[a740129a38f0] |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, |
|
plugins/sudoers/logging.c, plugins/sudoers/match.c, |
|
plugins/sudoers/policy.c, plugins/sudoers/sudo_nss.c, |
|
plugins/sudoers/sudoers.h: |
|
Add limited support for "sudo -l -h other_host". Since group lookups |
|
are done on the local host, rules that use group membership may be |
|
incorrect if the group database is not synchronized between hosts. |
|
[2c8b222a5f7f] |
|
|
|
* src/parse_args.c: |
|
Fix parsing of "-h host" when used in conjunction with the -l flag. |
|
[62f3d726d52b] |
|
|
|
* configure, configure.in, doc/fixman.sh, doc/fixmdoc.sh, |
|
doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, |
|
doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/visudo.c, src/parse_args.c, src/sudo.c, |
|
src/sudo_usage.h.in: |
|
Simplify usage messages a bit and make --help output more closely |
|
resemble GNU usage wrt long options. Sync usage and man page |
|
SYNOPSYS sections and improve long options in the manual pages. Now |
|
that we have long options we don't need to give the mnemonic for the |
|
single-character options in the description. |
|
[17b7e386955a] |
|
|
|
2013-08-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/logging.c: |
|
Fix setting of mailer argv[0] to basename of mailerpath. No need to |
|
strdup() mailerpath as it is not modified. |
|
[8843cdd958ee] |
|
|
|
* plugins/sudoers/logging.c: |
|
Make sure the mailer exists and is a regular file before trying to |
|
exec it. |
|
[b73d6214014f] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
If tty_tickets are enabled but there is no tty, use a ticket file |
|
based on the parent pid. |
|
[75408bd61ced] |
|
|
|
* common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, |
|
doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/parse_args.c: |
|
Allow default plugin dir to be configured in sudo.conf. |
|
[478883594cc5] |
|
|
|
* doc/CONTRIBUTORS: |
|
UTF8 for Ruusamae, Elan; from Tae Wong |
|
[02e0c95b4fa6] |
|
|
|
2013-08-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/regress/sudo_conf/test5.in, |
|
common/regress/sudo_conf/test5.out.ok, |
|
common/regress/sudo_conf/test6.in, |
|
common/regress/sudo_conf/test6.out.ok, common/sudo_conf.c, |
|
doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, |
|
plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, src/sudo.c: |
|
Don't allow max_groups to be set to zero, it just complicates things |
|
needlessly. Fixes an assertion in visudo when there is a group- |
|
based Defaults entry. |
|
[d62a8ea32db9] |
|
|
|
2013-08-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/Makefile.in, common/gidlist.c, |
|
plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, src/sudo.c, |
|
src/sudo.h: |
|
Refactor code to parse list of gids into its own function that is |
|
shared by the sudo front-end and the sudoers module. Make uid/gid |
|
parse error be fatal, not just a warning. |
|
[da3b2b06605c] |
|
|
|
* common/atoid.c: |
|
Add function comment block. |
|
[09a324de716f] |
|
|
|
* common/atoid.c: |
|
Default text domain is now sudo, not sudoers. |
|
[1acb1da6f304] |
|
|
|
* common/Makefile.in: |
|
Update dependency for atoid.lo |
|
[5e367cd44288] |
|
|
|
* common/atoid.c, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/tsgetgrpw.c, src/sudo.c, |
|
src/sudo.h: |
|
Add endpointer and separator args to atoid() |
|
[2077e4ed8578] |
|
|
|
2013-08-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/getgrouplist.c: |
|
Use private version of atoid() to avoid a dependency on libcommon.a |
|
(since that already depends on libreplace.a). |
|
[7c12d63b0560] |
|
|
|
* doc/CONTRIBUTORS: |
|
More UTF8 in names; from Tae Wong |
|
[512b263f51c8] |
|
|
|
* compat/getgrouplist.c, plugins/sudoers/iolog.c, |
|
plugins/sudoers/tsgetgrpw.c, src/sudo.c, src/sudo.h: |
|
Use atoid() in more places. |
|
[06f4ae57c707] |
|
|
|
* MANIFEST, common/Makefile.in, common/atoid.c, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/atoid.c: |
|
Move atoid() to common so it can be used in src and compat too. |
|
[095d730701e4] |
|
|
|
* compat/closefrom.c: |
|
Avoid a crash on Mac OS X 10.8 (at least) when we close |
|
libdispatch's fds out from under it before executing the command. |
|
Switch to just setting the close on exec flag instead. |
|
[349ebf4987df] |
|
|
|
* doc/CONTRIBUTORS: |
|
Convert to last, first for easier sorting and use UTF8 (including a |
|
BOM). |
|
[8c30d221bd75] |
|
|
|
* plugins/sudoers/atoid.c: |
|
Add atoid() function to convert a string to an id_t (uid, gid or |
|
pid). We have to be careful to choose() either strtol() or strtoul() |
|
depending on whether the string appears to be signed or unsigned. |
|
Always using strtoul() is unsafe on 64-bit platforms since the uid |
|
might be represented as a negative number and (unsigned long)-1 on a |
|
64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem |
|
with uids larger than 0x7fffffff on 32-bit platforms. |
|
[5d818e399157] |
|
|
|
* MANIFEST, config.h.in, configure, configure.in, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/policy.c, |
|
plugins/sudoers/sudoers.h: |
|
Add atoid() function to convert a string to an id_t (uid, gid or |
|
pid). We have to be careful to choose() either strtol() or strtoul() |
|
depending on whether the string appears to be signed or unsigned. |
|
Always using strtoul() is unsafe on 64-bit platforms since the uid |
|
might be represented as a negative number and (unsigned long)-1 on a |
|
64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem |
|
with uids larger than 0x7fffffff on 32-bit platforms. |
|
[cd92246a710f] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Avoid "perm stack underflow" error when logging the unknown uid |
|
error. |
|
[871514c713b7] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
In rewind_perms() there is nothing to do if perm_stack_depth == 0. |
|
[98de335f47f0] |
|
|
|
2013-08-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, |
|
plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c, |
|
plugins/sudoers/def_data.h, plugins/sudoers/def_data.in: |
|
Add pam_setcred sudoers option to allow the user to control whether |
|
pam_setcred() is called on the user's behalf. |
|
[4260a8e43073] |
|
|
|
* configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, |
|
doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, |
|
plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, |
|
plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: |
|
Add pam_service and pam_login_service sudoers settings to control |
|
the service name passed to pam_start. |
|
[5ea0e3588f3a] |
|
|
|
* mkpkg: |
|
Newer Xcode places the SDKs under Xcode.app |
|
[4b54379d5c45] |
|
|
|
2013-08-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/Makefile.in, common/zero_bytes.c, |
|
compat/Makefile.in, compat/memset_s.c, config.h.in, configure, |
|
configure.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in, include/missing.h, include/sudo_plugin.h, |
|
mkdep.pl, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, |
|
plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c, |
|
plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, |
|
plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c, |
|
plugins/sudoers/logging.c, plugins/sudoers/sha2.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, |
|
src/Makefile.in, src/conversation.c, src/sudo.h, src/sudo_edit.c, |
|
src/tgetpass.c: |
|
Implement memset_s() and use it instead of zero_bytes(). A new |
|
constant, SUDO_CONV_REPL_MAX, is defined by the plugin API as the |
|
max conversation reply length. This constant can be used as a max |
|
value for memset_s() when clearing passwords filled in by the |
|
conversation function. |
|
[264ec146028e] |
|
|
|
2013-08-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/group_file/Makefile.in, plugins/sample/Makefile.in, |
|
plugins/system_group/Makefile.in: |
|
Do not try to install plugins when shared modules are disabled |
|
(sudoers already had the check). |
|
[3d582c042042] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Update dependencies to take into account compat/getopt.h and |
|
compat/dlfcn.h. |
|
[301fb31cd121] |
|
|
|
* src/Makefile.in: |
|
Update dependencies now that sudo_usage.h is always included from |
|
the build dir. |
|
[c1ff70ec9515] |
|
|
|
2013-07-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
Add some warnings and debugging to sasl ccname handling. |
|
[467f415861f0] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Fix write loop invariant in sudo_krb5_copy_cc_file() |
|
[6948cf6e9b9f] |
|
|
|
2013-07-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
Strip off leading FILE: or WRFILE: prefix before trying to copy the |
|
user's credential cache. |
|
[56c16feab62f] |
|
|
|
2013-07-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/sudo.c: |
|
Instead of setting RLIMIT_NPROC to unlimited when sudo initializes, |
|
just save RLIMIT_NPROC in exec_setup() before the final setuid() and |
|
restore it immediately after. We don't need to modify RLIMIT_NPROC |
|
for simple euid changes, just for changing the real (and saved) uids |
|
before we exec. This also means we no longer need to worry about |
|
_SC_CHILD_MAX returning -1. Bug #565 |
|
[1372f1909039] |
|
|
|
2013-07-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c, src/preload.c: |
|
Now that the ldap code runs with the real and effective uid set to |
|
0, it is not possible for the gssapi libs to find the user's krb5 |
|
credential cache file. To work around this, we make a temporary copy |
|
of the user's credential cache specified by KRB5CCNAME (opened with |
|
the user's effective uid) and point gssapi to it. To set the |
|
credential cache file name, we dynamically look up |
|
gss_krb5_ccache_name() and use it if available, otherwise fall back |
|
to setting KRB5CCNAME. |
|
[8b86c134541a] |
|
|
|
2013-07-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in, |
|
doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in, |
|
doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/visudo.c: |
|
Long option support for visudo and sudoreplay. |
|
[91427968be71] |
|
|
|
2013-07-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/Makefile.in, |
|
src/parse_args.c, src/sudo.c, src/sudo_usage.h.in: |
|
Add support for long options and fix inclusion of sudo_usage.h with |
|
modern gcc broken in 8597:1fcb7ba13018. |
|
[d13134819944] |
|
|
|
* src/Makefile.in: |
|
Add rule to rebuild sudo_usage.h when the .in file changes. |
|
[59a32899e251] |
|
|
|
* compat/Makefile.in, mkdep.pl, src/Makefile.in: |
|
Add make rules for building getopt_long.c |
|
[5f57593b3a8b] |
|
|
|
* src/parse_args.c: |
|
Make "-h hostname" work. Optional args in GNU getopt() only work |
|
when there is no space between the option flag and the argument. |
|
[b8258659cabb] |
|
|
|
2013-07-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, compat/getopt.h, compat/getopt_long.c, config.h.in, |
|
configure, configure.in, doc/LICENSE, src/parse_args.c: |
|
Use getopt_long() so we can make the -h flag take an optional |
|
argument. Includes a version for those without it. |
|
[d1dd66c8a86b] |
|
|
|
2013-07-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: |
|
Document that the -h option can be used specify a host name for |
|
future plugins. |
|
[8470c74cf326] |
|
|
|
* include/sudo_plugin.h, src/parse_args.c, src/sudo_usage.h.in: |
|
Overload -h option to specify an optional hostname for remote |
|
access. This is future-proofing; no policy plugins currently support |
|
this. |
|
[0e01d8c3c623] |
|
|
|
* configure, configure.in: |
|
Bump version to 1.8.8 |
|
[a1155bfaa28f] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in: |
|
Document the remote_host setting (-h host) |
|
[c737db906f5d] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
fix "the the" |
|
[0025464a3942] |
|
|
|
* src/parse_args.c, src/sudo.c, src/sudo.h: |
|
Do not error out if arg to -U option cannot be resolved, that is for |
|
the plugin to decide. There is no need for runas_user and |
|
runas_group to be global, make them local to parse_args() instead. |
|
[fb02a62a72ba] |
|
|
|
* MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/pt_BR.mo, |
|
plugins/sudoers/po/pt_BR.po, src/po/es.mo, src/po/es.po, |
|
src/po/pt_BR.mo, src/po/pt_BR.po: |
|
Sync with translationproject.org |
|
[e8f4772d918a] |
|
|
|
2013-07-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/TROUBLESHOOTING: |
|
Remove old bits about sudo setuid problems that should have been |
|
cleaned up in changeset 7917:fa4894896d8a. Also update the mode of |
|
sudo to 04755 to match current packaging. |
|
[1e3904cdc2de] |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Go back to ignoring the return value of pam_setcred() since with |
|
stacked PAM auth modules a failure from one module may override |
|
PAM_SUCCESS from another. If the first module in the stack fails, |
|
the others may be run (and succeed) but an error will be returned. |
|
This can cause a spurious warning on systems with non-local users |
|
(e.g. pam_ldap or pam_sss) where pam_unix is consulted first. |
|
[b6022e26135a] |
|
|
|
* src/net_ifs.c: |
|
Remove unused variable. |
|
[93dde7d82fde] |
|
|
|
* NEWS: |
|
Fix typo |
|
[5ef79671c2c7] |
|
|
|
2013-07-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sssd.c: |
|
Fix pasto; sudo_sss_extract_digest() not sudo_ldap_extract_digest(). |
|
From Dan Harnett. |
|
[4a0af6f12765] |
|
|
|
2013-06-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Fix formatting typo; from Eric S. Raymond |
|
[058b533ba460] |
|
|
|
2013-06-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* mkpkg: |
|
Use -gxcoff on aix so dbx can be used to debug sudo. |
|
[4950e019ed2d] |
|
|
|
2013-06-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: |
|
Fix typo; bug 605 |
|
[41f7b46a6e51] |
|
|
|
2013-06-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/po/da.mo, src/po/eo.mo, src/po/es.mo, src/po/it.mo, |
|
src/po/tr.mo: |
|
Regen .mo files that were out of date. |
|
[9e25a254f9db] |
|
|
|
2013-05-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.in: |
|
On Solaris 11 and higher, tag binaries for ASLR if supported by the |
|
linker. |
|
[a2a6cafa3e60] |
|
|
|
* mkpkg: |
|
No longer need to disable PIE on Solaris. |
|
[cf90019ae67e] |
|
|
|
2013-05-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING: |
|
Restrict default creation of PIE binaries (-fPIE and -pie) to Linux. |
|
OpenBSD also supports PIE but enables it by default so we don't need |
|
to do anything. This fixes problems on systems with a version of GNU |
|
ld that accepts -pie but where the run-time linker doesn't actually |
|
support PIE. Also verify that a trivial PIE binary works unless PIE |
|
is explicitly enabled. |
|
[3c5f125efeb1] |
|
|
|
2013-05-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* aclocal.m4, configure, configure.in: |
|
Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld |
|
where we can end up crashing due to malloc() failures. Sems OK when |
|
Using Sun as and ld. |
|
[b8ba412102ab] |
|
|
|
* NEWS: |
|
Update with final changes. |
|
[78ff6d2ed47a] |
|
|
|
2013-05-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Add -fPIE to PIE_LDFLAGS as per gcc manual. |
|
[fe900cbb0780] |
|
|
|
2013-05-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/Makefile.in, compat/Makefile.in: |
|
Add missing $(PIE_LDFLAGS) $(SSP_LDFLAGS) for test programs |
|
[f84bc7482b78] |
|
|
|
* MANIFEST, plugins/sudoers/alias.c, plugins/sudoers/match.c, |
|
plugins/sudoers/parse.c, plugins/sudoers/parse.h, |
|
plugins/sudoers/regress/visudo/test4.out.ok, |
|
plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c: |
|
Replace sequence number-based cycle detection in visudo with a |
|
"used" flag in struct alias. The caller is required to call |
|
alias_put() when it is done with the alias. Inspired by a patch from |
|
Daniel Kopecek. |
|
[0bdbac1b3b39] |
|
|
|
2013-05-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/iolog.c: |
|
Eliminate a few relocations related to sudoers_io. |
|
[18e9e2cc3367] |
|
|
|
* plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po: |
|
Sync with translationproject.org |
|
[f38cc128a2ad] |
|
|
|
2013-05-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/ttyname.c: |
|
Clarify a comment. |
|
[7a045ee06e95] |
|
|
|
2013-05-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/ttyname.c: |
|
Handle d_type == DT_UNKNOWN when resolving the device to a name and |
|
sprinkle some more debugging. |
|
[8774133747d9] |
|
|
|
2013-05-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/TROUBLESHOOTING: |
|
Add message about disabling PIE if sudo gets SIGSEGV. |
|
[c786af2a6751] |
|
|
|
* plugins/sudoers/check.h, plugins/sudoers/timestamp.c: |
|
No longer store the ctime of a devpts tty. The handling of ctime on |
|
devpts in Linux has been changed to conform to POSIX. As a result we |
|
can no longer assume that the ctime will stay unchanged throughout |
|
the life of the session. We store the session ID in the time stamp |
|
file so there is a much smaller chance of the time stamp file being |
|
reused by a new login. While here, store the uid/gid in the |
|
timestamp file too for good measure. |
|
[7028b21f7a9b] |
|
|
|
* configure, configure.in: |
|
PIE is broken on FreeBSD/arm |
|
[f232c60d6229] |
|
|
|
* mkpkg: |
|
Add explicit sendmail path for Linux since we may not have sendmail |
|
installed in the build chroot. |
|
[1ba2f84f4ff0] |
|
|
|
2013-05-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_debug.c, plugins/sudoers/iolog.c, |
|
plugins/sudoers/set_perms.c, src/sudo.c, src/tgetpass.c: |
|
Quiet a few -Wunused-result compiler warnings. |
|
[ef12afb61423] |
|
|
|
2013-04-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Mention what SHA-2 formats are supported. |
|
[bf298d0fdf8a] |
|
|
|
* doc/CONTRIBUTORS: |
|
List code and translations separately. |
|
[826547bc1295] |
|
|
|
2013-04-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, |
|
plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, |
|
plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po: |
|
Sync with translationproject.org |
|
[9499a6f438b8] |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
regen |
|
[cce449e284a6] |
|
|
|
* Makefile.in: |
|
Fix c-format for fatal/fatalx |
|
[4ad81d3faaeb] |
|
|
|
2013-04-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.h: |
|
Change some error/errorx -> fatal/fatalx in comments and xgettext |
|
flags. |
|
[9d9b64fa2ec9] |
|
|
|
* NEWS: |
|
There is now a Turkish translation of sudoers. |
|
[701c5af6aa76] |
|
|
|
* MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, |
|
plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: |
|
Updated translations from translationproject.org including new |
|
Turkish translation. |
|
[9cedbb50d90f] |
|
|
|
2013-04-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Document that sudoers will re-use existing I/O log paths unless they |
|
are mktemp-style with trailing X's. |
|
[4f43bd13d9e7] |
|
|
|
* NEWS, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, |
|
doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/ldap.c, |
|
plugins/sudoers/policy.c, plugins/sudoers/sudoers.h: |
|
Allow ldap_conf and ldap_secret to be specified as plugin arguments |
|
in sudo.conf |
|
[37c6c425b565] |
|
|
|
* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, |
|
doc/sudoers.ldap.mdoc.in: |
|
sudoers_debug is now deprecated in favor of the sudo debugging |
|
framework. |
|
[1195be1ec254] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Replace DPRINTF with DPRINTF1 and DPRINTF2 macros that use |
|
SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the |
|
debug file with the ldap subsystem. The sudoers_debug setting in |
|
ldap.conf is still honored for now but will be removed in a future |
|
release. |
|
[cfa42b4b913e] |
|
|
|
2013-04-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers2ldif: |
|
Add support for converting sudoers files with SHA-2 command digests. |
|
[dc0d03485946] |
|
|
|
* doc/fixman.sh, doc/fixmdoc.sh, mkdep.pl, mkpkg, |
|
plugins/sudoers/sudoers2ldif: |
|
Add copyright notice to scripts |
|
[5e8bd4e6083f] |
|
|
|
* MANIFEST, plugins/sudoers/regress/sudoers/test14.in, |
|
plugins/sudoers/regress/sudoers/test14.out.ok, |
|
plugins/sudoers/regress/sudoers/test14.toke.ok: |
|
Add regress for SHA-2 digests. |
|
[0b258c2a2a95] |
|
|
|
* compat/getgrouplist.c: |
|
Solaris maps negative gids to GID_NOBODY. |
|
[57050e5c750f] |
|
|
|
* plugins/sudoers/visudo.c: |
|
Clear up an llvm checker warning which appears to be a false |
|
positive and fix an old XXX while I'm at it. |
|
[9ee13133e596] |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: |
|
Correct last change date |
|
[3bc1fa5b0f76] |
|
|
|
* plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoreplay.c: |
|
No need to translate this error message. |
|
[4d9941970a26] |
|
|
|
* doc/UPGRADE: |
|
Mention .sl vs. .so extension handling on HP-UX Mention group |
|
membership changes Fix typos |
|
[40ac0efbdb2b] |
|
|
|
* aclocal.m4, common/aix.c, common/alloc.c, common/atobool.c, |
|
common/error.c, common/fmt_string.c, common/lbuf.c, common/list.c, |
|
common/setgroups.c, common/term.c, common/ttysize.c, |
|
compat/Makefile.in, compat/dlopen.c, compat/endian.h, |
|
compat/getline.c, compat/getprogname.c, compat/isblank.c, |
|
compat/memrchr.c, compat/mksiglist.c, compat/mktemp.c, |
|
compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c, |
|
compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, |
|
compat/strsignal.c, compat/utimes.c, doc/Makefile.in, |
|
include/Makefile.in, include/alloc.h, include/fileops.h, |
|
include/gettext.h, include/lbuf.h, include/missing.h, |
|
include/sudo_plugin.h, pathnames.h.in, |
|
plugins/group_file/Makefile.in, plugins/sample/Makefile.in, |
|
plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/alias.c, plugins/sudoers/audit.c, |
|
plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, |
|
plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, |
|
plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, |
|
plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, |
|
plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, |
|
plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, |
|
plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/bsm_audit.c, |
|
plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c, |
|
plugins/sudoers/defaults.h, plugins/sudoers/env.c, |
|
plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, |
|
plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, |
|
plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, |
|
plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c, |
|
plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c, |
|
plugins/sudoers/logging.h, plugins/sudoers/match.c, |
|
plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, |
|
plugins/sudoers/parse.h, plugins/sudoers/prompt.c, |
|
plugins/sudoers/pwutil.h, plugins/sudoers/redblack.c, |
|
plugins/sudoers/redblack.h, |
|
plugins/sudoers/regress/check_symbols/check_symbols.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/regress/parser/check_fill.c, |
|
plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, |
|
plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers_version.h, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.h, plugins/sudoers/toke.l, |
|
plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c, |
|
plugins/sudoers/visudo.c, plugins/system_group/Makefile.in, |
|
plugins/system_group/system_group.c, src/Makefile.in, |
|
src/conversation.c, src/exec.c, src/exec_common.c, src/get_pty.c, |
|
src/net_ifs.c, src/parse_args.c, src/preload.c, src/selinux.c, |
|
src/sesh.c, src/signal.c, src/sudo_edit.c, src/sudo_exec.h, |
|
src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c, |
|
src/utmp.c: |
|
Update copyright years. |
|
[5c6d72661bad] |
|
|
|
* plugins/sudoers/mon_systrace.h: |
|
Systrace support was removed long ago. |
|
[10a038a2da77] |
|
|
|
2013-04-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/regress/sudoers/test10.toke.out.ok, |
|
plugins/sudoers/regress/sudoers/test9.toke.out.ok: |
|
Remove some files that were mistakenly added. |
|
[833502da26de] |
|
|
|
* common/sudo_debug.c, config.h.in, configure, configure.in, |
|
plugins/sudoers/boottime.c, plugins/sudoers/iolog.c, |
|
plugins/sudoers/ldap.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c: |
|
Use time(&now) instead of now = time(NULL) when storing the current |
|
time in a time_t (better compiler error checking). Better parsing |
|
and printing of 64-bit time_t on 32-bit platforms. |
|
[c227dc72c04e] |
|
|
|
2013-04-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/ttyname.c: |
|
Don't check the tty of the parent process. Now that we get the |
|
controlling tty device number from the kernel there is no need. If |
|
the process has really disassociated from the tty then reporting |
|
"unknown" is appropriate. |
|
[62fb66e565db] |
|
|
|
2013-04-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/error.c: |
|
Use EXIT_FAILURE instead of 1 as the fatal() exit value. |
|
[ed94c2c5e88a] |
|
|
|
* src/sesh.c: |
|
Change remaining errorx -> fatalx |
|
[3f6d70e19303] |
|
|
|
2013-04-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h: |
|
Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an |
|
error if the entry already exists in the cache. |
|
[94d45970400a] |
|
|
|
* plugins/sudoers/bsm_audit.c, plugins/sudoers/po/sudoers.pot: |
|
Change "foo: failed" to just "foo" since we print the string form of |
|
errno. Gets rids of some useless translations. |
|
[476f37349dbc] |
|
|
|
2013-04-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/match.c: |
|
Fix pasto in debug_decl |
|
[08650186a239] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
regen |
|
[acf4c34fba2c] |
|
|
|
* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, |
|
plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, |
|
plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/logging.h, plugins/sudoers/parse.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: |
|
Rename log_error() -> log_warning() for consistency with |
|
warning()/fatal() |
|
[474ed5a0e335] |
|
|
|
* plugins/sudoers/auth/API: |
|
The NO_EXIT flag was removed a while ago. |
|
[e0a4be270226] |
|
|
|
* common/aix.c, common/alloc.c, common/error.c, include/error.h, |
|
plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c, |
|
plugins/sudoers/find_path.c, plugins/sudoers/hexchar.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/policy.c, plugins/sudoers/prompt.c, |
|
plugins/sudoers/pwutil.c, |
|
plugins/sudoers/regress/check_symbols/check_symbols.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c, |
|
plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c, |
|
src/exec_pty.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, |
|
src/signal.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c, |
|
src/utmp.c: |
|
Rename error/errorx -> fatal/fatalx and remove the exit value as it |
|
was always 1. |
|
[ea66f58c4da5] |
|
|
|
* NEWS: |
|
digests are supported in sudoers ldap too |
|
[77d6c25f7653] |
|
|
|
* plugins/sudoers/regress/check_symbols/check_symbols.c: |
|
Print test failures to stdout like the final count so the outputis |
|
not displayed out of order. |
|
[f541b78ecb93] |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, |
|
plugins/sudoers/po/eo.po, plugins/sudoers/po/hr.mo, |
|
plugins/sudoers/po/hr.po, plugins/sudoers/po/it.po, src/po/da.mo, |
|
src/po/da.po, src/po/eo.po, src/po/hr.mo, src/po/hr.po, |
|
src/po/it.po, src/po/tr.po: |
|
Sync with translationproject.org |
|
[cbd70678b99f] |
|
|
|
* Makefile.in: |
|
Check for any uncommitted changes in dist target and add force-dist |
|
target that omit check-dist. |
|
[78dc3f41e37e] |
|
|
|
2013-04-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/regress/ttyname/check_ttyname.c: |
|
Fix logic bug when checking tty via ttyname(). |
|
[279aee076194] |
|
|
|
* compat/endian.h: |
|
Fix check for _BIG_ENDIAN and _LITTLE_ENDIAN (Solaris) and |
|
__BIG_ENDIAN__ and __LITTLE_ENDIAN__ (HP-UX) |
|
[fe35e0b04502] |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
regen |
|
[0ddebccd3045] |
|
|
|
* NEWS, doc/sample.sudoers, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, |
|
doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Document digest support. |
|
[d794c7b9a7bc] |
|
|
|
* MANIFEST, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/regress/parser/check_base64.c: |
|
Simple bas64 decode unit test. |
|
[344b0df0fe50] |
|
|
|
* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/base64.c, |
|
plugins/sudoers/match.c, plugins/sudoers/parse.h: |
|
Move base64_decode into its own source file. |
|
[30497e7f88bc] |
|
|
|
* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: |
|
Only check year against 2038 if time_t is 32-bit. |
|
[9c1f2e3fc3ba] |
|
|
|
2013-04-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c, plugins/sudoers/parse.h, |
|
plugins/sudoers/sssd.c: |
|
Add digest support for sudoers in ldap and sss. |
|
[314937b5e59e] |
|
|
|
* INSTALL, configure, configure.in: |
|
Error out in configure if the compiler doesn't support "long long". |
|
[d3645c1d50d1] |
|
|
|
* plugins/sudoers/match.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l: |
|
Include stdint.h or inttypes.h before sha2.h |
|
[20ad1c20313d] |
|
|
|
* common/lbuf.c: |
|
Simplify lbuf append functions by moving the realloc code into |
|
lbuf_expand(). We now expand as needed each time bytes need to be |
|
written to the lbuf. Also handle a NULL pointer being passed in for |
|
paranoia's sake. |
|
[6283ee562ef4] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Zero out struct iolog_details early to avoid a potential (though |
|
unlikely) dereference of stack garbage if we hit a fatal error |
|
before iolog_deserialize_info() is called. |
|
[2eeca8be05fb] |
|
|
|
2013-04-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Update copyright year. |
|
[b843c6a43238] |
|
|
|
* plugins/sudoers/sudoers_version.h: |
|
Bump SUDOERS_GRAMMAR_VERSION for new digest support. |
|
[188556fb8156] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.h, |
|
plugins/sudoers/gram.y, plugins/sudoers/match.c, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Sanity check digest in parser so visudo can catch errors. Add base64 |
|
support |
|
[b8586d5cc7ed] |
|
|
|
* MANIFEST, compat/endian.h, config.h.in, configure, configure.in, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/sha2.c: |
|
For big endian architectures just use memcpy() instead of BE macros |
|
in a loop. |
|
[c71a0f4a8a8e] |
|
|
|
2013-04-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, config.h.in, configure, configure.in, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.h, plugins/sudoers/gram.y, |
|
plugins/sudoers/hexchar.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/match.c, plugins/sudoers/parse.h, |
|
plugins/sudoers/regress/parser/check_digest.c, |
|
plugins/sudoers/regress/parser/check_digest.out.ok, |
|
plugins/sudoers/sha2.h, plugins/sudoers/sssd.c, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l, |
|
plugins/sudoers/toke_util.c: |
|
Initial implementation of checksum support in sudoers. Currently |
|
supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format |
|
validation in parser and base64 support. checksum support for ldap |
|
sudoers |
|
[b8f196346eca] |
|
|
|
2013-04-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS, plugins/sudoers/sha2.c, plugins/sudoers/sha2.h: |
|
SHA-224, SHA-256, SHA-384 and SHA-512. Derived from the public |
|
domain SHA-1 and SHA-2 implementations by Steve Reid and Wei Dai |
|
respectively. |
|
[7511d07c0a83] |
|
|
|
2013-04-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Add sudo 1.8.6p8 |
|
[0666fd0321ae] |
|
|
|
* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/po/sudoers.pot: |
|
Add missing "not" in error message when mixing standalone and non- |
|
standalone authentication methods. |
|
[7eba4439db73] |
|
|
|
* plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c: |
|
Check for crypt() returning NULL. Traditionally, crypt() never |
|
returned NULL but newer versions of eglibc have a crypt() that does. |
|
Bug #598 |
|
[887b9df243df] |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Better PAM error messages |
|
[fd7eda53cdd7] |
|
|
|
* plugins/sudoers/auth/kerb5.c: |
|
Better error messages |
|
[98142874a2f4] |
|
|
|
* plugins/sudoers/bsm_audit.c: |
|
Use same error message for getauid() failure. |
|
[07f0d88cb1df] |
|
|
|
* plugins/sudoers/sssd.c: |
|
Start warning with a lower case letter for consistency and to match |
|
existing translated strings. |
|
[b719ac52c9e3] |
|
|
|
2013-04-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* mkpkg: |
|
Disable PIE on Solaris where it is not really supported. |
|
[c36c84cdcc7a] |
|
|
|
* src/ttyname.c: |
|
AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit |
|
before we try to match it against st_rdev. |
|
[5dab449fb962] |
|
|
|
* src/ttyname.c: |
|
Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes |
|
a problem finding the tty name when it is not in /dev/pts. |
|
[6c205d087fa0] |
|
|
|
* compat/snprintf.c: |
|
Support %lld and %llu |
|
[feabfa06c954] |
|
|
|
* .hgignore, MANIFEST, src/Makefile.in, |
|
src/regress/ttyname/check_ttyname.c: |
|
Add ttyname test. |
|
[e987038f8c07] |
|
|
|
2013-04-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/de.mo, src/po/de.po, src/po/fi.mo, src/po/fi.po, |
|
src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po, |
|
src/po/sl.mo, src/po/sl.po, src/po/uk.mo, src/po/uk.po, |
|
src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: |
|
Sync with translationproject.org |
|
[4d7b73b22079] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Log timestampfile to debug file. |
|
[e997281146c0] |
|
|
|
* plugins/sudoers/auth/pam.c, plugins/sudoers/po/sudoers.pot: |
|
Don't add the "Password: " string we look up in the PAM text domain |
|
to the sudoers.pot file. |
|
[771b52244abf] |
|
|
|
2013-04-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
Synce with regcomp() error message change. |
|
[fc6d3dfb8eb8] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Be consistent with error message when regcomp() fails. |
|
[de6c69ba04e4] |
|
|
|
2013-04-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/regress/testsudoers/test5.out.ok, |
|
plugins/sudoers/regress/testsudoers/test5.sh: |
|
Use group -1 instead of 1 as the invalid group since the running |
|
user might have group 1 as their default group. |
|
[71404a9fa75d] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
PWD may be a shell builtin, use CWD instead. |
|
[c443105c5091] |
|
|
|
2013-04-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/check.c: |
|
Split up check_user(). |
|
[ce7cc0767589] |
|
|
|
2013-04-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure.in: |
|
Cosmetic fixes in the comments. |
|
[640abee43c14] |
|
|
|
2013-04-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Use AC_LINK_IFELSE instead of AC_TRY_LINK Fix printing of status |
|
message for visibility checks when the test fails. |
|
[99665477ee55] |
|
|
|
* config.h.in: |
|
regen |
|
[00c22606719a] |
|
|
|
* configure, configure.in: |
|
We no longer use mbr_check_membership() and setrlimit64() is AIX- |
|
specific. |
|
[43caf685a1f1] |
|
|
|
* Makefile.in: |
|
The first (all) target must be by itself or some makes will choose |
|
the run the entire target list. |
|
[16cf3def49f5] |
|
|
|
* configure, configure.in: |
|
Do exec_prefix expansion when enable_shared even if noexec is not |
|
enabled. |
|
[7ed28cb32d8d] |
|
|
|
* compat/getgrouplist.c: |
|
Use free() not efree() since we don't include alloc.h here |
|
[1a008737be24] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[b939f941346f] |
|
|
|
* plugins/sudoers/regress/testsudoers/test2.sh, |
|
plugins/sudoers/regress/testsudoers/test3.sh, |
|
plugins/sudoers/regress/testsudoers/test5.sh: |
|
Pass in expected gid to testsudoers in addition to the uid that |
|
matches the test sudoers files. |
|
[6a1710e8cac1] |
|
|
|
2013-04-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* include/missing.h: |
|
Tru64 5.x does declare innetgr() and getdomainname(). |
|
[c75598e69c7e] |
|
|
|
* plugins/sudoers/match.c: |
|
Fix compilation when getdomainame() is not present. |
|
[e831b017a962] |
|
|
|
* config.h.in, configure.in, include/missing.h: |
|
Move SET/CLR/ISSET from config.h.in to missing.h |
|
[3a3dd29fd7f0] |
|
|
|
* configure, configure.in: |
|
Fix getgrouplist() check. |
|
[12a2adf60e98] |
|
|
|
* MANIFEST: |
|
No more timestamp.h |
|
[5677e26afc0f] |
|
|
|
* plugins/sudoers/check.c: |
|
Neded sys/time.h for struct timeval in struct sudo_tty_info. |
|
[aceaadd8c400] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
regen depends |
|
[21675a8b67e5] |
|
|
|
* NEWS: |
|
Mention libibmldap on HP-UX |
|
[75b4e4b22950] |
|
|
|
* NEWS, plugins/sudoers/match.c: |
|
Instead of checking the domain name explicitly for "(none)", just |
|
check for illegal characters. |
|
[ce35dda811db] |
|
|
|
* plugins/sudoers/visudo.c: |
|
Only warn once when we are unable to open the sudoers file. |
|
[9e27e3aa5b10] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Fall back to opening /dev/tty to determine whether there is a tty if |
|
the system doesn't have kernel support for determing the tty. |
|
[2775bcf9a9b5] |
|
|
|
* compat/getprogname.c: |
|
Update guard to take __progname into account |
|
[60eae3f20232] |
|
|
|
* compat/snprintf.c: |
|
Some older systems have inttypes.h but not stdint.h |
|
[ed1ef160015f] |
|
|
|
* compat/closefrom.c, compat/dlopen.c, compat/fnmatch.c, |
|
compat/getaddrinfo.c, compat/getcwd.c, compat/getgrouplist.c, |
|
compat/getline.c, compat/getprogname.c, compat/glob.c, |
|
compat/isblank.c, compat/memrchr.c, compat/mktemp.c, |
|
compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c, |
|
compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c, |
|
compat/strsignal.c, compat/utimes.c: |
|
Add guards in compat source files. Not really needed since we only |
|
include them in the Makefile if they are needed but should not hurt |
|
either. |
|
[8cbd3b4595b9] |
|
|
|
2013-03-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y: |
|
Don't include gram.h in gram.y, its contents are already included. |
|
Move sudoerserror to the end of gram.y so COMMENT is declared when |
|
we need to use it. |
|
[7d72ebdd7222] |
|
|
|
2013-03-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure.in: |
|
Remove some pre-ANSI cruft. |
|
[6a95704b2116] |
|
|
|
* plugins/sudoers/match.c: |
|
Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h |
|
when it is set. |
|
[da40c550ffed] |
|
|
|
* NEWS, plugins/sudoers/iolog_path.c: |
|
We still want to recognize %{seq} for the SUDOERS_NO_SEQ case but |
|
just leave it as-is. |
|
[9a22de140d28] |
|
|
|
2013-03-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y: |
|
Add missing semicolon in rule. |
|
[817d3f1b2a21] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Now that we can determine the terminal even when file descriptors |
|
are redirected we can check user_ttypath rather than opening |
|
/dev/tty when enforcing requiretty. |
|
[56a28bc09041] |
|
|
|
* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h: |
|
Stash umask in struct sudo_user so we don't need to look it up |
|
later. |
|
[9f85749199dc] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Minor cosmetic change |
|
[c373e106ed49] |
|
|
|
* plugins/sudoers/regress/parser/check_addr.c: |
|
No longer need to declare interfaces |
|
[d7ff7e579557] |
|
|
|
* plugins/sudoers/logging.c: |
|
Fix compilation in SUDOERS_NO_SEQ case |
|
[9a6db9247534] |
|
|
|
* plugins/sudoers/regress/parser/check_addr.c: |
|
No longer need to define sudo_printf |
|
[578ad13c3546] |
|
|
|
* plugins/sudoers/check.c, plugins/sudoers/check.h, |
|
plugins/sudoers/timestamp.c: |
|
Pass auth_pw to the timestamp functions. |
|
[f603649177d6] |
|
|
|
* plugins/sudoers/iolog_path.c: |
|
Fix SUDOERS_NO_SEQ |
|
[17881f9bcd68] |
|
|
|
* plugins/sudoers/locale.c: |
|
Don't need all of sudoers.h in here |
|
[c518150c6483] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Don't need to include sudoers_version.h here. |
|
[8abb31102119] |
|
|
|
2013-03-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/check.c: |
|
DEFAULT_LECTURE is no longer used. |
|
[f565c00a68c1] |
|
|
|
* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c: |
|
Move sudo_conv into policy.c |
|
[f699aee7136b] |
|
|
|
* plugins/sudoers/pwutil.c: |
|
cosmetic fixes |
|
[930e60389ca8] |
|
|
|
* plugins/sudoers/match.c: |
|
RHEL (and perhaps other Linux distros) use the string "(none)" |
|
instead of an empty string when there is no actual NIS-style domain |
|
name. Bug #596 |
|
[11aec11489ac] |
|
|
|
* plugins/sudoers/match.c: |
|
Fix return values when NAME_MATCH is defined. |
|
[ce030be9ccef] |
|
|
|
2013-03-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h: |
|
Update copyright year. |
|
[7e4b8d49addd] |
|
|
|
* plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h, |
|
plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h: |
|
Add sudo_set_grlist(), currently unused by the back end. |
|
[b37ac1d0e8fc] |
|
|
|
* plugins/sudoers/pwutil.c: |
|
Remove unused macros, fix a debug_decl |
|
[6136fb4a0d3b] |
|
|
|
* include/missing.h: |
|
Tru64 Unix doesn't prototype innetgr() or getdomainname(). |
|
[585ac1874dfe] |
|
|
|
* include/missing.h: |
|
Whitespace fixes |
|
[0bb28cd91d97] |
|
|
|
* common/error.c: |
|
Don't need to include setjmp.h here, error.h already includes it. |
|
[fd05ab00e186] |
|
|
|
2013-03-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/Makefile.in, plugins/sudoers/Makefile.in: |
|
regen depends |
|
[57991f5e16b4] |
|
|
|
* plugins/sudoers/check.h: |
|
Rename guard define. |
|
[ccf4dba241d6] |
|
|
|
* plugins/sudoers/check.c, plugins/sudoers/check.h, |
|
plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: |
|
Move contents of timestamp.h into check.h. |
|
[c139757a9283] |
|
|
|
* plugins/sudoers/sudoers.h: |
|
expand_prompt() is now in prompt.c sudo_printf extern is now in |
|
error.h |
|
[219bd74ca62b] |
|
|
|
* plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.h, |
|
plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h, |
|
plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h, |
|
plugins/sudoers/insults.h, plugins/sudoers/interfaces.h, |
|
plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h, |
|
plugins/sudoers/parse.h, plugins/sudoers/pwutil.h, |
|
plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.h, |
|
plugins/sudoers/toke.h: |
|
Change multiple inclusion guards to be _SUDOERS_FOO_H |
|
[faace6d55e78] |
|
|
|
2013-03-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, |
|
src/po/nl.mo, src/po/nl.po, src/po/tr.mo, src/po/tr.po: |
|
New Dutch translation for sudo and sudoers New Turkish translation |
|
for sudo From translationproject.org |
|
[bc918b7b23a4] |
|
|
|
2013-03-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure, configure.in: |
|
Fix a typo in a comment and make sure we don't mistakenly include |
|
_PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in |
|
[694d12ac70ec] |
|
|
|
2013-03-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Don't build check_symbols if we are linking sudoers in statically. |
|
[f6602723bab7] |
|
|
|
* configure, configure.in: |
|
Use $host_os not $host when we only care about the os name and |
|
version. |
|
[05e4f4fcba06] |
|
|
|
* aclocal.m4, configure, configure.in: |
|
Suppress duplicate -L and -I flags. |
|
[228f2f581aed] |
|
|
|
* common/Makefile.in, compat/regress/fnmatch/fnm_test.c: |
|
Fix regress tests on non-OpenBSD platforms. |
|
[9d91bc859c50] |
|
|
|
* configure, configure.in: |
|
If we find sasl/sasl.h there's no need to check for sasl.h too |
|
[889efaa86012] |
|
|
|
* aclocal.m4, configure, configure.in: |
|
Add -R flags at the very end after configure link tests are done |
|
since we can only count on libtool to accept -R, the compiler front |
|
end may not. Also unify the libldap and libibmldap tests using |
|
AC_SEARCH_LIBS and check for -lCsup on HP-UX which is needed by |
|
libibmldap (but is not an explicit dependency). |
|
[ab1451894351] |
|
|
|
2013-03-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Back out changes that broke detection of skey, opie and ldap |
|
libraries. |
|
[ffa82b8f8641] |
|
|
|
* plugins/sudoers/regress/testsudoers/test1.sh, |
|
plugins/sudoers/regress/testsudoers/test2.sh, |
|
plugins/sudoers/regress/testsudoers/test3.sh, |
|
plugins/sudoers/regress/testsudoers/test4.sh, |
|
plugins/sudoers/regress/testsudoers/test5.sh, |
|
plugins/sudoers/regress/visudo/test1.sh, |
|
plugins/sudoers/regress/visudo/test2.sh, |
|
plugins/sudoers/regress/visudo/test3.sh: |
|
Add explicit "exit 0" to prevent the check target from ending |
|
prematurely. |
|
[cca411b492bd] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Fix exit values in check target so we don't have to ignore errors. |
|
[cbc429c409e9] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Fail a test if there is unexpected stderr output. |
|
[4fc24d536bec] |
|
|
|
* MANIFEST: |
|
Fix path to sudo.conf manuals; remove non-existant test2.err.ok |
|
[6b8bcd60dd85] |
|
|
|
* src/load_plugins.c: |
|
Fix compilation in dynamic mode. |
|
[679856fa0774] |
|
|
|
* configure, configure.in: |
|
On HP-UX, libibmldap has a hidden dependency on libCsup |
|
[22994709d77c] |
|
|
|
* compat/dlopen.c: |
|
Pass BIND_VERBOSE to shl_load() |
|
[0060b9cfa9ab] |
|
|
|
* configure, configure.in: |
|
Only create static helper libs when --disable-shared is specified. |
|
[1fcdb1a437e0] |
|
|
|
* src/load_plugins.c: |
|
Ubreak static build. |
|
[4ac9f96be285] |
|
|
|
* INSTALL, aclocal.m4, configure, configure.in: |
|
Replace --with-rpath and --with-blibpath with --disable-rpath. Now |
|
that we use libtool for linking we can just use the -R flag and have |
|
libtool translate it to the proper linker flag. |
|
[09798fad6888] |
|
|
|
2013-03-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_pty.c: |
|
Bump I/O buffer size 32K |
|
[4ef793225309] |
|
|
|
2013-03-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in, doc/sudo.conf.cat, doc/sudo.conf.man.in, |
|
doc/sudo.conf.mdoc.in: |
|
Document sesh Path setting. |
|
[34b0b903b4f8] |
|
|
|
* src/exec.c, src/exec_common.c: |
|
Move exec_cmnd to exec.c to fix a compilation issue with sesh.c |
|
[06aa1956f38d] |
|
|
|
* common/sudo_conf.c, configure, configure.in, include/sudo_conf.h, |
|
src/selinux.c: |
|
Make sesh path configurable in sudo.conf |
|
[91d331f273b7] |
|
|
|
* configure, configure.in: |
|
Use -fno-pie and -nopie if supported when --disable-pie is |
|
specified. |
|
[777138c04dcc] |
|
|
|
2013-03-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: |
|
Document direct execution of the command if the policy plugin has no |
|
close function. |
|
[6a14145c6e80] |
|
|
|
2013-03-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Only delete creds if we actually established them. Print an error if |
|
pam_setcred() fails and we actually authenticated. |
|
[1e015314903b] |
|
|
|
* common/Makefile.in, plugins/group_file/Makefile.in: |
|
regen |
|
[dd8cee2a5e1b] |
|
|
|
* common/alloc.c, include/alloc.h: |
|
Convert efree() to a macro that just casts to void * and does |
|
free(). If the system free() can't handle free(NULL) this may crash |
|
but C89 was a long time ago. |
|
[efd0ff9270fb] |
|
|
|
* configure, configure.in: |
|
Define _REENTRANT for HP-UX when we add -lpthread to SUDO_LIBS. |
|
Fixes a problem with errno sometimes not being set on error on HP- |
|
UX. |
|
[54b419d58320] |
|
|
|
* common/sudo_debug.c: |
|
Fix debug logging from the plugin when there is no error number. |
|
This was broken in the big debugging reorg for 1.8.7. |
|
[2ea7e145e928] |
|
|
|
2013-03-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in, plugins/group_file/Makefile.in, |
|
plugins/sample/Makefile.in, plugins/sudoers/Makefile.in, |
|
plugins/system_group/Makefile.in, src/load_plugins.c: |
|
Always install plugins with a .so extension regardless of what |
|
extension the system uses for shared libraries. That way the |
|
group_plugin sudoers setting can be shared between heterogenous |
|
systems. |
|
[a7e6ecff6fdf] |
|
|
|
* plugins/sudoers/match.c: |
|
Mac OS X has netgroup functions in netdb.h. |
|
[243881a974aa] |
|
|
|
* plugins/sudoers/parse.h: |
|
Tags in struct cmndtag can be set to IMPLIED as well. |
|
[cb6926988cc8] |
|
|
|
* plugins/sudoers/parse.c: |
|
Quiet a compiler warning. |
|
[14e608c2001d] |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Quiet an llvm checker warning. |
|
[2eeb9f3d08f3] |
|
|
|
* plugins/sudoers/parse.c: |
|
Quiet gcc -Wuninitialized false positive |
|
[643ad987503d] |
|
|
|
2013-03-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, |
|
doc/sudoers.mdoc.in: |
|
Document group_file and system_group plugins. |
|
[b56511e79230] |
|
|
|
* NEWS: |
|
Sudo 1.8.7 |
|
[e95183b8fa27] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Try to clarify that sudoedit in sudoers should not include a leading |
|
pathname. |
|
[7b2beac92a9c] |
|
|
|
* plugins/sudoers/pwutil_impl.c: |
|
Make sure groupname_len is at least 32 just to be on the safe side. |
|
It is better to allocate a little extra and not need it than to have |
|
to reallocate and start over. |
|
[6d3e1ba47de9] |
|
|
|
* include/alloc.h, include/missing.h: |
|
Add __malloc_like macro to apply __malloc__ attribute to emalloc, |
|
ecalloc and estrdup. It cannot be applied to realloc since that may |
|
return the same pointer. |
|
[8d70cb81d1f1] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Fix potential double free in an error path. |
|
[657573feb6a4] |
|
|
|
* src/exec_pty.c: |
|
When running the command in a pty, defer the call to exec_setup() |
|
until just before we exec the command. This is consistent with the |
|
non-pty path. As a side effect, the monitor process runs as root and |
|
not the runas user. |
|
[e2a7f8c7ee4c] |
|
|
|
2013-03-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/closefrom.c: |
|
Update copyright year. |
|
[9b652af4dfc0] |
|
|
|
2013-03-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/closefrom.c: |
|
Use pst_highestfd from pstat_getproc() on HP-UX. |
|
[09f3fea46a3d] |
|
|
|
2013-02-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in, common/Makefile.in, doc/Makefile.in, |
|
plugins/sudoers/Makefile.in: |
|
Clean up generated test files and other minor housekeeping. |
|
[f5f4fdd908e1] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Add back gettimeofday() call inadvertantly removed in e1abb9810a83 |
|
[675cce8401ae] |
|
|
|
* config.h.in, configure, configure.in, src/ttyname.c: |
|
Use pstat() on HP-UX to determine the tty device. |
|
[2884af22a9df] |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Fix PAM compilation: def_pam_session, not just pam_session. |
|
[5417d7acc6ea] |
|
|
|
* doc/fixmdoc.sh: |
|
Don't remove the -S option description when trimming out selinux. |
|
Bug #592 |
|
[8a94f2cfa0a0] |
|
|
|
2013-02-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update for Sudo 1.8.6p7 |
|
[0858a73e9c40] |
|
|
|
2013-02-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: |
|
Document when sudo may exec the command directly instead of forking. |
|
[da41951edc28] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in: |
|
Document that close and version be NULL for plugin API >= 1.3 and |
|
that sudo may execute the command directly if there is no close, or |
|
pty or timeout needed. |
|
[e5f929ddeaf8] |
|
|
|
* plugins/sudoers/auth/sudo_auth.c: |
|
Fix debug_decl for sudo_auth_begin_session and |
|
sudo_auth_end_session. |
|
[58243392c0df] |
|
|
|
* configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in, |
|
doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c, |
|
plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, |
|
plugins/sudoers/def_data.in, plugins/sudoers/defaults.c: |
|
Add pam_session sudoers option. |
|
[d994465db9f1] |
|
|
|
* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/policy.c, |
|
plugins/sudoers/sudoers.h: |
|
Dummy out close function if there is no end_session for the auth |
|
method and the front-end can handle a NULL close function. Avoids |
|
the extra sudo process when we don't actually need it. |
|
[74886d5b0fb6] |
|
|
|
2013-02-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in, aclocal.m4: |
|
Add m4/ to paths m4_include parameters so we don't need to use |
|
autoconf's -I flag. |
|
[4fd86e7a84f3] |
|
|
|
* src/exec.c, src/exec_common.c, src/exec_pty.c, src/sudo_exec.h, |
|
src/sudo_plugin_int.h: |
|
If the policy plugin does not provide a close function, there is no |
|
command timeout and no pty is required, skip the event loop and just |
|
exec the command directly. |
|
[ad532f107170] |
|
|
|
* src/sudo.c: |
|
Do not crash if the plugin close and version functions are not |
|
defined. If there is no policy close function, simply print a |
|
warning that the command was not found. |
|
[c789a9dd54e8] |
|
|
|
2013-02-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/parse.c: |
|
Fix typos in selinux/solaris privs specific code. |
|
[9af3999361b4] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in, src/parse_args.c: |
|
Pass the default plugin directory to the plugin via the settings |
|
list. Could be used by a stacking plugin. |
|
[688e771fc145] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Completely ignore time stamp file if it is set to the epoch, |
|
regardless of what gettimeofday() returns. |
|
[df58842af660] |
|
|
|
* doc/CONTRIBUTORS: |
|
Add Nikolai Kondrashov |
|
[df59791438f9] |
|
|
|
* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c: |
|
Use userpw_matches() for username matching so #uid works for |
|
sudoRunAsUser. |
|
[a124062334df] |
|
|
|
* plugins/sudoers/sssd.c: |
|
Avoid calling realloc3() with a zero size parameter when all |
|
retrieved sssd rules fail. Otherwise we'll get a run-time error due |
|
to malloc(0) checking. |
|
[84dfcb73ebd7] |
|
|
|
* plugins/sudoers/sssd.c: |
|
Do not send error mail if a user is not found in SSSD. Local users |
|
can run sudo too. From Nikolai Kondrashov |
|
[3d2ae99ee468] |
|
|
|
2013-02-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/regress/sudo_conf/test4.in, |
|
common/regress/sudo_conf/test4.out.ok: |
|
Test setting disable_coredump to illegal value. |
|
[3c71c6c49027] |
|
|
|
* common/sudo_conf.c: |
|
Fix atobool() usage. |
|
[d40c9f4d06b0] |
|
|
|
* common/regress/sudo_conf/conf_test.c: |
|
Remove unused variable. |
|
[328b524b365b] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Make "sudo -l non_existent_command" warn that non_existent_command |
|
doesn't exist, not the "list" pseudo-command. |
|
[9dc0388fc4f3] |
|
|
|
* plugins/sudoers/parse.c: |
|
Make sudoers file long list output better match the format used by |
|
ldap sudoers. Tags are now converted to options and there is a |
|
single command per line. |
|
[6e6dc3f20d84] |
|
|
|
* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, |
|
doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Use the correct the sudoers policy symbol names and undo an editor |
|
goof committed when adding max_groups to sudo.conf. |
|
[2a6f7ddf5cc3] |
|
|
|
* plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c: |
|
For "sudo -l" start a new line if the runas list changes to make the |
|
output easier to read. |
|
[7dc3d724c924] |
|
|
|
2013-02-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c: |
|
For "sudo -l" and "sudo -ll" only print the runas info for |
|
subsequent commands in a list if the runas info has changed. If we |
|
have new runas info, print out the tags again so as to be less |
|
confusing to the user. For "sudo -ll" set the line continuation |
|
indent to 8. |
|
[b5ec02fe7fc1] |
|
|
|
2013-02-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, Makefile.in, configure, configure.in, doc/sudoers.cat, |
|
doc/sudoers.man.in, doc/sudoers.mdoc.in, |
|
plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, |
|
plugins/group_file/group_file.c, plugins/group_file/group_file.exp, |
|
plugins/group_file/plugin_test.c, plugins/sample_group/Makefile.in, |
|
plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, |
|
plugins/sample_group/sample_group.c, |
|
plugins/sample_group/sample_group.exp: |
|
Rename sample_group plugin to group_file. Install group_file and |
|
system_group plugins by default. |
|
[951b3e446fae] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, |
|
plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, |
|
plugins/sudoers/def_data.in, plugins/sudoers/iolog.c, |
|
plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h: |
|
Add maxseq sudoers option to limit the max number of I/O log files. |
|
[e1abb9810a83] |
|
|
|
2013-02-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/iolog.c: |
|
Log lines and columns in the iolog file. |
|
[03adb6230e05] |
|
|
|
2013-02-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/Makefile.in, common/regress/sudo_conf/conf_test.c, |
|
common/regress/sudo_conf/test1.in, |
|
common/regress/sudo_conf/test1.out.ok, |
|
common/regress/sudo_conf/test2.in, |
|
common/regress/sudo_conf/test2.out.ok, |
|
common/regress/sudo_conf/test3.in, |
|
common/regress/sudo_conf/test3.out.ok, common/sudo_conf.c, |
|
include/sudo_conf.h, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c, |
|
src/sudo.c: |
|
Add simple regress tests for sudo.conf parsing. |
|
[3c36b61bf61c] |
|
|
|
* src/sudo.c: |
|
Always display the I/O plugin version as long as its open functions |
|
doesn't return an error. Previously it was only displayed if the |
|
plugin open returned 1. |
|
[4b0277db3f8c] |
|
|
|
* plugins/sudoers/pwutil_impl.c: |
|
Use sysconf(_SC_LOGIN_NAME_MAX) to find max username length instead |
|
of poking around in struct utmpx. |
|
[2c0cc5c42958] |
|
|
|
* plugins/sudoers/pwutil_impl.c, src/parse_args.c, src/sudo.c: |
|
#include "sudo_usage.h" not <sudo_usage.h> so we get the one in the |
|
build directory and not the src dir when using a separate build |
|
directory. |
|
[1fcb7ba13018] |
|
|
|
2013-02-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/fileops.c: |
|
If a line was longer that 0x80000000 the bit hack to round to the |
|
next power of two would roll over to zero. |
|
[f4f729cf6f0f] |
|
|
|
* plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, |
|
plugins/sudoers/sudoers.h, src/sudo.c: |
|
Use max_groups in front-end and plugin. |
|
[bf1e74166831] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in, src/parse_args.c: |
|
Pass max_groups to plugin in settings list. |
|
[d7d76e8651f4] |
|
|
|
* common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, |
|
doc/sudo.conf.mdoc.in, include/sudo_conf.h: |
|
Add max_groups setting to sudo.conf (currently unused) and remove |
|
unused return value from setters. |
|
[f6494f71e1f0] |
|
|
|
2013-02-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* INSTALL: |
|
Reorganize configure options |
|
[23475de8039f] |
|
|
|
2013-02-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Add Sudo 1.8.6p7 |
|
[5192fc511cbe] |
|
|
|
2013-02-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* INSTALL.configure: |
|
Sync with autoconf 2.68 |
|
[985e5c8efa4e] |
|
|
|
* INSTALL, README: |
|
Remove obsolete OS notes and move build requirements to INSTALL. |
|
[bf0dd53ca164] |
|
|
|
2013-02-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in: |
|
Sort elements of the settings, user_info and command_info lists. |
|
[663062ada5b7] |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: |
|
Remove trailing white space |
|
[027916a6c8e7] |
|
|
|
* plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: |
|
Store the session ID in the tty ticket file too. A tty may only be |
|
in one session at a time so if the session ID doesn't match we |
|
ignore the ticket. |
|
[4eb2cb8df48b] |
|
|
|
2013-02-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers.c, src/sudo.c: |
|
Move tzset() call from sudoers plugin to sudo front end. |
|
[3c058dad8772] |
|
|
|
* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, |
|
doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, |
|
doc/sudoers.ldap.mdoc.in: |
|
Mention line continuation |
|
[399873f8c805] |
|
|
|
* MANIFEST, common/Makefile.in, common/fileops.c, |
|
common/regress/sudo_parseln/parseln_test.c, |
|
common/regress/sudo_parseln/test1.in, |
|
common/regress/sudo_parseln/test1.out.ok, |
|
common/regress/sudo_parseln/test2.in, |
|
common/regress/sudo_parseln/test2.out.ok, |
|
common/regress/sudo_parseln/test3.in, |
|
common/regress/sudo_parseln/test3.out.ok, |
|
common/regress/sudo_parseln/test4.in, |
|
common/regress/sudo_parseln/test4.out.ok, |
|
common/regress/sudo_parseln/test5.in, |
|
common/regress/sudo_parseln/test5.out.ok, |
|
common/regress/sudo_parseln/test6.in, |
|
common/regress/sudo_parseln/test6.out.ok, common/sudo_conf.c, |
|
include/fileops.h, plugins/sudoers/env.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/sudo_nss.c: |
|
Add line continuation support to sudo_parseln() and make it use |
|
getline() instead of fgets() internally. |
|
[d02bf3973fc5] |
|
|
|
2013-02-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sample/sample_plugin.c: |
|
Fix memory leak in error path; found by llvm checker |
|
[d090c26a5b00] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Remove useless store detected by llvm checker. |
|
[12a4db91651a] |
|
|
|
* configure, configure.in, doc/UPGRADE, mkpkg, src/Makefile.in, |
|
src/load_plugins.c, sudo.pp: |
|
Sudo now stores its libexec files in a "sudo" subdirectory instead |
|
of in libexec itself. For backwards compatibility, if the plugin is |
|
not found in the default plugin directory, sudo will check the |
|
parent directory default directory ends in "/sudo". |
|
[5de67de76489] |
|
|
|
* plugins/sample/sample_plugin.c, plugins/sample_group/sample_group.c, |
|
plugins/system_group/system_group.c: |
|
Add missing __dso_public to plugin structs so they are exported. |
|
[dde703577621] |
|
|
|
* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: |
|
Mention that sudoers has its own plugins too. |
|
[0a6c6203b512] |
|
|
|
2013-02-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: |
|
Correct last change date. |
|
[45894291d792] |
|
|
|
* doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, |
|
doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, |
|
doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, |
|
doc/sudoers.mdoc.in: |
|
Remove duplicated sudo.conf info in the sudo, sudoers and |
|
sudo_plugin manuals and cross-reference the new sudo.conf manual. |
|
[b808ba29cf3a] |
|
|
|
* doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in: |
|
Fix typos |
|
[0e70964150c6] |
|
|
|
* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, |
|
doc/sudoers.ldap.mdoc.in: |
|
Fix some typos. |
|
[94ae045cfbc6] |
|
|
|
* MANIFEST, doc/Makefile.in, doc/sudo.conf.cat, doc/sudo.conf.man.in, |
|
doc/sudo.conf.mdoc.in: |
|
Add standalone sudo.conf manual page. |
|
[d64d949b700c] |
|
|
|
* doc/sample.sudo.conf: |
|
add group_source example |
|
[118c1ba1c014] |
|
|
|
* configure, configure.in, doc/sample.sudo.conf, doc/sudo.man.in, |
|
doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, |
|
doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf. |
|
[f5bd6006dc1c] |
|
|
|
* plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/it.mo, |
|
src/po/it.po: |
|
Sync with translationproject.org |
|
[a6f2b9aac371] |
|
|
|
2013-02-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/fi.mo, |
|
src/po/fi.po, src/po/gl.mo, src/po/gl.po, src/po/vi.mo, |
|
src/po/vi.po: |
|
Sync with translationproject.org |
|
[ba546666969d] |
|
|
|
2013-02-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo, |
|
plugins/sudoers/po/eo.po, src/po/da.po, src/po/eo.mo, src/po/eo.po, |
|
src/po/es.po, src/po/gl.po: |
|
Sync with translationproject.org |
|
[cdc454e34c03] |
|
|
|
2013-01-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Clarify ttyname changes. |
|
[cbf2f80fe582] |
|
|
|
* NEWS: |
|
Add 1.8.6p6 |
|
[3aa591e98b3b] |
|
|
|
* src/ttyname.c: |
|
Remove ttyname() fall back code on systems where we can query the |
|
kernel for the tty device via /proc or sysctl(). If there is no |
|
controlling tty, it is better to just treat the tty as unknown |
|
rather than to blindly use what is hooked up to std{in,out,err}. |
|
[b2bd3005d2e4] |
|
|
|
2013-01-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_conf.c, include/sudo_conf.h, src/sudo.c: |
|
Add group_source setting in sudo.conf to allow the admin to specify |
|
how a user's groups are looked up. Legal values are static (just the |
|
kernel list from getgroups), dynamic (whatever the group database |
|
includes) and adaptive (only use group db if kernel group list is |
|
full). |
|
[87a5b02e22ad] |
|
|
|
* plugins/sudoers/policy.c: |
|
Pass back exec_background to front end if it is enabled in sudoers. |
|
[8230e1cd0bbd] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Mention that exec_background is for 1.8.7 and higher only. |
|
[fdf0d5a3e182] |
|
|
|
2013-01-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST: |
|
Add missing test files. |
|
[1165389aa5e6] |
|
|
|
* plugins/sudoers/regress/visudo/test3.err.ok, |
|
plugins/sudoers/regress/visudo/test3.out.ok, |
|
plugins/sudoers/regress/visudo/test3.sh: |
|
Add regress test for bug 361 |
|
[54c7fb61b82d] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Add __dso_public to extern declaration of declaration to match |
|
actual definition. |
|
[4695ded501e6] |
|
|
|
* NEWS: |
|
Add 1.8.6p5 |
|
[b07b28c5c4d7] |
|
|
|
2013-01-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/regress/visudo/test2.err.ok, |
|
plugins/sudoers/regress/visudo/test2.out.ok, |
|
plugins/sudoers/regress/visudo/test2.sh: |
|
Add test for visudo cycle check core dump; test case from Daniel |
|
Kopecek |
|
[41074541147a] |
|
|
|
* plugins/sudoers/visudo.c: |
|
Fix potential stack overflow due to infinite recursion in alias |
|
cycle detection. From Daniel Kopecek. |
|
[d7e018a87434] |
|
|
|
* common/sudo_conf.c, include/sudo_conf.h, src/load_plugins.c: |
|
Ignore duplicate entries in sudo.conf and report the line number |
|
when there is an error. Warn, don't abort if there is more than one |
|
policy plugin. |
|
[dfcb5a698f0a] |
|
|
|
* plugins/sudoers/tsgetgrpw.c: |
|
Use strtoul() not atoi(). |
|
[58a52cf9b6b8] |
|
|
|
2013-01-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/Makefile.in: |
|
regen depends for to add compat/nss_dbdefs.h for getgrouplist.lo |
|
[9b44e9d26d16] |
|
|
|
* compat/nss_dbdefs.h: |
|
Fix typo that breaks the build on HP-UX. |
|
[b9ab6ba23485] |
|
|
|
* MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in, |
|
configure, configure.in: |
|
Use nss_search() to implement getgrouplist() where available. Tested |
|
on Solaris and HP-UX. We need to include a compatibility header for |
|
HP-UX which uses the Solaris nsswitch implementation but doesn't |
|
ship nss_dbdefs.h. |
|
[d29dbc4dc06d] |
|
|
|
2013-01-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.h: |
|
Remove extra flag to sudo_sigaction(). We want to trap the signal |
|
regardless of whether or not it is ignored by the underlying command |
|
since there's no way to know what signal handlers the command will |
|
install. Now we just use sudo_sigaction() to set a flag in |
|
saved_signals[] to indicate whether a signal needs to be restored |
|
before exec. |
|
[c042d52c7192] |
|
|
|
2013-01-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/getgrouplist.c, config.h.in, configure, configure.in: |
|
Use _getgroupsbymember() on Solaris to get the groups list. Fixes |
|
performance problems with the getgroupslist() compat on Solaris |
|
systems with network-based group databases. |
|
[287d3ae2ce8d] |
|
|
|
2013-01-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in: |
|
Document signal handler behavior in plugin API 1.3 |
|
[20dc9d1c105f] |
|
|
|
* MANIFEST, include/sudo_plugin.h, src/Makefile.in, src/exec.c, |
|
src/exec_pty.c, src/signal.c, src/sudo.c, src/sudo.h: |
|
Move signal code into its own source file and add sudo_sigaction() |
|
wrapper that has an extra flag to check the saved_signals list to |
|
only install the handler if the signal is not already ignored. Bump |
|
plugin API version for the new front-end signal behavior. |
|
[5d2f27a1b404] |
|
|
|
* plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c, src/sudo.h, |
|
src/sudo_exec.h: |
|
Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute |
|
the command. If we get SIGINT or SIGQUIT, call the plugin close() |
|
functions as if the command was interrupted. If we get SIGTSTP, |
|
uninstall the handler and deliver SIGTSTP to ourselves. |
|
[332baf3a81b7] |
|
|
|
* src/exec.c, src/exec_pty.c: |
|
Rename handle_signals() to dispatch_signals(). Block other signals |
|
in handler() so we don't have to worry about the write() being |
|
interrupted. |
|
[666e95c9a0f1] |
|
|
|
2013-01-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/tgetpass.c: |
|
Rename signal handler to avoid name clash with one in exec.c |
|
[8913101a29b6] |
|
|
|
2013-01-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/sudo.c: |
|
Add missing call to save_signals(). |
|
[47d075d7326b] |
|
|
|
2013-01-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
Fill in the comment block at the top of the .pot files and preserve |
|
it when regenerating them. |
|
[6449497b76db] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in, |
|
doc/sudoers.mdoc.in, plugins/sudoers/def_data.c, |
|
plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, |
|
plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h: |
|
Add exec_background option in plugin command info and a sudoers |
|
option to match. When set, commands are started in the background |
|
and automatically foregrounded as needed. There are issues with some |
|
ill-mannered programs (like Linux su) so this is not the default. |
|
[c0b32b0938f2] |
|
|
|
* common/Makefile.in: |
|
regen |
|
[2b2b220e7aea] |
|
|
|
* src/Makefile.in: |
|
Add SESH_OBJS variable for sesh object files. |
|
[d3e04ae8fd1f] |
|
|
|
* configure.in, doc/LICENSE, plugins/sudoers/redblack.c: |
|
Update copyright year. |
|
[61a0f0cedb13] |
|
|
|
* src/exec_pty.c: |
|
Always resume the command in the foreground if sudo itself is the |
|
foreground process. This helps work around poorly behaved programs |
|
that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP. At |
|
worst, sudo will go into the background but upon resume the command |
|
will be runnable. Otherwise, we can get into a situation where the |
|
command will immediately suspend itself. |
|
[c368ac3eb2e4] |
|
|
|
* configure, configure.in: |
|
Use -fstack-protector-all in preference to -fstack-protector where |
|
supported. |
|
[f930c95ceb51] |
|
|
|
2013-01-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Only test for -fstack-protector and -fvisibility=hidden on GNU |
|
compatible compilers. |
|
[796f4696d863] |
|
|
|
2013-01-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Add Sudo 1.8.6p4 |
|
[8a928de8e717] |
|
|
|
* common/Makefile.in, compat/Makefile.in, configure, configure.in, |
|
plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, |
|
plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, |
|
src/Makefile.in: |
|
Break out stack smashing protector options into SSP_CFLAGS and |
|
SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS). |
|
[01be114fc9fb] |
|
|
|
2013-01-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS, plugins/sudoers/redblack.c: |
|
In rbrepair(), make sure we never try to change the color of the |
|
sentinel node, which is the first entry, not the root. From Michael |
|
King |
|
[3fc4dc4004ec] |
|
|
|
2012-12-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_pty.c: |
|
No need to restore default signal handler for SIGSTOP as it is not |
|
catchable. Attempting to do so is harmless but sigaction() will fail |
|
and set errno to EINVAL which makes it looks like there is an error. |
|
[be7c0b759e9a] |
|
|
|
* src/exec.c: |
|
Print SIGCONT_FG and SIGCONT_BG properly in debug output. |
|
[93e59e301c8f] |
|
|
|
2012-12-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Disable PIE on FreeBSD/ia64, otherwise sudo will segfault. |
|
[9ed48f696595] |
|
|
|
2012-12-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* include/missing.h: |
|
Add howmany() macro since some systems have this in sys/param.h |
|
which we no longer include. |
|
[2c5efaa16c45] |
|
|
|
2012-12-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/regress/sudoers/test11.toke.out.ok: |
|
Remove errant file. |
|
[a91699beffc6] |
|
|
|
2012-12-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/regress/check_symbols/check_symbols.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/regress/parser/check_fill.c: |
|
Remove obsolete sudoers_cleanup() stubs. |
|
[89153025a2ae] |
|
|
|
* common/alloc.c, common/atobool.c, common/fileops.c, |
|
common/fmt_string.c, common/lbuf.c, common/secure_path.c, |
|
common/sudo_conf.c, common/sudo_debug.c, common/term.c, |
|
compat/closefrom.c, compat/getcwd.c, compat/glob.c, |
|
compat/snprintf.c, include/missing.h, |
|
plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c, |
|
plugins/sample_group/plugin_test.c, |
|
plugins/sample_group/sample_group.c, plugins/sudoers/alias.c, |
|
plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, |
|
plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, |
|
plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, |
|
plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, |
|
plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, |
|
plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, |
|
plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c, |
|
plugins/sudoers/check.c, plugins/sudoers/defaults.c, |
|
plugins/sudoers/env.c, plugins/sudoers/find_path.c, |
|
plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c, |
|
plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/logging.c, plugins/sudoers/match.c, |
|
plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, |
|
plugins/sudoers/policy.c, plugins/sudoers/prompt.c, |
|
plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c, |
|
plugins/sudoers/redblack.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c, |
|
plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, |
|
plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, |
|
plugins/system_group/system_group.c, src/conversation.c, src/exec.c, |
|
src/exec_common.c, src/exec_pty.c, src/get_pty.c, |
|
src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/sudo.c, |
|
src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c: |
|
Don't include <sys/param.h>. We only needed it for MAXPATHLEN, |
|
MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and |
|
HOST_NAME_MAX throughout without falling back on MAXPATHLEN or |
|
MAXHOSTNAMELEN and define our own MIN/MAX macros as needed. |
|
[f4807d46f504] |
|
|
|
* include/missing.h, plugins/sudoers/match.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sudo.c: |
|
Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN |
|
(sys/param.h or netdb.h). |
|
[2544f5e306dd] |
|
|
|
2012-11-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/logging.c: |
|
Move debug_decl() in log_failure() to be after the variable |
|
declarations for C89. |
|
[f48d2035ab44] |
|
|
|
2012-11-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/error.c, include/error.h, plugins/sudoers/iolog.c, |
|
plugins/sudoers/logging.c, plugins/sudoers/policy.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
|
Cannot wrap sigsetjmp() or we end up returning to the wrong place. |
|
Use a macro instead. |
|
[749ee6acdad8] |
|
|
|
2012-11-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/policy.c: |
|
Fix return in sudoers_policy_open that should be debug_return. |
|
[a78b795b6846] |
|
|
|
2012-11-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/ttyname.c: |
|
Define sudo_ttyname_dev() for the HAVE_STRUCT_PSINFO_PR_TTYDEV case |
|
too. |
|
[acfa891c229e] |
|
|
|
* src/solaris.c: |
|
Quiet a gcc warning and add comment about needing to keep the handle |
|
open. |
|
[f954f228960f] |
|
|
|
2012-11-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* INSTALL: |
|
mention --disable-shared |
|
[6954d39e2d0f] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in: |
|
Add missing command_info argument in I/O plugin open() prototype. |
|
Bug #579 |
|
[72beb07aba0e] |
|
|
|
2012-11-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/gram.c: |
|
Regen for proper line numbers. |
|
[6cf6e132e764] |
|
|
|
* configure, configure.in: |
|
Add locale_stub.o to SUDO_OBJS, not locale_stub.lo. |
|
[d604dc8ca38a] |
|
|
|
* common/sudo_printf.c: |
|
Include missing.h for __printflike. |
|
[a33640600faf] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Saner loop invariant in io_mkdirs (cosmetic only). |
|
[dc30274afe38] |
|
|
|
* MANIFEST, common/Makefile.in, common/error.c, common/sudo_printf.c, |
|
configure, configure.in, include/error.h, mkdep.pl, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/locale.c, |
|
plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, |
|
plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, |
|
src/Makefile.in, src/error.c, src/exec_pty.c, src/locale_stub.c, |
|
src/sesh.c: |
|
Move warn/error into common and make static builds work. |
|
[4d3f374f4e4c] |
|
|
|
* MANIFEST, common/Makefile.in, common/sudo_debug.c, |
|
common/sudo_printf.c, include/error.h, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, |
|
plugins/sudoers/policy.c, |
|
plugins/sudoers/regress/check_symbols/check_symbols.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/regress/parser/check_fill.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, |
|
src/Makefile.in, src/conversation.c, src/sesh.c: |
|
Move _sudo_printf from src/conversation.c to common/sudo_printf.c. |
|
Add sudo_printf function pointer that is initialized to |
|
_sudo_printf() instead of requiring a sudo_conv function pointer |
|
everywhere. The plugin will reset sudo_printf to point to the |
|
version passed in via the plugin open function. Now plugin_error.c |
|
can just call sudo_printf in all cases. The sudoers binaries no |
|
longer need their own version of sudo_printf. |
|
[9b09d3f63790] |
|
|
|
* plugins/sudoers/iolog.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
|
Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't |
|
need error_jmp to be extern. Also add plugin_clearjmp() that clears |
|
a flag so error()/errorx() knows when to call exit() vs. longjmp(). |
|
[5a4617148e70] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Let warning() call gettext() for us. |
|
[ab8d502ba4ac] |
|
|
|
* include/error.h, plugins/sudoers/plugin_error.c, src/error.c: |
|
Do locale swapping in the warning()/error() macros themselves |
|
instead of in the underlying functions. |
|
[4cd205540e17] |
|
|
|
* common/alloc.c, common/list.c, include/error.h, |
|
plugins/sudoers/env.c, plugins/sudoers/plugin_error.c, |
|
plugins/sudoers/regress/check_symbols/check_symbols.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c, |
|
src/hooks.c: |
|
Rename warning2()/error2() -> warning_nodebug()/error_nodebug(). |
|
[48346393634d] |
|
|
|
* common/sudo_conf.c, plugins/sudoers/auth/fwtk.c, |
|
plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, |
|
plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c, |
|
plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, |
|
plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, |
|
plugins/sudoers/policy.c, plugins/sudoers/sssd.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l, |
|
plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/error.c, |
|
src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c, |
|
src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, |
|
src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c: |
|
Call gettext() on parameters for warning()/warningx() instead of |
|
having warning() do it for us. |
|
[c71088bc9d3e] |
|
|
|
* Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.y, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l, plugins/sudoers/toke_util.c: |
|
Call gettext() in sudoerserror() in the user's locale and pass the |
|
untranslated string to it. |
|
[cdbfc231b848] |
|
|
|
* plugins/sudoers/Makefile.in, plugins/sudoers/locale.c, |
|
plugins/sudoers/logging.h, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: |
|
Allow sudoers programs (visudo, sudoreplay, visudo) to use |
|
plugin_error.c instead of the error.c from the front-end. This means |
|
sudoers_setlocale() needs to be independent of the sudo_user struct |
|
and the defaults table. The sudoers locale is now updated via a |
|
callback. |
|
[e356f5f8cd6a] |
|
|
|
* plugins/sudoers/iolog.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
|
Include setjmp.h in sudoers.h Move error_jmp into plugin_error.c |
|
Rename sudoers_plugin_cleanup sudoers_cleanup Make sudoers |
|
warning/error functions work when sudo_conv is NULL |
|
[7365ee24a779] |
|
|
|
* src/error.c: |
|
No need to change locale in front-end warning()/error(). |
|
[23dc1df7f93b] |
|
|
|
* plugins/sudoers/tsgetgrpw.c: |
|
Ignore bad lines in passwd/group file instead if stopping processing |
|
when we hit one. |
|
[79b790559075] |
|
|
|
* plugins/sudoers/regress/testsudoers/test2.sh, |
|
plugins/sudoers/regress/testsudoers/test3.sh, |
|
plugins/sudoers/regress/testsudoers/test5.sh: |
|
Bash doesn't let you set UID to use MYUID instead. |
|
[5be56335f059] |
|
|
|
* plugins/sudoers/visudo.c: |
|
Avoid NULL deref for unknown Defaults in strict mode. |
|
[545c21c1e7d6] |
|
|
|
* common/sudo_conf.c, common/sudo_debug.c: |
|
See DEFAULT_TEXT_DOMAIN |
|
[3d723e1d27db] |
|
|
|
2012-11-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* .hgignore: |
|
Add signame.c and mksigname. |
|
[d59bbf423f00] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Fold preinstall into install-plugin and pass the path to the plugin |
|
binary to the preinstall command. |
|
[2c2205af8bb7] |
|
|
|
* pp: |
|
sync with upstream |
|
[a4b7336b3256] |
|
|
|
* src/sudo.h: |
|
repair spacing |
|
[f5c1255ce514] |
|
|
|
2012-11-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_debug.c: |
|
Set group on sudo_debug when creating it to gid 0 so systems without |
|
BSD group semantics don't get the invoking user's group. |
|
[7dda01196554] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Rename mkdir_parents() io_mkdirs() and add a flag to specify whether |
|
path is a temporary, in which case the final component is created |
|
via mkdtemp() instead of mkdir(). |
|
[79c0c4e7ed58] |
|
|
|
* plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h: |
|
For PERM_ROOT set egid to 0 so log files are not created with the |
|
gid of the user. |
|
[5b964ea43474] |
|
|
|
* plugins/sudoers/logging.c: |
|
Add calls to set_perms(PERM_ROOT) becore logging to a file. We |
|
should already be root but since we cache the current permission |
|
status it is basically free. That way, if more of sudoers runs as |
|
non-root in the future logging will still work correctly. |
|
[c591d4973f41] |
|
|
|
* common/sudo_conf.c, config.h.in, configure, configure.in, |
|
include/gettext.h, plugins/sudoers/locale.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, |
|
src/error.c, src/exec.c, src/sesh.c, src/sudo.c: |
|
#unifdef HAVE_SETLOCALE, it is C89 so no need to check for it. |
|
[41f6bb4926f4] |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, |
|
doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in: |
|
Mention that sudo.conf is parsed in the C locale. |
|
[f711c416e30c] |
|
|
|
* common/sudo_conf.c: |
|
Parse sudo.conf in the "C" locale. |
|
[776658f651ea] |
|
|
|
* plugins/sudoers/locale.c, plugins/sudoers/logging.h, |
|
plugins/sudoers/sudoers.h: |
|
Fix compilation on systems w/o setlocale() |
|
[6940d1c1c1ce] |
|
|
|
* doc/TROUBLESHOOTING: |
|
Sudo now includes a workaround for the Solaris 11 locale issue. |
|
[ab93787a552c] |
|
|
|
2012-11-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* include/gettext.h, plugins/sudoers/iolog_path.c, |
|
plugins/sudoers/locale.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, |
|
src/error.c, src/exec.c, src/sesh.c, src/sudo.c, src/sudo.h: |
|
Always include locale.h from gettext.h so we no longer need to |
|
include locale.h from the .c files. |
|
[93d39182ccfa] |
|
|
|
* MANIFEST, config.h.in, configure, configure.in, mkdep.pl, |
|
plugins/sudoers/Makefile.in, src/Makefile.in, src/openbsd.c, |
|
src/solaris.c, src/sudo.c, src/sudo.h: |
|
Add os-specific initialization functions for solaris (workaround |
|
setuid locale problem in Solaris 11) and openbsd (set malloc_options |
|
if SUDO_DEVEL). Also move set_project() to solaris.c. |
|
[1d6581afbaf4] |
|
|
|
2012-11-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/policy.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c: |
|
Avoid strerror() when possible and just rely on warning/error to |
|
handle errno in the proper locale. |
|
[bf612caae97c] |
|
|
|
* plugins/sudoers/logging.c: |
|
Set sudoers locale in log_allowed() |
|
[2dd0ac704cae] |
|
|
|
* plugins/sudoers/check.c: |
|
Make the sudo lecture translatable. |
|
[3cdfc183d72d] |
|
|
|
* Makefile.in: |
|
Add the values of badpass_message, passprompt and mailsub to |
|
sudoers.pot so they can be translated. |
|
[51cbe8adcb94] |
|
|
|
* plugins/sudoers/logging.c: |
|
Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked |
|
up by xgettext. |
|
[c5b74115caf0] |
|
|
|
2012-11-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/check.c, plugins/sudoers/prompt.c, |
|
plugins/sudoers/sudoers.h: |
|
Make expand_prompt() args const and free the prompt when we are done |
|
with it. |
|
[995ef8519fe6] |
|
|
|
* plugins/sudoers/policy.c: |
|
Fix cut and pasto |
|
[e002921c1d15] |
|
|
|
* plugins/sudoers/defaults.c, plugins/sudoers/logging.c: |
|
Expand def_mailsub in the sudoers locale, not the user's. |
|
[a4775f2fb385] |
|
|
|
* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, |
|
plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, |
|
plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, |
|
plugins/sudoers/env.c, plugins/sudoers/iolog.c, |
|
plugins/sudoers/locale.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/logging.h, plugins/sudoers/parse.c, |
|
plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/timestamp.c: |
|
Call gettext inside log_error et al instead of having the caller do |
|
it. This way we can display any messages to the user in their own |
|
locale but log in the sudoers local. |
|
[286e0444f785] |
|
|
|
* common/sudo_conf.c, plugins/sudoers/auth/fwtk.c, |
|
plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, |
|
plugins/sudoers/defaults.c, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, |
|
plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c, |
|
plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, |
|
plugins/sudoers/policy.c, plugins/sudoers/sssd.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l, |
|
plugins/sudoers/visudo.c, src/error.c, src/exec.c, |
|
src/exec_common.c, src/exec_pty.c, src/load_plugins.c, |
|
src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c, |
|
src/sudo.c, src/sudo_edit.c, src/tgetpass.c: |
|
Display warning/error messages in the user's locale. |
|
[00a04165c0cf] |
|
|
|
* plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c, |
|
plugins/sudoers/logging.c, plugins/sudoers/sudoers.c: |
|
audit_failure() now calls gettext itself using the sudoers locale. |
|
[d77f1d78799a] |
|
|
|
* plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/sudoers.c: |
|
Convert setlocale() to sudoers_setlocale() in the sudoers module. |
|
This only converts existing uses, there are more places where we |
|
need to sprinkle sudoers_setlocale() calls. |
|
[8ee0cbf0d0a9] |
|
|
|
* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c, |
|
plugins/sudoers/locale.c, plugins/sudoers/logging.h, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
|
Add simple locale switching to make it easy to switch from the |
|
user's locale to the sudoers locale without making excessive |
|
setlocale() calls when we don't need to. |
|
[5c61582fdeee] |
|
|
|
* common/sudo_debug.c, include/error.h, include/sudo_debug.h, |
|
plugins/sudoers/plugin_error.c, src/error.c: |
|
Add variants of warn/error and sudo_debug_printf that take a va_list |
|
instead of a variable number of args. |
|
[00392bdc063c] |
|
|
|
* INSTALL, doc/TROUBLESHOOTING: |
|
Document Solaris 11 locale issues and workarounds. |
|
[05f7d34af3ae] |
|
|
|
* Makefile.in, configure, configure.in: |
|
Solaris gettext() looks in lang.UTF-8, not just lang for UTF-8 |
|
locales. Make links from localdir/lang -> localdir/lang.UTF-8 |
|
[5ca9326480e2] |
|
|
|
2012-11-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/audit.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/logging.h, plugins/sudoers/sudoers.c: |
|
Do not inform the user that the command was not permitted by the |
|
policy if they do not successfully authenticate. This is a |
|
regression introduced in sudo 1.8.6. |
|
[c1279df08bfb] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup |
|
the rpath in HP-UX SOM shared libraries for the LDAP libs. |
|
[b07185657b42] |
|
|
|
* src/parse_args.c: |
|
The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A. |
|
[22c73cbe3ff9] |
|
|
|
2012-10-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* INSTALL, configure, configure.in: |
|
Allow the user to specify and alternate libtool |
|
[c9d6fc9521fd] |
|
|
|
2012-10-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c: |
|
Allow sudo to be build with sss support without also including ldap |
|
support. From Stephane Graber. |
|
[b992a80ebea1] |
|
|
|
2012-10-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_path.c, |
|
plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c, |
|
plugins/sudoers/policy.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/visudo.c: |
|
Refactor policy plugin interface code from sudoers.c into policy.c |
|
[393e62910b8a] |
|
|
|
* plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c: |
|
Refactor command_info setting into its own function. |
|
[a952b948324c] |
|
|
|
* plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h, |
|
plugins/sudoers/match_addr.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: |
|
Make interfaces pointer private to interfaces.c and add |
|
get_interfaces() accessor. |
|
[b69b9334ed3c] |
|
|
|
2012-10-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/sudoers.h: |
|
Make user_cwd const since it is either a string literal or passed in |
|
from the front-end. |
|
[90751b81e8bc] |
|
|
|
* configure, configure.in: |
|
sudo 1.8.7 |
|
[bf727adb8af0] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Avoid nested strtok() calls. |
|
[9d9f22ab52a9] |
|
|
|
2012-10-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, |
|
plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h: |
|
Move expand_prompt() into its own source file for easier unit |
|
testing. |
|
[b419b48a436f] |
|
|
|
* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, |
|
plugins/sudoers/check.h, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h: |
|
Make check.c independent of the underlying timestamp implementation. |
|
[895071bd6065] |
|
|
|
* plugins/sudoers/iolog_path.c: |
|
Add SUDOERS_NO_SEQ define to allow ${seq} to be disabled. |
|
[8ac38f02dd6d] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Use a list for the possible values of Tag_Spec with a minimal indent |
|
to improve readability. In the pod version, these were =head3. Also |
|
use .St -p1003.1 instead of just POSIX when talking about glob() and |
|
fnmatch(). |
|
[361a6f7a5c44] |
|
|
|
2012-10-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/ttyname.c: |
|
sudo_ttyname_dev() is unused if there is no /proc or sysctl(). |
|
[6598dbf81e16] |
|
|
|
* compat/mksiglist.c, compat/mksigname.c, |
|
compat/regress/fnmatch/fnm_test.c, compat/regress/glob/globtest.c, |
|
plugins/sample_group/plugin_test.c, |
|
plugins/sudoers/regress/check_symbols/check_symbols.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/regress/parser/check_fill.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c: |
|
Explicitly mark main() as public in executables to avoid an HP-UX ld |
|
warning. |
|
[72a40ce218be] |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: |
|
Remove grep from SEE ALSO section. |
|
[c7cafee1621f] |
|
|
|
* common/alloc.c: |
|
If vasprintf() fails, just use the errno it sets instead of assuming |
|
ENOMEM. |
|
[1be5bfdc0cab] |
|
|
|
2012-09-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/TROUBLESHOOTING: |
|
Mention HP-UX pam.conf settings. |
|
[8b8e745b49fd] |
|
|
|
2012-09-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c, |
|
plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c, |
|
plugins/sudoers/timestamp.h: |
|
Split off timestamp functions into their own source file. |
|
[d5833332511d] |
|
|
|
2012-09-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Mention how !foo is not the same as ALL,!foo |
|
[51f8e470757d] |
|
|
|
2012-09-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_pty.c: |
|
Start commands in the background when I/O logging is enabled. We |
|
can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2) |
|
which returns EINTR on signal instead of restarting automatically. |
|
[83b1d59146f7] |
|
|
|
* src/exec_pty.c: |
|
Handle SIGCONT_FG and SIGCONT_BG when converting signal number to |
|
string in deliver_signal(). |
|
[2cefea7a976e] |
|
|
|
2012-09-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_pty.c: |
|
Fix running commands that need the terminal in the background when |
|
I/O logging is enabled. E.g. "sudo vi &". When the command is |
|
foregrounded, it will now resume properly. |
|
[0bc13a253429] |
|
|
|
* plugins/sudoers/match.c: |
|
Add rudimentary support for name-based matching as a compile-time |
|
option. This unsafe when used in conjunction with the '!' operator. |
|
[f93bc8e6db15] |
|
|
|
2012-09-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pwutil.c, |
|
plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c: |
|
Split out implementation-specific back end code out of pwutil.c into |
|
pwutil_impl.c. This will allow the main pwutil code to be used for |
|
lookup methods other than getpw* and getgr*. |
|
[999c2dde60e4] |
|
|
|
2012-09-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.in: |
|
sudo 1.8.6p3 |
|
[97fef3d9ed65] |
|
|
|
2012-09-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/fixman.sh: |
|
Don't use embedded newline when matching, use \n. This got expanded |
|
at some point. Bug #573 |
|
[6652f834b8f5] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y: |
|
Rename yyerror() to sudoerserror() to match yacc prefix changes. Not |
|
really needed due to the #defines that yacc makes but it is less |
|
confusing this way as the lexer calls sudoerserror(). |
|
[a0577be6527d] |
|
|
|
* common/alloc.c, plugins/sample_group/plugin_test.c, |
|
plugins/sudoers/env.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, |
|
src/exec_common.c, src/parse_args.c, src/sudo.c: |
|
No need to translate "unable to allocate memory" when we can just |
|
use the system translation via strerror(). |
|
[377499e5827c] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not |
|
all file systems support d_type. Bug #572 |
|
[8b861c62945f] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Avoid calling fclose(NULL) in the error path when we cannot open an |
|
I/O log file. |
|
[9401d5c4bb05] |
|
|
|
2012-09-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.in: |
|
Sudo 1.8.6p2 |
|
[6e32496280f2] |
|
|
|
* src/exec.c: |
|
When setting the signal handler for SIGTSTP to the default value in |
|
non-I/O log mode, store the old handler value for when we restore it |
|
after resume. |
|
[242628694e42] |
|
|
|
* plugins/sudoers/env.c: |
|
Replace the guts of sudo_setenv_nodebug() with our old setenv.c |
|
which supports non-standard BSD and glibc semantics. sudo_setenv() |
|
now simply calls sudo_setenv2(). |
|
[57ffb6c9efaa] |
|
|
|
2012-09-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, |
|
doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Document non-Unix group support in LDAP sudoers. |
|
[33c89f3aeee6] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Enable non-Unix group support for LDAP sudoers. We now check for |
|
non-Unix groups and netgroups with the same query in the second |
|
pass. Bug #571 |
|
[eb98fdff54d9] |
|
|
|
2012-09-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/Makefile.in, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.h, plugins/sudoers/parse.c, |
|
plugins/sudoers/regress/parser/check_fill.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.h, |
|
plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, |
|
plugins/sudoers/visudo.c: |
|
Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers. |
|
[cb6c0d93215e] |
|
|
|
2012-09-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Mention support for SUCCESS=return in /etc/nsswitch.conf |
|
[ef1f35aa0863] |
|
|
|
* NEWS, configure, configure.in: |
|
sudo 1.8.6p1 |
|
[73a5e1f004b3] |
|
|
|
2012-09-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/env.c: |
|
Avoid setting LOGNAME, USER and USERNAME variables twice when |
|
set_logname is enabled. |
|
[0de4f5fbd1d4] |
|
|
|
* plugins/sudoers/env.c: |
|
Fix duplicate detection in sudo_putenv(), do not prune out the |
|
variable we just set when overwriting an existing instance. Fixes |
|
bug #570 |
|
[854ee714c831] |
|
|
|
* plugins/sudoers/env.c: |
|
Add some debuggging |
|
[a25cd3305823] |
|
|
|
2012-09-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudo_nss.c: |
|
Disable word wrap in list mode when stdout is a pipe to make "sudo |
|
-l | grep ..." more useful. Adapted from a diff by Daniel Kopecek. |
|
[65ade04511fd] |
|
|
|
* common/lbuf.c: |
|
Print a trailing newline in lbuf_print() when there is not enough |
|
space to do word wrapping and the lbuf does not end with a newline. |
|
[c0200e19cd09] |
|
|
|
* plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c: |
|
Add support for [SUCCESS=return] in nsswitch.conf; from Daniel |
|
Kopecek |
|
[5c480316e3ce] |
|
|
|
* MANIFEST: |
|
Add sssd.c |
|
[9cadd014ef97] |
|
|
|
2012-09-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo, |
|
plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo, |
|
plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo, |
|
src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo: |
|
regen .po files |
|
[62423d4d143d] |
|
|
|
* MANIFEST, plugins/sudoers/po/vi.mo: |
|
Add Vietnamese sudoers translation from translationproject.org |
|
[33666a605525] |
|
|
|
* NEWS: |
|
mention PIE |
|
[05032e5304c6] |
|
|
|
* MANIFEST, plugins/sudoers/po/vi.po: |
|
Add Vietnamese sudoers translation from translationproject.org |
|
[015c2204bae2] |
|
|
|
2012-08-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in, compat/Makefile.in, mkdep.pl: |
|
Add missing signame dependency |
|
[e493bfb01929] |
|
|
|
* src/exec.c, src/ttyname.c: |
|
Silence compiler warnings. |
|
[1c5374b66d9b] |
|
|
|
* MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c, |
|
config.h.in, configure, configure.in, include/missing.h, mkdep.pl, |
|
src/exec.c, src/exec_pty.c: |
|
Replace strsigname() with sig2str(), emulating it as needed. |
|
[1e348cca1fa6] |
|
|
|
* config.h.in, configure, configure.in, src/utmp.c: |
|
Use fseeko() for legacy utmp handling if available. |
|
[b4bbd8d2c0e9] |
|
|
|
2012-08-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/strsigname.c, config.h.in, configure, configure.in: |
|
Detect sys_sigabbrev[] and use it in place of sys_signame[] if |
|
present. For some reason glibc does not declare sys_sigabbrev so we |
|
must add an extern definition of our own. |
|
[b38f3fbd7078] |
|
|
|
* compat/strsignal.c, compat/strsigname.c: |
|
Handle NULL entries in sys_siglist and sys_signame. |
|
[a388959d9654] |
|
|
|
* compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c, |
|
compat/mksigname.h, compat/strsignal.c, compat/strsigname.c: |
|
Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name} |
|
[711e41aba59a] |
|
|
|
2012-08-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
sync |
|
[5a2522488754] |
|
|
|
* src/exec.c: |
|
Pass on SIGTSTP to the command if it was sent by a user process (not |
|
the kernel or the terminal) when we are not I/O logging and set the |
|
default SIGTSTP handler when we re-send the signal to ourself, |
|
restoring our handler after we resume. |
|
[4259c47e31c0] |
|
|
|
* src/exec.c: |
|
Shells typically change their process group when they start up so |
|
that they can implement job control. Most well-behaved shells change |
|
the pgrp back to its original value before suspending so we must not |
|
try to restore in that case, lest we race with the child upon |
|
resume, potentially stopping sudo with SIGTTOU while the command |
|
continues to run. Some shells, such as pdksh, just suspend the shell |
|
by sending SIGSTOP to themselves without restoring the pgrp. In this |
|
case we need to change the pgrp back for them. Should fix bug #568 |
|
[6ac6751ffd17] |
|
|
|
2012-08-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, compat/Makefile.in, compat/mksigname.c, |
|
compat/mksigname.h, compat/strsignal.c, compat/strsigname.c, |
|
config.h.in, configure, configure.in, include/missing.h, mkdep.pl, |
|
src/exec.c, src/exec_pty.c: |
|
Use strsigname() to print signal names in the debug output. If the |
|
system has no strsigname(), use our own. |
|
[0735f18906b9] |
|
|
|
2012-08-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/regress/testsudoers/test5.inc, |
|
plugins/sudoers/regress/testsudoers/test5.sh: |
|
Remove generated file and change path for temporary include file. |
|
[4e9fa830c6b5] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
When running regress tests, list pass/fail rate for each dir |
|
(testsudoers and visudo) instead of the total. Also prevent the |
|
result files from clobbering each other by keeping them in the |
|
relevant directories. |
|
[6aac53baff7d] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Don't print an error message in yyerror() if open_sudoers() fails, |
|
we've already printed an error message. Also restore the check for |
|
sudoers_warnings in yyerror(). |
|
[aa6036df5fb2] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.h, |
|
plugins/sudoers/toke.l: |
|
Avoid printing the >>> parse error <<< message for testsudoers when |
|
the -t flag is specified. |
|
[76f3433c8992] |
|
|
|
2012-08-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/parse.c: |
|
Fix NULL deref when an entry has no Runas_Entry |
|
[4b14983ff6e7] |
|
|
|
* plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po, |
|
src/po/zh_CN.mo, src/po/zh_CN.po: |
|
sync with translationproject.org |
|
[440e9c9b37de] |
|
|
|
* NEWS: |
|
sync |
|
[3142ba2dce60] |
|
|
|
* plugins/sudoers/check.c: |
|
Correct the check_user() comment header. |
|
[73da30308fff] |
|
|
|
* plugins/sudoers/auth/sudo_auth.c: |
|
Change a log_fatal() into log_error() when no auth methods are |
|
configured. The caller already checks the return value. |
|
[05f5c39793a7] |
|
|
|
* plugins/sudoers/logging.c: |
|
Add missing debug_return |
|
[3a76bb7c2fe7] |
|
|
|
2012-08-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, |
|
doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, |
|
doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Make the capitalization consistent for .Ss and .Sx |
|
[5c5735ee4b2f] |
|
|
|
* doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat, |
|
doc/sudo.man.in, doc/sudo.mdoc.in: |
|
Add COMMAND EXECUTION section that describes how sudo runs the |
|
command, the extra sudo processes and signal handling. |
|
[dff2d88e984e] |
|
|
|
2012-08-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in: |
|
Happy Easter |
|
[4b9d697c6b83] |
|
|
|
2012-08-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/Makefile.in: |
|
Don't echo the awk command when building siglist.in |
|
[21daa72921e6] |
|
|
|
* doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, |
|
doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Cosmetic changes. |
|
[19259528e9ad] |
|
|
|
* doc/Makefile.in: |
|
The HISTORY, LICENSE and CONTRIBUTORS files are not longer |
|
generated. |
|
[ea6ac9e981e6] |
|
|
|
* MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo, |
|
plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po, |
|
plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po, |
|
src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po, |
|
src/po/uk.po, src/po/vi.po: |
|
Sync with translationproject.org and add Italian sudoers |
|
translation. |
|
[9276740aea59] |
|
|
|
2012-08-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Expand description of fqdn to talk about systems where the hosts |
|
file is searched before DNS. |
|
[4ee812ca6116] |
|
|
|
2012-08-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/Makefile.in: |
|
For cat pages there is nothing to make unless DEVEL is set. |
|
[fab4a5b68708] |
|
|
|
* configure, configure.in, doc/Makefile.in: |
|
Always use mandoc to format cat pages and remove now-extraneous |
|
nroff configure tests. |
|
[5747f4ed5762] |
|
|
|
* pp: |
|
sync polypkg from git |
|
[89ddf6ea3e3f] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Use AI_FQDN instead of AI_CANONNAME if available since "canonical" |
|
is not always the same as "fully qualified". |
|
[7c1d9c098386] |
|
|
|
2012-08-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.mdoc.in: |
|
Fix some typos. Describe error messages not related to policy |
|
permissions. |
|
[f5ebf9030d85] |
|
|
|
* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, |
|
plugins/sudoers/visudo.c: |
|
Add new check_defaults() function to check (but not update) the |
|
Defaults entries. Visudo can now use this instead of update_defaults |
|
to check all the defaults regardless instead of just the global |
|
Defaults entries. |
|
[3fa879ce1b65] |
|
|
|
2012-08-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Document sudoers log format. |
|
[08998a7061ab] |
|
|
|
* NEWS: |
|
Update for sudo 1.8.5p3 |
|
[6e102a5d4e8d] |
|
|
|
* src/load_plugins.c: |
|
Add missing check for I/O plugin API version when checking for the |
|
presence of I/O plugin hooks. |
|
[ef05c7eeaf81] |
|
|
|
* src/hooks.c: |
|
Can't call debug code in the process_hooks_xxx functions() since |
|
ctime() may look up the timezone via the TZ environment variable. |
|
[2179fb26bd8e] |
|
|
|
2012-08-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_common.c, src/sesh.c, src/utmp.c: |
|
Include signal.h before sudo_exec.h since it uses sigset_t * in the |
|
fork_pty prototype. |
|
[94fc0d859600] |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, |
|
doc/visudo.man.in, doc/visudo.mdoc.in: |
|
Remove OPTIONS section; options now go inside DESCRIPTION |
|
[a619fc58a746] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[44719d80bc06] |
|
|
|
* MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, |
|
plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po, |
|
plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po, |
|
src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po: |
|
Sync with translationproject.org and add new Slovenian translation. |
|
[34b4b966bbac] |
|
|
|
* common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c, |
|
plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/testsudoers.c: |
|
Reduce the number of "internal error, foo overflow" messages that |
|
need to be translated. |
|
[93ffa2b3d53f] |
|
|
|
* NEWS: |
|
Mention HP-UX reboot fix. |
|
[1e39b5aa32ac] |
|
|
|
* INSTALL, NEWS, common/sudo_debug.c, configure, configure.in, |
|
doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c, |
|
plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c: |
|
Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers |
|
data source. From Daniel Kopecek and Pavel Brezina. |
|
[3f85e95d6928] |
|
|
|
2012-08-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_conf.c, src/load_plugins.c: |
|
If sudo.conf contains an I/O plugin but no policy plugin, use |
|
sudoers for the policy plugin. If a policy plugin is specified |
|
without an I/O plugin, only the policy plugin will be loaded. |
|
[ea192df2439d] |
|
|
|
* doc/Makefile.in, doc/sudoers.man.in: |
|
Do not modify the .Os section when building the .man.in file from |
|
.mdoc.in. |
|
[a9f9628e147f] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Add a note about wildcards matching multiple words and include an |
|
example. Also mention that for sudoedit, a wildcard in command line |
|
args does not match a slash. |
|
[fcb9fbac14e0] |
|
|
|
2012-08-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_pty.c, src/sudo_exec.h: |
|
Fix a comment, update a variable name in a prototype; all cosmetic. |
|
[e89f10cbd6e1] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Cast 2nd argument of lseek() to off_t if it is a constant for |
|
systems with 64-bit off_t but without a proper lseek() prototype. |
|
[d8779da135d0] |
|
|
|
* compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c, |
|
plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/visudo.c: |
|
Fix some warnings from clang checker-267 |
|
[1e44ef7860b5] |
|
|
|
* plugins/sample/sample_plugin.c: |
|
Fix memory leak found by clang checker-267 |
|
[f8a43617fdfb] |
|
|
|
2012-08-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h: |
|
If we receive a signal from the command we executed, do not forward |
|
it back to the command. This fixes a problem with BSD-derived |
|
versions of the reboot command which send SIGTERM to all other |
|
processes, including the sudo process. Sudo would then deliver |
|
SIGTERM to reboot which would die before calling the reboot() system |
|
call, effectively leaving the system in single user mode. |
|
[4ffab9ab9e98] |
|
|
|
2012-08-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/fixman.sh, doc/fixmdoc.sh: |
|
Remove section about Solaris 10 on other systems. Add missing |
|
sudoers.man.in bit to fixman.sh. |
|
[176559199ba7] |
|
|
|
2012-08-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Expand section on Solaris privileges. |
|
[3a1bfa2f1743] |
|
|
|
* NEWS: |
|
Expand a bit on the Solaris priv set changes. |
|
[bffb78b4a520] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/parse.c, plugins/sudoers/parse.h, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: |
|
The second argument to init_parser() is now bool. |
|
[fb727a4fb651] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y: |
|
Fix printing of parse error message to stderr. |
|
[dea6b420b84f] |
|
|
|
* plugins/sudoers/check.c, plugins/sudoers/defaults.c, |
|
plugins/sudoers/match.c, plugins/sudoers/parse.c, |
|
plugins/sudoers/parse.h, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c: |
|
If a command matches using an empty Runas_List (i.e. Runas_List is |
|
present but empty) and the -u option was not specified, set runas_pw |
|
to user_pw instead of using runas_default. This is intended to be |
|
used in conjunction with the Solaris Privilege Set support for rules |
|
that grant privileges without changing the user. |
|
[e84a081f3c11] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, |
|
plugins/sudoers/gram.c, plugins/sudoers/gram.h, |
|
plugins/sudoers/gram.y, plugins/sudoers/match.c, |
|
plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h: |
|
Add support for parsing an empty Runas_List, which only allows the |
|
command to be run as the invoking user. This can be used in |
|
conjunction with the Solaris Privilege Set support to grant |
|
privileges without changing the user. |
|
[dc34373792fc] |
|
|
|
2012-08-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/fixman.sh: |
|
Fix HP-UX, just use ".TH name section" like the vendor manuals. |
|
[559738237c92] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Fix compilation on Solaris |
|
[2d310302207c] |
|
|
|
* .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, |
|
doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh, |
|
doc/sudoers.mdoc.sh: |
|
Generate a sed script file when munging *.mdoc or *.man instead of |
|
passing sed expressions on the command line. Older seds do not |
|
support \n in a replacement so generate and run a sed script |
|
instead. |
|
[0bcce3f1ca18] |
|
|
|
* doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in, |
|
doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in, |
|
doc/visudo.man.in: |
|
Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION" |
|
[fe0f10b63776] |
|
|
|
2012-07-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c: |
|
When checking whether a signal is user-generated, compare si_code |
|
against SI_USER instead of <= 0 since on HP-UX, terminal-related |
|
signals get a code of 0. |
|
[4e9021243343] |
|
|
|
* src/sudo.c: |
|
SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX |
|
interchangably. This causes problems when setting RLIMIT_NPROC to |
|
RLIM_INFINITY due to a bug in bash where bash tries to honor the |
|
value of _SC_CHILD_MAX but treats a value of -1 as an error, and |
|
uses a default value of 32 instead. |
|
|
|
Previously, we just checked RLIMIT_NPROC and, if it was unlimited, |
|
restored the previous value of RLIMIT_NPROC. However, that makes it |
|
impossible to set nproc to unlimited. We now only restore the nproc |
|
resource limit if sysconf(_SC_CHILD_MAX) is negative. In most cases, |
|
pam_limits will set RLIMIT_NPROC for us. |
|
[cb71cc8d0b08] |
|
|
|
2012-07-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
Active Directory apparently requires that tenths of a second be |
|
present in a date so append .0 to the "now" value in the time |
|
filter. Also remove space for the global AND from TIMEFILTER_LENGTH |
|
since it was not being used consistently. Buffers of |
|
TIMEFILTER_LENGTH now need to account for the terminating NUL byte. |
|
[d28619ff6e45] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Fix SELinux build |
|
[cc0d1f4e851b] |
|
|
|
2012-07-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST: |
|
Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they |
|
were not being kept in sync. |
|
[fc3ad1847cb1] |
|
|
|
* doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod, |
|
doc/license.pod: |
|
Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they |
|
were not being kept in sync. |
|
[950363dffe3a] |
|
|
|
2012-07-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/logging.c: |
|
Fix printing of the permission denied message to standard error when |
|
a user is not allowed to run a command. This got broken by the |
|
recent logging changes. |
|
[b7af63da3ca1] |
|
|
|
* plugins/sudoers/sudoers_version.h: |
|
Bump grammar version for Solaris privs. |
|
[2a2baf024477] |
|
|
|
* doc/schema.ActiveDirectory: |
|
Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder |
|
were added. From David Hicks. |
|
[3fc432a8edb4] |
|
|
|
2012-07-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Remove lex.yy.c when building toke.c |
|
[72bb9e62b289] |
|
|
|
* doc/Makefile.in: |
|
Fix building docs in a build dir. |
|
[7a6f435af022] |
|
|
|
* doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod, |
|
doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod, |
|
doc/sudoreplay.pod, doc/visudo.pod: |
|
Remove pod versions of the manual; we now use mdoc. |
|
[5c967d2dd5db] |
|
|
|
* MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh, |
|
doc/sudoers.man.sh, doc/sudoers.mdoc.sh: |
|
Add post-processing scripts to strip out login class, BSD auth, |
|
SELinux and privilege set bits when they are not supported. |
|
[d0d51f72f597] |
|
|
|
* NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in, |
|
doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in, |
|
doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod, |
|
plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, |
|
plugins/sudoers/def_data.in, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.h, plugins/sudoers/gram.y, |
|
plugins/sudoers/parse.c, plugins/sudoers/parse.h, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l, src/sudo.c, src/sudo.h: |
|
Merge in Solaris privilege support by Darren Moffat and John |
|
Zolnowsky |
|
[3aa0a64f2f5c] |
|
|
|
2012-07-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/contributors.pod: |
|
Sync with CONTRIBUTORS file |
|
[9a0852306ad9] |
|
|
|
* doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, |
|
doc/sudoers.man.in, doc/sudoreplay.man.in: |
|
Regen .man.in files with my private mandoc. |
|
[dc3c9fc449eb] |
|
|
|
* doc/Makefile.in: |
|
add MANDOC variable |
|
[35527e66afc5] |
|
|
|
2012-07-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in, |
|
doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in: |
|
Regen .man.in files with hacked mandoc to avoid issues with historic |
|
nroff. |
|
[d45cfa7d665f] |
|
|
|
2012-07-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.mdoc.in, doc/sudoers.mdoc.in: |
|
Fix groff warnings. |
|
[111d522ca807] |
|
|
|
* doc/Makefile.in: |
|
Fix dependencies for .man.in files. |
|
[aefeffe1af2b] |
|
|
|
* .hgignore: |
|
Add doc/*.mdoc to ignore file |
|
[1e4de6ef2ad8] |
|
|
|
* INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in, |
|
doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, |
|
doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in, |
|
doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat, |
|
doc/visudo.man.in, doc/visudo.mdoc.in: |
|
Build .man.in and .cat files from .mdoc.in files. Add new --with-man |
|
and --with-mdoc configure options. |
|
[c963fd7e8f80] |
|
|
|
2012-07-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in, |
|
doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in: |
|
Sudo manuals formatted in mdoc, to replace the pod versions. |
|
[e6dca4030451] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, |
|
doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, |
|
doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod, |
|
doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod, |
|
doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod: |
|
More minor costmetic fixes. |
|
[a7287a68385a] |
|
|
|
2012-07-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod: |
|
Minor cosmetic fixes. |
|
[9c48bdaf3946] |
|
|
|
2012-07-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot: |
|
Use "a password is required" instead of "password required" when the |
|
-n flag is used and we need to read a password. |
|
[a3c30fc41648] |
|
|
|
2012-07-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Mention logging changes. |
|
[8238fd6e02e8] |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
regen |
|
[e2cf634ba63b] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod: |
|
Document that other mail_* flags have precedence over mail_badpass. |
|
[9f4cc9188f40] |
|
|
|
* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, |
|
plugins/sudoers/logging.c, plugins/sudoers/logging.h, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
|
Move log_denial() calls and logic to log_failure(). Move |
|
authentication failure logging to log_auth_failure(). Both of these |
|
call audit_failure() for us. |
|
|
|
This subtly changes logging for commands that are denied by sudoers |
|
but where the user failed to enter the correct password. Previously, |
|
these would be logged as "N incorrect password attempts" but now are |
|
logged as "command not allowed". Fixes bug #563 |
|
[cad35f0b3ad7] |
|
|
|
2012-07-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/aix.c: |
|
Do not set a resource limit to zero when we are unable to fetch a |
|
value from /etc/security/limits. |
|
[62bfb0a7895e] |
|
|
|
2012-07-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Add "Provides: sudo" to debian sudo-ldap package |
|
[beb8afa0beb2] |
|
|
|
2012-07-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in, zlib/Makefile.in: |
|
Define NO_VIZ for zlib when gcc doesn't support symbol visibility |
|
attributes. |
|
[9fdcbf526386] |
|
|
|
* configure, configure.in: |
|
Use the autoconf cache when checking for symbol export control |
|
support. |
|
[03c2cce8711f] |
|
|
|
* INSTALL, common/Makefile.in, compat/Makefile.in, configure, |
|
configure.in, mkpkg, plugins/sample/Makefile.in, |
|
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
|
plugins/system_group/Makefile.in, src/Makefile.in: |
|
Add configure check for building PIE executables instead of doing it |
|
in mkpkg. |
|
[02b5b78ef258] |
|
|
|
* sudo.pp: |
|
MacOS pp backend doesn't like modes longer than 4 characters. |
|
[01b49022bf01] |
|
|
|
2012-07-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding |
|
-fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool |
|
will strip -fstack-protector from the linker flags and we always |
|
link with libtool. |
|
[0a0a0250ac2b] |
|
|
|
2012-06-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, |
|
doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: |
|
Regen for sudo 1.8.6 |
|
[1657ee28b496] |
|
|
|
* NEWS, doc/sudoers.ldap.pod: |
|
Document improved Tivoli Directory Server support. |
|
[fb411edf4687] |
|
|
|
* config.h.in, configure, configure.in, plugins/sudoers/ldap.c: |
|
Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf |
|
option to specify Tivoli key db password. Allow TLS ciphers to be |
|
configured for Tivoli. |
|
[737e17c91e60] |
|
|
|
2012-06-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
Tivoli Directory Server 6.3 libs always return a (bogus) error when |
|
setting LDAP_OPT_CONNECT_TIMEOUT. |
|
[504406637c38] |
|
|
|
* NEWS: |
|
Update |
|
[687a755604e8] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the |
|
same as LDAP_OPT_CONNECT_TIMEOUT (OpenSSH). Don't make failure to a |
|
set an ldap option fatal. |
|
[17cf93ae3304] |
|
|
|
2012-06-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Zero pointers in sudo_user struct after freeing, just in case. |
|
[8eff1f80b943] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Free user_gids in close function if it has not already been freed. |
|
[cbce28877f37] |
|
|
|
* plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h: |
|
Defer group ID to name resolution until we actually need it. |
|
[463e75b81e89] |
|
|
|
* src/sudo.c: |
|
It is safe to read in sudo.conf before calling user_info(). |
|
[3290b6434e3c] |
|
|
|
* plugins/sudoers/env.c, plugins/sudoers/ldap.c: |
|
Use MAX_UID_T_LEN + 1 for uid/gid buffers, not MAX_UID_T_LEN to |
|
prevent potential truncation. Bug #562. |
|
[29d9fc4e0c4e] |
|
|
|
2012-06-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
If installing with installp, error out if there is already an |
|
instance of the rpm package installed. |
|
[ec24c6faba22] |
|
|
|
* mkpkg: |
|
Add --disable-nls for AIX |
|
[192ac2f7d65e] |
|
|
|
2012-06-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Debian sudo-ldap packages should now depend on libldap-2.4-2, not |
|
libldap2. |
|
[cbcec71e6b58] |
|
|
|
2012-06-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Add Homepage and Bugs to debian control file. |
|
[0f19d7d14e66] |
|
|
|
2012-06-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* mkpkg: |
|
fix typo when setting aix_freeware |
|
[2fd6feb50195] |
|
|
|
* common/Makefile.in, compat/Makefile.in, configure, configure.in, |
|
doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, |
|
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
|
plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in: |
|
Don't run regress tests or sudoers sanity check (using the newly- |
|
built visudo) when cross compiling. Bug #560 |
|
[0c4e3f68b2f5] |
|
|
|
* MANIFEST, configure, configure.in, plugins/sample/Makefile.in, |
|
plugins/sample/sample_plugin.exp, plugins/sample/sample_plugin.map, |
|
plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in, |
|
plugins/sample_group/sample_group.exp, |
|
plugins/sample_group/sample_group.map, |
|
plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/sudoers.exp, plugins/sudoers/sudoers.map, |
|
plugins/sudoers/sudoers.sym, plugins/system_group/Makefile.in, |
|
plugins/system_group/system_group.exp, |
|
plugins/system_group/system_group.map, |
|
plugins/system_group/system_group.sym: |
|
Rename foo.sym -> foo.exp Remove foo.map from the repo and generate |
|
it on demand Use a loader option file for HP-UX ld to explicitly |
|
export symbols |
|
[2402ff5302ab] |
|
|
|
* src/Makefile.in: |
|
Remove extraneous backslash |
|
[8ca054de138c] |
|
|
|
* plugins/sudoers/regress/check_symbols/check_symbols.c: |
|
Don't check for errorx as an exported symbols as it is now a macro. |
|
Check for user_in_group() instead. |
|
[7b02c8ecd3ea] |
|
|
|
2012-06-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Adjust ld map file support to use an anonymous scope to match the |
|
updated .map files. |
|
[49be44282d9e] |
|
|
|
2012-06-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure, configure.in, include/gettext.h: |
|
Older versions of Solaris lack ngettext() |
|
[028af10dfa5f] |
|
|
|
* configure, configure.in: |
|
Move the check for -static-libgcc until after AC_LANG_WERROR has |
|
been called and use AX_CHECK_COMPILE_FLAG(). |
|
[a7b09120e7ff] |
|
|
|
* include/gettext.h: |
|
Sudo defines HAVE_SETLOCALE not HAVE_LOCALE_H |
|
[3aa2780d4a4e] |
|
|
|
* include/error.h, include/sudo_debug.h: |
|
Fix gcc 2.x variant macro support. |
|
[8e71c2370997] |
|
|
|
* plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c: |
|
Fix compilation on gcc 2.95 and other compilers that only allow |
|
variable declarations at the beginning of a block. |
|
[9d80c802bb46] |
|
|
|
* configure, configure.in, plugins/sudoers/Makefile.in: |
|
Link check_symbols with SUDO_LIBS to make sure we link with the |
|
requisite libraries to successfully dlopen sudoers.so. This is |
|
needed on HP-UX where a program dlopen()ing a shared object that |
|
uses pthreads must also be linked with pthreads (and HP-UX LDAP uses |
|
pthreads). |
|
[b8961cd82337] |
|
|
|
* plugins/sudoers/regress/check_symbols/check_symbols.c: |
|
Add check for exported local symbols. This will cause a "make check" |
|
failure on systems where we don't support symbol hiding. |
|
[8aa549389bb1] |
|
|
|
* configure, configure.in: |
|
Additional ${foo} -> $(foo) Makefile tweaks. |
|
[046bbde18f52] |
|
|
|
* plugins/sample/sample_plugin.map, |
|
plugins/sample_group/sample_group.map, plugins/sudoers/sudoers.map, |
|
plugins/system_group/system_group.map: |
|
No need to provide a name for the scope in the map file since we |
|
don't use the it for versioning. |
|
[5ed4b997560d] |
|
|
|
2012-06-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/regress/check_symbols/check_symbols.c: |
|
Add regress test for symbol visibility. |
|
[9adddd4e0518] |
|
|
|
2012-06-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.in: |
|
sudo 1.8.6 |
|
[57008a7afb77] |
|
|
|
* configure, configure.in, include/missing.h: |
|
Add support for controlling symbol visibility using the HP and |
|
Solaris C compilers. |
|
[46d5b468979e] |
|
|
|
* plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/sudoers.h: |
|
Use the expanded io log dir when updating the sequence number. |
|
Includes a workaround for older versions of sudo where the sequence |
|
number was stored in the unexpanded io log dir. |
|
[210797dab9a8] |
|
|
|
2012-06-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/parse_args.c: |
|
Simplify "sudo -s" argv rewriting. |
|
[7be143dae7c5] |
|
|
|
* MANIFEST, configure, configure.in, plugins/sample/Makefile.in, |
|
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
|
plugins/system_group/Makefile.in, src/Makefile.in, |
|
src/sudo_noexec.map: |
|
Don't use a map file for sudo_noexec.so since Solaris ld doesn't |
|
allow '*' in the global section. The libtool export flag is now |
|
added to LT_LDFLAGS instead of commenting/uncommenting lines. |
|
[38fc37a66b04] |
|
|
|
2012-06-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure, configure.in, include/missing.h: |
|
The visibility attribute was actually added in gcc 3.3.x, not 4.0. |
|
Just assume that if -fvisibility=hidden works that the attribute is |
|
usable. |
|
[d3904d6faf14] |
|
|
|
* plugins/sudoers/check.c, plugins/sudoers/iolog.c, |
|
plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/match.c, plugins/sudoers/pwutil.c, |
|
plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/sudoers.map, |
|
plugins/sudoers/sudoers.sym, plugins/sudoers/testsudoers.c, |
|
plugins/system_group/system_group.c: |
|
Export group cache from sudoers.so for system_group.so to use. |
|
[16695d207fc5] |
|
|
|
* MANIFEST, configure, configure.in, include/missing.h, |
|
plugins/sample/Makefile.in, plugins/sample/sample_plugin.map, |
|
plugins/sample_group/Makefile.in, |
|
plugins/sample_group/sample_group.map, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.map, plugins/system_group/Makefile.in, |
|
plugins/system_group/system_group.map, src/sudo_noexec.c, |
|
src/sudo_noexec.map: |
|
Use gcc's visibility attribute to specify when symbols are visible |
|
or hidden, if available. If not available, use an ELF version script |
|
if it is supported. If all else fails, fall back to using libtool's |
|
-export-symbols. |
|
[64e889921727] |
|
|
|
2012-06-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Add mode for installed locale files but leave the directories with |
|
default mode and owner. |
|
[142237dbb31f] |
|
|
|
2012-06-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* mkpkg, sudo.pp: |
|
Install AIX packages under /opt/freeware with links in /usr/bin and |
|
/usr/sbin. This matches the layout of the sudo package from AIX |
|
freeware. |
|
[0b79d47bbe01] |
|
|
|
* Makefile.in, configure, configure.in, plugins/sample/Makefile.in, |
|
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
|
plugins/system_group/Makefile.in, src/Makefile.in, sudo.pp: |
|
Install shared objects with mode 0644 except on HP-UX which needs |
|
the executable bit set. |
|
[ae416af0ba6c] |
|
|
|
* Makefile.in, doc/Makefile.in, include/Makefile.in, |
|
plugins/sudoers/Makefile.in, src/Makefile.in: |
|
Make installed file modes consistent with the file modes in the sudo |
|
package. |
|
[307386373289] |
|
|
|
2012-06-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.pod: |
|
Add "%:" prefix when talking about QAS non-Unix group support. |
|
[7cb25f6861f8] |
|
|
|
* pp, sudo.pp: |
|
Fix packaging of symbolic links on HP-UX when the link source |
|
already exists in the filesystem. |
|
[c9bb48031596] |
|
|
|
* mkpkg: |
|
Only specify prefix if we are overriding the default value. Fixes |
|
the man dir (/usr/local/man vs. /usr/local/share/man). |
|
[65351b6c1697] |
|
|
|
* sudo.pp: |
|
Fix setting of sudoedit_man variable. |
|
[9beed9ae5bba] |
|
|
|
* doc/Makefile.in: |
|
Echo the command when linking the sudoedit manual. |
|
[6c83b5657b55] |
|
|
|
2012-06-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* mkpkg, sudo.pp: |
|
Build .deb packages with selinux support. |
|
[3fd9cb1b4526] |
|
|
|
2012-06-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Don't list paths for unstripped binaries in the lintial overrides. |
|
[4c8e16f1773b] |
|
|
|
* pp: |
|
Add support for Installed-Size header in control file, required by |
|
newer debian versions. |
|
[e97d76234bee] |
|
|
|
* pp: |
|
Fix extended description in .deb files. |
|
[d35e27ace146] |
|
|
|
* sudo.pp: |
|
Add Depends, Replaces and Conflicts headers for .deb packages. |
|
[76eb6c4b3278] |
|
|
|
2012-06-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudo_nss.c: |
|
If there are no privs to print, write the message to the lbuf |
|
instead of printing it directly. |
|
[ecd56226abb7] |
|
|
|
2012-05-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Set -e in %pos and %preun for debian to quiet a lintian warning. |
|
[8bb908514df9] |
|
|
|
* doc/Makefile.in, src/Makefile.in, sudo.pp: |
|
Install sudoedit and the sudoedit manual as symbolic links, not hard |
|
links and package them as such. |
|
[f317ff3cf3e7] |
|
|
|
* sudo.pp: |
|
Make sudo binary permissions 755 instead of 111 Add lintian |
|
overrides file for .deb files. |
|
[991cd7d7f0e1] |
|
|
|
* configure, configure.in, doc/Makefile.in, mkpkg: |
|
Replace out of date MAN_POSTINSTALL with MANCOMPRESS and |
|
MANCOMPRESSEXT which can be used to compress the installed manual |
|
pages. Compress the man pages for .deb files to appease lintian. |
|
[4e34083b41d2] |
|
|
|
* sudo.pp: |
|
Debian fixes: |
|
* fix modes to be more in line with what Debian expects |
|
* add section |
|
* install LICENSE as copyright and ChangeLog as changelog |
|
* create stub changelog.debian |
|
[7f6c5647f588] |
|
|
|
* pp: |
|
Fix find command to properly skip files in the DEBIAN dir when |
|
building md5sums. |
|
[8918bde941fa] |
|
|
|
* pp, sudo.pp: |
|
Use a debian-compliant package maintainer field. |
|
[fc51a94170eb] |
|
|
|
2012-05-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
No need to loop over atomic_writev(), it guarantees to write all |
|
data or return an error. |
|
|
|
Fix handling of stdout/stderr that contains "\r\n" and handle a |
|
"\r\n" pair that spans a buffer. |
|
[8aaf02d90c45] |
|
|
|
2012-05-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update for sudo 1.8.5p2 |
|
[d369d4d40a19] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Instead of doing extra write()s when replaying stdout, build up a |
|
vector for writev() instead. This results in far fewer system calls. |
|
[303d866c025c] |
|
|
|
2012-05-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/env_hooks.c, src/sudo.h, src/tgetpass.c: |
|
Provide unhooked version of getenv() and use it when looking up |
|
DISPLAY and SUDO_ASKPASS in the environment. |
|
[04dbdccf4a14] |
|
|
|
2012-05-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
When replaying a log of stdout or stderr, do newline to carriage |
|
return + linefeed conversion. We cannot have termios do this for us |
|
since we've disabled output postprocessing (POST) when setting raw |
|
mode. |
|
[61352a7d996f] |
|
|
|
2012-05-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
When checking for -fstack-protector, treat warnings as fatal errors. |
|
[4124cd12d511] |
|
|
|
2012-05-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Fix test for -z relro |
|
[548bdb6f5c4a] |
|
|
|
* MANIFEST: |
|
Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4 |
|
[ed063264a2a1] |
|
|
|
* INSTALL, aclocal.m4, configure, configure.in, |
|
m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4: |
|
Build with -fstack-protector and link with -zrelo where supported. |
|
Added --disable-hardening option to disable hardening options. |
|
[0b6c1a1ceb03] |
|
|
|
2012-05-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/Makefile.in, |
|
plugins/sudoers/regress/testsudoers/test1.sh, |
|
plugins/sudoers/regress/testsudoers/test2.sh, |
|
plugins/sudoers/regress/testsudoers/test3.sh, |
|
plugins/sudoers/regress/testsudoers/test4.out.ok, |
|
plugins/sudoers/regress/testsudoers/test4.sh, |
|
plugins/sudoers/regress/testsudoers/test5.inc, |
|
plugins/sudoers/regress/testsudoers/test5.out.ok, |
|
plugins/sudoers/regress/testsudoers/test5.sh, |
|
plugins/sudoers/testsudoers.c: |
|
Add tests for sudoers mode, owner and group checks. |
|
[a7607443aba0] |
|
|
|
* plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: |
|
If sudoers_mode is group-readable but the actual sudoers file is |
|
not, open the file as uid 0, not uid 1. This fixes a problem when |
|
sudoers has a more restrictive mode than what sudo expects to find. |
|
In older versions, sudo would silently chmod the file to add the |
|
group-readable bit. |
|
[c056b6003e6f] |
|
|
|
* INSTALL, common/secure_path.c, config.h.in, configure, configure.in: |
|
No longer throw an error if sudoers is a symbolic link. Deprecated |
|
the --with-stow option as that is now (effectively) the default. |
|
[8ce783e54886] |
|
|
|
2012-05-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/Makefile.in, |
|
plugins/sudoers/regress/testsudoers/test2.inc, |
|
plugins/sudoers/regress/testsudoers/test2.out.ok, |
|
plugins/sudoers/regress/testsudoers/test2.sh, |
|
plugins/sudoers/regress/testsudoers/test3.d/root, |
|
plugins/sudoers/regress/testsudoers/test3.out.ok, |
|
plugins/sudoers/regress/testsudoers/test3.sh: |
|
Add basic tests for #include and #includedir |
|
[b303e4218951] |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Add -U sudoers_uid option to testsudoers. |
|
[3f8ed13501ba] |
|
|
|
2012-05-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.in: |
|
Update for 1.8.5p1 |
|
[c33c49bf5b4b] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Fix #includedir; from Mike Frysinger |
|
[d4833d4e39a0] |
|
|
|
* plugins/sudoers/check.c: |
|
Don't prompt for a password if the user is in the exempt group, is |
|
root, or is running the command as themselves even if the -k option |
|
was specified. This makes "sudo -k command" consistent with the |
|
behavior one would get if the user ran "sudo -k" immediately before |
|
running the command. |
|
[632b3961df00] |
|
|
|
2012-05-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* INSTALL: |
|
Fix capitalization |
|
[7258aa977caf] |
|
|
|
* mkpkg: |
|
Build PIE executable on Mac OS X 10.5 and above. |
|
[2a5c7ef92182] |
|
|
|
2012-05-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update for sudo 1.8.4p5 |
|
[21164f508b68] |
|
|
|
* plugins/sudoers/match_addr.c: |
|
Add missing break between AF_INET and AF_INET6 in |
|
addr_matches_if_netmask() |
|
[672a4793931a] |
|
|
|
* plugins/sudoers/mon_systrace.c: |
|
Move systrace monitor code to the attic |
|
[d6faf4754e9c] |
|
|
|
2012-05-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c: |
|
The pointer to the siginfo_t struct in a signal handler may be NULL. |
|
[41a4ee934b53] |
|
|
|
2012-05-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/pwutil.c: |
|
Fix an alignment problem on NetBSD systems with a 64-bit time_t and |
|
strict alignment. Based on a patch from Martin Husemann. |
|
[1e5ba3c18f17] |
|
|
|
* include/missing.h: |
|
Add offsetof macro for those without it. |
|
[e44cb51d2587] |
|
|
|
* MANIFEST: |
|
add system_group plugin |
|
[6169793b510c] |
|
|
|
2012-05-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/dlopen.c: |
|
Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX. |
|
[85bd03bc5d94] |
|
|
|
2012-05-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Mention system_group plugin |
|
[05393dd4bdb8] |
|
|
|
* Makefile.in, plugins/sudoers/Makefile.in, |
|
plugins/system_group/Makefile.in: |
|
update depends |
|
[6feb0b824fc4] |
|
|
|
* plugins/system_group/system_group.c: |
|
Only call gr_delref() when use sudo's password caching functions. |
|
[1103442e21fa] |
|
|
|
* plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in: |
|
Add missing dependency on libreplace.la |
|
[05bfd9d4657f] |
|
|
|
* compat/dlopen.c: |
|
Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and |
|
PROG_HANDLE. |
|
[2382d0693acc] |
|
|
|
* Makefile.in, configure, configure.in, |
|
plugins/system_group/Makefile.in, |
|
plugins/system_group/system_group.c, |
|
plugins/system_group/system_group.sym: |
|
Add group plugin that does lookups by name using the system group |
|
database. |
|
[2ddbb604112f] |
|
|
|
* plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo, |
|
src/po/pl.po: |
|
sync with translationproject.org |
|
[4ef05df4226d] |
|
|
|
2012-05-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po, |
|
src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po, |
|
src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po, |
|
src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, |
|
src/po/zh_CN.mo, src/po/zh_CN.po: |
|
sync with translationproject.org |
|
[115c3f828fc5] |
|
|
|
2012-05-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Add mode for docdir and use '-' (default) for localedir mode. Fixes |
|
a problem on Linux when building in a directory with the setgid bit |
|
set. |
|
[582279c8bcb1] |
|
|
|
2012-04-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* pp: |
|
Match CentOS 6.0 |
|
[1e99ef210f98] |
|
|
|
2012-04-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update with recent changes |
|
[c5fc220ba696] |
|
|
|
* pp: |
|
Fix version check on AIX |
|
[d272e39112f4] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[72b23509465a] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP |
|
SDK. |
|
[87b685e70b9a] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Fix printing of invalid uri |
|
[645aa53acdde] |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Pass PAM_SILENT when deleting creds to remove an annoying warning |
|
message on Solaris. |
|
[1dd0301ef293] |
|
|
|
2012-04-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/utmp.c: |
|
Fix the setutxent and endutxent compatibility defines (this time |
|
correctly) when only setutent and endutent are available. |
|
[d136d2867db9] |
|
|
|
* plugins/sudoers/ldap.c: |
|
sudo_ldap_set_options_global() should not take an LDAP handle as an |
|
argument since the options affect the global settings. |
|
[1dc39b9d20f2] |
|
|
|
* mkpkg: |
|
Debian sudo has not been built with --with-exempt=sudo since 1.6.8. |
|
[c7716291a856] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, |
|
plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c, |
|
src/sudo.h: |
|
Call the policy's init_session() function before we fork the child. |
|
That way, the session is created and destroyed in the same process, |
|
which is needed by some modules, such as pam_mount. |
|
[ece552ba002e] |
|
|
|
* doc/TROUBLESHOOTING: |
|
Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is |
|
not specified. |
|
[bd293e100b28] |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Delete creds after closing the PAM session. |
|
[5158d726d6a5] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Provide a more useful error message if using a Mozilla-style LDAP |
|
SDK and you forgot to specify TLS_CERT in ldap.conf. |
|
[7cb78feb899c] |
|
|
|
* src/exec_pty.c: |
|
Add missing initialization of a sigaction structure when I/O |
|
logging. Fixes a potential problem when suspending the command. |
|
[f4480f2ba816] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Split global and per-connection LDAP options into separate arrays. |
|
Set global LDAP options before calling ldap_initialize() or |
|
ldap_init(). After we have an LDAP handle, set the per-connection |
|
options. Fixes a problem with OpenLDAP using the nss crypto backend; |
|
bug #342 |
|
[265c9d2dc12b] |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po, |
|
src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: |
|
sync with translationproject.org |
|
[6d7fe44be21e] |
|
|
|
2012-04-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/sudo.c, src/sudo.h: |
|
Move struct passwd pointer into struct command details. |
|
[d6fb1eff2065] |
|
|
|
2012-04-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* pp: |
|
Sync with upstream for Mac OS X (and other) fixes. |
|
[c2f4998d01b0] |
|
|
|
* mkpkg: |
|
Only built Mac intel universal binary on an intel machine. |
|
[0009e0b7e5a8] |
|
|
|
* src/Makefile.in: |
|
Do not pass libtool the -static-libtool-libs option when building |
|
sudo and sesh. Otherwise, libtool may prefer a static version of an |
|
installed library over a dynamic one when linking. |
|
[6fbac9adc885] |
|
|
|
2012-04-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo, |
|
plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po: |
|
Add German translation for sudo Add Croatian translation for sudoers |
|
[fa4da1a6530c] |
|
|
|
* plugins/sudoers/iolog.c: |
|
typo fix in comment |
|
[abd721d1288e] |
|
|
|
2012-04-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update with recent changes |
|
[6fa11e8448b9] |
|
|
|
* Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
Sort xgettext output by file name. |
|
[f650841810f0] |
|
|
|
* doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod: |
|
Clarify what "sudoreplay -l" displays and mention that it is sorted. |
|
[84031c117bd6] |
|
|
|
* config.h.in, configure, configure.in, src/ttyname.c: |
|
Use AC_HEADER_MAJOR to determine where major/minor are defined. |
|
[3c949650a223] |
|
|
|
* config.h.in, configure, configure.in, src/ttyname.c: |
|
Include sys/mkdev.h if present instead of sys/sysmacros.h for |
|
minor(). This is needed on Solaris (at least) where the makedev |
|
macros in sysmacros.h are obsolete and library functions should be |
|
used instead. |
|
[343928acf81e] |
|
|
|
* mkpkg: |
|
When building on Mac OS X, only set SDK_FLAGS if specified osversion |
|
doesn't match host. |
|
[d84c6efac872] |
|
|
|
2012-04-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/ttyname.c: |
|
Add back buf and tty variables for _ttyname() case that were |
|
inadvertantly removed. |
|
[a4a820b22a44] |
|
|
|
2012-04-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
regen |
|
[5446b12c1250] |
|
|
|
* configure, configure.in: |
|
Remove b8 from version number. |
|
[5adc4dcec061] |
|
|
|
* src/ttyname.c: |
|
remove some XXX |
|
[187579a5f593] |
|
|
|
* src/ttyname.c: |
|
When looking for a device match, do a breadth-first search instead |
|
of depth-first. We already special case /dev/pts/ so chances are |
|
good that if it is not a pseudo-tty it is in the base of /dev/. Also |
|
avoid a stat(2) when possible if struct dirent has d_type. |
|
[0183f8a1b278] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod, |
|
src/sudo.c, src/sudo.h: |
|
Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list. |
|
[f0574d878491] |
|
|
|
* src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo, |
|
src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo, |
|
src/po/vi.mo: |
|
sync with translationproject.org |
|
[4527ea78fbd5] |
|
|
|
* MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po, |
|
src/po/hr.mo, src/po/hr.po: |
|
New Croatian and Galician translations from translationproject.org |
|
[ad4bd924b4de] |
|
|
|
* src/ttyname.c: |
|
Add depth-first traversal of /dev/ for the /proc case when not |
|
/dev/pts/N |
|
[499bd3456774] |
|
|
|
* config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c: |
|
If struct dirent has d_type, use it to avoid an extra stat(). |
|
[741dabbe4bcd] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Sort output of "sudoreplay -l" |
|
[c0615795bd4b] |
|
|
|
2012-04-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Fix duplicate free introduced in last rev |
|
[efdaabe69d75] |
|
|
|
2012-04-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Instead of treating ^C from tgetpass() specially, always return |
|
AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL |
|
like PAM_AUTH_ERR which Mac OS X returns this when there is no tty. |
|
[a3b17298d4d0] |
|
|
|
* config.h.in, configure, configure.in, src/ttyname.c: |
|
Rototill code to determine the tty. For Linux, we now look up the |
|
tty device in /proc/pid/stat instead of trying to open |
|
/proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given |
|
device number to a string. On BSD, we can use devname(). On Solaris, |
|
_ttyname_dev() does what we want. TODO: write /dev/ traversal code |
|
for the generic sudo_ttyname_dev(). |
|
[6b22be4d09f0] |
|
|
|
2012-04-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/ttyname.c: |
|
Define PRNODEV for those w/o it. |
|
[f17290e64559] |
|
|
|
* config.h.in, configure, configure.in, src/ttyname.c: |
|
Check for SVR4-style struct psinfo.pr_ttydev and use that to |
|
determine the tty if std{in,out,err} are not ttys. |
|
[76ad33a91f4b] |
|
|
|
* src/ttyname.c: |
|
Better support for SVR4-style /proc entries where we can't use |
|
ttyname() on the /proc/pid/fd/[0-2] entries. We can, however, |
|
attempt to map the device number back to the correct pseudo-tty |
|
slave device. |
|
[4f9f48cc79eb] |
|
|
|
* src/ttyname.c: |
|
When trying to determine the tty name, check parent's stderr in |
|
addition to its stdin and stdout. |
|
[604644056c7d] |
|
|
|
* src/exec_pty.c: |
|
Treat a tty read failure like EOF as it usually means the pty has |
|
gone away. Handle write() on the tty returning EIO. |
|
[16957f4a706f] |
|
|
|
* src/exec.c, src/exec_pty.c: |
|
Linux select() may return ENOMEM if there is a kernel resource |
|
shortage. Older Solaris select() may return EIO instead of EBADF |
|
when the tty goes away. If we get an unhandled select() failure, |
|
kill the child and exit cleanly. |
|
[d93940a311ab] |
|
|
|
* src/ttyname.c: |
|
Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might |
|
block in open. |
|
[a9f809d09d52] |
|
|
|
2012-04-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Fix restoration of AIX permissions. |
|
[30c717115988] |
|
|
|
* src/parse_args.c: |
|
Allow the -k flag to be used along with the -i and -s flags. |
|
[0653b17c97f1] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Plug memory leak in parse_logfile() in the error path. |
|
[9cce86fa833b] |
|
|
|
* plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po, |
|
src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po, |
|
src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po, |
|
src/po/zh_CN.mo, src/po/zh_CN.po: |
|
sync with translationproject.org |
|
[14af43d0b170] |
|
|
|
2012-04-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/regress/glob/globtest.c, config.h.in, configure, |
|
configure.in, plugins/sudoers/match.c: |
|
Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the |
|
glob() and fnmatch() results to be consistent. |
|
[4226750d73c2] |
|
|
|
2012-04-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in, |
|
src/ttysize.c: |
|
Move ttysize.c to common so sudoreplay can use it. |
|
[b4a0aa514cd4] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
If I/O log file includes rows + cols, warn if the user's tty is not |
|
big enough. |
|
[b980ef89efff] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Fix printing of TSID in "sudoreplay -l" |
|
[4221e3e108b4] |
|
|
|
* common/sudo_debug.c, include/sudo_debug.h, |
|
plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c, |
|
src/exec_pty.c: |
|
Log the process id in the debug file output. Since we don't want to |
|
keep calling getpid(), stash the value at init time and when we |
|
fork(). |
|
[2782d30c024d] |
|
|
|
* src/exec_pty.c: |
|
Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It |
|
is better to receive EIO from read()/write() than to be suspended |
|
when we don't expect it. Fixes a problem when our terminal is |
|
revoked which can happen when, e.g. our sshd is killed |
|
unceremoniously. Also, only change the value of "alive" from true to |
|
false, never from false to true. It is possible for us to receive |
|
notification of the child having stopped after it is already dead. |
|
This does not mean it has risen from the grave. |
|
[26c9fe8ce0f9] |
|
|
|
* src/exec_pty.c: |
|
Distinguish between signals we received from the parent vs. those |
|
delivered explicitly to the monitor process in debugging info. |
|
[40716cb180e5] |
|
|
|
2012-04-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/check.c: |
|
In Solaris 11, /dev/pts under the "dev" filesystem, not "devices". |
|
Update tty_is_devpts() to match so we can determine when the tty has |
|
been reused. |
|
[2689665df027] |
|
|
|
* common/sudo_debug.c, include/error.h, include/sudo_debug.h: |
|
Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf() |
|
and use a new flag, SUDO_DEBUG_FILENO to specify when to use it. |
|
This allows consumers of sudo_debug_printf() to log that data |
|
without having to specify it manually. |
|
[7c94c4879208] |
|
|
|
* src/exec_pty.c: |
|
Make this compile after last change. |
|
[ee09034f3266] |
|
|
|
* src/exec_pty.c: |
|
Don't try to restore the terminal if we are not the foreground |
|
process. Otherwise, we may be stopped by SIGTTOU when we try to |
|
update the terminal settings when cleaning up. |
|
[c48b24335456] |
|
|
|
* src/exec.c: |
|
If select() return EBADF in the main event loop, one of the ttys |
|
must have gone away so perform any I/O we can and close the bad fds. |
|
[3bc8678c03ce] |
|
|
|
* common/sudo_debug.c, include/error.h, include/sudo_debug.h, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.h, |
|
plugins/sudoers/toke.l: |
|
Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the |
|
function, file and line number in the debug log for warning() and |
|
error(). |
|
[894cd131f11d] |
|
|
|
2012-04-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_debug.c, include/error.h, include/sudo_debug.h, |
|
src/conversation.c: |
|
Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno. |
|
Use this flag when wrapping error() and warning() so the debug |
|
output includes the error string. |
|
[1e2c67adaf1f] |
|
|
|
2012-03-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update for sudo 1.8.5 |
|
[7d2b62b823fe] |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
regen |
|
[718ad9de92cd] |
|
|
|
* doc/CONTRIBUTORS: |
|
sync |
|
[f48013aea641] |
|
|
|
* plugins/sudoers/pwutil.c: |
|
Use ecalloc() |
|
[fabd23c1f271] |
|
|
|
* src/exec_pty.c: |
|
Don't need zero_bytes() after ecalloc() |
|
[1a9d95cd10ef] |
|
|
|
* config.h.in, configure, configure.in, src/sudo_noexec.c: |
|
Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to |
|
sudo_noexec.c. |
|
[cbaa1d4b0f8a] |
|
|
|
* src/utmp.c: |
|
Fix compat setutxent and endutxent macros for systems with |
|
setutent() but not setutxent(). From Gustavo Zacarias |
|
[d7ce622fc5f2] |
|
|
|
2012-03-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure.in: |
|
Add ignore_result definition to AH_BOTTOM |
|
[8d4096838a98] |
|
|
|
* common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c, |
|
src/exec.c, src/exec_pty.c, src/tgetpass.c: |
|
Fix compiler warnings on some platforms and provide a better method |
|
of defeating gcc's warn_unused_result attribute. |
|
[9a8f804fcc75] |
|
|
|
* configure, configure.in: |
|
Fix building the builtin zlib from a build dir. When a zlib dir was |
|
specified, prepend its include path instead of appending so we get |
|
the right zlib headers. |
|
[5f61d591b186] |
|
|
|
* doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h, |
|
zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c, |
|
zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h, |
|
zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in, |
|
zlib/zlib.h, zlib/zutil.c, zlib/zutil.h: |
|
Update zlib to version 1.2.6 |
|
[173c4bc4d4fc] |
|
|
|
2012-03-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* include/missing.h: |
|
g/c __unused which is no longer used |
|
[7ef3f23edcd6] |
|
|
|
* src/env_hooks.c: |
|
Fix compilation if RTLD_NEXT is not defined. |
|
[d5605f468b71] |
|
|
|
* src/po/sr.mo, src/po/sr.po: |
|
sync with translationproject.org |
|
[27d559f7985d] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, |
|
doc/sudoers.man.in: |
|
regen |
|
[f9f63ce478b6] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[59035d82d15a] |
|
|
|
* Makefile.in: |
|
Ignore Project-Id-Version when comparing pot files. |
|
[22feb9ede46b] |
|
|
|
* plugins/sudoers/bsm_audit.c: |
|
Use error() instead of log_fatal() |
|
[54130bda4b50] |
|
|
|
* plugins/sudoers/env.c: |
|
Fix signedness of didvar in env_update_didvar() |
|
[77048a80b3e4] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Quiet a compiler warning on some platforms. |
|
[8fdcaece0400] |
|
|
|
* compat/fnmatch.c: |
|
cast ctype(3) function/macro arguments from char to unsigned char to |
|
avoid potential negative subscripting. |
|
[bdcf7eef21ef] |
|
|
|
* common/setgroups.c: |
|
Quiet a warning on systems where the gids array in setgroups() is |
|
not prototyped as being const, even though it really is. |
|
[fdd758c6302d] |
|
|
|
* src/env_hooks.c: |
|
Quiet a compiler warning on systems where the argument to putenv(3) |
|
is const. |
|
[51bae2193b53] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Undo an incorrect int -> bool conversion. |
|
[b9a4ce320f14] |
|
|
|
* MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, |
|
src/po/sv.mo, src/po/sv.po: |
|
Add Swedish sudo and sudoers translations from |
|
translationproject.org |
|
[f7ce1de9073f] |
|
|
|
* plugins/sudoers/env.c: |
|
No need to preserve ODMDIR on AIX now that we always read |
|
/etc/environment. |
|
[4aa04b2f0125] |
|
|
|
2012-03-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.pod, plugins/sudoers/env.c: |
|
When initializing the environment for env_reset, start out with the |
|
contents of /etc/environment on AIX and login.conf on BSD. |
|
[5717bdc321e2] |
|
|
|
* doc/TROUBLESHOOTING, src/sudo.c: |
|
If we are not running with an effective uid of 0, try to give the |
|
user enough information to debug the problem. |
|
[fa4894896d8a] |
|
|
|
* plugins/sudoers/getdate.c, plugins/sudoers/gram.c: |
|
Quiet a clang-analyzer false positive. |
|
[c4c0c1b9c8b0] |
|
|
|
* src/tgetpass.c: |
|
If there is nothing to read from the askpass program, set errno to |
|
EINTR. This makes the cancel button behave like the user entered ^C |
|
at the password prompt when PAM is used. |
|
[594302cb9caf] |
|
|
|
* src/sudo.h, src/tgetpass.c: |
|
Fetch the value of "askpass" from the sudo conf struct. |
|
[4593ee8f1bd3] |
|
|
|
* common/sudo_conf.c: |
|
Fix matching of "Path askpass" and "Path noexec" |
|
[4df28d62afb9] |
|
|
|
2012-03-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo.c: |
|
Quiet a clang-analyzer dead store warning. |
|
[dd90bf385a3f] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
If the "timestampowner" user cannot be resolved, use ROOT_UID |
|
instead of exiting with a fatal error. |
|
[8d62aae99715] |
|
|
|
* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c, |
|
plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c, |
|
plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c, |
|
plugins/sudoers/check.c, plugins/sudoers/env.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/logging.h, plugins/sudoers/parse.c, |
|
plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: |
|
Remove the NO_EXIT flag to log_error() and add a log_fatal() |
|
function that exits and is marked no_return. Fixes false positives |
|
from static analyzers and is easier for humans to read too. |
|
[a0fe785c2a3d] |
|
|
|
2012-03-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo, |
|
src/po/eo.po: |
|
sync with translationproject.org |
|
[df5e8777de13] |
|
|
|
2012-03-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/po/da.mo, src/po/da.po: |
|
sync with translationproject.org |
|
[629d99548b78] |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: |
|
sync with translationproject.org |
|
[9d122a2860d6] |
|
|
|
2012-03-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/po/it.mo, src/po/it.po: |
|
sync with translationproject.org |
|
[6397593b15cf] |
|
|
|
* common/sudo_conf.c, plugins/sudoers/alias.c, |
|
plugins/sudoers/defaults.c, plugins/sudoers/env.c, |
|
plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c, |
|
src/load_plugins.c: |
|
Use ecalloc() when allocating structs. |
|
[8b5888868db2] |
|
|
|
* common/alloc.c, include/alloc.h: |
|
Add ecalloc() and commented out recalloc(). Use inline strnlen() |
|
instead of strlen() in estrndup(). |
|
[7fb9aa46c1e0] |
|
|
|
2012-03-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po, |
|
src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po, |
|
src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po, |
|
src/po/zh_CN.mo, src/po/zh_CN.po: |
|
sync with translationproject.org |
|
[45a032c37334] |
|
|
|
2012-03-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Remove unused label |
|
[2660bb0c1313] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod: |
|
Document what changed in each plugin API revision |
|
[59b30a6fc4d1] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Remove bogus optimization that could lead to a double free of the |
|
group list. |
|
[b0bfbd2a83a8] |
|
|
|
2012-03-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/TROUBLESHOOTING: |
|
Expand AIX /etc/security/privcmds entry. |
|
[9f3f072e034e] |
|
|
|
* NEWS: |
|
Update for sudo 1.8.5 |
|
[086049011f25] |
|
|
|
* common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat, |
|
doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat, |
|
doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat, |
|
doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h, |
|
include/sudo_plugin.h, src/load_plugins.c, src/sudo.c, |
|
src/sudo_plugin_int.h: |
|
Rename plugin "args" to "options" |
|
[f25624951bd2] |
|
|
|
* doc/CONTRIBUTORS: |
|
Add Lithuanian and Vietnamese translators |
|
[2b4c075b69e3] |
|
|
|
* Makefile.in: |
|
Ignore comments when comparing new and old pot files. |
|
[f872999347b3] |
|
|
|
* src/Makefile.in: |
|
regen |
|
[c8193b1b11c7] |
|
|
|
* doc/sudo_plugin.cat, doc/sudo_plugin.man.in: |
|
regen |
|
[15e3c17e8a3a] |
|
|
|
* doc/sudo_plugin.pod, include/sudo_plugin.h, |
|
plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, |
|
plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c, |
|
src/sudo.c, src/sudo.h: |
|
Pass a pointer to user_env in to the init_session policy plugin |
|
function so session setup can modify the user environment as needed. |
|
For PAM authentication, merge the PAM environment with the user |
|
environment at init_session time. We no longer need to swap in the |
|
user_env for environ during session init, nor do we need to disable |
|
the env hooks at init_session time. |
|
[3f5277b359d8] |
|
|
|
* plugins/sample/sample_plugin.c: |
|
Add explicit NULL entries for init_session, register_hooks and |
|
deregister_hooks with appropriate comments. |
|
[727a57978b40] |
|
|
|
* compat/pw_dup.c: |
|
Quiet a gcc "used uninitialized in this function" false positive. |
|
[f14b68379ce9] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
We should always call warning() with a format string or a string |
|
literal. In this case, the argument (path) is not user-controlled. |
|
[e9ef51224024] |
|
|
|
2012-03-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/selinux.c: |
|
Include sudo_exec.h for the sudo_execve() prototype. |
|
[769e58065edc] |
|
|
|
* config.h.in, configure, configure.in: |
|
Add check for pam_getenvlist() |
|
[36bde3f26c60] |
|
|
|
* common/sudo_conf.c: |
|
Set args to NULL in default plugin info struct when there is no |
|
Plugin line in sudo.conf. |
|
[93ec67708f01] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[a9287677795c] |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, |
|
doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: |
|
regen |
|
[a242769d7962] |
|
|
|
* configure, configure.in: |
|
Bump version to 1.8.5 |
|
[e8618f0c2505] |
|
|
|
* doc/sudo_plugin.pod: |
|
Document hooks API |
|
[e6ad07d27958] |
|
|
|
2012-03-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris. |
|
[fd72340042d3] |
|
|
|
* include/sudo_plugin.h: |
|
Use sudo_hook_fn_t in struct sudo_hook. |
|
[938f93112d6e] |
|
|
|
* doc/TROUBLESHOOTING: |
|
If cross compiling, --host must include the OS in the tuple. E.g. |
|
--host powerpc-unknown-linux |
|
[b8c010070c1e] |
|
|
|
2012-03-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/parse.c: |
|
Fix bogus int -> bool conversion; tags can have a value of -1. |
|
[e63d6434a303] |
|
|
|
* plugins/sudoers/env.c: |
|
Add env_should_keep() and env_should_delete() wrapper functions to |
|
simplify things a bit and hide the fact that matches_env_check() is |
|
not bool. |
|
[7a03d7a12b50] |
|
|
|
* sudo.pp: |
|
Fix application of debian-specific sudoers mods when building |
|
packages as non-root. |
|
[34bf4c52c425] |
|
|
|
* plugins/sudoers/env.c: |
|
matches_env_check() returns int, not boolean |
|
[0ad915b8d5cb] |
|
|
|
* src/sudo_edit.c: |
|
Fix compilation when seteuid() is not available. |
|
[8a722f998000] |
|
|
|
* src/ttyname.c: |
|
Simply move the free of ki_proc outside the realloc() loop. |
|
[217b786da760] |
|
|
|
* src/ttyname.c: |
|
Bring back the erealloc() for the ENOMEM loop and just zero the |
|
pointer after we free it. |
|
[29a016e45127] |
|
|
|
* src/ttyname.c: |
|
Don't try to erealloc() a potentially freed pointer; Mateusz Guzik |
|
[266e08844065] |
|
|
|
2012-03-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Use normal error path if unable to set sudoers gid. |
|
[01c816918c99] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Make this work again on systems w/o seteuid(). |
|
[2e67f7421e97] |
|
|
|
2012-03-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Fix compilation if no seteuid/setreuid/setresuid available. |
|
[d0b3c1f88eb4] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Better error messages, and added debugging throughout. Fixed |
|
seteuid() version of set_perms()/restore_perms(). Fixed logic bug in |
|
AIX version of restore_perms(). Added checks to avoid changing |
|
uid/gid when we don't have to. Never set gid/uid state to -1, use |
|
the old value instead. |
|
[29188d469b5c] |
|
|
|
* src/exec_pty.c, src/ttyname.c: |
|
Fix format string warning on Solaris with gcc 3.4.3. |
|
[d1eeb6e1dd0f] |
|
|
|
* src/sudo.c: |
|
Always declare environ now that we swap it around unilaterally. |
|
[aaa3e92e7d0d] |
|
|
|
* src/Makefile.in: |
|
Honor LDFLAGS when linking sesh; from Vita Cizek |
|
[498b41438f6e] |
|
|
|
* src/sesh.c: |
|
Include alloc.h for estrdup() prototype; from Vita Cizek |
|
[93203655a320] |
|
|
|
2012-03-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Don't read /etc/environment on Linux when using PAM, PAM should set |
|
the environment variables as needed via pam_env. |
|
[b1ef62cb2d40] |
|
|
|
* INSTALL: |
|
Fix editor goof. |
|
[0c3dd3bb8b57] |
|
|
|
* src/hooks.c, src/sudo.c, src/sudo.h: |
|
Disable environment hooks after we get user_env back to make sure a |
|
plugin can't to modify user_env after we "own" it. This is kind of a |
|
hack but we don't want the init_session plugin function to modify |
|
user_env. |
|
[8e6d119452a5] |
|
|
|
* src/hooks.c, src/sudo.c: |
|
Add support for deregistering hooks. If an I/O log plugin fails to |
|
initialize, deregister its hooks (if any). |
|
[ac00c93900c5] |
|
|
|
2012-03-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers.c, src/sudo.c: |
|
Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook |
|
setenv. |
|
[e75469dd9908] |
|
|
|
* MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in, |
|
compat/setenv.c, compat/unsetenv.c, config.h.in, configure, |
|
configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl, |
|
plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c, |
|
plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c, |
|
src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h, |
|
src/sudo_plugin_int.h: |
|
Initial cut at a hooks implementation. The plugin can register hooks |
|
for getenv, putenv, setenv and unsetenv. This makes it possible for |
|
the plugin to trap changes to the environment made by authentication |
|
methods such as PAM or BSD auth so that such changes are reflected |
|
in the environment passed back to sudo for execve(). |
|
[61cffa06f863] |
|
|
|
2012-03-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, src/po/vi.mo, src/po/vi.po: |
|
Add Vietnamese sudo translation from translationproject.org |
|
[96df426790d5] |
|
|
|
2012-03-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod, |
|
doc/sudoers.pod: |
|
List sudo_noexec.so not noexec.so in the sample sudo.conf |
|
[53844e190ec5] |
|
|
|
* common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod, |
|
doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h, |
|
include/sudo_plugin.h, plugins/sample/sample_plugin.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c, |
|
src/sudo_plugin_int.h: |
|
Add support for plugin args at the end of a Plugin line in |
|
sudo.conf. Bump the minor number accordingly and update the |
|
documentation. A plugin must check the sudo front end's version |
|
before using the plugin_args parameter since it is only supported |
|
for API version 1.2 and higher. |
|
[587f1f819536] |
|
|
|
2012-03-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/Makefile.in: |
|
update depends |
|
[6d2da44e11e5] |
|
|
|
* MANIFEST: |
|
secure_path.c is in common, not compat |
|
[619c4a663dde] |
|
|
|
* configure, configure.in: |
|
Add check for variadic macro support in cpp. |
|
[756854caf675] |
|
|
|
2012-02-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/secure_path.c, common/sudo_conf.c, include/secure_path.h, |
|
plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Add type param to sudo_secure_path() and add sudo_secure_file() and |
|
sudo_secure_dir() wrappers which get by #includedir in sudoers. |
|
[2ec2d3d8df04] |
|
|
|
2012-02-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/visudo.pod, plugins/sudoers/visudo.c: |
|
Check the owner and mode in -c (check) mode unless the -f option is |
|
specified. Previously, the owner and mode were checked on the main |
|
sudoers file when the -s (strict) option was given, but this was not |
|
documented. |
|
[b2d6ee1e547a] |
|
|
|
* config.h.in, configure, configure.in, src/ttyname.c: |
|
Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some versions |
|
of OpenBSD versions that have KERN_PROC2 but not KERN_PROC. |
|
[159f6a50456a] |
|
|
|
2012-02-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS: |
|
Add Eric Lakin for patch in bug #538 |
|
[490c29c234c6] |
|
|
|
* src/exec_pty.c: |
|
Fix typo in safe_close() made while converting to debug framework |
|
that prevented it from actually closing anything. |
|
[a66422a62afd] |
|
|
|
* src/exec_pty.c: |
|
Add some more debugging. |
|
[b5667947dda9] |
|
|
|
* common/Makefile.in, compat/Makefile.in, doc/Makefile.in, |
|
include/Makefile.in: |
|
We need sysconfdir in compat/Makfile to get the proper sudo.conf |
|
path. Add standard prefix and foodir expansion in all Makefiles to |
|
avoid this problem in the future. |
|
[62b6ce4ecae9] |
|
|
|
2012-02-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po: |
|
New Lithuanian sudoers translation from translationproject.org |
|
[10436b649035] |
|
|
|
* plugins/sudoers/po/ja.po: |
|
Update from translationproject.org |
|
[acb8db5f8ef1] |
|
|
|
2012-02-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
When adding gids to the LDAP filter, only add the primary gid once. |
|
This is consistent with the space computation/allocation. From Eric |
|
Lakin |
|
[35d9d99c92c6] |
|
|
|
* doc/TROUBLESHOOTING: |
|
Add entry for AIX enhanced RBAC config. |
|
[5e10b6f8def7] |
|
|
|
* mkpkg: |
|
Target Mac OS X 10.5 when building packages. |
|
[06fce9bbebee] |
|
|
|
2012-02-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/Makefile.in, common/secure_path.c, |
|
common/sudo_conf.c, include/secure_path.h, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c: |
|
Relax the user/group/mode checks on sudoers files. As long as the |
|
file is owned by the right user, not world-writable and not writable |
|
by a group other than the one specified at configure time (gid 0 by |
|
default), the file is considered OK. Note that visudo will still set |
|
the mode to the value specified at configure time. |
|
[241174babfcc] |
|
|
|
2012-02-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Add AIX-specific version of permission setting code to make sure |
|
that the saved uid gets restored properly. |
|
[9a6f5d22c301] |
|
|
|
* config.h.in, configure, configure.in, src/exec_common.c: |
|
Check for LD_PRELOAD variants in configure instead of checkign cpp |
|
symbols. In disable_execute(), compute the length of the new envp |
|
and allocate it once instead of reallocating on demand. Also append |
|
old value of LD_PRELOAD (if any) to the new value. |
|
[680266346917] |
|
|
|
* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: |
|
Fix the description of noexec. |
|
[6a6d142f3c80] |
|
|
|
* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: |
|
The "op" parameter to set_default() must be int, not bool since it |
|
is set to '+' or '-' for list add and subtract. |
|
[8da5b137bea2] |
|
|
|
* sudo.pp: |
|
Make sure sudoers is writable before calling ed script. |
|
[95352ab6336b] |
|
|
|
2012-02-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS, doc/contributors.pod: |
|
Update contributors. Now includes translators and authors of compat |
|
code. |
|
[4fb5b616b50a] |
|
|
|
2012-02-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/po/sudo.pot: |
|
regen |
|
[2c86e2c328fe] |
|
|
|
* pp, sudo.pp: |
|
Build flat packages, not package bundles, on Mac OS X. |
|
[57bda3cd5520] |
|
|
|
2012-02-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Move macos section to be with the other OS-specific sections. |
|
[51423bb2973a] |
|
|
|
* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po: |
|
Sync with translationproject.org |
|
[8ce41cbb8da0] |
|
|
|
* configure, configure.in: |
|
Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS |
|
[fa979aa6fe7d] |
|
|
|
* sudo.pp: |
|
Add Mac OS X support, printing the latest chunk of the NEWS file and |
|
the license text in the installer. |
|
[ffeab72387c0] |
|
|
|
* sudo.pp: |
|
Add explicit file modes that match those used by "make install" |
|
[7eb37242c920] |
|
|
|
* pp: |
|
Sync with upstream for Mac OS X fixes. |
|
[97cba179041e] |
|
|
|
* plugins/sudoers/Makefile.in, src/Makefile.in: |
|
Got back to using "install-sh -M" for files installed as non- |
|
readable by owner. This fixes "make install" as non-root for package |
|
building. |
|
[967804ee77d6] |
|
|
|
2012-02-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, |
|
plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po: |
|
Sync with translationproject.org |
|
[0e53db12039a] |
|
|
|
* Makefile.in, doc/Makefile.in, include/Makefile.in, |
|
plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, |
|
plugins/sudoers/Makefile.in, src/Makefile.in: |
|
Use -m not -M for install-sh for everything except setuid. Install |
|
locale .mo files mode 0444, not 0644. If timedir parent doesn't |
|
exist, use default dir mode, not 0700. |
|
[8b6f64c92090] |
|
|
|
2012-02-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* pp: |
|
Re-sync with upstream; no longer need a local patch. |
|
[97a2c7be5e59] |
|
|
|
* mkpkg: |
|
Add support for building Mac OS X packages. |
|
[94d49ac223a4] |
|
|
|
* pp: |
|
Sync with upstream |
|
[1c97654fc841] |
|
|
|
* src/Makefile.in: |
|
No longer need to define _PATH_SUDO_CONF here. |
|
[2560905b7482] |
|
|
|
* src/exec_common.c: |
|
Fix noexec for Mac OS X. |
|
[b7a744bca2c0] |
|
|
|
2012-02-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/Makefile.in: |
|
Move _PATH_SUDO_CONF override to common to match sudo_debug.c |
|
[f0788972a63a] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
More complete fix for LDR_PRELOAD on AIX. The addition of |
|
set_perm(PERM_ROOT) before calling the nss open functions (needed to |
|
avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective |
|
and then real uid to 0 for PERM_ROOT works around the issue. |
|
[5888eda051af] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[997fe403e219] |
|
|
|
* src/sudo.c: |
|
Set real uid to root before calling sudo_edit() or run_command() so |
|
that the monitor process is owned by root and not by the user. |
|
Otherwise, on AIX at least, the monitor process shows up in ps as |
|
belonging to the user (and can be killed by the user). |
|
[d4772d7d2fc5] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
For PERM_ROOT when using setreuid(), only set the euid to 0 prior to |
|
the call to setuid(0) if the current euid is non-zero. This |
|
effectively restores the state of things prior to rev 7bfeb629fccb. |
|
Fixes a problem on AIX where LDR_PRELOAD was not being honored for |
|
the command being executed. |
|
[b9b40325b4dc] |
|
|
|
* MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in, |
|
include/missing.h, src/sudo.c: |
|
Make a copy of the struct passwd in exec_setup() to make sure |
|
nothing in the policy init modifies it. |
|
[b721261c921f] |
|
|
|
2012-02-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.pod: |
|
update copyright |
|
[f9d229d1f65e] |
|
|
|
* common/sudo_debug.c, include/sudo_debug.h: |
|
g/c now-unused debug subsystems |
|
[8f21726e698f] |
|
|
|
* doc/sudo.pod, doc/sudoers.pod: |
|
Enumerate the debug subsystems used by sudo and sudoers. |
|
[ac4f84293d14] |
|
|
|
2012-02-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod, |
|
include/sudo_conf.h, src/sudo.c: |
|
Normally, sudo disables core dumps while it is running. This |
|
behavior can now be modified at run time with a line in sudo.conf |
|
like "Set disable_coredumps false" |
|
[ad14e0508b0d] |
|
|
|
* NEWS: |
|
Mention Spanish translation |
|
[600f3205bd6e] |
|
|
|
* common/sudo_debug.c: |
|
Make sure we don't try to fall back to using the conversation |
|
function for debugging in the main sudo process if we are unable to |
|
open the debug file. |
|
[ffa329aa908c] |
|
|
|
* MANIFEST, src/po/es.mo, src/po/es.po: |
|
Add sudo Spanish translation from translationproject.org |
|
[c1906654e740] |
|
|
|
2012-02-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/iolog.c: |
|
Better debug subsystem usage |
|
[1a31f115743c] |
|
|
|
* src/sudo.c: |
|
Remove duplicate function prototypes |
|
[ae04b00532eb] |
|
|
|
2012-02-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Error out if user specified --with-pam but we can't find the headers |
|
or library. Also throw an error if the headers are present but the |
|
library is not and vice versa. |
|
[d6bf3e3d0aae] |
|
|
|
2012-01-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Fix the sudoers permission check when the expected sudoers mode is |
|
owner-writable. |
|
[8b0b7e770a22] |
|
|
|
2012-01-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Verify that we can link executables built with -D_FORTIFY_SOURCE |
|
before using it. |
|
[7578215d1a95] |
|
|
|
* src/exec_common.c: |
|
Fix potential off-by-one when making a copy of the environment for |
|
LD_PRELOAD insertion. Fixes bug #534 |
|
[cc699cd551b6] |
|
|
|
* configure, configure.in: |
|
Add rudimentary check for _FORTIFY_SOURCE support by checking for |
|
__sprintf_chk, one of the functions used by gcc to support it. |
|
[a992673d2ef8] |
|
|
|
* compat/stdbool.h, config.h.in, configure, configure.in: |
|
Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves. |
|
[8ba1370884b3] |
|
|
|
2012-01-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen |
|
[1e0b38397705] |
|
|
|
2012-01-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c, src/sudo.c: |
|
The change in 818e82ecbbfc that caused to exit when the monitor dies |
|
created a race condition between the monitor exiting and the status |
|
being read. All we really want to do is make sure that select() |
|
notifies us that there is a status change when the monitor dies |
|
unexpectedly so shutdown the socketpair connected to the monitor for |
|
writing when it dies. That way we can still read the status that is |
|
pending on the socket and select() on Linux will tell us that the fd |
|
is ready. |
|
[7fb5b30ea48d] |
|
|
|
* MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c, |
|
src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, |
|
src/sudo_exec.h: |
|
Refactor disable_execute() and my_execve() into exec_common.c for |
|
use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of |
|
disabling exec in exec_setup(), disable it immediately before |
|
executing the command. Adapted from a diff by Arno Schuring. |
|
[ec4d8b53db6b] |
|
|
|
2012-01-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* aclocal.m4, configure, configure.in: |
|
Add custom version of AC_CHECK_LIB that uses the extra libs in the |
|
cache value name. With this we no longer need to rely on a modified |
|
version of autoconf. |
|
[1c3b1d482d6c] |
|
|
|
2012-01-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Better handling of network functions that need -lsocket -lnsl |
|
[cc386342ec2b] |
|
|
|
* src/sudo.c: |
|
When setting up the execution environment, set groups before |
|
gid/egid like sudo 1.7 did. |
|
[928e1c5fa6c1] |
|
|
|
* configure, configure.in: |
|
Remove "WARNING: unable to find foo() trying -lsocket -lnsl" |
|
[84b23cdf138f] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
For "sudo -g" prepend the specified group ID to the beginning of the |
|
groups list. This matches BSD convention where the effective gid is |
|
the first entry in the group list. This is required on newer FreeBSD |
|
where the effective gid is not tracked separately and thus |
|
setgroups() changes the egid if this convention is not followed. |
|
Fixes bug #532 |
|
[782d6909108b] |
|
|
|
2012-01-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Fix sh warning; use "test" instead of "[" |
|
[c6ee3407f65e] |
|
|
|
* src/exec.c: |
|
When not logging I/O, use a signal handler that only forwards |
|
SIGINT, SIGQUIT and SIGHUP when they are user-generated signals. |
|
Fixes a race in the non-I/O logging path where the command may |
|
receive two keyboard-generated signals; one from the kernel and one |
|
from the sudo process. |
|
[9638684e786a] |
|
|
|
* src/exec.c: |
|
Back out change that put the command in its own pgrp when not |
|
logging I/O. It causes problems with pipelines. |
|
[4fc9c6e1e770] |
|
|
|
2012-01-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/Makefile.in, configure, configure.in: |
|
Only run compat regress tests on compat objects we actually build. |
|
Fixes "make check" in the compat dir for systems that don't |
|
implement character classes in fnmatch() or glob(). Bug #531 |
|
[a7addc305e83] |
|
|
|
2012-01-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: |
|
Update po files from translationproject.org |
|
[5ea066af1356] |
|
|
2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com> |
2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* sudo.pp: |
* sudo.pp: |
Include parent directories in case they don't already exist. This |
Include parent directories in case they don't already exist. This |
fixes a directory permissions problem with the AIX package when the |
fixes a directory permissions problem with the AIX package when the |
/usr/local directories don't already exist. |
/usr/local directories don't already exist. |
|
[a14f783dc827] |
|
|
|
* pp: |
|
sync with git version |
|
[2f79d0543661] |
|
|
|
* common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: |
|
regen dependencies |
|
[24c92ca6c64d] |
|
|
|
* MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c: |
|
Move tty name lookup code to its own file. |
|
[58faf072cbf4] |
|
|
|
2012-01-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update with latest sudo 1.8.4 changes. |
|
[a4ffe4f42528] |
|
|
|
* config.h.in, configure, configure.in: |
|
Remove obsolete template for HAVE_TIMESPEC |
|
[75709007c906] |
|
|
|
* src/sudo.c: |
|
Add a check for devname() returning a fully-qualified pathname. None |
|
of the devname() implementations do this today but you never know |
|
when this might change. |
|
[16813ace38f9] |
|
|
|
2012-01-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo.c: |
|
For "visudo -c" also list include files that were checked when |
|
everything is OK. |
|
[ad6f85b35c9c] |
|
|
|
* src/sudo.c: |
|
The device name returned by devname() does not include the /dev/ |
|
prefix so we need to add it ourselves. |
|
[b55285abb7ed] |
|
|
|
* src/sudo.c: |
|
Add debug warning if KERN_PROC sysctl fails or devname() can't |
|
resolve the tty device to a name. |
|
[b5a23916ba3a] |
|
|
|
* common/sudo_debug.c: |
|
The result of writev() is never checked so just cast to NULL. |
|
[4be4e9b58d5b] |
|
|
|
* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po: |
|
Update Esperanto, Finnish, Polish and Ukrainian translations from |
|
translationproject.org. |
|
[bb91bc6ad7e9] |
|
|
|
2012-01-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure, configure.in, src/sudo.c: |
|
Add support for determining tty via sysctl on other BSD variants. |
|
[fd15f63f719a] |
|
|
|
* configure, configure.in: |
|
Only check for struct kinfo_proc.ki_tdev on systems that support |
|
sysctl. |
|
[109b3f07a39d] |
|
|
|
* src/sudo.c: |
|
For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on |
|
ttyname() of std{in,out,err}. |
|
[95969b70bd68] |
|
|
|
2012-01-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure, configure.in, src/sudo.c: |
|
On newer FreeBSD we can get the parent's tty name via sysctl(). |
|
[3207290501ee] |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Include locale.h |
|
[a602cd0b8c2d] |
|
|
|
* src/sudo.c: |
|
Silence a gcc warning. |
|
[8c6d0e3cd534] |
|
|
|
* plugins/sudoers/bsm_audit.c: |
|
Need to include gettext.h and sudo_debug.h; from John Hein |
|
[447912aa7300] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Initialize the debug framework from the I/O plugin too. |
|
[ce1bf44d96d2] |
|
|
|
2012-01-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Enable debugging via sudo.conf. |
|
[d85669c749d0] |
|
|
|
2012-01-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo.c: |
|
Use SUDO_DEBUG_ALIAS for alias checking functions. |
|
[fb84af30dc76] |
|
|
|
* configure, configure.in: |
|
More complete test for getaddrinfo() that doesn't rely on the |
|
network libraries already being added to LIBS. |
|
[cbaf2369f4f0] |
|
|
|
2012-01-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/aix.c: |
|
Add debug support. |
|
[def1bdf24485] |
|
|
|
* configure, configure.in: |
|
Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least. |
|
[a2ea1c2eac61] |
|
|
|
* compat/getaddrinfo.c: |
|
Include errno.h and missing.h |
|
[7d15e17cc2f2] |
|
|
|
* .hgignore: |
|
ignore doc/varsub |
|
[417f9fc3231b] |
|
|
|
* configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/gram.y, plugins/sudoers/match.c, |
|
plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c, |
|
src/parse_args.c, src/sudo.c, src/sudo.h: |
|
Update copyright year. |
|
[5d0ffc7dd567] |
|
|
|
* NEWS: |
|
Update for sudo 1.8.4 |
|
[841e3eff9844] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen pot files |
|
[c509cb45b66a] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Enable debugging via sudo.conf. |
|
[5087aaee8484] |
|
|
|
* plugins/sudoers/visudo.c: |
|
Enable debugging via sudo.conf. |
|
[04b067c16ed3] |
|
|
|
* plugins/sudoers/visudo.c: |
|
Allow "visudo -c" to work when we only have read-only access to the |
|
sudoers include files. |
|
[d8c6713fe5c1] |
|
|
|
* doc/sudo.pod, doc/visudo.pod: |
|
Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add |
|
HISTORY section in sudo that points to HISTORY file. |
|
[d1f1bcb051c5] |
|
|
|
* doc/sudo.pod, doc/sudo_plugin.pod: |
|
Document Debug setting in sudo.conf and debug_flags in plugin. |
|
[acfc505aa4a9] |
|
|
|
2012-01-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/match.c: |
|
Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a |
|
bug where a pattern like "/usr/*" include /usr/bin/ in the results, |
|
which would be incorrectly be interpreted as if the sudoers file had |
|
specified a directory. From Vitezslav Cizek. |
|
[0cdb6252188c] |
|
|
|
* INSTALL, config.h.in, configure, configure.in, |
|
plugins/sudoers/auth/kerb5.c: |
|
Add --enable-kerb5-instance configure option to allow people using |
|
Kerberos V authentication to use a custom instance. Adapted from a |
|
diff by Michael E Burr. |
|
[e83af8bb7aa7] |
|
|
|
* doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h: |
|
Remove -D debug_level option. |
|
[cbcd05094347] |
|
|
|
* doc/LICENSE: |
|
Update copyright year. |
|
[9f43dd7aa852] |
|
|
|
2012-01-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/visudo.c: |
|
parse_error is now bool, not int |
|
[5ea7fb6fda38] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/parse.c: |
|
Print a more sensible error if yyparse() returns non-zero but |
|
yyerror() was not called. |
|
[d44ec88f1183] |
|
|
|
* plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c, |
|
plugins/sudoers/gram.c: |
|
Replace y.tab.c with the correct filename in #line directives. |
|
[3c84fcb7e959] |
|
|
|
2012-01-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/sudo.c: |
|
When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2} |
|
if the main process's fds 0-2 are not hooked up to a tty. Adapted |
|
from a diff by Zdenek Behan. |
|
[b9dfce12af85] |
|
|
|
* src/exec.c: |
|
When not logging I/O, put command in its own pgrp and make that the |
|
controlling pgrp if the command is in the foreground. Fixes a race |
|
in the non-I/O logging path where the command may receive two |
|
keyboard-generated signals; one from the kernel and one from the |
|
sudo process. |
|
[d0e263ce496c] |
|
|
|
2011-12-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/sudo_edit.c: |
|
Quiet a bogus gcc warning. |
|
[2009669e0608] |
|
|
|
* src/parse_args.c, src/sudo.h: |
|
Fix warnings related to sudo.conf accessors. |
|
[08ddc29ba50b] |
|
|
|
* common/sudo_conf.c, include/sudo_conf.h: |
|
Separate sudo.conf parsing from plugin loading and move the parse |
|
functions into the common lib so that visudo, etc. can use them. |
|
[f1fc659a8079] |
|
|
|
* MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c, |
|
src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h: |
|
Separate sudo.conf parsing from plugin loading and move the parse |
|
functions into the common lib so that visudo, etc. can use them. |
|
[e1f2cf6bd57a] |
|
|
|
* doc/sudoers.pod, plugins/sudoers/def_data.c, |
|
plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, |
|
plugins/sudoers/sudoers.c, src/sudo.c: |
|
Remove support for noexec_file in sudoers and the plugin API |
|
[3e2fd58879b5] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Don't dump interfaces if there are none. |
|
[9081bb4d3e9e] |
|
|
|
* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in: |
|
Add missing %s printf escape to the group_plugin, iolog_dir and |
|
iolog_file descriptions. |
|
[7db03f2b737e] |
|
|
|
2011-12-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c: |
|
Fix typo in visiblepw description; from Joel Pickett |
|
[2fb4b26d5c2c] |
|
|
|
2011-12-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, configure, configure.in, mkdep.pl, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/env.c, |
|
plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, src/sudo.c: |
|
When running a login shell with a login_class specified, use |
|
LOGIN_SETENV instead of rolling our own login.conf setenv support |
|
since FreeBSD's login.conf has more than just setenv capabilities. |
|
This requires us to swap the plugin-provided envp for the global |
|
environ before calling setusercontext() and then stash the resulting |
|
environ pointer back into the command details, which is kind of a |
|
hack. |
|
[ad4f1190143b] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
If srcdir is "." just use the basename of the yacc/lex file when |
|
generating the C version. This matches the generated files currently |
|
in the repo. |
|
[0b11c3df87a8] |
|
|
|
* doc/Makefile.in, plugins/sudoers/Makefile.in: |
|
Clean up the DEVEL noise |
|
[9de2afe457fd] |
|
|
|
* src/exec.c: |
|
Handle different Unix domain socket (actually socketpair) semantics |
|
in BSD vs. Linux. In BSD if one end of the socketpair goes away |
|
select() returns the fd as readable and the read will fail with |
|
ECONNRESET. This doesn't appear to happen on Linux so if we notice |
|
that the monitor process has died when I/O logging is enabled, |
|
behave like the command has exited. This means we log the wait |
|
status of the monitor, not the command, but there is nothing else we |
|
can do at that point. This should only be an issue if SIGKILL is |
|
sent to the monitor process. |
|
[818e82ecbbfc] |
|
|
|
* src/exec_pty.c: |
|
Catch common signals in the monitor process so they get passed to |
|
the command. Fixes a problem when the entire login session is killed |
|
when ssh is disconnected or the terminal window is closed. |
|
Previously, the monitor would exit and plugin's close method would |
|
not be called. |
|
[0e4658263138] |
|
|
|
* INSTALL, configure, configure.in: |
|
Mention how to configure pam_hpsec on HP-UX to play nicely with |
|
sudo. |
|
[a7294cd8ce98] |
|
|
|
2011-12-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
Escape values in the search expression as per RFC 4515. |
|
[c2adbc5db92b] |
|
|
|
* doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, |
|
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
|
src/Makefile.in: |
|
No need for install target to depend explicitly on install-dirs, the |
|
install-foo targets all depend on it. |
|
[62a36ed98279] |
|
|
|
2011-12-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* .hgignore: |
|
ignore src/sesh |
|
[463d492f6782] |
|
|
|
* MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl, |
|
plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/env.c, |
|
plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, src/Makefile.in: |
|
Add support for setenv entries in login.conf. We can't use |
|
LOGIN_SETENV since the plugin sets up the envp the command is |
|
executed with. Also regen the Makefile.in files while here. Fixes |
|
bug #527 |
|
[088d507926e2] |
|
|
|
2011-12-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h, |
|
config.h.in, configure, configure.in, plugins/sudoers/sudoers.c, |
|
src/net_ifs.c: |
|
Add getaddrinfo() for those without it, written by Russ Allbery |
|
[4cf9ac831222] |
|
|
|
* doc/Makefile.in: |
|
Restore PACKAGE_TARNAME, it is used in docdir |
|
[9d65e893edb1] |
|
|
|
* MANIFEST, compat/stdbool.h: |
|
SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to |
|
the MANIFEST |
|
[e67700dc5621] |
|
|
|
* common/atobool.c, common/term.c, src/exec.c: |
|
Remove duplicate return statements. |
|
[48a20d5215fd] |
|
|
|
* plugins/sudoers/auth/bsdauth.c: |
|
Remove inaccurate comment |
|
[e7f0265cf657] |
|
|
|
* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c: |
|
Fetch the login class for the user we authenticate specifically when |
|
using BSD authentication. That user may have a different login class |
|
than what we will use to run the command. When setting the login |
|
class for the command, use the target user's struct passwd, not the |
|
invoking user's. Fixes bug 526 |
|
[21bf0af892f7] |
|
|
|
* compat/Makefile.in, configure, configure.in, doc/Makefile.in, |
|
plugins/sudoers/Makefile.in: |
|
Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1" |
|
[8ee6e0891f27] |
|
|
|
* plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/regress/parser/check_fill.c: |
|
Fix "make check" fallout from the sudo_conv changes in sudo_debug. |
|
[b0aaa63c9081] |
|
|
|
* common/fileops.c, common/sudo_debug.c, configure, configure.in, |
|
include/fileops.h, plugins/sample/Makefile.in, |
|
plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in, |
|
plugins/sample_group/sample_group.c, plugins/sudoers/alias.c, |
|
plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c, |
|
plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, |
|
plugins/sudoers/env.c, plugins/sudoers/find_path.c, |
|
plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, |
|
plugins/sudoers/ldap.c, plugins/sudoers/match.c, |
|
plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, |
|
plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, |
|
plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.h, |
|
plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, |
|
plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, |
|
src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, |
|
src/sudo_plugin_int.h, src/utmp.c: |
|
Use stdbool.h instead of rolling our own TRUE/FALSE macros. |
|
[dcb0bbc42fc9] |
|
|
|
2011-12-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/stdbool.h, config.h.in, configure, configure.in: |
|
Add stdbool.h for systems without it. |
|
[18bd9dda1dcd] |
|
|
|
* aclocal.m4, config.h.in, configure, configure.in: |
|
No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default |
|
includes have unistd.h in them. Add check for socklen_t for upcoming |
|
getaddrinfo compat. |
|
[d705465bef69] |
|
|
|
* common/fileops.c, compat/nanosleep.c, config.h.in, configure, |
|
configure.in, plugins/sudoers/interfaces.c, |
|
plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c, |
|
plugins/sudoers/sudoreplay.c, src/net_ifs.c: |
|
Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of |
|
HAVE_TIMESPEC and HAVE_IN6_ADDR respectively. |
|
[fa187c9bd2be] |
|
|
|
* src/sudo_noexec.c: |
|
No longer need to include time.h here as missing.h does not use |
|
time_t. |
|
[fa3a089bf5b1] |
|
|
|
2011-11-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo.c: |
|
Fix mode on sudoers as needed when the -f option is not specified. |
|
[7a1c40b0dc03] |
|
|
|
* MANIFEST, src/po/sr.mo, src/po/sr.po: |
|
Add Serbian translation for sudo from translationproject.org |
|
[9a0c25e25cba] |
|
|
|
* common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c, |
|
src/parse_args.c: |
|
No longer pass debug_file to plugin, plugins must now use |
|
CONV_DEBUG_MSG |
|
[810cda1abb0b] |
|
|
|
* mkpkg: |
|
Build PIE executables for newer Debian and Ubuntu |
|
[1c5f25f8904a] |
|
|
|
* common/sudo_debug.c: |
|
Include time.h for ctime() prototype. |
|
[10090cf3bca1] |
|
|
|
2011-11-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_debug.c, include/sudo_debug.h, src/exec.c, |
|
src/exec_pty.c: |
|
Do not close error pipe or debug fd via closefrom() as we need them |
|
to report an exec error should one occur. |
|
[732f6587fafa] |
|
|
|
* doc/sudoers.ldap.pod: |
|
Document that a sudoUser may now be a group ID. |
|
[2fef46b9d3d3] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Add support for permitting access by group ID in addition to group |
|
name. |
|
[b9450fdf1f69] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Older Netscape LDAP SDKs don't prototype ldapssl_set_strength() |
|
[d62a1e7cff4f] |
|
|
|
* compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE: |
|
Replace UCB fnmatch.c with a non-recursive version written by |
|
William A. Rowe Jr. |
|
[354d3384adb8] |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
Fix typo, return_debug vs. debug_return |
|
[1b522efcbb0d] |
|
|
|
2011-11-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po: |
|
Update Japanese sudoers translation from translationproject.org |
|
[ec0f2beaad36] |
|
|
|
* doc/sudoers.pod: |
|
Make the env_reset descriptions consistent. |
|
[41c056f02688] |
|
|
|
2011-11-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
|
Do multiple expansion when expanding paths to the noexec file, sesh |
|
and the plugin directory. Adapted from a diff by Mike Frysinger |
|
[d7e16c876c66] |
|
|
|
* common/Makefile.in: |
|
regen |
|
[9d729e09c186] |
|
|
|
2011-11-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* .hgignore: |
|
Add ignore file; from Mike Frysinger |
|
[1fa8d52425f8] |
|
|
|
* mkdep.pl: |
|
no longer save old Makefile.in to .old |
|
[378dd2395545] |
|
|
|
* plugins/sudoers/Makefile.in, src/Makefile.in: |
|
regen |
|
[769faf517720] |
|
|
|
* config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4, |
|
m4/ltoptions.m4, m4/ltversion.m4: |
|
Update to libtool 2.4.2 |
|
[9dac78d84b4f] |
|
|
|
2011-11-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers_version.h: |
|
Bump grammar version for #include and #includedir relative path |
|
support. |
|
[82a4f7cd8f71] |
|
|
|
2011-11-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Add support for relative paths in #include and #includedir |
|
[4d6e3bd0c24f] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Fix install-plugin when shared objects are unsupported or disabled. |
|
[cbdd770a7a1b] |
|
|
|
* plugins/sudoers/goodpath.c: |
|
Don't write to sbp if it is NULL |
|
[fc438f8e8570] |
|
|
|
2011-11-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in: |
|
Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set, |
|
only install matching .mo files |
|
[c1dc30ab4ebc] |
|
|
|
2011-11-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c, |
|
plugins/sudoers/sudoers.c, src/conversation.c: |
|
Fix non-dynamic (no dlopen) sudo build. |
|
[b0bd3fa925a3] |
|
|
|
* configure, configure.in: |
|
Don't error out if the user specified --disable-shared |
|
[cf035dd1e5cc] |
|
|
|
* common/sudo_debug.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, |
|
src/conversation.c: |
|
Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to |
|
the debug file. |
|
[640c62f83251] |
|
|
|
* plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, |
|
plugins/sudoers/sudoers.h: |
|
Make sudo_goodpath() return value bolean |
|
[fea2d59a6e55] |
|
|
|
* INSTALL, MANIFEST, configure, configure.in, mkdep.pl, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c: |
|
Remove obsolete securid auth method. |
|
[4e54f860214b] |
|
|
|
* plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, |
|
plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, |
|
plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, |
|
plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, |
|
plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c, |
|
plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, |
|
plugins/sudoers/auth/sudo_auth.h: |
|
Prefix authentication functions with a "sudo_" prefix to avoid |
|
namespace problems. |
|
[581d74063ea1] |
|
|
|
* INSTALL, MANIFEST, config.h.in, configure, configure.in, |
|
doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c, |
|
plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c: |
|
Remove the old Kerberos IV support |
|
[2e4b4a44209d] |
|
|
|
2011-11-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/check.c: |
|
Don't print garbage at the end of the custom lecture. |
|
[44bb788fafaa] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Add lexer tracing as debug@parser |
|
[d850f3f9d414] |
|
|
|
* plugins/sudoers/alias.c, plugins/sudoers/defaults.c, |
|
plugins/sudoers/defaults.h, plugins/sudoers/gram.c, |
|
plugins/sudoers/match.c, plugins/sudoers/parse.c, |
|
plugins/sudoers/regress/parser/check_fill.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, |
|
plugins/sudoers/visudo.c: |
|
Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and |
|
<def_data.h> and not "def_data.h" when generating the parser in a |
|
build dir. |
|
[7da701def753] |
|
|
|
2011-11-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* mkdep.pl, plugins/sudoers/Makefile.in: |
|
Better devdir support in mkdep.pl |
|
[7dcec57bd155] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Add devdir before srcdir in include path and fix up dependecies |
|
accordingly. |
|
[6e9958eca485] |
|
|
|
* plugins/sudoers/alias.c, plugins/sudoers/defaults.c, |
|
plugins/sudoers/defaults.h, plugins/sudoers/match.c, |
|
plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l, |
|
plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: |
|
#include "gram.h" not <gram.h> and "def_data.h" and not |
|
<def_data.h>. |
|
[003bdb078a15] |
|
|
|
* sudo.pp: |
|
Mark libexec files as optional. If we build without shared object |
|
support, libexec is not used. |
|
[4bffcf482219] |
|
|
|
* src/load_plugins.c: |
|
Change Debug sudo.conf setting to take a program name as the first |
|
argument. In the future, this will allow visudo and sudoreplay to |
|
use their own Debug entries. |
|
[cfb8f7e4867c] |
|
|
|
* src/sudo.c: |
|
fix sudo_debug_printf priority |
|
[dcb67e965609] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
add missing debug_return_int |
|
[d88ec450c592] |
|
|
|
2011-11-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_debug.c, include/error.h, include/sudo_debug.h, |
|
plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c: |
|
Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR |
|
[dcee8efc294f] |
|
|
|
* doc/UPGRADE: |
|
Add missing word in HOME security note. |
|
[fd844fdcc1ac] |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Prevent "testsudoers -d username" from trying to malloc(0). |
|
[839126e56e8c] |
|
|
|
2011-11-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/regress/sudoers/test10.in, |
|
plugins/sudoers/regress/sudoers/test10.out.ok, |
|
plugins/sudoers/regress/sudoers/test10.toke.ok, |
|
plugins/sudoers/regress/sudoers/test10.toke.out.ok, |
|
plugins/sudoers/regress/sudoers/test11.in, |
|
plugins/sudoers/regress/sudoers/test11.out.ok, |
|
plugins/sudoers/regress/sudoers/test11.toke.ok, |
|
plugins/sudoers/regress/sudoers/test11.toke.out.ok, |
|
plugins/sudoers/regress/sudoers/test12.in, |
|
plugins/sudoers/regress/sudoers/test12.out.ok, |
|
plugins/sudoers/regress/sudoers/test12.toke.ok, |
|
plugins/sudoers/regress/sudoers/test13.in, |
|
plugins/sudoers/regress/sudoers/test13.out.ok, |
|
plugins/sudoers/regress/sudoers/test13.toke.ok, |
|
plugins/sudoers/regress/sudoers/test9.in, |
|
plugins/sudoers/regress/sudoers/test9.out.ok, |
|
plugins/sudoers/regress/sudoers/test9.toke.ok, |
|
plugins/sudoers/regress/sudoers/test9.toke.out.ok: |
|
Tests for empty sudoers (should parse OK) and syntax errors within a |
|
line (should report correct line number) both with and without the |
|
trailing newline. |
|
[d57c879c4718] |
|
|
|
* plugins/sudoers/regress/sudoers/test4.out.ok, |
|
plugins/sudoers/regress/sudoers/test5.out.ok, |
|
plugins/sudoers/regress/sudoers/test7.out.ok, |
|
plugins/sudoers/regress/sudoers/test8.out.ok, |
|
plugins/sudoers/testsudoers.c: |
|
Print line number when there is a parser error. |
|
[5444ef6ac6dc] |
|
|
|
2011-11-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Keep track of the last token returned. On error, if the last token |
|
was COMMENT, decrement sudolineno since the error most likely |
|
occurred on the preceding line. Previously we always uses |
|
sudolineno-1 which will give the wrong line number for errors within |
|
a line. |
|
[d661a03a64da] |
|
|
|
2011-11-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
update with sudo 1.8.3p1 info |
|
[0f79ff31f602] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Fix crash when "sudo -g group -i" is run. Fixes bug 521 |
|
[a3087ae337c4] |
|
|
|
2011-10-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo.c: |
|
Make alias_remove_recursive() return TRUE/FALSE as its callers |
|
expect and remove two unused arguments. Fixes bug 519. |
|
[2ee3b2882844] |
|
|
|
* plugins/sudoers/regress/visudo/test1.out.ok, |
|
plugins/sudoers/regress/visudo/test1.sh: |
|
Add regress test for bugzilla 519 |
|
[48000ebedf97] |
|
|
|
* plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/regress/parser/check_fill.c: |
|
Disable warning/error wrapping in regress tests. |
|
[373c589ba561] |
|
|
2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in: |
|
Do compile-po as part of sync-po so that the .mo files get rebuild |
|
automatically when we sync with translationproject.org |
|
[83f3cbfc2f33] |
|
|
* plugins/sudoers/Makefile.in: |
* plugins/sudoers/Makefile.in: |
check_addr needs to link with the network libraries on Solaris |
check_addr needs to link with the network libraries on Solaris |
[322bd70e316e] |
[322bd70e316e] |
Line 29
|
Line 8808
|
process. Fixes a crash in the monitor on Solaris; bugzilla #518 |
process. Fixes a crash in the monitor on Solaris; bugzilla #518 |
[e82809f86fb3] |
[e82809f86fb3] |
|
|
2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com> | 2011-10-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* .hgtags: | * src/exec.c: |
Added tag SUDO_1_8_3 for changeset 82bec4d3a203 | Get rid of done: label. If the child exits we still need to close |
[6c953ef6f577] <1.8> | the pty, update utmp and restore the SELinux tty context. |
| [cc127bf48405] |
|
|
* Update Japanese sudoers translation from translationproject.org | 2011-10-22 Todd C. Miller <Todd.Miller@courtesan.com> |
[82bec4d3a203] [SUDO_1_8_3] <1.8> | |
|
|
|
* common/Makefile.in, common/atobool.c, common/fileops.c, |
|
common/fmt_string.c, common/lbuf.c, common/list.c, |
|
common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/alias.c, plugins/sudoers/audit.c, |
|
plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c, |
|
plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c, |
|
plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, |
|
plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, |
|
plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c, |
|
plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c, |
|
plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c, |
|
plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c, |
|
plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, |
|
plugins/sudoers/defaults.c, plugins/sudoers/env.c, |
|
plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c, |
|
plugins/sudoers/goodpath.c, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, |
|
plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, |
|
plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/logwrap.c, plugins/sudoers/match.c, |
|
plugins/sudoers/match_addr.c, plugins/sudoers/parse.c, |
|
plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c, |
|
plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.h, |
|
plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, |
|
src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c, |
|
src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c, |
|
src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, |
|
src/tgetpass.c, src/ttysize.c, src/utmp.c: |
|
Add debug_decl/debug_return (almost) everywhere. Remove old |
|
sudo_debug() and convert users to sudo_debug_printf(). |
|
[8f3bbf907b67] |
|
|
|
* common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/visudo.c, src/error.c: |
|
Wrap error/errorx and warning/warningx functions with debug |
|
statements. Disable wrapping for standalone sudoers programs as well |
|
as memory allocation functions (to avoid infinite recursion). |
|
[562ed7b5ae8d] |
|
|
|
* README, config.h.in, configure, configure.in: |
|
Add checks for __func__ and __FUNCTION__ and mention that we now |
|
require a cpp that supports variadic macros. |
|
[314cfe4c5d23] |
|
|
|
* MANIFEST, common/Makefile.in, common/sudo_debug.c, |
|
include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c, |
|
src/load_plugins.c, src/parse_args.c, src/sudo.c, |
|
src/sudo_plugin_int.h: |
|
New debug framework for sudo and plugins using /etc/sudo.conf that |
|
also supports function call tracing. |
|
[cded741e9f10] |
|
|
|
2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po: |
|
Update Japanese sudoers translation from translationproject.org |
|
[c24725775e32] |
|
|
2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Override and ignore the --disable-static option. Sudo already runs |
Override and ignore the --disable-static option. Sudo already runs |
libtool with -tag=disable-static where applicable and we need non- |
libtool with -tag=disable-static where applicable and we need non- |
PIC objects to build the executables. |
PIC objects to build the executables. |
[dff177464029] <1.8> | [aff1227b853a] |
|
|
2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* NEWS: |
* NEWS: |
Add sudoedit fix |
Add sudoedit fix |
[3238dc7e4fb2] <1.8> | [74655c7ccad1] |
|
|
* plugins/sudoers/po/sudoers.pot: |
* plugins/sudoers/po/sudoers.pot: |
regen pot files |
regen pot files |
[7981d6cbf1ab] <1.8> | [28d89a831ed3] |
|
|
* Ignore set_logname (which is now the default) for sudoedit since we | * plugins/sudoers/env.c: |
| Ignore set_logname (which is now the default) for sudoedit since we |
want the LOGNAME, USER and USERNAME environment variables to refer |
want the LOGNAME, USER and USERNAME environment variables to refer |
to the calling user since that is who the editor runs as. This |
to the calling user since that is who the editor runs as. This |
allows the editor to find the user's startup files. Fixes bugzilla |
allows the editor to find the user's startup files. Fixes bugzilla |
#515 |
#515 |
[3b9486e5fddb] <1.8> | [6c5dddf5ff05] |
|
|
* Instead of trying to grow the buffer in make_grlist_item(), simply | * plugins/sudoers/pwutil.c: |
| Instead of trying to grow the buffer in make_grlist_item(), simply |
increase the total length, free the old buffer and allocate a new |
increase the total length, free the old buffer and allocate a new |
one. This is less error prone and saves us from having to adjust | one. This is less error prone and saves us from having to adjust all |
all the pointers in the buffer. This code path is only taken when | the pointers in the buffer. This code path is only taken when there |
there are groups longer than the length of the user field in struct | are groups longer than the length of the user field in struct utmp |
utmp or utmpx, which should be quite rare. | or utmpx, which should be quite rare. |
[cb7c5ac834b5] <1.8> | [5587dc8cffaf] |
|
|
* Add Italian translation for sudo from translationproject.org | * src/po/it.mo: |
[c7876fccbc38] <1.8> | Add Italian translation for sudo from translationproject.org |
| [1b3dd886e7e3] |
|
|
* NEWS: | * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, |
| src/po/ja.mo, src/po/ja.po: |
Japanese translation for sudo and sudoers from |
Japanese translation for sudo and sudoers from |
translationproject.org |
translationproject.org |
[9945a3ef7ff7] <1.8> | [c06dd866be6e] |
|
|
2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* sudoreplay depends on timestr.lo too; from Mike Frysinger | * plugins/sudoers/Makefile.in: |
[ad9ae493205f] <1.8> | sudoreplay depends on timestr.lo too; from Mike Frysinger |
| [b9e73214b2f1] |
|
|
2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* plugins/sudoers/po/sudoers.pot: |
* plugins/sudoers/po/sudoers.pot: |
Regen sudoers pot file. |
Regen sudoers pot file. |
[2c4d99361994] <1.8> | [019588bafdb3] |
|
|
* NEWS: |
* NEWS: |
Update with latest sudo 1.8.3 news |
Update with latest sudo 1.8.3 news |
[4e7f59d339d4] <1.8> | [6868042a88e9] |
|
|
* ldap_start_tls_s() on Debian (at least) sets the effective and saved | * plugins/sudoers/sudoers.c: |
uids to the same value as the real uid. This prevents sudo from | It appears that LDAP or NSS may modify the euid so we need to be |
setting the uid or gid later on. As a workaround, we now set perms | root for the open(). We restore the old perms at the end of |
to root during sudoers_policy_open(). | sudoers_policy_open(). |
[eb4c4f15833a] <1.8> | [2da67a5497ef] |
|
|
* Better warning message on setuid() failure for the setreuid() | * plugins/sudoers/set_perms.c: |
| Better warning message on setuid() failure for the setreuid() |
version of set_perms(). |
version of set_perms(). |
[308c72f601e4] <1.8> | [07abcfe7bd9a] |
|
|
2011-10-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Combine new translations in NEWS item |
|
[0aa07471a5e6] <1.8> |
|
|
|
2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Delref auth_pw at the end of check_user() instead of getting a ref | * plugins/sudoers/check.c: |
| Delref auth_pw at the end of check_user() instead of getting a ref |
twice. |
twice. |
[1c882f2fb46c] <1.8> | [cb665f55e6a5] |
|
|
* Make sudo_auth_{init,cleanup} return TRUE on success and check for | * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c: |
| Make sudo_auth_{init,cleanup} return TRUE on success and check for |
sudo_auth_init() return value in check_user(). |
sudo_auth_init() return value in check_user(). |
[573bf35ecac9] <1.8> | [92631c919356] |
|
|
* Do not return without restoring permissions. | * plugins/sudoers/auth/sudo_auth.c: |
[2444a0b96469] <1.8> | Do not return without restoring permissions. |
| [59ef40b6696a] |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
regen pot files |
regen pot files |
[d286bce8dbb1] <1.8> | [9f320a340b7c] |
|
|
* NEWS: | * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c, |
Update for latest release candidate | plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c, |
[63d184ba6263] <1.8> | plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c, |
| plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c, |
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: | plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, |
regen pot files | plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h, |
[ac3ec1315df7] <1.8> | plugins/sudoers/check.c, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoers.h: |
* Modify the authentication API such that the init and cleanup | Modify the authentication API such that the init and cleanup |
functions are always called, regardless of whether or not we are |
functions are always called, regardless of whether or not we are |
going to verify a password. This is needed for proper PAM session |
going to verify a password. This is needed for proper PAM session |
support. |
support. |
[ea281ca46d94] <1.8> | [19a53f3fb596] |
|
|
* Add missing dependency for getspwgen other depends. | * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: |
[9c124272910d] <1.8> | Add missing dependency for getspwuid.lo and regen other depends. |
| [f7f70eae819a] |
|
|
* Fix a PAM_USER mismatch in session open/close. We update PAM_USER | * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, |
to the target user immediately before setting resource limits, which | plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c: |
is after the monitor process has forked (so it has the old value). | Fix a PAM_USER mismatch in session open/close. We update PAM_USER to |
| the target user immediately before setting resource limits, which is |
| after the monitor process has forked (so it has the old value). |
Also, if the user did not authenticate, there is no pamh in the |
Also, if the user did not authenticate, there is no pamh in the |
monitor so we need to init pam here too. This means we end up |
monitor so we need to init pam here too. This means we end up |
calling pam_start() twice, which should be fixed, but at least the |
calling pam_start() twice, which should be fixed, but at least the |
session is always properly closed now. |
session is always properly closed now. |
[d0866ee5f190] <1.8> | [fbc063a2a872] |
|
|
* Add check for old being NULL in utmp_setid(); from Steven McDonald | * src/utmp.c: |
[30cc283ac2b4] <1.8> | Add check for old being NULL in utmp_setid(); from Steven McDonald |
| [e87126442f2e] |
|
|
2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* If the invoking user cannot be resolved by uid fake the struct | * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoers.h: |
| If the invoking user cannot be resolved by uid fake the struct |
passwd and store it in the cache so we can delref it on exit. |
passwd and store it in the cache so we can delref it on exit. |
[19d44f44d45d] <1.8> | [a27e2f8b9f5e] |
|
|
2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Don't error out if the group plugin cannot be loaded, just warn. | * plugins/sudoers/sudoers.c: |
[e91d9912c9a0] <1.8> | Don't error out if the group plugin cannot be loaded, just warn. |
| [0fbfcd381e33] |
|
|
2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Quiet a false positive found by several static analysis tools. These | * plugins/sudoers/sudoers.c: |
| Quiet a false positive found by several static analysis tools. These |
tools don't know that log_error() does not return (it longjmps to |
tools don't know that log_error() does not return (it longjmps to |
error_jmp which returns to the sudo front-end). |
error_jmp which returns to the sudo front-end). |
[3cc319e31ed6] <1.8> | [33d0469df21b] |
|
|
2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add Italian translation for sudo from translationproject.org Regen | * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo, |
| plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo, |
| plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po: |
| Add Italian translation for sudo from translationproject.org Regen |
.mo files |
.mo files |
[c0b27f9d7e57] <1.8> | [c3c888a82be6] |
|
|
* .hgtags: |
|
Added tag SUDO_1_8_2 for changeset 3682e51af1d0 |
|
[f0be566e9ea2] <1.8> |
|
|
|
2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Update to current reality and add bit about ssh auth | * doc/TROUBLESHOOTING: |
[48dcb86ce9be] <1.8> | Update to current reality and add bit about ssh auth |
| [184a1e7c2eeb] |
|
|
* Make "verbose" static; fixes a namespace clash with | * plugins/sudoers/gram.c, plugins/sudoers/gram.y: |
| Make "verbose" static; fixes a namespace clash with |
pam_ssh_agent_auth (and it doesn't need to be extern these days). |
pam_ssh_agent_auth (and it doesn't need to be extern these days). |
[b60fdd82de94] <1.8> | [cc38d2eb2f4c] |
|
|
* configure, configure.in: | * config.h.in, configure, configure.in, src/get_pty.c: |
FreeBSD has libutil.h not util.h |
FreeBSD has libutil.h not util.h |
[c03b121e0193] <1.8> | [dab4c94b6d4f] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD |
Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD |
[002e3e0bb173] <1.8> | [41c362f0a92a] |
|
|
* Update po files from translationproject.org | 2011-09-20 Todd C. Miller <Todd.Miller@courtesan.com> |
[2b36af902213] <1.8> | |
|
|
|
* plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po: |
|
Update po files from translationproject.org |
|
[1e99e147c7fa] |
|
|
2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* NEWS: | * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: |
Mention DEREF support | |
[dfeb152f1686] <1.8> | |
| |
* plugins/sudoers/po/sudoers.pot: | |
sync pot files | |
[1fba22e927a3] <1.8> | |
| |
* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: | |
Add support for DEREF in ldap.conf. |
Add support for DEREF in ldap.conf. |
[fe1cf6ad0add] <1.8> | [3c1937a98547] |
|
|
* Makefile.in: |
* Makefile.in: |
install target should depend on ChangeLog too, not just install-doc |
install target should depend on ChangeLog too, not just install-doc |
[f54e2ab633b8] <1.8> | [1a7c83941175] |
|
|
* NEWS, configure.in, doc/sudoers.cat, doc/sudoers.man.in: | * doc/sudoers.pod: |
Only iolog_file (not iolog_dir) supports mktemp-style suffixes. |
Only iolog_file (not iolog_dir) supports mktemp-style suffixes. |
[44a25099594e] <1.8> | [0eca47d60a2c] |
|
|
* configure.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: | * NEWS: |
regen pot files | Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes. |
[e14ee85cf49b] <1.8> | [0501415cc5ff] |
|
|
|
* doc/UPGRADE: |
|
Document group lookup change and possible side effects. |
|
[585743e1ebf7] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Fix some square brackets in case statements that needed to be |
Fix some square brackets in case statements that needed to be |
doubled up. While here, use $OSMAJOR when it makes sense. |
doubled up. While here, use $OSMAJOR when it makes sense. |
[853c6e5f994c] <1.8> | [8973343f4696] |
|
|
* Fix a crash in make_grlist_item() on 64-bit machines with strict | * plugins/sudoers/pwutil.c: |
| Fix a crash in make_grlist_item() on 64-bit machines with strict |
alignment. |
alignment. |
[e877c89ae32f] <1.8> | [c89508c73c46] |
|
|
* Remove list_options() function that is no longer used now that "sudo | * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: |
| Remove list_options() function that is no longer used now that "sudo |
-L" is gone. |
-L" is gone. |
[f31543c80b98] <1.8> | [fcc6a776c135] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Error message if user tries --with-CC |
Error message if user tries --with-CC |
[0ed7558b8924] <1.8> | [ec5b478f813a] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Check for -libmldap too when looking for ldap libs, which is the |
Check for -libmldap too when looking for ldap libs, which is the |
Tivoli Directory Server client library. |
Tivoli Directory Server client library. |
[831e32d1453c] <1.8> | [bb3007a97206] |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
regen pot files for 1.8.3 |
|
[df2fb085cff2] <1.8> |
|
|
|
* NEWS, configure, configure.in, doc/sudo.cat, doc/sudo.man.in, |
|
doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat, |
|
doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, |
|
doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, |
|
doc/visudo.man.in: |
|
Update for version 1.8.3 |
|
[38cf153add0a] <1.8> |
|
|
|
2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Honor NOPASSWD tag for denied commands too. | * plugins/sudoers/parse.c: |
[f473c443ad54] <1.8> | Honor NOPASSWD tag for denied commands too. |
| [8dd92656db92] |
|
|
|
2011-09-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* INSTALL, configure, configure.in: |
* INSTALL, configure, configure.in: |
Remove --with-CC option; it doesn't work correctly now that we use |
Remove --with-CC option; it doesn't work correctly now that we use |
libtool. Users can get the same effect by setting the CC | libtool. Users can get the same effect by setting the CC environment |
environment variable when running configure. | variable when running configure. |
[4f04869d74fd] <1.8> | [ec22bd1a55e0] |
|
|
2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: | * config.h.in, configure, configure.in, plugins/sudoers/visudo.c, |
| src/sudo_edit.c: |
Assume all modern systems support fstat(2). |
Assume all modern systems support fstat(2). |
[0422b19dced3] <1.8> | [6a5a8985f6a0] |
|
|
2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: | * compat/regress/glob/globtest.c, config.h.in, configure, |
| configure.in, include/missing.h, plugins/sudoers/sudoers.h, |
| src/sudo.h, src/sudo_noexec.c: |
Add configure test for missing errno declaration and only declare it |
Add configure test for missing errno declaration and only declare it |
ourselves if it is missing. |
ourselves if it is missing. |
[6d26974f7e16] <1.8> | [456e76c809a2] |
|
|
* Include errno.h before sudo.h to avoid conflicting with the system | * plugins/sudoers/alias.c: |
| Include errno.h before sudo.h to avoid conflicting with the system |
definition of errno. |
definition of errno. |
[8000bdc0968f] <1.8> | [d0b97e392512] |
|
|
2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Only print individual check status when there is a failure. | * plugins/sudoers/regress/parser/check_addr.c: |
[bbdd669e7615] <1.8> | Only print individual check status when there is a failure. |
| [2ac704c91441] |
|
|
* Add calls to setprogname() for test programs. | * plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
[c721f3466a3a] <1.8> | plugins/sudoers/regress/logging/check_wrap.c, |
| plugins/sudoers/regress/parser/check_addr.c: |
| Add calls to setprogname() for test programs. |
| [a8d9b420e826] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Add -Wall and -Werror after all tests so they don't cause failures. |
Add -Wall and -Werror after all tests so they don't cause failures. |
[20d75ce40086] <1.8> | [2661188ff3fa] |
|
|
* Actually run check_addr in the check target | * plugins/sudoers/Makefile.in: |
[dcd96ef0dc57] <1.8> | Actually run check_addr in the check target |
| [0b2778bc86bf] |
|
|
* Split out address matching into its own file and add regression | * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c, |
| plugins/sudoers/match_addr.c, |
| plugins/sudoers/regress/parser/check_addr.c, |
| plugins/sudoers/regress/parser/check_addr.in: |
| Split out address matching into its own file and add regression |
tests for it. |
tests for it. |
[863f28589c24] <1.8> | [12b9a2bf8dba] |
|
|
2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix matching a network number with netmask when the network number | * plugins/sudoers/match.c: |
is not the first address in the CIDR block. | When matching an address with a netmask in sudoers, AND the mask and |
[719942c986e9] <1.8> | addr before checking against the local addresses. |
| [9747bb6d7b1c] |
|
|
2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Don't assume all editors support the +linenumber command line | * plugins/sudoers/match.c: |
| Fix netmask matching. |
| [a3c8f8cc1464] |
| |
| * plugins/sudoers/visudo.c: |
| Don't assume all editors support the +linenumber command line |
argument, use a whitelist of known good editors. |
argument, use a whitelist of known good editors. |
[d8d884af3b05] <1.8> | [21d43a91fd10] |
|
|
2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Silence compiler warnings on Solaris with gcc 3.4.3 | * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c, |
[8047cdb5d6a1] <1.8> | src/exec_pty.c, src/sudo.c: |
| Silence compiler warnings on Solaris with gcc 3.4.3 |
| [da620bae6fdb] |
|
|
* Fix building on RHEL 3 | * mkpkg: |
[6bb0464a7450] <1.8> | Fix building on RHEL 3 |
| [f3227fb2a252] |
|
|
* INSTALL, configure, configure.in: |
* INSTALL, configure, configure.in: |
Add --enable-werror configure option. |
Add --enable-werror configure option. |
[aa40fd459836] <1.8> | [fec2cdb95543] |
|
|
* setgroups() proto lives in grp.h on RHEL4, perhaps others. | * common/setgroups.c: |
[92f98cbaebf0] <1.8> | setgroups() proto lives in grp.h on RHEL4, perhaps others. |
| [de91c0de5a98] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Use PAM by default on AIX 6 and higher. |
Use PAM by default on AIX 6 and higher. |
[7ef53d5ac819] <1.8> | [e16493208e5f] |
|
|
2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add new Esperanto translation from translationproject.org | * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
[109ed683b885] <1.8> | src/po/eo.mo, src/po/eo.po: |
| Add new Esperanto translation from translationproject.org |
| [0d9a59e04c64] |
|
|
2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Quiet an innocuous valgrind warning. | * plugins/sudoers/iolog_path.c: |
[fc453e49f9dd] <1.8> | Quiet an innocuous valgrind warning. |
| [0582b6027161] |
|
|
2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix expansion of strftime() escapes in log_dir and add a regress | * plugins/sudoers/iolog_path.c, |
| plugins/sudoers/regress/iolog_path/data: |
| Fix expansion of strftime() escapes in log_dir and add a regress |
test that exhibited the problem. |
test that exhibited the problem. |
[784e60d21f11] <1.8> | [a5c7c1c4c589] |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: | * plugins/sudoers/Makefile.in: |
Fix "make check" return value. |
Fix "make check" return value. |
[d3608efd8da6] <1.8> | [33b58e175230] |
|
|
2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* plugins/sudoers/po/sudoers.pot: | * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
Regen pot files |
Regen pot files |
[3682e51af1d0] [SUDO_1_8_2] <1.8> | [063841aac19b] |
|
|
* Makefile.in: |
* Makefile.in: |
Fix logic inversion in pot file up to date check. |
Fix logic inversion in pot file up to date check. |
[343dbbca9422] <1.8> | [f6a8ca8654df] |
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudoers.cat, |
|
doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, |
|
doc/visudo.cat, doc/visudo.man.in: |
|
regen docs |
|
[96234478bde2] <1.8> |
|
|
|
2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Add caching for gettext() checks. |
Add caching for gettext() checks. |
[4039d21424c3] <1.8> | [01b7200f6105] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Better handling of libintl header and library mismatch. |
Better handling of libintl header and library mismatch. |
[cc9faee8e486] <1.8> | [9a49b1d4db69] |
|
|
2011-08-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
sync |
|
[73649a44d934] <1.8> |
|
|
|
2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Also check sudoers gid if sudoers is group writable. | * plugins/sudoers/sudoers.c: |
[3d345347f6ac] <1.8> | Also check sudoers gid if sudoers is group writable. |
| [23ef96ca0d33] |
|
|
* NEWS: |
|
Update for 1.8.2 final |
|
[441c22fea363] <1.8> |
|
|
|
2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
If dlopen is present but libtool doesn't find it, error out since it |
If dlopen is present but libtool doesn't find it, error out since it |
probably means that libtool doesn't support the system. |
probably means that libtool doesn't support the system. |
[6fc7c0de4f6d] <1.8> | [a9da0a5f7941] |
|
|
* configure args on the command line should override builtin defaults. | * mkpkg: |
| configure args on the command line should override builtin defaults. |
Disable NLS for non-Linux/Solaris unless explicitly enabled. |
Disable NLS for non-Linux/Solaris unless explicitly enabled. |
[0ef165f892c2] <1.8> | [b2fb05614504] |
|
|
* Fix loop that calls authenticate(). If there was an error message | * plugins/sudoers/auth/aix_auth.c: |
| Fix loop that calls authenticate(). If there was an error message |
from authenticate(), display it. |
from authenticate(), display it. |
[f0686011ff2e] <1.8> | [063a0c4f0b9a] |
|
|
2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: | * m4/libtool.m4, m4/ltversion.m4: |
Update to autoconf 2.68 and libtool 2.4 |
Update to autoconf 2.68 and libtool 2.4 |
[00df5f3647e1] <1.8> | [5a912a6eb67b] |
|
|
* Fix typo; OPT should be OTP | * config.guess, config.sub, configure, configure.in, ltmain.sh: |
[31da1f989740] <1.8> | Update to autoconf 2.68 and libtool 2.4 |
| [931ab56aecf6] |
|
|
* Rename libsudoers convenience library to libparsesudoers to avoid | * doc/sudoers.pod: |
| Fix typo; OPT should be OTP |
| [e97bd2e46544] |
| |
| * plugins/sudoers/Makefile.in: |
| Rename libsudoers convenience library to libparsesudoers to avoid |
libtool confusion. |
libtool confusion. |
[e9ae9d611dd5] <1.8> | [2a89a613f537] |
|
|
2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add Danish sudoers translation from translationproject.org | * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po: |
[fa9cd9758249] <1.8> | Add Danish sudoers translation from translationproject.org |
| [27b96e85eb13] |
|
|
* Add dedicated callback function for runas_default sudoers setting | * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: |
| Add dedicated callback function for runas_default sudoers setting |
that only sets runas_pw if no runas user or group was specified by |
that only sets runas_pw if no runas user or group was specified by |
the user. |
the user. |
[3fb4b18525de] <1.8> | [b8382d8eea34] |
|
|
2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Update Finish, Polish, Russian and Ukrainian translations from | * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
| plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
| plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo, |
| src/po/ru.po: |
| Update Finish, Polish, Russian and Ukrainian translations from |
translationproject.org. |
translationproject.org. |
[0fcd8f6aff0a] <1.8> | [f9339aff664e] |
|
|
* Makefile.in: | * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c, |
| plugins/sudoers/testsudoers.c: |
Go back to using a callback for runas_default to keep runas_pw in |
Go back to using a callback for runas_default to keep runas_pw in |
sync. This is needed to make per-entry runas_default settings work |
sync. This is needed to make per-entry runas_default settings work |
with LDAP-based sudoers. Instead of declaring it a callback in |
with LDAP-based sudoers. Instead of declaring it a callback in |
def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a |
def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a |
bit naughty, but avoids requiring stub functions in visudo and the |
bit naughty, but avoids requiring stub functions in visudo and the |
tests. |
tests. |
[4e8e70832f06] <1.8> | [9aaefb908415] |
|
|
2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
Regen pot files |
|
[ca5c58c599a6] <1.8> |
|
|
|
* Makefile.in: |
* Makefile.in: |
Add check for out of date message catalogs when doing "make dist". |
Add check for out of date message catalogs when doing "make dist". |
[36414e5c762b] <1.8> | [e45a29b612f4] |
|
|
2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: | * configure: |
| regen |
| [d6f9ad26774a] |
| |
| * configure.in: |
Make sure compiler supports static-libgcc before using it. |
Make sure compiler supports static-libgcc before using it. |
[6c98e8809291] <1.8> | [b01bd9566e50] |
|
|
2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc | * src/Makefile.in: |
[a0a3a3fa6470] <1.8> | Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc |
| [c99c7ab3edef] |
|
|
2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add new Russian sudo translation from translationproject.org and | * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo, |
| plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo, |
| plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po, |
| src/po/zh_CN.mo: |
| Add new Russian sudo translation from translationproject.org and |
rebuild the other translation files. |
rebuild the other translation files. |
[e953d7d1ca6d] <1.8> | [e20015459056] |
|
|
2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Update Finish and Polish translations from translationproject.org | * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po: |
[17e408d73c85] <1.8> | Update Finish and Polish translations from translationproject.org |
| [4e3dbba4a1de] |
|
|
* Go back to escaping the command args for "sudo -i" and "sudo -s" | * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c: |
before calling the plugin. Otherwise, spaces in the command args | Go back to escaping the command args for "sudo -i" and "sudo -s" |
are not treated properly. The sudoers plugin will unescape non- | before calling the plugin. Otherwise, spaces in the command args are |
spaces to make matching easier. | not treated properly. The sudoers plugin will unescape non- spaces |
[f666191a4e80] <1.8> | to make matching easier. |
| [dfa2c4636f33] |
|
|
2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix some potential problems found by the clang static analyzer, none | * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c, |
| plugins/sudoers/ldap.c, plugins/sudoers/parse.c, |
| plugins/sudoers/set_perms.c, plugins/sudoers/toke.c, |
| plugins/sudoers/toke.l: |
| Fix some potential problems found by the clang static analyzer, none |
serious. |
serious. |
[c1ab4b940980] <1.8> | [ff64aa74aae6] |
|
|
* Updated Ukranian and Chinese (simplified) po files from | * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po, |
| src/po/zh_CN.po: |
| Updated Ukranian and Chinese (simplified) po files from |
translationproject.org |
translationproject.org |
[792a66672715] <1.8> | [ec792becb48e] |
|
|
2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Updated Polish translation from translationproject.org | * plugins/sudoers/po/pl.po: |
[5f434cc04482] <1.8> | Updated Polish translation from translationproject.org |
| [a3af53cb649c] |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
Rebuild pot files |
Rebuild pot files |
[639230dbd741] <1.8> | [c650524c0f0a] |
|
|
* Don't try to audit failure if the runas user does not exist. We | * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c: |
| Don't try to audit failure if the runas user does not exist. We |
don't have the user's command at this point so there is nothing to |
don't have the user's command at this point so there is nothing to |
audit. Add a NULL check in audit_success() and audit_failure() just |
audit. Add a NULL check in audit_success() and audit_failure() just |
to be on the safe side. |
to be on the safe side. |
[2bfb96a32b00] <1.8> | [2a0007c2022f] |
|
|
* Add -g to CFLAG for PIE builds. | * mkpkg: |
[e4c94977ca4e] <1.8> | Add -g to CFLAG for PIE builds. |
| [32a0a9693c9c] |
|
|
2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Remove fallback to per-group lookup when matching groups in sudoers. | * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoers.h, src/sudo.c: |
| Remove fallback to per-group lookup when matching groups in sudoers. |
The sudo front-end will now use getgrouplist() to get the user's |
The sudo front-end will now use getgrouplist() to get the user's |
list of groups if getgroups() fails or returns zero groups so we |
list of groups if getgroups() fails or returns zero groups so we |
always have a list of the user's groups. For systems with |
always have a list of the user's groups. For systems with |
mbr_check_membership() which support more that NGROUPS_MAX groups |
mbr_check_membership() which support more that NGROUPS_MAX groups |
(Mac OS X), skip the call to getgroups() and use getgrouplist() so |
(Mac OS X), skip the call to getgroups() and use getgrouplist() so |
we get all the groups. |
we get all the groups. |
[168d6d4a386b] <1.8> | [51b3ed8c600b] |
|
|
2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix setgroups() fallback code on EINVAL. | * common/setgroups.c: |
[dd1310945ab3] <1.8> | Fix setgroups() fallback code on EINVAL. |
| [2b6faecd56a4] |
|
|
* Fix two PERM_INITIAL cases that were still using user_gids. | * plugins/sudoers/set_perms.c: |
[d497d0d47a23] <1.8> | Fix two PERM_INITIAL cases that were still using user_gids. |
| [9680bab0acc6] |
|
|
* Add Polish sudo message catalog | * MANIFEST: |
[1a0aa3f9f179] <1.8> | Add Polish sudo message catalog |
| [8bb40c3ba576] |
|
|
* user_group is no longer used, remove it | * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
[379185a76094] <1.8> | user_group is no longer used, remove it |
| [9acede0fe6c5] |
|
|
2011-07-21 Todd C. Miller <Todd.Miller@courtesan.com> | 2011-07-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add Polish translation from translationproject.org | * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po: |
[2e7cdfe4ef41] <1.8> | Add Polish translation from translationproject.org |
| [afac5c638573] |
|
|
* Add a wrapper for setgroups() that trims off extra groups and | * MANIFEST, common/Makefile.in, common/setgroups.c, |
| plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c, |
| src/sudo.h, src/sudo_edit.c: |
| Add a wrapper for setgroups() that trims off extra groups and |
retries if setgroups() fails. Also add some missing addrefs for |
retries if setgroups() fails. Also add some missing addrefs for |
PERM_USER and PERM_FULL_USER. |
PERM_USER and PERM_FULL_USER. |
[bacb4170a510] <1.8> | [224dfd8aae5c] |
|
|
* configure, configure.in: | * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in, |
| configure, configure.in, include/missing.h, mkdep.pl, |
| plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c, |
| plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, |
| plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c: |
Instead of keeping separate groups and gids arrays, create struct |
Instead of keeping separate groups and gids arrays, create struct |
group_info and use it to store both, along with a count for each. |
group_info and use it to store both, along with a count for each. |
Cache group info on a per-user basis using getgrouplist() to get the |
Cache group info on a per-user basis using getgrouplist() to get the |
groups. We no longer need special to special case the user or list |
groups. We no longer need special to special case the user or list |
user for user_in_group() and thus no longer need to reset the groups |
user for user_in_group() and thus no longer need to reset the groups |
list when listing another user. |
list when listing another user. |
[f1d8962821a0] <1.8> | [0ad849a8b2d5] |
|
|
* Don't rely on NULL since we don't include a header for it. | * src/preload.c: |
[ed46286f848b] <1.8> | Don't rely on NULL since we don't include a header for it. |
| [b40937f1890c] |
|
|
* Fix typo | 2011-07-19 Todd C. Miller <Todd.Miller@courtesan.com> |
[a38b8fbb0e70] <1.8> | |
|
|
* Do not shadow global sudo_mode with a local variable in set_cmnd() | * doc/sudoers.pod: |
[8e462ebafea4] <1.8> | Fix typo |
| [c1035360e169] |
|
|
|
2011-07-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoers.c: |
|
Do not shadow global sudo_mode with a local variable in set_cmnd() |
|
[0c72969503ad] |
|
|
2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* bash 2.x doesd not support the -l flag and exits with an error if it | * plugins/sudoers/sudoers.c: |
| bash 2.x doesd not support the -l flag and exits with an error if it |
is specified so use --login instead. This causes an error with bash |
is specified so use --login instead. This causes an error with bash |
1.x (which uses -login instead) but this version is hopefully less |
1.x (which uses -login instead) but this version is hopefully less |
used than 2.x. |
used than 2.x. |
[73020a67b9d5] <1.8> | [5c4c296e30e6] |
|
|
* Add Polish translation from translationproject.org | * src/po/pl.mo, src/po/pl.po: |
[8cac0da9ffb1] <1.8> | Add Polish translation from translationproject.org |
| [48592dd6edcf] |
|
|
2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Make error strings translatable. | * plugins/sudoers/set_perms.c: |
[d1ff594f27b5] <1.8> | Make error strings translatable. |
| [414c5c484768] |
|
|
* Only run configure with --with-pam-login for RHEL 5 and above. | * mkpkg: |
[2f1a0ff5230e] <1.8> | Only run configure with --with-pam-login for RHEL 5 and above. |
| [6c16e4de4026] |
|
|
* Fix typo in summary | * sudo.pp: |
[1e1d7dcae9ab] <1.8> | Fix typo in summary |
| [9ac618c9a749] |
|
|
2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add missing logwrap.c | * plugins/sudoers/logwrap.c: |
[abcd28c194d2] <1.8> | Add missing logwrap.c |
| [c12a413ecc1d] |
|
|
* Split out log file word wrap code into its own file and add unit | * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c, |
tests. Fixes an off-by one in the word wrap when the log line | plugins/sudoers/logging.h, |
length matches loglinelen. | plugins/sudoers/regress/logging/check_wrap.c, |
[0ae1c7aa9ef1] <1.8> | plugins/sudoers/regress/logging/check_wrap.in, |
| plugins/sudoers/regress/logging/check_wrap.out.ok: |
| Split out log file word wrap code into its own file and add unit |
| tests. Fixes an off-by one in the word wrap when the log line length |
| matches loglinelen. |
| [52ed277f6690] |
|
|
2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* For SuSE, only use /usr/lib64 as libexec if generating 64-bit | * mkpkg: |
| For SuSE, only use /usr/lib64 as libexec if generating 64-bit |
binaries. |
binaries. |
[4448fa1c639f] <1.8> | [645ab903cf77] |
|
|
* Fix build error when --without-noexec configure option is used. | * src/load_plugins.c, src/sudo.c: |
[f6bfd748ae45] <1.8> | Fix build error when --without-noexec configure option is used. |
| [b994f7b0d8b4] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX | Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX 5.3 |
5.3 and above. | and above. |
[9d957ae1840d] <1.8> | [c2a6f9b472f3] |
|
|
2011-07-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, doc/UPGRADE: |
|
Document group lookup change and possible side effects. |
|
[fe4b2d2701b2] <1.8> |
|
|
|
2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Resolve the list of gids passed in from the sudo frontend (the | * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c, |
| plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, |
| plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
| Resolve the list of gids passed in from the sudo frontend (the |
result of getgroups()) to names and store both the group names and |
result of getgroups()) to names and store both the group names and |
ids in the sudo_user struct. When matching groups in the sudoers |
ids in the sudo_user struct. When matching groups in the sudoers |
file, match based on the names in the groups list first and only do |
file, match based on the names in the groups list first and only do |
Line 637
|
Line 9559
|
group name (as it is listed in sudoers) instead of id (which we |
group name (as it is listed in sudoers) instead of id (which we |
would have to resolve) we save a lot of group lookups for sudoers |
would have to resolve) we save a lot of group lookups for sudoers |
files with a lot of groups in them. |
files with a lot of groups in them. |
[c10d208bd7e5] <1.8> | [8dc19353f148] |
|
|
2011-06-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Update for 1.8.2rc5 |
|
[f6a3aa2edf7a] <1.8> |
|
|
|
2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Workaround for "sudo -i command" and newer versions of bash which | * plugins/sudoers/sudoers.c: |
| Workaround for "sudo -i command" and newer versions of bash which |
don't go into login mode when -c is specified unless -l is too. |
don't go into login mode when -c is specified unless -l is too. |
[381e74d35006] <1.8> | [9393762b80f3] |
|
|
2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Rewrite logfile word wrapping code to be more straight-forward and | * plugins/sudoers/logging.c: |
| Rewrite logfile word wrapping code to be more straight-forward and |
actually wrap at the correct place. |
actually wrap at the correct place. |
[8a7862d6a82f] <1.8> | [f712a0c90f55] |
|
|
2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* NEWS: | * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c: |
Fix typo | Set use_pty=true in command details when use_pty is set in sudoers. |
[2456ad2ad3e3] <1.8> | |
| |
* NEWS: | |
Mention use_pty bug fix | |
[f4eab5193452] <1.8> | |
| |
* Set use_pty=true in command details when use_pty is set in sudoers. | |
From Ludwig Nussel |
From Ludwig Nussel |
[abaafc5793d9] <1.8> | [8d95a163dfc1] |
|
|
2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Sync Chinese (simplified) PO files from translationproject.org | * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
[a4cf84dd9ddf] <1.8> | src/po/zh_CN.mo, src/po/zh_CN.po: |
| Sync Chinese (simplified) PO files from translationproject.org |
| [acce8eb7be18] |
|
|
2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add Danish translation from translationproject.org and add missing | * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo, |
| plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo: |
| Add Danish translation from translationproject.org and add missing |
Basque mo files. |
Basque mo files. |
[672b88adcc34] <1.8> | [0c22bb21b9c4] |
|
|
* Makefile.in, configure, configure.in: |
* Makefile.in, configure, configure.in: |
No longer need to specify LINGUAS in configure, "make install-nls" |
No longer need to specify LINGUAS in configure, "make install-nls" |
now just installs all the .mo files it finds. |
now just installs all the .mo files it finds. |
[c226a39ece48] <1.8> | [fcd45cf04885] |
|
|
2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Build CONTRIBUTORS from newly-added contributors.pod | * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod: |
[b8871dd293ff] <1.8> | Build CONTRIBUTORS from newly-added contributors.pod |
| [8b192f2720f4] |
|
|
* Rework the wording in the leading paragraph | * doc/CONTRIBUTORS: |
[d8b081dedeb3] <1.8> | Rework the wording in the leading paragraph |
| [312044145cdd] |
|
|
2011-06-16 Todd C. Miller <Todd.Miller@courtesan.com> | 2011-06-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add a CONTRIBUTORS file with the names of folks who have contributed | * MANIFEST, doc/CONTRIBUTORS: |
| Add a CONTRIBUTORS file with the names of folks who have contributed |
code or patches to sudo since I started maintaining it (plus the |
code or patches to sudo since I started maintaining it (plus the |
original authors). |
original authors). |
[8b064e8996af] <1.8> | [b8bdd8b59528] |
|
|
2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Preserve SHELL variable for "sudo -s". Otherwise we can end up with | * plugins/sudoers/env.c: |
| Preserve SHELL variable for "sudo -s". Otherwise we can end up with |
a situation where the SHELL variable and the actual shell being run |
a situation where the SHELL variable and the actual shell being run |
do not match. |
do not match. |
[8f5bb61a8b76] <1.8> | [b8b3974aee3e] |
|
|
2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Only enable Solaris project support when setproject() is present in |
Only enable Solaris project support when setproject() is present in |
libproject. |
libproject. |
[bf370ff3c194] <1.8> | [49ad7857ab89] |
|
|
* Explicitly set mode and owner of /etc/sudoers instead of relying on | * sudo.pp: |
| Explicitly set mode and owner of /etc/sudoers instead of relying on |
"cp -p" to work in the postinstall script. On AIX 6.1 at least the |
"cp -p" to work in the postinstall script. On AIX 6.1 at least the |
postinstall script runs before the final file permissions are set. |
postinstall script runs before the final file permissions are set. |
[7a4a87405349] <1.8> | [e41ffc0212b2] |
|
|
* Refer the user to the "Command Environment" section in description | 2011-06-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * doc/sudo.pod, doc/sudoers.pod: |
| Refer the user to the "Command Environment" section in description |
of sudo's -i option. |
of sudo's -i option. |
[1a063eaf9670] <1.8> | [263cc3be7eef] |
|
|
* Fix typo | * doc/sudo.pod: |
[442c50370c44] <1.8> | Fix typo |
| [35dfac450f4d] |
|
|
* If there is no old dependency for an object file, use the MANIFEST | 2011-06-08 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * mkdep.pl: |
| If there is no old dependency for an object file, use the MANIFEST |
to find its source. |
to find its source. |
[d95c77ad283f] <1.8> | [d15e3b9899f9] |
|
|
* Remove dependency for getgrouplist.lo as we don't ship that source | * compat/Makefile.in: |
| Remove dependency for getgrouplist.lo as we don't ship that source |
file. |
file. |
[bbede77e6256] <1.8> | [312a6d5fe6b0] |
|
|
* Do not declare yyparse() static as the actual function generated by | 2011-06-07 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y: |
| Do not declare yyparse() static as the actual function generated by |
yacc is extern. |
yacc is extern. |
[8e615bd15a4c] <1.8> | [9017b79dcf55] |
|
|
|
2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Makefile.in: |
* Makefile.in: |
Remove locale files in "make uninstall" |
Remove locale files in "make uninstall" |
[9791be90d5ac] <1.8> | [201ff261ecbe] |
|
|
2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com> | * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po, |
| plugins/sudoers/po/uk.po, src/po/eu.po: |
* configure.in: | |
Add Basque translation and sync Finish and Ukranian translations. |
Add Basque translation and sync Finish and Ukranian translations. |
[64af34789164] <1.8> | [66d2c78c8a13] |
|
|
* NEWS: |
|
Update PAM change to reflect latest checkin. |
|
[657cddf2077a] <1.8> |
|
|
|
* configure, configure.in: |
* configure, configure.in: |
FreeBSD no longer needs the main sudo binary to link with -lpam now |
FreeBSD no longer needs the main sudo binary to link with -lpam now |
that plug-ins are loaded with RTLD_GLOBAL. |
that plug-ins are loaded with RTLD_GLOBAL. |
[573a6f4b29af] <1.8> | [96c710df2457] |
|
|
* Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes | * plugins/sudoers/group_plugin.c, src/load_plugins.c: |
| Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes |
problems with pam modules not having access to symbols provided by |
problems with pam modules not having access to symbols provided by |
libpam on some platforms. Affects FreeBSD and SLES 10 at least. |
libpam on some platforms. Affects FreeBSD and SLES 10 at least. |
[4ec864fdba46] <1.8> | [0d016983ec84] |
|
|
* Makefile.in: |
* Makefile.in: |
Move xgettext invocation out of update-po target into update-pot |
Move xgettext invocation out of update-po target into update-pot |
[421ac1a073ea] <1.8> | [19a73c6d017c] |
|
|
2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
Regenerate .pot files for 1.8.2rc2 |
Regenerate .pot files for 1.8.2rc2 |
[d2a891e3d3dd] <1.8> | [c3037f591dd8] |
|
|
* Makefile.in: | * Makefile.in, common/Makefile.in, compat/Makefile.in, |
| doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, |
| plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
| src/Makefile.in, zlib/Makefile.in: |
Move nls targets to the top level Makefile so the paths in the pot |
Move nls targets to the top level Makefile so the paths in the pot |
file are saner |
file are saner |
[6c256cb77f78] <1.8> | [65b9285cd8d9] |
|
|
* NEWS: | * src/po/fi.mo: |
Update 1.8.2 news | Add compiled version of sudo Finish translation |
[17bd04278b04] <1.8> | [8f2405384ea3] |
|
|
* Add compiled version of sudo Finish translation | * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo: |
[ff9d20a02aa0] <1.8> | Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo |
| |
* Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo | |
files |
files |
[60c4f3b3829c] <1.8> | [a165e70fa9ec] |
|
|
* configure, configure.in: | * configure, configure.in, plugins/sudoers/po/fi.po: |
Add Finish translation from translationproject.org |
Add Finish translation from translationproject.org |
[ade788a35521] <1.8> | [4466f8a96ceb] |
|
|
* The group named by exempt_group should not have a % prefix. | 2011-06-03 Todd C. Miller <Todd.Miller@courtesan.com> |
[1f74c691c1e1] <1.8> | |
|
|
* Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin" | * doc/sudoers.pod: |
[58d36c0e76f9] <1.8> | The group named by exempt_group should not have a % prefix. |
| [df084d6b32c8] |
|
|
* Fix compressed io log corruption in background mode by using _exit() | 2011-06-01 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * doc/sudoers.pod: |
| Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin" |
| [5113699a3f8b] |
| |
| 2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * src/exec.c, src/exec_pty.c: |
| Fix compressed io log corruption in background mode by using _exit() |
instead of exit() to avoid flushing buffers twice. |
instead of exit() to avoid flushing buffers twice. |
|
|
Improved background mode support. When not allocating a pty, the |
Improved background mode support. When not allocating a pty, the |
command is run in its own process group. This prevents write access |
command is run in its own process group. This prevents write access |
to the tty. When running in a pty, stdin is not hooked up and we |
to the tty. When running in a pty, stdin is not hooked up and we |
never read from /dev/tty, which results in similar behavior. |
never read from /dev/tty, which results in similar behavior. |
[fe50d6a5c5b9] <1.8> | [87c15149894c] |
|
|
2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com> | * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in: |
| Clean up regress files Generate proper dependencies for regress objs |
* Clean up regress files Generate proper dependencies for regress objs | |
in compat |
in compat |
[264196584549] <1.8> | [88bfc728c1e7] |
|
|
* Add missing dependency for check_fill.o. | * plugins/sudoers/Makefile.in: |
[c41f4e6ff078] <1.8> | Add missing dependency for check_fill.o. |
| [0bd6362e3e17] |
|
|
2011-05-30 Todd C. Miller <Todd.Miller@courtesan.com> | 2011-05-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* INSTALL, configure, configure.in: |
* INSTALL, configure, configure.in: |
Add support for --enable-nls[=location] |
Add support for --enable-nls[=location] |
[0ea8e7bd1739] <1.8> | [b90db44a050f] |
|
|
2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Include gettext.h | * plugins/sudoers/linux_audit.c: |
[fe8bab6403c6] <1.8> | Include gettext.h |
| [7f909a6e48cb] |
|
|
* Quiet gcc warnings. | * plugins/sudoers/ldap.c, plugins/sudoers/parse.c: |
[aa16d09710a7] <1.8> | Quiet gcc warnings. |
| [b41a6cdca583] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Don't install .mo files if gettext was not found. |
Don't install .mo files if gettext was not found. |
[c6b233e829aa] <1.8> | [1397b34cc165] |
|
|
2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Always allocate a pty when running a command in the background but | * src/exec.c: |
| Always allocate a pty when running a command in the background but |
call setsid() after forking to make sure we don't end up with a |
call setsid() after forking to make sure we don't end up with a |
controlling tty. |
controlling tty. |
[77c6b2923714] <1.8> | [b6454ba172e8] |
|
|
* Add missing space between command name and the first command line | * plugins/sudoers/iolog.c: |
| Add missing space between command name and the first command line |
argument. |
argument. |
[d0a36b9c0f38] <1.8> | [fe217f0a36d4] |
|
|
* Quiet a compiler warning on some platforms. | * plugins/sudoers/sudoreplay.c: |
[654e76cf0574] <1.8> | Quiet a compiler warning on some platforms. |
| [de9f2849f236] |
|
|
* README file that directs people to translationproject.org | * plugins/sudoers/po/README, src/po/README: |
[5545e9a5ae37] <1.8> | README file that directs people to translationproject.org |
| [30c0fc323281] |
|
|
* Sync translations with TP | * plugins/sudoers/po/uk.po, src/po/fi.po: |
[b054ce577022] <1.8> | Sync translations with TP |
| [1d7d64559cba] |
|
|
* Makefile.in: |
* Makefile.in: |
Add 'sync-po' target to top-level Makefile to rsync the po files |
Add 'sync-po' target to top-level Makefile to rsync the po files |
from translationproject.org. |
from translationproject.org. |
[87a5011b0410] <1.8> | [20508211aaa3] |
|
|
* install nls files from install target | * plugins/sudoers/Makefile.in: |
[a3feba9ef323] <1.8> | install nls files from install target |
| [5fc07b6cab38] |
|
|
* Makefile.in: | * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp: |
Include .mo files in sudo binary packags. |
Include .mo files in sudo binary packags. |
[bc3ee7e7fb44] <1.8> | [278d4821a916] |
|
|
* configure, configure.in: | * configure, configure.in, plugins/sudoers/po/zh_CN.mo, |
| plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po: |
Add simplified chinese translation |
Add simplified chinese translation |
[c22e6842c766] <1.8> | [2b33ffc755b9] |
|
|
2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: | * configure, configure.in, plugins/sudoers/po/uk.mo, |
| plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po: |
Add ukranian translation |
Add ukranian translation |
[0bb9e6437f0f] <1.8> | [2d8102688e93] |
|
|
* refer to siglist.c, not ./siglist.c since not all makes will treat | * compat/Makefile.in: |
| refer to siglist.c, not ./siglist.c since not all makes will treat |
foo and ./foo the same. |
foo and ./foo the same. |
[909051ff6061] <1.8> | [6639d293ffba] |
|
|
* Set def_preserve_groups before searching for the command when the -P | * plugins/sudoers/sudoers.c: |
| Set def_preserve_groups before searching for the command when the -P |
flag is specified. |
flag is specified. |
[08e9378f50e4] <1.8> | [0edc7942f875] |
|
|
* Makefile.in: | * Makefile.in, compat/Makefile.in, mkdep.pl, |
Add dependency for siglist.lo in compat. This is a generated file | plugins/sudoers/Makefile.in: |
so "make depend" needs to depend on it. | Add dependency for siglist.lo in compat. This is a generated file so |
[e6c0daf36af0] <1.8> | "make depend" needs to depend on it. |
| [28d0932f8b50] |
|
|
* More dependency fixes. | * compat/Makefile.in: |
[7fed03624689] <1.8> | More dependency fixes. |
| [aad0d05cd020] |
|
|
* Fix a few dependencies. | * compat/Makefile.in: |
[7cb86c721961] <1.8> | Fix a few dependencies. |
| [eb21aa35a032] |
|
|
* Place compiled mo files in the src dir, not the build dir. When | * plugins/sudoers/Makefile.in, src/Makefile.in: |
| Place compiled mo files in the src dir, not the build dir. When |
installing compiled mo files, display a status message. |
installing compiled mo files, display a status message. |
[b87aa18a9968] <1.8> | [e15634c29cd3] |
|
|
2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Tivoli Directory Server requires that seconds be present in a | * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: |
| Tivoli Directory Server requires that seconds be present in a |
timestamp, even though RFC 4517 states that they are optional. |
timestamp, even though RFC 4517 states that they are optional. |
[47ebf110ea7a] <1.8> | [55fe23dd4ef9] |
|
|
* Add missing bit of copyright | * plugins/sudoers/sudo_nss.h: |
[d05d28a91bc4] <1.8> | Add missing bit of copyright |
| [d2eba3c364ca] |
|
|
* Mention cycle detection warnings | * doc/visudo.pod: |
[ee8231aa1aed] <1.8> | Mention cycle detection warnings |
| [a76bef15ab67] |
|
|
* When checking aliases, also check the contents of the alias in case | * plugins/sudoers/visudo.c: |
| When checking aliases, also check the contents of the alias in case |
there are problems with an alias that is referenced inside another. |
there are problems with an alias that is referenced inside another. |
Replace the self reference check with real alias cycle detection. |
Replace the self reference check with real alias cycle detection. |
[abcfe1bc95d8] <1.8> | [a66c904cf53b] |
|
|
* Set errno to ELOOP in alias_find() if there is a cycle. Set errno to | * plugins/sudoers/alias.c: |
| Set errno to ELOOP in alias_find() if there is a cycle. Set errno to |
ENOENT in alias_find() and alias_remove() if the entry could not be |
ENOENT in alias_find() and alias_remove() if the entry could not be |
found. |
found. |
[e73d169f4e9b] <1.8> | [b4f0b89e433c] |
|
|
* Increment alias_seqno before calls to alias_remove_recursive() to | * plugins/sudoers/visudo.c: |
| Increment alias_seqno before calls to alias_remove_recursive() to |
avoid false positives with the alias loop detection. Fixes spurious |
avoid false positives with the alias loop detection. Fixes spurious |
warnings about unused aliases when they are nested. |
warnings about unused aliases when they are nested. |
[ac094820ef19] <1.8> | [a344483b8193] |
|
|
* add mkdep.pl | * MANIFEST: |
[3721e9654ba6] <1.8> | add mkdep.pl |
| [86b7ed33eab2] |
|
|
* Add dependency on convenience libs to binaries | * plugins/sudoers/Makefile.in: |
[8a4db8226dfe] <1.8> | Add dependency on convenience libs to binaries |
| [cd3078b3c997] |
|
|
* Makefile.in: |
* Makefile.in: |
mkdep.pl only works when run from the src dir |
mkdep.pl only works when run from the src dir |
[2480427a0680] <1.8> | [f35a5e47c944] |
|
|
* Makefile.in: | * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl, |
| plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, |
| plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: |
Auto-generate Makefile dependencies with a perl script. |
Auto-generate Makefile dependencies with a perl script. |
[ef5f56907d97] <1.8> | [a3e4afcd7975] |
|
|
2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* If the user specifies a runas group via sudo's -g option that | * plugins/sudoers/match.c: |
| If the user specifies a runas group via sudo's -g option that |
matches the runas user's group in the passwd database and that group |
matches the runas user's group in the passwd database and that group |
is not denied in the Runas_Spec, allow it. Thus, if user root's gid |
is not denied in the Runas_Spec, allow it. Thus, if user root's gid |
in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if |
in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if |
no groups are present in the Runas_Spec. |
no groups are present in the Runas_Spec. |
[942e1e7c5090] <1.8> | [e3f9732dc564] |
|
|
2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* NEWS: | * plugins/sudoers/Makefile.in, src/Makefile.in: |
Mention what is new in 1.8.2 (for now) | Add dependencies on gettext.h |
[d44b26eceee5] <1.8> | [a3a9dc51f78b] |
|
|
* Add dependencies on gettext.h | * plugins/sudoers/Makefile.in, src/Makefile.in: |
[32c61c6af852] <1.8> | Fix install-nls target with HP-UX sh when gettext is not present. |
| [0c6b9655cd41] |
|
|
* Fix install-nls target with HP-UX sh when gettext is not present. |
|
[3441cece9638] <1.8> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, |
|
doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: |
|
Regen for sudo 1.8.2 |
|
[9ea124b542cc] <1.8> |
|
|
|
2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: | * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot, |
| src/Makefile.in, src/po/sudo.pot: |
regenerate .pot files for lbuf changes |
regenerate .pot files for lbuf changes |
[a8a9cc62c3a5] <1.8> | [918ded125a0b] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Add missing "checking" message for gettext when using the cache. |
Add missing "checking" message for gettext when using the cache. |
[4136bc346576] <1.8> | [9c21187ad1d2] |
|
|
* Add primitive format string support to the lbuf code to make | * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c, |
| plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c, |
| src/parse_args.c: |
| Add primitive format string support to the lbuf code to make |
translations simpler. |
translations simpler. |
[22fc74618d09] <1.8> | [ee71c7ef5299] |
|
|
* configure, configure.in, plugins/sudoers/po/sudoers.pot, | * MANIFEST, plugins/sudoers/Makefile.in, |
src/po/sudo.pot: | plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot: |
Bump version to 1.8.2 | Add message catalog template files for sudo and the sudoers module. |
[999de1ac5b3e] <1.8> | [f3f8acb1f014] |
|
|
* Add message catalog template files for sudo and the sudoers module. | * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c, |
[6afad75e7afa] <1.8> | config.h.in, configure.in, doc/Makefile.in, include/gettext.h, |
| plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, |
* configure.in: | plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
| plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c, |
| src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h: |
Add gettext.h convenience header. This is similar to but distinct |
Add gettext.h convenience header. This is similar to but distinct |
from the one included with the gettext package. |
from the one included with the gettext package. |
[5ae5a86e0d06] <1.8> | [930a0591f73c] |
|
|
|
2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Add checks for nroff -c and -Tascii flags |
Add checks for nroff -c and -Tascii flags |
[580c21905280] <1.8> | [19ca990b3149] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Add check for HP bundled C Compiler (which cannot create shared |
Add check for HP bundled C Compiler (which cannot create shared |
libs) |
libs) |
[34f616cbb0f3] <1.8> | [517716a7072d] |
|
|
* Fix C format warnings. | * plugins/sudoers/sudoreplay.c: |
[f20a43a817f0] <1.8> | Fix C format warnings. |
| [6514326013fa] |
|
|
* Add __printflike | * include/error.h: |
[76bf8a4bf075] <1.8> | Add __printflike |
| [e1749a30a406] |
|
|
* Translate help / usage strings. | * plugins/sudoers/ldap.c, plugins/sudoers/parse.c, |
[16c5b7902d4c] <1.8> | plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c, |
| plugins/sudoers/visudo.c, src/parse_args.c: |
| Translate help / usage strings. |
| [ee1cc9b1a8bd] |
|
|
* Set --msgid-bugs-address to the bugzilla url | * plugins/sudoers/Makefile.in, src/Makefile.in: |
[3e3cfa7b4ceb] <1.8> | Set --msgid-bugs-address to the bugzilla url |
| [5a0aa250ca21] |
|
|
* INSTALL, Makefile.in, README, configure, configure.in: | * Makefile.in, common/Makefile.in, compat/Makefile.in, configure, |
| configure.in, doc/Makefile.in, include/Makefile.in, |
| plugins/sample/Makefile.in, plugins/sample_group/Makefile.in, |
| plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in: |
Add scaffolding to update .po files and install .mo files. |
Add scaffolding to update .po files and install .mo files. |
[a51e60b35e47] <1.8> | [f05f4eed1fe1] |
|
|
* Minor warning/error cleanup | * doc/license.pod: |
[593144ac87ff] <1.8> | update copyright year |
| [fa0c62523875] |
|
|
* configure.in: | * INSTALL, README: |
| No need to include version number at the top of these files. |
| [9f2981325351] |
| |
| 2011-05-18 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c, |
| plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c, |
| plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c, |
| plugins/sudoers/visudo.c: |
| Minor warning/error cleanup |
| [9236dc85aeab] |
| |
| * config.h.in, configure.in: |
Emulate ngettext for the non-nls case |
Emulate ngettext for the non-nls case |
[7cdf82de4dee] <1.8> | [13571d63fa36] |
|
|
* Do not mark untranslatable strings for translation | * plugins/sudoers/ldap.c: |
[088271ed02d0] <1.8> | Do not mark untranslatable strings for translation |
| [735f5d4413fe] |
|
|
* Use ROOT_UID not 0. | * plugins/sudoers/check.c: |
[f901fa2fdaf2] <1.8> | Use ROOT_UID not 0. |
| [09a268db8da4] |
|
|
* Minor warning/error message cleanup | * plugins/sudoers/check.c, plugins/sudoers/iolog.c, |
[b99c7ef46236] <1.8> | plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c, |
| src/load_plugins.c, src/sudo.c, src/sudo_edit.c: |
| Minor warning/error message cleanup |
| [3c7b1a7939b5] |
|
|
* cannot -> "unable to" in warning/error messages can't -> "unable to" | * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c, |
in warning/error messages | plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, |
[5119140fabc7] <1.8> | plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c, |
| plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c, |
| src/exec_pty.c, src/net_ifs.c, src/selinux.c: |
| cannot -> "unable to" in warning/error messages |
| [31c3897649e9] |
|
|
|
* plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c, |
|
plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c, |
|
src/sudo.c, src/utmp.c: |
|
can't -> "unable to" in warning/error messages |
|
[127b75f15291] |
|
|
* configure, configure.in: |
* configure, configure.in: |
FreeBSD needs the main sudo executable to link with -lpam when |
FreeBSD needs the main sudo executable to link with -lpam when |
loading dynaic pam modules for some reason. |
loading dynaic pam modules for some reason. |
[738b6778a505] <1.8> | [944522cc9bef] |
|
|
* We don't want to translate debugging messages. | 2011-05-17 Todd C. Miller <Todd.Miller@courtesan.com> |
[357a575c2dfd] <1.8> | |
|
|
* configure, configure.in: | * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c: |
| We don't want to translate debugging messages. |
| [56a1a365815a] |
| |
| * configure, configure.in, plugins/sudoers/Makefile.in, |
| plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c, |
| plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
| plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, |
| src/Makefile.in, src/sesh.c, src/sudo.c: |
Add calls to bindtextdomain() and textdomain() Currently there are |
Add calls to bindtextdomain() and textdomain() Currently there are |
two domains, one for the sudo front-end and one for the sudoers |
two domains, one for the sudo front-end and one for the sudoers |
plugin and its associated utilities. |
plugin and its associated utilities. |
[907f39439d80] <1.8> | [0426138f789e] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Fix caching of libc gettext check. |
Fix caching of libc gettext check. |
[e229c21f412f] <1.8> | [942142d2c43a] |
|
|
* Mark defaults descriptions for translation | * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c, |
[65e03d1f8203] <1.8> | plugins/sudoers/mkdefaults: |
| Mark defaults descriptions for translation |
| [5b27f018e6cf] |
|
|
* NEWS: |
* NEWS: |
Update for sudo 1.8.1p2 |
Update for sudo 1.8.1p2 |
[89c31f2aa11e] <1.8> | [747c4dee2ca7] |
|
|
* Quiet compiler warning when SELinux is enabled. | 2011-05-16 Todd C. Miller <Todd.Miller@courtesan.com> |
[51b1d7c8aa86] <1.8> | |
|
|
* dd missing includes of libintl.h. | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
[25662143d36d] <1.8> | Quiet compiler warning when SELinux is enabled. |
| [1fbf77dda240] |
|
|
* Fix gettext marker. | * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c, |
[7618856ba5de] <1.8> | src/error.c, src/net_ifs.c, src/sesh.c: |
| Add missing includes of libintl.h. |
| [bc1d66316082] |
|
|
* Include libint.h where needed. | * plugins/sudoers/auth/pam.c: |
[cc256b297b9d] <1.8> | Fix gettext marker. |
| [a5cf4ed66c66] |
|
|
* Prepare sudoers module messages for translation. | * common/aix.c, common/alloc.c, compat/strsignal.c, |
[1b7f0bbaa55f] <1.8> | plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h: |
| Include libint.h where needed. |
| [2b0e5a663c7b] |
|
|
* Only check gid of sudoers file if it is group-readable. | * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c, |
[f3cae943f35a] <1.8> | plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c, |
| plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c, |
| plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, |
| plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c, |
| plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c, |
| plugins/sudoers/defaults.c, plugins/sudoers/env.c, |
| plugins/sudoers/find_path.c, plugins/sudoers/gram.c, |
| plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c, |
| plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c, |
| plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c, |
| plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c, |
| plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c, |
| plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, |
| plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, |
| plugins/sudoers/toke.c, plugins/sudoers/toke.l, |
| plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c: |
| Prepare sudoers module messages for translation. |
| [7212ae1909c5] |
|
|
* For AIX, keep calling authenticate() until reenter reaches 0. | * plugins/sudoers/sudoers.c: |
[e412676bac73] <1.8> | Only check gid of sudoers file if it is group-readable. |
| [50e3bc0cb242] |
|
|
|
* plugins/sudoers/auth/aix_auth.c: |
|
For AIX, keep calling authenticate() until reenter reaches 0. |
|
[e240815b74b1] |
|
|
|
2011-05-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Cache the status of the initial gettext() check. |
Cache the status of the initial gettext() check. |
[c32281768c0f] <1.8> | [32751ebe1704] |
|
|
* INSTALL, configure, configure.in: |
* INSTALL, configure, configure.in: |
Add --disable-nls flag and improve checks for gettext. |
Add --disable-nls flag and improve checks for gettext. |
[b39674c1e538] <1.8> | [c7e6b17052de] |
|
|
* configure, configure.in: |
* configure, configure.in: |
When building with gcc on HP-UX, use -march=1.1 to produce portable |
When building with gcc on HP-UX, use -march=1.1 to produce portable |
binaries on a pa-risc2 host. Previously, the +Dportable option was |
binaries on a pa-risc2 host. Previously, the +Dportable option was |
used for the HP-UX C compiler but gcc always produced native |
used for the HP-UX C compiler but gcc always produced native |
binaries. |
binaries. |
[41351c23ad41] <1.8> | [8f4c749324d7] |
|
|
* Prepare sudo front end messages for translation. | 2011-05-06 Todd C. Miller <Todd.Miller@courtesan.com> |
[7807d6f74dac] <1.8> | |
|
|
* configure, configure.in: | * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c, |
Add initial scaffolding to support localization via gettext() | src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c, |
[cdbbff7e6376] <1.8> | src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c, |
| src/sudo_edit.c, src/tgetpass.c, src/utmp.c: |
| Prepare sudo front end messages for translation. |
| [2fc2fabceccb] |
|
|
2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/license.pod: |
|
update copyright year |
|
[d681661f03cc] <1.8> |
|
|
|
* INSTALL, README: |
|
No need to include version number at the top of these files. |
|
[7e11f673f773] <1.8> |
|
|
|
* README: |
|
This is sudo 1.8.1 not 1.8.0 |
|
[4d674f230d8a] <1.8> |
|
|
|
2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Don't let the fnmatch/glob macros expand the function prototype. | * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c: |
[d449e9a8f447] <1.8> | Add initial scaffolding to support localization via gettext() |
| [7d47b59fcf95] |
|
|
|
* compat/fnmatch.h, compat/glob.h: |
|
Don't let the fnmatch/glob macros expand the function prototype. |
|
[a9014aa0288e] |
|
|
2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Resolve namespace collisions on HP-UX ia64 and possibly others by | * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h: |
| Resolve namespace collisions on HP-UX ia64 and possibly others by |
adding a rpl_ prefix to our fnmatch and glob replacements and |
adding a rpl_ prefix to our fnmatch and glob replacements and |
#defining rpl_foo to foo in the header files. |
#defining rpl_foo to foo in the header files. |
[d23889375b21] <1.8> | [caa9b690a15d] |
|
|
2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Split ALL, ROLE and TYPE into their own actions. Since you can only | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Split ALL, ROLE and TYPE into their own actions. Since you can only |
have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in |
have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in |
the non-SELinux case. This is safe because the actions are in one |
the non-SELinux case. This is safe because the actions are in one |
big switch() statement. |
big switch() statement. |
[0bd9b7e37ab1] <1.8> | [7473fc2cfa2c] |
|
|
* Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie. | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
[8dec97b359e0] <1.8> | Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie. |
| [9be3480c2865] |
|
|
* askpass moved from sudoers to sudo.conf in sudo 1.8.0 | 2011-04-27 Todd C. Miller <Todd.Miller@courtesan.com> |
[1001d87d82ed] <1.8> | |
|
|
* Remove obsolete warning about runas_default and ordering. Move | * doc/UPGRADE, doc/sudoers.pod: |
| askpass moved from sudoers to sudo.conf in sudo 1.8.0 |
| [b2c2956cec4e] |
| |
| * doc/sudoers.pod: |
| Remove obsolete warning about runas_default and ordering. Move |
syslog facility and priority lists into the section where the |
syslog facility and priority lists into the section where the |
relevant options are described. |
relevant options are described. |
[1286b9624021] <1.8> | [e57b8dc3f779] |
|
|
2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix SIA support; we no longer have access to the real argc and argv | * plugins/sudoers/auth/sia.c: |
| Fix SIA support; we no longer have access to the real argc and argv |
so allocate space for a fake one and use the argv passed to the |
so allocate space for a fake one and use the argv passed to the |
plugin with "sudo" for argv[0]. |
plugin with "sudo" for argv[0]. |
[7c11eeffb91c] <1.8> | [1c0552772ad2] |
|
|
* Remove useless realloc when trying to get the buffer size right. | 2011-04-23 Todd C. Miller <Todd.Miller@courtesan.com> |
[58128e7f4e28] <1.8> | |
|
|
* Be explicit when setting euid to 0 before call to setreuid(0, 0) | * src/net_ifs.c: |
[95769a564ab8] <1.8> | Remove useless realloc when trying to get the buffer size right. |
| [792225380a62] |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Be explicit when setting euid to 0 before call to setreuid(0, 0) |
|
[7bfeb629fccb] |
|
|
2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* NEWS: |
|
sudo 1.8.1p1 updates |
|
[de3d688b5bb1] <1.8> |
|
|
|
* configure, configure.in: |
* configure, configure.in: |
Need to do checks for krb5_verify_user, krb5_init_secure_context and |
Need to do checks for krb5_verify_user, krb5_init_secure_context and |
krb5_get_init_creds_opt_alloc regardless of whether or | krb5_get_init_creds_opt_alloc regardless of whether or not |
notkrb5-config is present. | krb5-config is present. |
[456c4a9cd5d6] <1.8> | [9d1b98ece1d3] |
|
|
2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Work around weird AIX saved uid semantics on setuid() and | * plugins/sudoers/set_perms.c: |
| Work around weird AIX saved uid semantics on setuid() and |
setreuid(). On AIX, setuid() will only set the saved uid if the euid |
setreuid(). On AIX, setuid() will only set the saved uid if the euid |
is already 0. |
is already 0. |
[5d0a69e9d181] <1.8> | [069fc08150ca] |
|
|
2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* update copyright year | * sudo.pp: |
[fa8da6d55783] <1.8> | update copyright year |
| [1c42d579ba6e] |
|
|
* Treat a missing includedir like an empty one and do not return an | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Treat a missing includedir like an empty one and do not return an |
error. |
error. |
[5fd9fe004728] <1.8> | [92f71d8cbfd4] |
|
|
2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix ARCH setting in cross-compile Solaris packages. | * pp: |
[8ce40940f6c9] <1.8> | Fix ARCH setting in cross-compile Solaris packages. |
| [b0de281cc889] |
|
|
* Fix aix version setting. | * sudo.pp: |
[02a9e25d46ba] <1.8> | Fix aix version setting. |
| [98437dbfb085] |
|
|
* Remove extraneous parens in LDAP filter when sudoers_search_filter | * plugins/sudoers/ldap.c: |
| Remove extraneous parens in LDAP filter when sudoers_search_filter |
is enabled that causes a search error. From Matthew Thomas. |
is enabled that causes a search error. From Matthew Thomas. |
[b67be9b51ec6] <1.8> | [1d75bf1fc8d9] |
|
|
2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Correct sizeof() to fix test failure. | * plugins/sudoers/regress/iolog_path/check_iolog_path.c: |
[a11b89fd13f9] <1.8> | Correct sizeof() to fix test failure. |
| [fd2f7c0c0572] |
|
|
* "install" target should depend on "install-dirs". Fixes "make -j" | * plugins/sudoers/Makefile.in: |
| "install" target should depend on "install-dirs". Fixes "make -j" |
problem and closes bz #487. From Chris Coleman. |
problem and closes bz #487. From Chris Coleman. |
[06ab0558f848] <1.8> | [083902d38edb] |
|
|
2011-04-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* .hgtags: |
|
Added tag SUDO_1_8_1 for changeset 0ed6281995f0 |
|
[543d41a163e9] <1.8> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat, |
|
doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat, |
|
doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat, |
|
doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in: |
|
Regen man pages for 1.8.1 |
|
[0ed6281995f0] [SUDO_1_8_1] <1.8> |
|
|
|
2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add HAVE_RFC1938_SKEYCHALLENGE | * config.h.in: |
[c0d7eb39799d] <1.8> | Add HAVE_RFC1938_SKEYCHALLENGE |
| [a94cb33758a8] |
|
|
2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Mention plugin loading and libgcc changes | * NEWS: |
[b74929cba37c] <1.8> | Mention plugin loading and libgcc changes |
| [e11b30b5026a] |
|
|
* Load plugins after parsing arguments and potentially printing the | * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: |
version. That way, an error loading or initializing a plugin | Load plugins after parsing arguments and potentially printing the |
doesn't break "sudo -h" or "sudo -V". | version. That way, an error loading or initializing a plugin doesn't |
[c1ecb5979cf0] <1.8> | break "sudo -h" or "sudo -V". |
| [1b76f2b096a2] |
|
|
* Makefile.in: |
* Makefile.in: |
When using a sub-shell to invoke the sub-make, exec make instead of |
When using a sub-shell to invoke the sub-make, exec make instead of |
running it inside the shell to avoid an extra process. |
running it inside the shell to avoid an extra process. |
[9439f016c993] <1.8> | [fd2c04a71fbf] |
|
|
* Stop testing unspecified behavior in fnmatch Make glob test more | * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c: |
| Stop testing unspecified behavior in fnmatch Make glob test more |
portable |
portable |
[87a91d76fbff] <1.8> | [229803093725] |
|
|
* No need to add current dir to include path and having it breaks the | * compat/Makefile.in: |
| No need to add current dir to include path and having it breaks the |
test programs that expect to get the system glob.h and fnmatch.h |
test programs that expect to get the system glob.h and fnmatch.h |
[3ae7f9e7b710] <1.8> | [68085f624be4] |
|
|
* configure, configure.in: | * INSTALL, configure, configure.in: |
Fix and document --with-plugindir; partially from Diego Elio Petteno |
Fix and document --with-plugindir; partially from Diego Elio Petteno |
[0220a0c2606f] <1.8> | [07edc52ea89e] |
|
|
* Fix fnmatch and glob tests to not use hard-coded flag values in the | * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c, |
| compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c, |
| compat/regress/glob/globtest.in: |
| Fix fnmatch and glob tests to not use hard-coded flag values in the |
input file. Link test programs with libreplace so we get our |
input file. Link test programs with libreplace so we get our |
replacement verions as needed. |
replacement verions as needed. |
[66bab80241e0] <1.8> | [c2cca448f660] |
|
|
* Makefile.in: |
* Makefile.in: |
If make in a subdir fails, fail the target in the upper level |
If make in a subdir fails, fail the target in the upper level |
Makefile too. Adapted from a patch from Diego Elio Petteno |
Makefile too. Adapted from a patch from Diego Elio Petteno |
[bc35b7813507] <1.8> | [76fc9a0d96fd] |
|
|
* configure, configure.in: | * configure, configure.in, plugins/sudoers/auth/rfc1938.c: |
Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also |
Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also |
has this. Adapted from a patch from Diego Elio Petteno |
has this. Adapted from a patch from Diego Elio Petteno |
[bb6228f484b9] <1.8> | [a97279a59b93] |
|
|
* Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@ | * plugins/sudoers/Makefile.in: |
| Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@ |
directly. |
directly. |
[47e6d5fadc6d] <1.8> | [47b884029b3b] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Fix warnings when -without-skey, --without-opie, --without-kerb4, |
Fix warnings when -without-skey, --without-opie, --without-kerb4, |
--without-kerb5 or --without-SecurID were specified. |
--without-kerb5 or --without-SecurID were specified. |
[1b75035dd129] <1.8> | [71ad150f4d24] |
|
|
* Add plugins/sudoers/sudoers_version.h | * MANIFEST: |
[1d470c6033ca] <1.8> | Add plugins/sudoers/sudoers_version.h |
| [7423966de440] |
|
|
* configure, configure.in: | * configure, configure.in, plugins/sample/Makefile.in, |
| plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: |
Back out the --with-libpath addition to SUDOERS_LDFLAGS since that |
Back out the --with-libpath addition to SUDOERS_LDFLAGS since that |
now include LDFLAGS in the sudoers Makefile.in. Add missing settng |
now include LDFLAGS in the sudoers Makefile.in. Add missing settng |
of @LDFLAGS@ in plugin Makefile.in files. |
of @LDFLAGS@ in plugin Makefile.in files. |
[dd237f43aa12] <1.8> | [b835826f889c] |
|
|
2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Mention %#gid support in User_List and Runas_List | * NEWS: |
[37e259b9181b] <1.8> | Mention %#gid support in User_List and Runas_List |
| [5a983dff017a] |
|
|
* Keep track of sudoers grammar version and report it in the -V | * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h, |
| plugins/sudoers/visudo.c: |
| Keep track of sudoers grammar version and report it in the -V |
output. |
output. |
[0e0b891dd8a4] <1.8> | [52901a3c0296] |
|
|
* Add multiple inclusion guard | * plugins/sudoers/sudo_nss.h: |
[ec6884f51ea8] <1.8> | Add multiple inclusion guard |
| [50853aed046e] |
|
|
* configure, configure.in: | * configure, configure.in, plugins/sample/Makefile.in, |
| plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: |
The --with-libpath option now adds to SUDOERS_LDFLAGS as well as |
The --with-libpath option now adds to SUDOERS_LDFLAGS as well as |
LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and |
LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and |
set it to -Wc,-static-libgcc if not using GNU ld so we don't | set it to -Wc,-static-libgcc if not using GNU ld so we don't have a |
have a dependency on the shared libgcc in sudoers.so. | dependency on the shared libgcc in sudoers.so. |
[28d03f3eb0d2] <1.8> | [66ad8bc5e32d] |
|
|
* Fix typo; from Petr Uzel | * doc/sudoers.pod: |
[d19b9bd92bd3] <1.8> | Fix typo; from Petr Uzel |
| [f9a7afd80892] |
|
|
2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* In dump-only mode, use "root" as the default username instead of | * plugins/sudoers/testsudoers.c: |
| In dump-only mode, use "root" as the default username instead of |
"nobody" as the latter may not be available on all systems. |
"nobody" as the latter may not be available on all systems. |
[b304111616dd] <1.8> | [0c48e6414337] |
|
|
2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Remove NewArgv/NewArgc, they are no longer needed. | * plugins/sudoers/testsudoers.c: |
[c0a36a42a68c] <1.8> | Remove NewArgv/NewArgc, they are no longer needed. |
| [16e18f734c7e] |
|
|
* Fix setting of user_args | * plugins/sudoers/testsudoers.c: |
[529e79ea95d1] <1.8> | Fix setting of user_args |
| [aa29e0d0a54a] |
|
|
* Add '!' token to lex tracing | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
[aef295d428e7] <1.8> | Add '!' token to lex tracing |
| [5227ad266235] |
|
|
* Use group bin in test, not wheel as most systems have the bin group | * plugins/sudoers/regress/testsudoers/test1.sh: |
| Use group bin in test, not wheel as most systems have the bin group |
but the same is no longer true of wheel. |
but the same is no longer true of wheel. |
[350347f09c1a] <1.8> | [718802b3b45e] |
|
|
* Avoid using pre or post increment in a parameter to a ctype(3) | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Avoid using pre or post increment in a parameter to a ctype(3) |
function as it might be a macro that causes the increment to happen |
function as it might be a macro that causes the increment to happen |
more than once. |
more than once. |
[8a94ebdd53b8] <1.8> | [78e281152c3a] |
|
|
2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Strip off the beta or release candidate version when building AIX | * sudo.pp: |
| Strip off the beta or release candidate version when building AIX |
packages. |
packages. |
[00ad950764e2] <1.8> | [28fe31668559] |
|
|
* configure, configure.in: |
* configure, configure.in: |
We need to include OSDEFS in CFLAGS when doing the utmp/utmpx |
We need to include OSDEFS in CFLAGS when doing the utmp/utmpx |
structure checks for glibc which only has __e_termination visible |
structure checks for glibc which only has __e_termination visible |
when _GNU_SOURCE is *not* defined. |
when _GNU_SOURCE is *not* defined. |
[1d58420a4a4a] <1.8> | [59ae1698911f] |
|
|
* getuserattr(user, ...) will fall back to the "default" entry | * common/aix.c: |
| getuserattr(user, ...) will fall back to the "default" entry |
automatically, there's no need to check "default" manually. |
automatically, there's no need to check "default" manually. |
[cefffa82967d] <1.8> | [3c7a47a61fdb] |
|
|
* Document parser changes. |
|
[5038238f60eb] <1.8> |
|
|
|
2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Makefile.in: | * doc/UPGRADE: |
| Document parser changes. |
| [ec415503308d] |
| |
| * Makefile.in, common/Makefile.in, compat/Makefile.in, |
| doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in, |
| plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in, |
| src/Makefile.in, zlib/Makefile.in: |
If there is an existing sudoers file, only install if it passes a |
If there is an existing sudoers file, only install if it passes a |
syntax check. |
syntax check. |
[b1e4c9c56fe0] <1.8> | [37427c73e8cb] |
|
|
* Add runasgroup support to testsudoers | * plugins/sudoers/regress/sudoers/test6.out.ok, |
[30838590e9de] <1.8> | plugins/sudoers/testsudoers.c: |
| Add runasgroup support to testsudoers |
| [047ea5571f33] |
|
|
* For "make check", keep going even if a test fails. | * plugins/sudoers/Makefile.in: |
[d3a72f67227e] <1.8> | For "make check", keep going even if a test fails. |
| [ce6a0a73c372] |
|
|
* More useful exit codes: | * plugins/sudoers/testsudoers.c: |
| More useful exit codes: |
* 0 - parsed OK and command matched. |
* 0 - parsed OK and command matched. |
* 1 - parse error |
* 1 - parse error |
* 2 - command not matched |
* 2 - command not matched |
* 3 - command denied |
* 3 - command denied |
[59301e0769cd] <1.8> | [1d2ce1361903] |
|
|
* Document %#gid, and %:#nonunix_gid syntax. | * doc/sudoers.pod: |
[39ee15af58e9] <1.8> | Document %#gid, and %:#nonunix_gid syntax. |
| [492d4f9696c4] |
|
|
* Add support to user_in_group() for treating group names that begin | * plugins/sudoers/pwutil.c: |
| Add support to user_in_group() for treating group names that begin |
with a '#' as gids. |
with a '#' as gids. |
[0eb19980cf5f] <1.8> | [20240c94a134] |
|
|
* configure, configure.in: | * config.h.in, configure, configure.in, src/utmp.c: |
Add explicit check for struct utmpx.ut_exit.e_termination and struct |
Add explicit check for struct utmpx.ut_exit.e_termination and struct |
utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update |
utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update |
ut_exit if we detect one or the other. |
ut_exit if we detect one or the other. |
[ab5b665fc04b] <1.8> | [b4e8cab777e6] |
|
|
2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Add back missing #include of config.h | * plugins/sudoers/toke.c: |
[9c82bec81018] <1.8> | Add back missing #include of config.h |
| [9ab3897a1b2e] |
|
|
* Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like | * plugins/sudoers/iolog_path.c, |
| plugins/sudoers/regress/iolog_path/data: |
| Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like |
strftime() does. |
strftime() does. |
[1ae630470f8a] <1.8> | [93395762cdcd] |
|
|
* Quote first argument to AC_DEFUN(); from Elan Ruusamae | * aclocal.m4: |
[c467e9e3b399] <1.8> | Quote first argument to AC_DEFUN(); from Elan Ruusamae |
| [97f53ad31d77] |
|
|
2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* add new sudoers tests | * MANIFEST: |
[05f2a0924acc] <1.8> | add new sudoers tests |
| [476af91b3da3] |
|
|
* Add test for a newline in the middle of a string when no line | * plugins/sudoers/regress/sudoers/test8.in, |
| plugins/sudoers/regress/sudoers/test8.out.ok, |
| plugins/sudoers/regress/sudoers/test8.toke.ok: |
| Add test for a newline in the middle of a string when no line |
continuation character is used. |
continuation character is used. |
[24b79be5822b] <1.8> | [de2394bc86ab] |
|
|
* Use bitwise AND instead of modulus to check for length being odd. A | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Use bitwise AND instead of modulus to check for length being odd. A |
newline in the middle of a string is an error unless a line |
newline in the middle of a string is an error unless a line |
continuation character is used. |
continuation character is used. |
[65c468599688] <1.8> | [bdb1d762a1d5] |
|
|
* Move lexer globals initialization into init_lexer. | * plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
[07a1171a1853] <1.8> | plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Move lexer globals initialization into init_lexer. |
| [1ce62211aadb] |
|
|
* Fix a potential crash when a non-regular file is present in an | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Fix a potential crash when a non-regular file is present in an |
includedir. Fixes bz #452 |
includedir. Fixes bz #452 |
[5057cb9516e4] <1.8> | [1586760c3525] |
|
|
* On some Linux systems, "uname -p" contains detailed processor info | * pp: |
| On some Linux systems, "uname -p" contains detailed processor info |
so check "uname -m" first and then "uname -p" if needed. Recognize |
so check "uname -m" first and then "uname -p" if needed. Recognize |
PLD Linux. |
PLD Linux. |
[56226c84a060] <1.8> | [b8535cb9012e] |
|
|
2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Don't need all sudoers.h here. | * plugins/sudoers/redblack.c: |
[43b6ae5999c5] <1.8> | Don't need all sudoers.h here. |
| [8c0929f42dab] |
|
|
* Print sudo version early, in case policy plugin init fails. | * src/sudo.c: |
[620f2d0ec4b1] <1.8> | Print sudo version early, in case policy plugin init fails. |
| [47cddc4358bc] |
|
|
2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Update to match change in input. | * plugins/sudoers/regress/sudoers/test4.toke.ok: |
[69540f84721d] <1.8> | Update to match change in input. |
| [4a3af8e68790] |
|
|
* Make an empty group or netgroup a syntax error. | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
[4b85bddc494e] <1.8> | Make an empty group or netgroup a syntax error. |
| [66f51ddc2ff6] |
|
|
* An empty group or netgroup should be a syntax error. | * plugins/sudoers/regress/sudoers/test7.in, |
[6ec796972eff] <1.8> | plugins/sudoers/regress/sudoers/test7.out.ok, |
| plugins/sudoers/regress/sudoers/test7.toke.ok: |
| An empty group or netgroup should be a syntax error. |
| [bd5bf1e2edce] |
|
|
* Check that uids work in per-user and per-runas Defaults Check that | * plugins/sudoers/regress/sudoers/test6.in, |
| plugins/sudoers/regress/sudoers/test6.out.ok, |
| plugins/sudoers/regress/sudoers/test6.toke.ok: |
| Check that uids work in per-user and per-runas Defaults Check that |
uids and gids work in a Command_Spec |
uids and gids work in a Command_Spec |
[68cf62353420] <1.8> | [c5e848e6082b] |
|
|
* Test empty string in User_Alias and Command_Spec | * plugins/sudoers/regress/sudoers/test5.in, |
[017d487c31be] <1.8> | plugins/sudoers/regress/sudoers/test5.out.ok, |
| plugins/sudoers/regress/sudoers/test5.toke.ok: |
| Test empty string in User_Alias and Command_Spec |
| [3a084d777e03] |
|
|
* Allow a group ID in the User_Spec. | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
[37e0bf69c8d8] <1.8> | Allow a group ID in the User_Spec. |
| [bc2859eb71dc] |
|
|
* Return an error for the empty string when a word is expected. Allow |
|
an ID for per-user or per-runas Defaults. |
|
[4c9020779582] <1.8> |
|
|
|
2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix printing "User_Alias FOO = ALL" | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
[97c9fd7caeb7] <1.8> | Return an error for the empty string when a word is expected. Allow |
| an ID for per-user or per-runas Defaults. |
| [915c259b00ff] |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Fix printing "User_Alias FOO = ALL" |
|
[ba58c3d548b3] |
|
|
2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Better error message about invalid -C argument | * src/parse_args.c: |
[2301e7a3835b] <1.8> | Better error message about invalid -C argument |
| [c9a8d15bbf5d] |
|
|
* fix typo | * NEWS: |
[c5acde62a309] <1.8> | fix typo |
| [cdcfbafed013] |
|
|
* Fix placement of equal size ('=') in user specification summary. | * doc/sudoers.pod: |
[4d0ffef77ae4] <1.8> | Fix placement of equal size ('=') in user specification summary. |
| [5ad7178b230d] |
|
|
2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* update to match sudoers regress | * MANIFEST: |
[0efb8dc9092a] <1.8> | update to match sudoers regress |
| [e04db0648717] |
|
|
* Restore ability to define TRACELEXER and have trace output go to | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Restore ability to define TRACELEXER and have trace output go to |
stderr. |
stderr. |
[441c8b372217] <1.8> | [d9531e4d1b20] |
|
|
* Restore old behavior of setting sawspace = TRUE for command line | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Restore old behavior of setting sawspace = TRUE for command line |
args when a line continuation character is hit to avoid causing |
args when a line continuation character is hit to avoid causing |
problems for existing sudoers files. |
problems for existing sudoers files. |
[963ded6ce070] <1.8> | [fd930ad25550] |
|
|
* Add test for line continuation and aliases | * plugins/sudoers/regress/sudoers/test4.in, |
[5703d11a3c46] <1.8> | plugins/sudoers/regress/sudoers/test4.out.ok, |
| plugins/sudoers/regress/sudoers/test4.toke.ok: |
| Add test for line continuation and aliases |
| [29ab538ca6bb] |
|
|
* Make test output line up nicely for parse vs. toke | * plugins/sudoers/Makefile.in: |
[15321ce2d7d9] <1.8> | Make test output line up nicely for parse vs. toke |
| [257ef82c1434] |
|
|
* plugins/sudoers/regress/testsudoers/test1.ok, | * plugins/sudoers/Makefile.in, |
| plugins/sudoers/regress/sudoers/test1.in, |
| plugins/sudoers/regress/sudoers/test1.out.ok, |
| plugins/sudoers/regress/sudoers/test1.toke.ok, |
| plugins/sudoers/regress/sudoers/test2.in, |
| plugins/sudoers/regress/sudoers/test2.out.ok, |
| plugins/sudoers/regress/sudoers/test2.toke.ok, |
| plugins/sudoers/regress/sudoers/test3.in, |
| plugins/sudoers/regress/sudoers/test3.out.ok, |
| plugins/sudoers/regress/sudoers/test3.toke.ok, |
| plugins/sudoers/regress/testsudoers/test1.ok, |
| plugins/sudoers/regress/testsudoers/test1.out.ok, |
| plugins/sudoers/regress/testsudoers/test1.sh, |
plugins/sudoers/regress/testsudoers/test2.out, |
plugins/sudoers/regress/testsudoers/test2.out, |
plugins/sudoers/regress/testsudoers/test2.sh, |
plugins/sudoers/regress/testsudoers/test2.sh, |
plugins/sudoers/regress/testsudoers/test3.ok, |
plugins/sudoers/regress/testsudoers/test3.ok, |
Line 1511
|
Line 10636
|
plugins/sudoers/regress/visudo/test1.sh: |
plugins/sudoers/regress/visudo/test1.sh: |
Move parser tests to sudoers directory and test the tokenizer output |
Move parser tests to sudoers directory and test the tokenizer output |
too. |
too. |
[111c1ccda334] <1.8> | [44f529b3cdb6] |
|
|
* If we match a rule anchored to the beginning of a line after parsing | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| If we match a rule anchored to the beginning of a line after parsing |
a line continuation character, return an ERROR token. It would be |
a line continuation character, return an ERROR token. It would be |
nicer to use REJECT instead but that substantially slows down the |
nicer to use REJECT instead but that substantially slows down the |
lexer. |
lexer. |
[67e54b14aa9d] <1.8> | [355478293f8c] |
|
|
* Move LEXTRACE macro to toke.h so we can use it in yyerror(). | * plugins/sudoers/gram.c, plugins/sudoers/gram.y, |
[e6e04037deed] <1.8> | plugins/sudoers/toke.c, plugins/sudoers/toke.h, |
| plugins/sudoers/toke.l: |
| Move LEXTRACE macro to toke.h so we can use it in yyerror(). |
| [72ee7a06d3ca] |
|
|
* Make lex tracing settable at run-time in testsudoers via the -t | 2011-03-20 Todd C. Miller <Todd.Miller@courtesan.com> |
flag. Trace output goes to stderr. Will be used by regress tests | |
to check lexer. | |
[a973f43cc0c2] <1.8> | |
|
|
* Allow whitespace after the modifier in a Defaults entry. E.g. | * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, |
| plugins/sudoers/toke.l: |
| Make lex tracing settable at run-time in testsudoers via the -t |
| flag. Trace output goes to stderr. Will be used by regress tests to |
| check lexer. |
| [93bd53c413c8] |
| |
| * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Allow whitespace after the modifier in a Defaults entry. E.g. |
"Defaults: username set_home" |
"Defaults: username set_home" |
[bf876c9fc5bb] <1.8> | [9dfcf8dd8a3a] |
|
|
2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Don't set CC when cross-compiling. | * mkpkg: |
[d3c33dcb02f2] <1.8> | Don't set CC when cross-compiling. |
| [4b95b0c04e1c] |
|
|
* Credit Matthew Thomas for the sudoers_search_filter changes. | * NEWS: |
[2209b80664af] <1.8> | Credit Matthew Thomas for the sudoers_search_filter changes. |
| [a65998ab09f7] |
|
|
* Add the .sym files to the MANIFEST | * MANIFEST: |
[bb452b28a009] <1.8> | Add the .sym files to the MANIFEST |
| [f599225cc861] |
|
|
* Update for sudo 1.8.1 beta | * NEWS: |
[700d42d80e00] <1.8> | Update for sudo 1.8.1 beta |
| [71021e854c49] |
|
|
* user_shell -> run_shell to avoid confusion with the user's SHELL | * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c: |
| user_shell -> run_shell to avoid confusion with the user's SHELL |
variable. |
variable. |
[451b96d5f97e] <1.8> | [dc0ac6dafc21] |
|
|
* Save the controlling tty process group before suspending in pty | * src/exec_pty.c: |
mode. Previously, we assumed that the child pgrp == child pid | Save the controlling tty process group before suspending in pty |
(which is usually, but not always, the case). | mode. Previously, we assumed that the child pgrp == child pid (which |
[b0841d861191] <1.8> | is usually, but not always, the case). |
| [10b2883b7875] |
|
|
* Add support for sudoers_search_filter setting in ldap.conf. This | * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: |
can be used to restrict the set of records returned by the LDAP | Add support for sudoers_search_filter setting in ldap.conf. This can |
query. | be used to restrict the set of records returned by the LDAP query. |
[70c5f496e2b3] <1.8> | [b0f1b721d102] |
|
|
2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Remove the hack to disable -g in CFLAGS unless --with-devel |
Remove the hack to disable -g in CFLAGS unless --with-devel |
[9459839f50ba] <1.8> | [89822cf84ef4] |
|
|
* The '@' character does not normally need to be quoted. | * doc/sudoers.pod: |
[e66c4c64e514] <1.8> | The '@' character does not normally need to be quoted. |
| [7823f5ed829a] |
|
|
* We normaly transition from GOTDEFS to STARTDEFS on whitespace, but | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| We normaly transition from GOTDEFS to STARTDEFS on whitespace, but |
if that whitespace is followed by a comma, we want to treat it as |
if that whitespace is followed by a comma, we want to treat it as |
part of a list and not transition. |
part of a list and not transition. |
[52ae2df9959d] <1.8> | [1ca6943e1824] |
|
|
* Add check for whitespace when a User_List is used for a per-user | * plugins/sudoers/regress/testsudoers/test3.ok, |
| plugins/sudoers/regress/testsudoers/test3.sh: |
| Add check for whitespace when a User_List is used for a per-user |
Defaults entry. |
Defaults entry. |
[44a4db95be86] <1.8> | [91f75e6dd19a] |
|
|
* Expand quoted name checks to cover recent fixes. | * plugins/sudoers/regress/testsudoers/test2.out, |
[bd494b5c2bed] <1.8> | plugins/sudoers/regress/testsudoers/test2.sh: |
| Expand quoted name checks to cover recent fixes. |
| [ce4f76bca146] |
|
|
* Fix parsing of double-quoted names in Defaults and Aliases which was | * plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
| Fix parsing of double-quoted names in Defaultd and Aliases which was |
broken in 601d97ea8792. |
broken in 601d97ea8792. |
[dfdd58c3eb3b] <1.8> | [424b0d6c1dc4] |
|
|
* toke_util.c lives in $(srcdir) not $(devdir) | * plugins/sudoers/Makefile.in: |
[94f8f024782e] <1.8> | toke_util.c lives in $(srcdir) not $(devdir) |
| [94866bebee83] |
|
|
2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* configure, configure.in: |
* configure, configure.in: |
Update version to 1.8.1 | Change trunk version to 1.8.x to distinguish from real 1.8.0. |
[531a7d520f18] <1.8> | [a9781e61d064] |
|
|
* Document major changes in 1.8.1 and add upgrade notes. | * NEWS, doc/UPGRADE: |
[116821646140] <1.8> | Document major changes in 1.8.1 and add upgrade notes. |
| [f2cf51b0d9ce] |
|
|
* Be careful not to deref user_stat if it is NULL. This cannot | * plugins/sudoers/match.c: |
| Be careful not to deref user_stat if it is NULL. This cannot |
currently happen in sudo but might in other programs using the |
currently happen in sudo but might in other programs using the |
parser. |
parser. |
[d72a9c7151c4] <1.8> | [06a2334dd674] |
|
|
* configure will not add -O2 to CFLAGS if it is already defined to add | * mkpkg: |
| configure will not add -O2 to CFLAGS if it is already defined to add |
-O2 to the CFLAGS we pass in when PIE is being used. |
-O2 to the CFLAGS we pass in when PIE is being used. |
[2c7fe82be93d] <1.8> | [1ce6481ece59] |
|
|
* Warn about the dangers of log_input and mention iolog_file and | * doc/sudoers.pod: |
| Warn about the dangers of log_input and mention iolog_file and |
iolog_dir in the log_input and log_output descriptions. |
iolog_dir in the log_input and log_output descriptions. |
[edc6aa59aa45] <1.8> | [ae854ffb0768] |
|
|
* sync with git version | * pp: |
[b121cf739c77] <1.8> | sync with git version |
| [a993e39ce3cb] |
|
|
* It seems that h comes after i | * doc/sudoers.pod: |
[99ad15015f05] <1.8> | It seems that h comes after i |
| [0f621109220d] |
|
|
* Move log_input and log_output to their proper, sorted, location. | * doc/sudoers.pod: |
| Move log_input and log_output to their proper, sorted, location. |
Document set_utmp and utmp_runas. |
Document set_utmp and utmp_runas. |
[216ce8b0ae1a] <1.8> | [273b234b9c34] |
|
|
* Save the controlling tty process group before suspending so we can | * src/exec.c: |
| Save the controlling tty process group before suspending so we can |
restore it when we resume. Fixes job control problems on Linux |
restore it when we resume. Fixes job control problems on Linux |
caused by the previous attemp to fix resuming a shell when I/O |
caused by the previous attemp to fix resuming a shell when I/O |
logging not enabled. |
logging not enabled. |
[dfe038f733be] <1.8> | [f03a660315ee] |
|
|
* Fix printing of the remainder after a newline. Fixes "sudo -l" | * common/lbuf.c: |
| Fix printing of the remainder after a newline. Fixes "sudo -l" |
output corruption that could occur in some cases. |
output corruption that could occur in some cases. |
[ab2f0a629e0d] <1.8> | [25d83fb501fc] |
|
|
* Add support for ut_exit | 2011-03-15 Todd C. Miller <Todd.Miller@courtesan.com> |
[7039ec6a73fa] <1.8> | |
|
|
* Add support for controlling whether utmp is updated and which user | * config.h.in, configure, configure.in, src/exec_pty.c, |
| src/sudo_exec.h, src/utmp.c: |
| Add support for ut_exit |
| [b574c13f1bba] |
| |
| * doc/sudo_plugin.pod, plugins/sudoers/def_data.c, |
| plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, |
| plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c, |
| src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c: |
| Add support for controlling whether utmp is updated and which user |
is listed in the entry. |
is listed in the entry. |
[1b008ce71eab] <1.8> | [44a81632133f] |
|
|
* Fix typo; tupple vs. tuple | * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h, |
[67bb5c67ae3d] <1.8> | plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults, |
| plugins/sudoers/parse.c: |
| Fix typo; tupple vs. tuple |
| [697744acb710] |
|
|
* For legacy utmp, strip the /dev/ prefix before trying to determine | * src/utmp.c: |
| For legacy utmp, strip the /dev/ prefix before trying to determine |
slot since the ttys file does not include the /dev/ prefix. |
slot since the ttys file does not include the /dev/ prefix. |
[8f597114381d] <1.8> | [7ad5b81ff90c] |
|
|
* Add check for _PATH_UTMP | * aclocal.m4, configure, configure.in, pathnames.h.in: |
[fe7e2456f017] <1.8> | Add check for _PATH_UTMP |
| [21e638029bfd] |
|
|
* Adapt check_iolog_path to sessid changes | 2011-03-14 Todd C. Miller <Todd.Miller@courtesan.com> |
[3016201869b6] <1.8> | |
|
|
* Redo utmp handling. If no getutent()/getutxent() is available, | * plugins/sudoers/regress/iolog_path/check_iolog_path.c: |
| Adapt check_iolog_path to sessid changes |
| [728b5fe2be6f] |
| |
| * config.h.in, configure, configure.in, src/Makefile.in, |
| src/exec_pty.c, src/sudo_exec.h, src/utmp.c: |
| Redo utmp handling. If no getutent()/getutxent() is available, |
assume a ttyslot-based utmp. If getttyent() is available, use that |
assume a ttyslot-based utmp. If getttyent() is available, use that |
directly instead of ttyslot() so we don't have to do the stdin dup2 |
directly instead of ttyslot() so we don't have to do the stdin dup2 |
dance. |
dance. |
[817490c7c20e] <1.8> | [18aa455cd140] |
|
|
* Move utmp handling into utmp.c | 2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com> |
[e4729d9259e9] <1.8> | |
|
|
* Update copyright years. | * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h, |
[1065afc00233] <1.8> | src/utmp.c: |
| Move utmp handling into utmp.c |
| [f6eae6c8e012] |
|
|
2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com> | * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c, |
| common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c, |
| compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c, |
| compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c, |
| compat/utimes.c, doc/sudo.pod, doc/visudo.pod, |
| include/sudo_plugin.h, plugins/sample/sample_plugin.c, |
| plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c, |
| plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c, |
| plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c, |
| plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c, |
| plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c, |
| plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c, |
| plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c, |
| plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c, |
| plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c, |
| plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c, |
| plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c, |
| plugins/sudoers/logging.c, plugins/sudoers/parse.c, |
| plugins/sudoers/parse.h, plugins/sudoers/redblack.c, |
| plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c, |
| plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c, |
| src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c, |
| src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c, |
| src/sudo_plugin_int.h, src/tgetpass.c: |
| Update copyright years. |
| [16aa39f9060a] |
|
|
* Add "user_shell" boolean as a way to indicate to the plugin that the | * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoers.h, src/parse_args.c: |
| Add "user_shell" boolean as a way to indicate to the plugin that the |
-s flag was given. |
-s flag was given. |
[6e8bc49b7ea7] <1.8> | [fb1ef0897b32] |
|
|
* Move sessid out of sudo_user. | * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, |
[00d67d5ba894] <1.8> | plugins/sudoers/sudoers.h: |
| Move sessid out of sudo_user. |
| [ba298ddb57f4] |
|
|
* Log the TSID even if it is not a simple session ID. | * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, |
[490cf0adae29] <1.8> | plugins/sudoers/logging.c, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoers.h: |
| Log the TSID even if it is not a simple session ID. |
| [d7cc1b9c513c] |
|
|
* Document noexec in sample.sudo.conf and add back noexec_file section | * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod: |
| Document noexec in sample.sudo.conf and add back noexec_file section |
in sudoers with a note that it is deprecated. |
in sudoers with a note that it is deprecated. |
[c7a2d8d0c563] <1.8> | [4a6e961e494d] |
|
|
* Fix running commands as non-root on systems where setreuid() changes | * plugins/sudoers/set_perms.c: |
| Fix running commands as non-root on systems where setreuid() changes |
the saved uid based on the effective uid we are changing to. |
the saved uid based on the effective uid we are changing to. |
[f3b27db56ba6] <1.8> | [df0769b71b34] |
|
|
2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Move noexec path into sudo.conf now that sudo itself handles noexec. | * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c, |
| src/sudo.h: |
| Move noexec path into sudo.conf now that sudo itself handles noexec. |
Currently can be configured in sudoers too but is now undocumented |
Currently can be configured in sudoers too but is now undocumented |
and will be removed in a future release. |
and will be removed in a future release. |
[9c5f64709994] <1.8> | [6fa8befdc110] |
|
|
* Document "Path noexec ..." in sudo.conf. No longer document | * doc/sudo.pod, doc/sudoers.pod: |
| Document "Path noexec ..." in sudo.conf. No longer document |
noexec_file in sudoers, it will be removed in a future release. |
noexec_file in sudoers, it will be removed in a future release. |
[959fa6b5217b] <1.8> | [24eee3a0b3e5] |
|
|
* Move noexec handling to sudo front-end where it is documented as | * plugins/sudoers/env.c, plugins/sudoers/sudoers.c, |
| plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h: |
| Move noexec handling to sudo front-end where it is documented as |
being. |
being. |
[ef6cd4a40c61] <1.8> | [3ed4f10d7052] |
|
|
* Add support for disabling exec via solaris privileges. Includes | * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c, |
| src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c, |
| src/sudo_exec.h: |
| Add support for disabling exec via solaris privileges. Includes |
preparation for moving noexec support out of sudoers and into front |
preparation for moving noexec support out of sudoers and into front |
end as documented. |
end as documented. |
[d9c05ba9a24f] <1.8> | [dec843ed553e] |
|
|
* Only export the symbols corresponding to the plugin structs. | * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym, |
[cb07af1d9b39] <1.8> | plugins/sample_group/Makefile.in, |
| plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in, |
| plugins/sudoers/sudoers.sym: |
| Only export the symbols corresponding to the plugin structs. |
| [8d8d03b0ca54] |
|
|
* Install plugins manually instead of using libtool. This works | * configure, configure.in, plugins/sample/Makefile.in, |
around a problem on AIX where libtool will install a .a file | plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: |
containing the .so file instead of the .so file itself. | Install plugins manually instead of using libtool. This works around |
[1ccf5af58c05] <1.8> | a problem on AIX where libtool will install a .a file containing the |
| .so file instead of the .so file itself. |
| [796971cfbddb] |
|
|
* Makefile.in: |
* Makefile.in: |
Move check into its own rule since some versions of make will run |
Move check into its own rule since some versions of make will run |
both targets as the default rule. |
both targets as the default rule. |
[7159f37eb552] <1.8> | [34d759979176] |
|
|
* Update to libtool 2.2.10 | * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, |
[9e49773b32b7] <1.8> | m4/ltversion.m4, m4/lt~obsolete.m4: |
| Update to libtool 2.2.10 |
| [34c130de6af7] |
|
|
* In handle_signals(), restart the read() on EINTR to make sure we | 2011-03-09 Todd C. Miller <Todd.Miller@courtesan.com> |
| |
| * src/exec.c: |
| In handle_signals(), restart the read() on EINTR to make sure we |
keep up with the signal pipe. Don't return -1 on EAGAIN, it just |
keep up with the signal pipe. Don't return -1 on EAGAIN, it just |
means we have emptied the pipe. |
means we have emptied the pipe. |
[dc2926097b2d] <1.8> | [d5b9c8eb9000] |
|
|
* Reorder functions to quiet a compiler warning. | * compat/mktemp.c: |
[5201367e5db4] <1.8> | Reorder functions to quiet a compiler warning. |
| [c9e9a23729f0] |
|
|
* Use the Sun Studio C compiler on Solaris if possible | * mkpkg: |
[b8d43b423fb9] <1.8> | Use the Sun Studio C compiler on Solaris if possible |
| [11a86e27891e] |
|
|
2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix default setting of osversion variable. | * mkpkg: |
[e12905851be5] <1.8> | Fix default setting of osversion variable. |
| [52e49ca1cedd] |
|
|
* Make two login_class entris consistent. | * doc/sudo_plugin.pod: |
[0671d7b204be] <1.8> | Make two login_class entris consistent. |
| [18ff1fa94a91] |
|
|
* Add support for adding a utmp entry when allocating a new pty. | * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c, |
| src/sudo_exec.h: |
| Add support for adding a utmp entry when allocating a new pty. |
Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent(). |
Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent(). |
Currently only creates a new entry if the existing tty has a utmp |
Currently only creates a new entry if the existing tty has a utmp |
entry. |
entry. |
[40ff30099e79] <1.8> | [32db72b81d80] |
|
|
* Avoid pulling in headers we don't need on Linux For getutx?id(), | * plugins/sudoers/boottime.c: |
| Avoid pulling in headers we don't need on Linux For getutx?id(), |
call setutx?ent() first and always call endutx?ent(). |
call setutx?ent() first and always call endutx?ent(). |
[b86f7a13aae9] <1.8> | [5dad21e1ee1b] |
|
|
* Add some more libs to SUDOERS_LIBS instead of relying on them to be | * configure, configure.in: |
| Add some more libs to SUDOERS_LIBS instead of relying on them to be |
pulled in by SUDO_LIBS. |
pulled in by SUDO_LIBS. |
[bcbd16ec56c6] <1.8> | [18a7c21c09a7] |
|
|
* Fix return value of "sudo -l command" when command is not allowed, | * plugins/sudoers/sudoers.c: |
broken in [c7097ea22111]. The default return value is now TRUE and | Fix return value of "sudo -l command" when command is not allowed, |
a bad: label is used when permission is denied. Also fixed missing | broken in [c7097ea22111]. The default return value is now TRUE and a |
| bad: label is used when permission is denied. Also fixed missing |
permissions restoration on certain errors. On error()/errorx(), the |
permissions restoration on certain errors. On error()/errorx(), the |
password and group files are now closed before returning. |
password and group files are now closed before returning. |
[757c941a47b2] <1.8> | [4f2d0e869ae5] |
|
|
2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix passing of login class back to sudo front end. | * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c: |
[5e649de6b7f5] <1.8> | Fix passing of login class back to sudo front end. |
| [6f70a784ce48] |
|
|
* Add --osversion flag to specify OS instead of running "pp | * mkpkg: |
| Add --osversion flag to specify OS instead of running "pp |
--probeonly" |
--probeonly" |
[8a03943ac5e8] <1.8> | [a8efdccb7bc1] |
|
|
* Fix expr usage w/ GNU expr | * sudo.pp: |
[bdecfa1f54fc] <1.8> | Fix expr usage w/ GNU expr |
| [48895599ee63] |
|
|
2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix exit value for validate and list mode. | * plugins/sudoers/sudoers.c: |
[6f8b20199935] <1.8> | Fix exit value for validate and list mode. |
| [c7097ea22111] |
|
|
* Fix non-interactive mode with sudoers plugin. | * plugins/sudoers/sudoers.c: |
[cf5aca4fcbcf] <1.8> | Fix non-interactive mode with sudoers plugin. |
| [172f29597bd2] |
|
|
2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* sudoreplay can now find IDs other than %{seq} and display the | * doc/sudoreplay.pod: |
| sudoreplay can now find IDs other than %{seq} and display the |
session. |
session. |
[60396b417633] <1.8> | [fc3dd3be67e9] |
|
|
* Add support for replaying sessions when iolog_file is set to |
|
something other than %{seq}. |
|
[1cd2baa74d56] <1.8> |
|
|
|
2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* If we are killed by a signal, display the name of the signal that | * plugins/sudoers/sudoreplay.c: |
| Add support for replaying sessions when iolog_file is set to |
| something other than %{seq}. |
| [ca3131243874] |
| |
| * plugins/sudoers/visudo.c: |
| If we are killed by a signal, display the name of the signal that |
got us. |
got us. |
[1b38c4d42282] <1.8> | [994bb76a990e] |
|
|
* Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS | * configure, configure.in: |
| Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS |
where they belong. |
where they belong. |
[78e97a921104] <1.8> | [40f94b936fa4] |
|
|
* Fix bug in skey/opie check that could cause a shell warning. | * configure.in: |
[f20229a04f30] <1.8> | Fix bug in skey/opie check that could cause a shell warning. |
| [83c043072be5] |
|
|
* No longer need sudo_getepw() stubs. | * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: |
[795631ac7db0] <1.8> | No longer need sudo_getepw() stubs. |
| [bbee15c36912] |
|
|
2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Fix exit value of "sudo -l command" in sudoers module. | * plugins/sudoers/sudo_nss.c: |
[4a05d6019b3d] <1.8> | Fix exit value of "sudo -l command" in sudoers module. |
| [a6541867521b] |
|
|
2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Use fgets() not fgetln() for portability. | * compat/regress/glob/globtest.c: |
[1f2050745096] <1.8> | Use fgets() not fgetln() for portability. |
| [df1bb67fb168] |
|
|
* Don't use the beta or release candidate version as the rpm release. | * sudo.pp: |
[a5b049477646] <1.8> | Don't use the beta or release candidate version as the rpm release. |
| [d661ef78021a] |
|
|
2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Makefile.in: |
|
Adjust ChangeLog rule now that 1.8 is branched |
|
[a994ac361e44] <1.8> |
|
|
|
* .hgtags: |
|
Added tag SUDO_1_8_0 for changeset f6530d56f6ae |
|
[99a2b3801419] <1.8> |
|
|
|
2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.in: |
* configure, configure.in: |
version 1.8.0 |
version 1.8.0 |
[f6530d56f6ae] [SUDO_1_8_0] |
[f6530d56f6ae] [SUDO_1_8_0] |
Line 2238
|
Line 11480
|
|
|
* plugins/sudoers/ldap.c: |
* plugins/sudoers/ldap.c: |
Stash pointer to user group vector in LDAP handle and only reuse the |
Stash pointer to user group vector in LDAP handle and only reuse the |
query if it has not changed. We always allocate a new buffer when | query if it has not changed. We always allocate a new buffer when we |
we reset the group vector so a simple pointer check is sufficient. | reset the group vector so a simple pointer check is sufficient. |
[88861d4eba69] |
[88861d4eba69] |
|
|
* plugins/sudoers/sudo_nss.c: |
* plugins/sudoers/sudo_nss.c: |
Line 2559
|
Line 11801
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
Allow sudoers to specify the iolog file in addition to the iolog |
Allow sudoers to specify the iolog file in addition to the iolog |
dir. Add escape sequence support to iolog file and dir: sequence |
dir. Add escape sequence support to iolog file and dir: sequence |
number, user, group, runas_user, runas_group, hostname and | number, user, group, runas_user, runas_group, hostname and command |
command in addition to any escape sequence recognized by | in addition to any escape sequence recognized by strftime(3). |
strftime(3). | |
[75cd32ee0435] |
[75cd32ee0435] |
|
|
* plugins/sudoers/iolog.c: |
* plugins/sudoers/iolog.c: |
Line 2578
|
Line 11819
|
[d29784fd2a66] |
[d29784fd2a66] |
|
|
* common/term.c: |
* common/term.c: |
Clear OPOST from c_oflag like we used to. Fixes screen-based | Clear OPOST from c_oflag like we used to. Fixes screen-based editors |
editors such as vi. | such as vi. |
[506ad5ae9b4e] |
[506ad5ae9b4e] |
|
|
* doc/sudoers.pod: |
* doc/sudoers.pod: |
Line 3315
|
Line 12556
|
* plugins/sudoers/match.c: |
* plugins/sudoers/match.c: |
When matching the runas user and runas group (-u and -g command line |
When matching the runas user and runas group (-u and -g command line |
options), keep track of runas group and runas user matches |
options), keep track of runas group and runas user matches |
separately. Only return a positive match if we have a match for | separately. Only return a positive match if we have a match for both |
both runas user and runas group (if specified). | runas user and runas group (if specified). |
[815219e04cc8] |
[815219e04cc8] |
|
|
2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com> |
2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 3541
|
Line 12782
|
* plugins/sudoers/check.c, plugins/sudoers/ldap.c, |
* plugins/sudoers/check.c, plugins/sudoers/ldap.c, |
plugins/sudoers/match.c, plugins/sudoers/pwutil.c, |
plugins/sudoers/match.c, plugins/sudoers/pwutil.c, |
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
Reference count cached passwd and group structs. The cache holds | Reference count cached passwd and group structs. The cache holds one |
one reference itself and another is added by sudo_getgr{gid,nam} and | reference itself and another is added by sudo_getgr{gid,nam} and |
sudo_getpw{uid,nam}. The final ref on the runas and user passwd and |
sudo_getpw{uid,nam}. The final ref on the runas and user passwd and |
group structs are persistent for now. |
group structs are persistent for now. |
[e544685523c3] |
[e544685523c3] |
Line 3675
|
Line 12916
|
|
|
* plugins/sudoers/sudoreplay.c: |
* plugins/sudoers/sudoreplay.c: |
Add setlocale() so the command line arguments that use floating |
Add setlocale() so the command line arguments that use floating |
point work in different locales. Since sudo now logs the timing | point work in different locales. Since sudo now logs the timing data |
data in the C locale we must Parse the seconds in the timing file | in the C locale we must Parse the seconds in the timing file |
manually instead of using strtod(). Furthermore, sudo 1.7.3 logged |
manually instead of using strtod(). Furthermore, sudo 1.7.3 logged |
the number of seconds with the user's locale so if the decimal point |
the number of seconds with the user's locale so if the decimal point |
is not '.' try using the locale-specific version. |
is not '.' try using the locale-specific version. |
Line 3855
|
Line 13096
|
|
|
* common/aix.c: |
* common/aix.c: |
setauthdb() only sets the "old" registry if it was set by a previous |
setauthdb() only sets the "old" registry if it was set by a previous |
call to setauthdb(). To restore the original value, passing NULL | call to setauthdb(). To restore the original value, passing NULL (or |
(or an empty string) to setauthdb() is sufficient. | an empty string) to setauthdb() is sufficient. |
[470da190a254] |
[470da190a254] |
|
|
2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com> |
2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 3966
|
Line 13207
|
Use tab indents to reduce the chance of problem with <<- Fix the |
Use tab indents to reduce the chance of problem with <<- Fix the |
debian %set section, pp does not set pp_deb_distro Uncomment %sudo |
debian %set section, pp does not set pp_deb_distro Uncomment %sudo |
line in sudoers for debian Uncomment some env_keep lines for RHEL, |
line in sudoers for debian Uncomment some env_keep lines for RHEL, |
SLES and debian to more closely match the vendor sudoers files. | SLES and debian to more closely match the vendor sudoers files. Add |
Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on | /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on |
debian for ldap flavor |
debian for ldap flavor |
[c5b49feb1a0c] |
[c5b49feb1a0c] |
|
|
Line 4605
|
Line 13846
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
A comment character may not be part of a command line argument |
A comment character may not be part of a command line argument |
unless it is quoted with a backslash. Fixes parsing of: | unless it is quoted with a backslash. Fixes parsing of: testuser |
testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441 | ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441 |
[ea2e990f85ed] |
[ea2e990f85ed] |
|
|
* doc/sudoers.pod: |
* doc/sudoers.pod: |
Line 4727
|
Line 13968
|
include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c, |
include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c, |
src/conversation.c, src/sudo.h, src/tgetpass.c: |
src/conversation.c, src/sudo.h, src/tgetpass.c: |
Add SUDO_CONV_PROMPT_MASK define which corresponds to the |
Add SUDO_CONV_PROMPT_MASK define which corresponds to the |
"pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is | "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is set. |
set. | |
[e0550590cabe] |
[e0550590cabe] |
|
|
* src/exec_pty.c: |
* src/exec_pty.c: |
Line 4780
|
Line 14020
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
If a file in a #includedir has improper permissions or owner just |
If a file in a #includedir has improper permissions or owner just |
skip it. This prevents packages that incorrectly install a file | skip it. This prevents packages that incorrectly install a file into |
into /etc/sudoers.d from breaking sudo so easily. Syntax errors in | /etc/sudoers.d from breaking sudo so easily. Syntax errors in |
#includedir files still result in a parse error (for now). |
#includedir files still result in a parse error (for now). |
[ade99a4549a4] |
[ade99a4549a4] |
|
|
Line 5279
|
Line 14519
|
[31b69a6ecda7] |
[31b69a6ecda7] |
|
|
* src/script.c, src/sudo.h: |
* src/script.c, src/sudo.h: |
Cosmetic changes: add comments, remove orphaned prototype and | Cosmetic changes: add comments, remove orphaned prototype and make a |
make a global static. | global static. |
[f7851af0143e] |
[f7851af0143e] |
|
|
2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com> |
2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 5354
|
Line 14594
|
* plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h, |
* plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h, |
src/sudo_edit.c: |
src/sudo_edit.c: |
If plugin sets "sudoedit=true" in the command info, enable sudoedit |
If plugin sets "sudoedit=true" in the command info, enable sudoedit |
mode even if not invoked as sudoedit. This allows a plugin to | mode even if not invoked as sudoedit. This allows a plugin to enable |
enable sudoedit when the user runs an editor. | sudoedit when the user runs an editor. |
[96d67b99e42e] |
[96d67b99e42e] |
|
|
2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com> |
2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 5407
|
Line 14647
|
[4cbf5196d993] |
[4cbf5196d993] |
|
|
* plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c: |
* plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c: |
Change how we handle the sudoedit argv. We now require that there | Change how we handle the sudoedit argv. We now require that there be |
be a "--" in argv to separate the editor and any command line | a "--" in argv to separate the editor and any command line arguments |
arguments from the files to be edited. | from the files to be edited. |
[20623d549a3c] |
[20623d549a3c] |
|
|
* include/sudo_plugin.h, plugins/sample/sample_plugin.c, |
* include/sudo_plugin.h, plugins/sample/sample_plugin.c, |
Line 5501
|
Line 14741
|
[dd5464257c69] |
[dd5464257c69] |
|
|
* src/script.c: |
* src/script.c: |
Fix SIGPIPE handling. Now that we use may use pipes for | Fix SIGPIPE handling. Now that we use may use pipes for stdin/stdout |
stdin/stdout we need to pass any SIGPIPE we receive to the running | we need to pass any SIGPIPE we receive to the running command. |
command. | |
[3f6b1991f4fd] |
[3f6b1991f4fd] |
|
|
* src/script.c: |
* src/script.c: |
Line 5716
|
Line 14955
|
* src/script.c: |
* src/script.c: |
Defer call to alarm() until after we fork the child. Pass correct |
Defer call to alarm() until after we fork the child. Pass correct |
pid to terminate_child() If the command exits due to signal, set |
pid to terminate_child() If the command exits due to signal, set |
alive to false like we do when it exits normally. Add missing | alive to false like we do when it exits normally. Add missing check |
check for errpipe[0] != -1 before using it in FD_ISSET | for errpipe[0] != -1 before using it in FD_ISSET |
[22f0a1549391] |
[22f0a1549391] |
|
|
2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com> |
2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 6582
|
Line 15821
|
[04a233b6c491] |
[04a233b6c491] |
|
|
* include/compat.h: |
* include/compat.h: |
Add definition of WCOREDUMP for systems without it. This is known | Add definition of WCOREDUMP for systems without it. This is known to |
to work on AIX and SunOS 4, but may be incorrect on other systems | work on AIX and SunOS 4, but may be incorrect on other systems that |
that lack WCOREDUMP. | lack WCOREDUMP. |
[c85b3ce6b77d] |
[c85b3ce6b77d] |
|
|
2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com> |
2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 7191
|
Line 16430
|
|
|
* match.c: |
* match.c: |
cmnd_matches() already deals with negation so _cmndlist_matches() |
cmnd_matches() already deals with negation so _cmndlist_matches() |
does not need to do so itself. Fixes a bug with negated entries in | does not need to do so itself. Fixes a bug with negated entries in a |
a Cmnd_List. | Cmnd_List. |
[71c845f6ce73] |
[71c845f6ce73] |
|
|
2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com> |
2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 7236
|
Line 16475
|
allows the parent to distinguish between signals it has been sent |
allows the parent to distinguish between signals it has been sent |
directly and signals the command has received. It also means the |
directly and signals the command has received. It also means the |
parent can once again print the signal notifications to the tty so |
parent can once again print the signal notifications to the tty so |
all writes to the pty master occur in the parent. The command is | all writes to the pty master occur in the parent. The command is now |
now always started in background mode with tty signals handled by | always started in background mode with tty signals handled by the |
the parent. | parent. |
[c6790b82986d] |
[c6790b82986d] |
|
|
2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com> |
2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 7498
|
Line 16737
|
[85f590a03275] |
[85f590a03275] |
|
|
* script.c: |
* script.c: |
Don't set stdout to blocking mode when flushing remaining output. | Don't set stdout to blocking mode when flushing remaining output. It |
It can cause us to hang when trying to exit. Need to investigate | can cause us to hang when trying to exit. Need to investigate why. |
why. | |
[6f803a3e33ca] |
[6f803a3e33ca] |
|
|
* script.c: |
* script.c: |
Line 8025
|
Line 17263
|
configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h, |
configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h, |
gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c, |
gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c, |
tgetpass.c: |
tgetpass.c: |
First cut at session logging for sudo. Still need to write | First cut at session logging for sudo. Still need to write get_pty() |
get_pty() for Unix 98 and old-style BSD ptys. Also needs | for Unix 98 and old-style BSD ptys. Also needs documentation and |
documentation and general cleanup. | general cleanup. |
[77e3f5e25738] |
[77e3f5e25738] |
|
|
2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com> |
2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 8543
|
Line 17781
|
[2bcbbb45d389] |
[2bcbbb45d389] |
|
|
* auth/pam.c: |
* auth/pam.c: |
Make sure def_prompt is always defined. This is a workaround for | Make sure def_prompt is always defined. This is a workaround for pam |
pam configs that prompt for a password in the session but don't have | configs that prompt for a password in the session but don't have an |
an auth line. A better fix is to expand the sudo prompt earlier and | auth line. A better fix is to expand the sudo prompt earlier and set |
set def_prompt to that when initializing. | def_prompt to that when initializing. |
[ee073c04aec3] |
[ee073c04aec3] |
|
|
* sudo.pod: |
* sudo.pod: |
Line 9697
|
Line 18935
|
|
|
* INSTALL, configure, configure.in: |
* INSTALL, configure, configure.in: |
Disable use of gss_krb5_ccache_name() by default and add |
Disable use of gss_krb5_ccache_name() by default and add |
--enable-gss-krb5-ccache-name configure option to enable it. It | --enable-gss-krb5-ccache-name configure option to enable it. It seems |
seems that gss_krb5_ccache_name() doesn't work properly with some | that gss_krb5_ccache_name() doesn't work properly with some |
combinations of Heimdal and OpenLDAP. |
combinations of Heimdal and OpenLDAP. |
[f61ebd3b19bd] |
[f61ebd3b19bd] |
|
|
Line 9768
|
Line 19006
|
|
|
* Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod: |
* Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod: |
Remove the =cut on the first line (above the copyright notice) to |
Remove the =cut on the first line (above the copyright notice) to |
quiet pod2man. Also remove the hackery in the FILES section and | quiet pod2man. Also remove the hackery in the FILES section and just |
just deal with the fact that there will a newline between each | deal with the fact that there will a newline between each pathname. |
pathname. | |
[2ac1ab191835] |
[2ac1ab191835] |
|
|
2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 9834
|
Line 19071
|
* sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in, |
* sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in, |
sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod, |
sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod, |
testsudoers.c, toke.c, toke.l: |
testsudoers.c, toke.c, toke.l: |
Add support for SELinux RBAC. Sudoers entries may specify a role | Add support for SELinux RBAC. Sudoers entries may specify a role and |
and type. There are also role and type defaults that may be used. | type. There are also role and type defaults that may be used. To |
To make sure a transition occurs, when using RBAC commands are | make sure a transition occurs, when using RBAC commands are executed |
executed via the new sesh binary. Based on initial changes from Dan | via the new sesh binary. Based on initial changes from Dan Walsh. |
Walsh. | |
[1d4abfe2c004] |
[1d4abfe2c004] |
|
|
* sesh.c: |
* sesh.c: |
Add support for SELinux RBAC. Sudoers entries may specify a role | Add support for SELinux RBAC. Sudoers entries may specify a role and |
and type. There are also role and type defaults that may be used. | type. There are also role and type defaults that may be used. To |
To make sure a transition occurs, when using RBAC commands are | make sure a transition occurs, when using RBAC commands are executed |
executed via the new sesh binary. Based on initial changes from Dan | via the new sesh binary. Based on initial changes from Dan Walsh. |
Walsh. | |
[1e3b395ce049] |
[1e3b395ce049] |
|
|
* Makefile.in, config.h.in, configure.in, def_data.c, def_data.h, |
* Makefile.in, config.h.in, configure.in, def_data.c, def_data.h, |
def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h, |
def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h, |
pathnames.h.in, selinux.c: |
pathnames.h.in, selinux.c: |
Add support for SELinux RBAC. Sudoers entries may specify a role | Add support for SELinux RBAC. Sudoers entries may specify a role and |
and type. There are also role and type defaults that may be used. | type. There are also role and type defaults that may be used. To |
To make sure a transition occurs, when using RBAC commands are | make sure a transition occurs, when using RBAC commands are executed |
executed via the new sesh binary. Based on initial changes from Dan | via the new sesh binary. Based on initial changes from Dan Walsh. |
Walsh. | |
[6b421948286e] |
[6b421948286e] |
|
|
2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com> |
2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 9887
|
Line 19121
|
* sudo.c: |
* sudo.c: |
Unlimit nproc on Linux systems where calling the setuid() family of |
Unlimit nproc on Linux systems where calling the setuid() family of |
syscalls causes the nroc resource limit to be checked. The limits |
syscalls causes the nroc resource limit to be checked. The limits |
will be reset by pam_limits.so when PAM is used. In the non-PAM | will be reset by pam_limits.so when PAM is used. In the non-PAM case |
case the nproc limit will remain unlimited but there doesn't seem to | the nproc limit will remain unlimited but there doesn't seem to be a |
be a way around that other than having sudo parse | way around that other than having sudo parse |
/etc/security/limits.conf directly. |
/etc/security/limits.conf directly. |
[df024b415a8d] |
[df024b415a8d] |
|
|
Line 9985
|
Line 19219
|
|
|
* pwutil.c: |
* pwutil.c: |
When copying gr_mem we must guarantee that the storage space for |
When copying gr_mem we must guarantee that the storage space for |
gr_mem is properly aligned. The simplest way to do this is to | gr_mem is properly aligned. The simplest way to do this is to simply |
simply store gr_mem directly after struct group. This is not a | store gr_mem directly after struct group. This is not a problem for |
problem for gr_passwd or gr_name as they are simple strings. | gr_passwd or gr_name as they are simple strings. |
[af58fc76f1ed] |
[af58fc76f1ed] |
|
|
* ldap.c: |
* ldap.c: |
Line 10335
|
Line 19569
|
2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com> |
2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* env.c, pathnames.h.in, sudo.c, sudo.h: |
* env.c, pathnames.h.in, sudo.c, sudo.h: |
Add support for reading and /etc/environment file. Still needs to | Add support for reading and /etc/environment file. Still needs to be |
be documented and should probably only applies to OSes that have it | documented and should probably only applies to OSes that have it |
(AIX and Linux, maybe others). |
(AIX and Linux, maybe others). |
[15d3edae27e4] |
[15d3edae27e4] |
|
|
Line 10568
|
Line 19802
|
[e486024574a1] |
[e486024574a1] |
|
|
* ldap.c: |
* ldap.c: |
Make sudo ALL imply setenv. Note that unlike with file-based | Make sudo ALL imply setenv. Note that unlike with file-based sudoers |
sudoers this does affect all the commands in the sudoRole. | this does affect all the commands in the sudoRole. |
[bc12f54321d1] |
[bc12f54321d1] |
|
|
* gram.c, gram.y, parse.c, parse.h: |
* gram.c, gram.y, parse.c, parse.h: |
Line 10670
|
Line 19904
|
|
|
* tgetpass.c: |
* tgetpass.c: |
Avoid printing the prompt if we are already backgrounded. E.g. if |
Avoid printing the prompt if we are already backgrounded. E.g. if |
the user runs "sudo foo &" from the shell. In this case, the call | the user runs "sudo foo &" from the shell. In this case, the call to |
to tcsetattr() will cause SIGTTOU to be delivered. | tcsetattr() will cause SIGTTOU to be delivered. |
[db2139a8d8b8] |
[db2139a8d8b8] |
|
|
2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com> |
2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 10882
|
Line 20116
|
|
|
* match.c, parse.c, testsudoers.c: |
* match.c, parse.c, testsudoers.c: |
Use LH_FOREACH_REV when checking permission and short-circuit on the |
Use LH_FOREACH_REV when checking permission and short-circuit on the |
first non-UNSPEC hit we get for the command. This means that | first non-UNSPEC hit we get for the command. This means that instead |
instead of cycling through the all the parsed sudoers entries we | of cycling through the all the parsed sudoers entries we start at |
start at the end and work backwards and quit after the first | the end and work backwards and quit after the first positive or |
positive or negative match. | negative match. |
[881474532f3e] |
[881474532f3e] |
|
|
* gram.c: |
* gram.c: |
Line 10916
|
Line 20150
|
* alias.c, defaults.c, gram.y, match.c, parse.c, parse.h, |
* alias.c, defaults.c, gram.y, match.c, parse.c, parse.h, |
testsudoers.c, visudo.c: |
testsudoers.c, visudo.c: |
Use a list head struct when storing the semi-circular lists and |
Use a list head struct when storing the semi-circular lists and |
convert to tail queues in the process. This will allow us to | convert to tail queues in the process. This will allow us to reverse |
reverse foreach loops more easily and it makes it clearer which | foreach loops more easily and it makes it clearer which functions |
functions expect a list as opposed to a single member. | expect a list as opposed to a single member. |
|
|
Add macros for manipulating lists. Some of these should become |
Add macros for manipulating lists. Some of these should become |
functions. |
functions. |
Line 11042
|
Line 20276
|
|
|
* toke.l: |
* toke.l: |
Require that the first character after a comment not be a digit or a |
Require that the first character after a comment not be a digit or a |
dash. This allows us to remove the GOTRUNAS state and treat | dash. This allows us to remove the GOTRUNAS state and treat uid/gids |
uid/gids similar to other words. It also means that we can now | similar to other words. It also means that we can now specify uids |
specify uids in User_Lists and a User_Spec may now contain a uid. | in User_Lists and a User_Spec may now contain a uid. |
[461fe01f8392] |
[461fe01f8392] |
|
|
* gram.y, toke.l: |
* gram.y, toke.l: |
Line 11859
|
Line 21093
|
|
|
* auth/kerb5.c: |
* auth/kerb5.c: |
If we cannot get a valid service key using the default keytab it is |
If we cannot get a valid service key using the default keytab it is |
a fatal error. Fixes a bug where sudo could be tricked into | a fatal error. Fixes a bug where sudo could be tricked into allowing |
allowing access when it should not by a fake KDC. From Thor Lancelot | access when it should not by a fake KDC. From Thor Lancelot Simon. |
Simon. | |
[a3ae6a47cb23] |
[a3ae6a47cb23] |
|
|
2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com> |
2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 11943
|
Line 21176
|
|
|
* env.c: |
* env.c: |
Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and |
Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and |
LDR_PRELOAD64. The 64-bit version is not currently supported. | LDR_PRELOAD64. The 64-bit version is not currently supported. Remove |
Remove zero_env() prototype as it no longer exists. | zero_env() prototype as it no longer exists. |
[b4fe65027fb6] |
[b4fe65027fb6] |
|
|
2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com> |
2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 12329
|
Line 21562
|
[1dfc2e8c9f2b] |
[1dfc2e8c9f2b] |
|
|
* ldap.c: |
* ldap.c: |
Reorganize LDAP code to better match normal sudoers parsing. | Reorganize LDAP code to better match normal sudoers parsing. Instead |
Instead of storing strings for later printing in -l mode we do | of storing strings for later printing in -l mode we do another query |
another query since the authenticating user and the user being | since the authenticating user and the user being listed may not be |
listed may not be the same (the new -U flag). Also add support for | the same (the new -U flag). Also add support for "sudo -l command". |
"sudo -l command". | |
|
|
There is still a fair bit if duplicated code that can probably be |
There is still a fair bit if duplicated code that can probably be |
refactored. |
refactored. |
Line 12918
|
Line 22150
|
|
|
* match.c, testsudoers.c, visudo.c: |
* match.c, testsudoers.c, visudo.c: |
Only check group vector in usergr_matches() if we are matching the |
Only check group vector in usergr_matches() if we are matching the |
invoking or list user. Always check the group members, even if | invoking or list user. Always check the group members, even if there |
there was a group vector. | was a group vector. |
[d0c7ceb2a041] |
[d0c7ceb2a041] |
|
|
2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 12994
|
Line 22226
|
[d69959681c87] |
[d69959681c87] |
|
|
* getspwuid.c: |
* getspwuid.c: |
Check rbinsert() return value. In the case of faked up entries | Check rbinsert() return value. In the case of faked up entries there |
there is usually a negative response cached that we need to | is usually a negative response cached that we need to overwrite. |
overwrite. | |
|
|
In pwfree() don't try to zero out a NULL pw_passwd pointer. |
In pwfree() don't try to zero out a NULL pw_passwd pointer. |
[00b32d1a48c1] |
[00b32d1a48c1] |
Line 13088
|
Line 22319
|
[e56fe33db916] |
[e56fe33db916] |
|
|
* ldap.c, parse.c, sudo.c, sudo.h: |
* ldap.c, parse.c, sudo.c, sudo.h: |
Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags. | Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags. Instead, |
Instead, we just set the approriate defaults variable. | we just set the approriate defaults variable. |
[756eeecc1d86] |
[756eeecc1d86] |
|
|
* sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod: |
* sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod: |
Line 13105
|
Line 22336
|
* defaults.c, match.c, parse.c, parse.h, testsudoers.c: |
* defaults.c, match.c, parse.c, parse.h, testsudoers.c: |
Change an occurence of user_matches() -> runas_matches() missed |
Change an occurence of user_matches() -> runas_matches() missed |
previously runas_matches(), host_matches() and cmnd_matches() only |
previously runas_matches(), host_matches() and cmnd_matches() only |
really need to pass in a list of members. user_matches() still | really need to pass in a list of members. user_matches() still needs |
needs to pass in a passwd struct because of "sudo -l" | to pass in a passwd struct because of "sudo -l" |
[833b22fc6fa0] |
[833b22fc6fa0] |
|
|
* parse.c: |
* parse.c: |
Line 13414
|
Line 22645
|
[ad462ede3094] |
[ad462ede3094] |
|
|
* testsudoers.c: |
* testsudoers.c: |
Rewrite for the new parser. Now supports a -d flag (dump) and adds | Rewrite for the new parser. Now supports a -d flag (dump) and adds a |
a -h flag (host). It now defaults to the local hostname unless | -h flag (host). It now defaults to the local hostname unless |
otherwise specified. |
otherwise specified. |
[1b69685cc601] |
[1b69685cc601] |
|
|
Line 13597
|
Line 22828
|
2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com> |
2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* mon_systrace.c: |
* mon_systrace.c: |
Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably | Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably means |
means we are out of space in the stack gap... | we are out of space in the stack gap... |
[5b02b702021e] |
[5b02b702021e] |
|
|
* CHANGES: |
* CHANGES: |
Line 13744
|
Line 22975
|
[ba481d9ed1aa] |
[ba481d9ed1aa] |
|
|
* visudo.c: |
* visudo.c: |
Overhaul visudo for editing multiple files: o visudo has been | Overhaul visudo for editing multiple files: o visudo has been broken |
broken out into functions (more work needed here) o each file is | out into functions (more work needed here) o each file is now edited |
now edited before sudoers is re-parsed o if a #include line is | before sudoers is re-parsed o if a #include line is added that file |
added that file will be edited too | will be edited too |
|
|
TODO: o cleanup temp files when exiting via err() or errx() o |
TODO: o cleanup temp files when exiting via err() or errx() o |
continue breaking things out into separate functions |
continue breaking things out into separate functions |
Line 13803
|
Line 23034
|
|
|
* parse.c, parse.h, parse.lex, parse.yacc: |
* parse.c, parse.h, parse.lex, parse.yacc: |
More scaffolding for dealing with multiple sudoers files: o |
More scaffolding for dealing with multiple sudoers files: o |
init_parser() now takes a path used to populate the sudoers global | init_parser() now takes a path used to populate the sudoers global o |
o the sudoers global is used to print the correct file in yyerror() | the sudoers global is used to print the correct file in yyerror() o |
o when switching to a new sudoers file, perserve old file name and | when switching to a new sudoers file, perserve old file name and |
line number |
line number |
[d9be4970b8bd] |
[d9be4970b8bd] |
|
|
Line 13889
|
Line 23120
|
|
|
* getspwuid.c: |
* getspwuid.c: |
Add flag to sudo_pwdup that indicates whether or not to lookup the |
Add flag to sudo_pwdup that indicates whether or not to lookup the |
shadow password. Will be used to a struct passwd that has the | shadow password. Will be used to a struct passwd that has the shadow |
shadow password already filled in. | password already filled in. |
[e19d43dd7238] |
[e19d43dd7238] |
|
|
* mon_systrace.c: |
* mon_systrace.c: |
Line 13940
|
Line 23171
|
[1703fd2fdef6] |
[1703fd2fdef6] |
|
|
* mon_systrace.c: |
* mon_systrace.c: |
systrace(4) support for sudo. On systems with the systrace(4) | systrace(4) support for sudo. On systems with the systrace(4) kernel |
kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can | facility (OpenBSD, NetBSD, Linux w/ patches) sudo can intercept exec |
intercept exec calls and check the exec args against the sudoers | calls and check the exec args against the sudoers file. In other |
file. In other words, sudo can now control subcommands and shell | words, sudo can now control subcommands and shell escapes. |
escapes. | |
[928c9217c386] |
[928c9217c386] |
|
|
* sudo.c, sudo.h: |
* sudo.c, sudo.h: |
Line 14853
|
Line 24083
|
2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com> |
2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* INSTALL, README.LDAP, config.h.in, configure.in: |
* INSTALL, README.LDAP, config.h.in, configure.in: |
o --with-ldap now takes an optional dir as a parameter o added | o --with-ldap now takes an optional dir as a parameter o added check |
check for ldap_initialize() and start_tls_s() | for ldap_initialize() and start_tls_s() |
[2b846c7974c6] |
[2b846c7974c6] |
|
|
* README.LDAP: |
* README.LDAP: |
Line 14920
|
Line 24150
|
* parse.c: |
* parse.c: |
In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was |
In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was |
explicitly denied and the command matched. This fixes a long- |
explicitly denied and the command matched. This fixes a long- |
standing bug and makes: foo machine = (ALL) /usr/bin/blah | standing bug and makes: foo machine = (ALL) /usr/bin/blah foo |
foo machine = (!bar) /usr/bin/blah | machine = (!bar) /usr/bin/blah |
|
|
equivalent to: foo machine = (ALL, !bar) /usr/bin/blah |
equivalent to: foo machine = (ALL, !bar) /usr/bin/blah |
[2f5ee244985a] |
[2f5ee244985a] |
Line 15020
|
Line 24250
|
[6058c4cefcec] |
[6058c4cefcec] |
|
|
* set_perms.c, sudo.c, tgetpass.c, visudo.c: |
* set_perms.c, sudo.c, tgetpass.c, visudo.c: |
Preliminary changes to support nsr-tandem-nsk. Based on patches | Preliminary changes to support nsr-tandem-nsk. Based on patches from |
from Tom Bates. | Tom Bates. |
[2e5f81834383] |
[2e5f81834383] |
|
|
* logging.c: |
* logging.c: |
Preliminary changes to support nsr-tandem-nsk. Based on patches | Preliminary changes to support nsr-tandem-nsk. Based on patches from |
from Tom Bates. | Tom Bates. |
[934bbe6872b6] |
[934bbe6872b6] |
|
|
* check.c, compat.h: |
* check.c, compat.h: |
Preliminary changes to support nsr-tandem-nsk. Based on patches | Preliminary changes to support nsr-tandem-nsk. Based on patches from |
from Tom Bates. | Tom Bates. |
[390b698b5924] |
[390b698b5924] |
|
|
2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com> |
2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 15379
|
Line 24609
|
[773165eb6057] |
[773165eb6057] |
|
|
* visudo.c: |
* visudo.c: |
Use WIFEXITED and WEXITSTATUS macros. If there are systems out | Use WIFEXITED and WEXITSTATUS macros. If there are systems out there |
there that want to run sudo that still don't support these we can | that want to run sudo that still don't support these we can try to |
try to deal with that later. | deal with that later. |
[6af68e4aff60] |
[6af68e4aff60] |
|
|
* lex.yy.c: |
* lex.yy.c: |
Line 15415
|
Line 24645
|
* sudo.h: |
* sudo.h: |
Add a new flag, -e, that makes it possible to give users the ability |
Add a new flag, -e, that makes it possible to give users the ability |
to edit files with the editor of their choice as the invoking user, |
to edit files with the editor of their choice as the invoking user, |
not the runas user. Temporary files are used for the actual edit | not the runas user. Temporary files are used for the actual edit and |
and the temp file is copied over the original after the editor is | the temp file is copied over the original after the editor is done. |
done. | |
[c4051414c1f4] |
[c4051414c1f4] |
|
|
* Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c: |
* Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c: |
Add a new flag, -e, that makes it possible to give users the ability |
Add a new flag, -e, that makes it possible to give users the ability |
to edit files with the editor of their choice as the invoking user, |
to edit files with the editor of their choice as the invoking user, |
not the runas user. Temporary files are used for the actual edit | not the runas user. Temporary files are used for the actual edit and |
and the temp file is copied over the original after the editor is | the temp file is copied over the original after the editor is done. |
done. | |
[37ac05c8ac3c] |
[37ac05c8ac3c] |
|
|
* env.c, sudo.c: |
* env.c, sudo.c: |
If real uid == 0 and the SUDO_USER environment variables is set, use |
If real uid == 0 and the SUDO_USER environment variables is set, use |
that to determine the invoking user's true identity. That way the |
that to determine the invoking user's true identity. That way the |
proper info gets logged by someone who has done "sudo su" but still |
proper info gets logged by someone who has done "sudo su" but still |
uses sudo to as root. We can't do this for non-root users since | uses sudo to as root. We can't do this for non-root users since that |
that would open up a security hole, though perhaps it would be | would open up a security hole, though perhaps it would be acceptable |
acceptable to use getlogin(2) on OSes where this a system call (and | to use getlogin(2) on OSes where this a system call (and doesn't |
doesn't just look in the utmp file). | just look in the utmp file). |
[c2f9198708a1] |
[c2f9198708a1] |
|
|
* pathnames.h.in: |
* pathnames.h.in: |
Line 15484
|
Line 24712
|
2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* sudo.c: |
* sudo.c: |
Change euid to runas user before calling find_path(). | Change euid to runas user before calling find_path(). Unfortunately, |
Unfortunately, though runas_user can be modified in sudoers we | though runas_user can be modified in sudoers we haven't parsed |
haven't parsed sudoers yet. | sudoers yet. |
[f469fdf2e313] |
[f469fdf2e313] |
|
|
* sudoers.man.in, sudoers.pod: |
* sudoers.man.in, sudoers.pod: |
Line 15495
|
Line 24723
|
[f7bed6e909bf] |
[f7bed6e909bf] |
|
|
* sudo.c: |
* sudo.c: |
Fix a bug when set_runaspw() is used as a callback. We don't want | Fix a bug when set_runaspw() is used as a callback. We don't want to |
to reset the contents of runas_pw if the user specified a user via | reset the contents of runas_pw if the user specified a user via the |
the -u flag. | -u flag. |
|
|
Avoid unnecessary passwd lookups in set_authpw(). In most cases we |
Avoid unnecessary passwd lookups in set_authpw(). In most cases we |
already have the info in runas_pw. |
already have the info in runas_pw. |
Line 15522
|
Line 24750
|
[42aa37050053] |
[42aa37050053] |
|
|
* sudo.c: |
* sudo.c: |
Add set_runaspw() function to fill in runas_pw. This will be used | Add set_runaspw() function to fill in runas_pw. This will be used as |
as a callback to update runas_pw when the runas user changes. | a callback to update runas_pw when the runas user changes. |
[e570aa0088d0] |
[e570aa0088d0] |
|
|
* env.c, sudo.c: |
* env.c, sudo.c: |
Line 15739
|
Line 24967
|
Add support for preloading a shared object containing a dummy |
Add support for preloading a shared object containing a dummy |
execve() function that just sets error and returns -1. This adds a |
execve() function that just sets error and returns -1. This adds a |
"noexec_file" option to load the filename as well as a "noexec" flag |
"noexec_file" option to load the filename as well as a "noexec" flag |
to enable it unconditionally. There is also a NOEXEC tag that can | to enable it unconditionally. There is also a NOEXEC tag that can be |
be attached to specific commands and an EXEC tag to disable it. | attached to specific commands and an EXEC tag to disable it. |
[c8b6712feb91] |
[c8b6712feb91] |
|
|
* mkdefaults: |
* mkdefaults: |
Line 15877
|
Line 25105
|
|
|
* auth/pam.c: |
* auth/pam.c: |
Fix a core dump on Solaris by preserving the pam_handle_t we used |
Fix a core dump on Solaris by preserving the pam_handle_t we used |
during authentication for pam_prep_user(). If we didn't | during authentication for pam_prep_user(). If we didn't authenticate |
authenticate (ie: ticket still valid), we call pam_init() from | (ie: ticket still valid), we call pam_init() from pam_prep_user(). |
pam_prep_user(). This is something of a hack; it may be better to | This is something of a hack; it may be better to change the auth API |
change the auth API and add an auth_final() function that acts like | and add an auth_final() function that acts like pam_prep_user(). |
pam_prep_user(). | |
[f787de49b175] |
[f787de49b175] |
|
|
2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com> |
2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 16081
|
Line 25308
|
[aba0126f0059] |
[aba0126f0059] |
|
|
* auth/kerb5.c: |
* auth/kerb5.c: |
Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is | Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is no |
no longer defined by MIT kerb5 (though it used to be and indeed | longer defined by MIT kerb5 (though it used to be and indeed remains |
remains so in Heimdal). | so in Heimdal). |
[e5a6c64d7cd5] |
[e5a6c64d7cd5] |
|
|
2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com> |
2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 16626
|
Line 25853
|
[587f8a2df857] |
[587f8a2df857] |
|
|
* parse.lex: |
* parse.lex: |
Better fix for sudoers files w/o a newline before EOF. It looks | Better fix for sudoers files w/o a newline before EOF. It looks like |
like the issue is that yyrestart() does not reset the start | the issue is that yyrestart() does not reset the start condition to |
condition to INITIAL which is an issue since we parse sudoers | INITIAL which is an issue since we parse sudoers multiple times. |
multiple times. | |
[920f8326968a] |
[920f8326968a] |
|
|
2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com> |
2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 16643
|
Line 25869
|
|
|
* visudo.c: |
* visudo.c: |
o The parser needs sudoers to end with a newline but some editors |
o The parser needs sudoers to end with a newline but some editors |
(emacs) may not add one. Check for a missing newline at EOF and | (emacs) may not add one. Check for a missing newline at EOF and add |
add one if needed. o Set quiet flag during initial sudoers parse (to | one if needed. o Set quiet flag during initial sudoers parse (to get |
get options) o Move yyrestart() call and always use freopen() to | options) o Move yyrestart() call and always use freopen() to open |
open yyin after initial sudoers parse. | yyin after initial sudoers parse. |
[12d12f9b07aa] |
[12d12f9b07aa] |
|
|
2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com> |
2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 16863
|
Line 26089
|
|
|
* env.c: |
* env.c: |
Don't try to pre-compute the size of the new envp, just allocate |
Don't try to pre-compute the size of the new envp, just allocate |
space up front and realloc as needed. Changes to the new env | space up front and realloc as needed. Changes to the new env pointer |
pointer must all be made through insert_env() which now keeps track | must all be made through insert_env() which now keeps track of |
of spaced used and allocates as needed. | spaced used and allocates as needed. |
[39bc934a9f2c] |
[39bc934a9f2c] |
|
|
2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com> |
2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 16895
|
Line 26121
|
|
|
* check.c: |
* check.c: |
The the loop used to expand %h and %u, the lastchar variable was not |
The the loop used to expand %h and %u, the lastchar variable was not |
being initialized. This means that if the last char in the prompt | being initialized. This means that if the last char in the prompt is |
is '%' and the first char is 'h' or 'u' a extra copy of the host or | '%' and the first char is 'h' or 'u' a extra copy of the host or |
user name would be copied, for which space had not been allocated. |
user name would be copied, for which space had not been allocated. |
[b2e27197857d] |
[b2e27197857d] |
|
|
Line 17316
|
Line 26542
|
2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com> |
2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Makefile.in: |
* Makefile.in: |
o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and | o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and -g |
-g to facilitate non-root installs | to facilitate non-root installs |
[619216038f56] |
[619216038f56] |
|
|
* install-sh: |
* install-sh: |
Line 17360
|
Line 26586
|
* auth/pam.c: |
* auth/pam.c: |
o Add pam_prep_user function to call pam_setcred() for the target |
o Add pam_prep_user function to call pam_setcred() for the target |
user; on Linux this often sets resource limits. o When calling |
user; on Linux this often sets resource limits. o When calling |
pam_end(), try to convert the auth->result to a PAM_FOO value. | pam_end(), try to convert the auth->result to a PAM_FOO value. This |
This is a hack--we really need to stash the last PAM_FOO value | is a hack--we really need to stash the last PAM_FOO value received |
received and use that instead. | and use that instead. |
[6ad6f340dd2a] |
[6ad6f340dd2a] |
|
|
* set_perms.c, sudo.h: |
* set_perms.c, sudo.h: |
Line 17568
|
Line 26794
|
[6fa41c89ab20] |
[6fa41c89ab20] |
|
|
* sudo.c: |
* sudo.c: |
XXX - should call find_path() as runas user, not root. Can't do | XXX - should call find_path() as runas user, not root. Can't do that |
that until the parser changes though. | until the parser changes though. |
[f0b4f85651bd] |
[f0b4f85651bd] |
|
|
* sudo.c: |
* sudo.c: |
Line 17826
|
Line 27052
|
|
|
* parse.lex: |
* parse.lex: |
o Use exclusive start conditions to remove some ambiguity in the |
o Use exclusive start conditions to remove some ambiguity in the |
lexer. Also reorder some things for clarity. o Add support for | lexer. Also reorder some things for clarity. o Add support for "+=" |
"+=" and "-=" list operators. o Use the new DEFVAR token to denote | and "-=" list operators. o Use the new DEFVAR token to denote a |
a Defaults variable name. | Defaults variable name. |
[3a2cf8323e26] |
[3a2cf8323e26] |
|
|
* sudo.h: |
* sudo.h: |
Line 17836
|
Line 27062
|
[b74916469dab] |
[b74916469dab] |
|
|
* env.c: |
* env.c: |
o Convert environment handling to use lists instead of strings. | o Convert environment handling to use lists instead of strings. This |
This greatly simplifies routines that need to do "foreach" type | greatly simplifies routines that need to do "foreach" type |
operations. o Add new init_envtables() function to set env_check | operations. o Add new init_envtables() function to set env_check and |
and env_delete defaults based on initial_badenv_table and | env_delete defaults based on initial_badenv_table and |
initial_checkenv_table (formerly sudo_badenv_table). |
initial_checkenv_table (formerly sudo_badenv_table). |
[0a8b404658b6] |
[0a8b404658b6] |
|
|
* defaults.c, defaults.h: |
* defaults.c, defaults.h: |
o Add a new LIST type and functions to manipulate it. o This is for |
o Add a new LIST type and functions to manipulate it. o This is for |
use with environment handling variables. o Call new | use with environment handling variables. o Call new init_envtables() |
init_envtables() routine inside init_defaults() to initialize the | routine inside init_defaults() to initialize the environment lists. |
environment lists. | |
[ae73e64f0902] |
[ae73e64f0902] |
|
|
* def_data.c, def_data.h, def_data.in: |
* def_data.c, def_data.h, def_data.in: |
Line 18167
|
Line 27392
|
|
|
* check.c: |
* check.c: |
Use stashed user_gid when checking against exempt gid since sudo |
Use stashed user_gid when checking against exempt gid since sudo |
sets its gid to a a value that makes sudoers readable. Previously | sets its gid to a a value that makes sudoers readable. Previously if |
if you used gid 0 as the exempt group everyone would be exempt. From | you used gid 0 as the exempt group everyone would be exempt. From |
Paul Kranenburg <pk@cs.few.eur.nl> |
Paul Kranenburg <pk@cs.few.eur.nl> |
[0b140cc3a817] |
[0b140cc3a817] |
|
|
Line 18213
|
Line 27438
|
2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* visudo.c: |
* visudo.c: |
Block all signals in Exit() to avoid a signal race. There is still | Block all signals in Exit() to avoid a signal race. There is still a |
a tiny window but I'm not going to worry about it. | tiny window but I'm not going to worry about it. |
[6661805c0458] |
[6661805c0458] |
|
|
2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com> |
2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 18654
|
Line 27879
|
2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com> |
2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* sudo.c: |
* sudo.c: |
Fix -H flag. runas_homedir is only valid after | Fix -H flag. runas_homedir is only valid after set_perms(PERM_RUNAS, |
set_perms(PERM_RUNAS, mode) | mode) |
[ce9b1c6f68a6] |
[ce9b1c6f68a6] |
|
|
2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com> |
2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 18705
|
Line 27930
|
sensible error if it does not exist. |
sensible error if it does not exist. |
|
|
The path to the editor for visudo is now a colon-separated list of |
The path to the editor for visudo is now a colon-separated list of |
allowable editors. If the user has $EDITOR set and it matches one | allowable editors. If the user has $EDITOR set and it matches one of |
of the allowed editors that editor will be used. If not, the first | the allowed editors that editor will be used. If not, the first |
editor in the list that actually exists is used. |
editor in the list that actually exists is used. |
[cc86eb9f5440] |
[cc86eb9f5440] |
|
|
Line 19164
|
Line 28389
|
[055fa61a7c61] |
[055fa61a7c61] |
|
|
* INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod: |
* INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod: |
Add 'shell_noargs' runtime option back in. We have to defer | Add 'shell_noargs' runtime option back in. We have to defer checking |
checking until after the sudoers file has been parsed but since | until after the sudoers file has been parsed but since there are now |
there are now other options that operate that way this one can too. | other options that operate that way this one can too. Based on a |
Based on a patch from bguillory@email.com. | patch from bguillory@email.com. |
[231db7a007a6] |
[231db7a007a6] |
|
|
* defaults.c, defaults.h, parse.c, sudo.c, sudo.h: |
* defaults.c, defaults.h, parse.c, sudo.c, sudo.h: |
Line 19292
|
Line 28517
|
* CHANGES, parse.yacc, sudo.tab.c: |
* CHANGES, parse.yacc, sudo.tab.c: |
fix parsing of runas lists: o oprunasuser and runaslist now return a |
fix parsing of runas lists: o oprunasuser and runaslist now return a |
value o in a runasspec, if a runaslist does not return TRUE, set |
value o in a runasspec, if a runaslist does not return TRUE, set |
runas_matches to FALSE. Normally, a runaslist only returns FALSE | runas_matches to FALSE. Normally, a runaslist only returns FALSE for |
for explicitly denied users. o since runaslist does not modify the | explicitly denied users. o since runaslist does not modify the stack |
stack there is no need for a push/pop in runasalias. | there is no need for a push/pop in runasalias. |
[82b305b34a8c] |
[82b305b34a8c] |
|
|
* check.c, sudo.c: |
* check.c, sudo.c: |
Line 19319
|
Line 28544
|
o Kill shell_noargs option, it cannot work since the command needs |
o Kill shell_noargs option, it cannot work since the command needs |
to be set before sudoers is parsed. o Fix the "set_home" sudoers |
to be set before sudoers is parsed. o Fix the "set_home" sudoers |
option (only worked at compile time). o Fix "fqdn" sudoers option. |
option (only worked at compile time). o Fix "fqdn" sudoers option. |
We now set host/shost via set_fqdn which gets called when the | We now set host/shost via set_fqdn which gets called when the "fqdn" |
"fqdn" option is set in sudoers. o Move the openlog() to | option is set in sudoers. o Move the openlog() to store_syslogfac() |
store_syslogfac() so this gets overridden correctly from the | so this gets overridden correctly from the sudoers file. |
sudoers file. | |
[3dca861f0f5d] |
[3dca861f0f5d] |
|
|
* auth/securid.c: |
* auth/securid.c: |
Line 19453
|
Line 28677
|
|
|
* lex.yy.c, parse.lex: |
* lex.yy.c, parse.lex: |
Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c |
Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c |
since it might not get called in yywrap if we get a parse error | since it might not get called in yywrap if we get a parse error (and |
(and we only reread the file on error anyway). | we only reread the file on error anyway). |
[37f4b449e28e] |
[37f4b449e28e] |
|
|
* lex.yy.c, parse.lex: |
* lex.yy.c, parse.lex: |
Line 19537
|
Line 28761
|
[e3ed0c1f312b] |
[e3ed0c1f312b] |
|
|
* logging.h: |
* logging.h: |
Fix compilation problem when --with-logging=file was specified. | Fix compilation problem when --with-logging=file was specified. This |
This means that syslog is now required to build sudo but that should | means that syslog is now required to build sudo but that should not |
not be a problem. If it is it can be fixed trivially with a | be a problem. If it is it can be fixed trivially with a configure |
configure check for syslog() or syslog.h. | check for syslog() or syslog.h. |
[839a4b069190] |
[839a4b069190] |
|
|
* tgetpass.c: |
* tgetpass.c: |
Line 19562
|
Line 28786
|
1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com> |
1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* defaults.c: |
* defaults.c: |
Error out if syslog parameters are given without a value. For | Error out if syslog parameters are given without a value. For Ultrix |
Ultrix or 4.2BSD "syslog" is allowed without a value since there are | or 4.2BSD "syslog" is allowed without a value since there are no |
no facilities in the 4.2BSD syslog. | facilities in the 4.2BSD syslog. |
[69e7a686f5f0] |
[69e7a686f5f0] |
|
|
1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com> |
1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 19670
|
Line 28894
|
getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c: |
getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c: |
o Change defaults stuff to put the value right in the struct. o |
o Change defaults stuff to put the value right in the struct. o |
Implement mailer_flags o Store syslog stuff both in int and string |
Implement mailer_flags o Store syslog stuff both in int and string |
form. Setting the string form magically updates the int version. | form. Setting the string form magically updates the int version. o |
o Add boolean attribute to strings where it makes sense to say !foo | Add boolean attribute to strings where it makes sense to say !foo |
[4698953f9a36] |
[4698953f9a36] |
|
|
* tgetpass.c: |
* tgetpass.c: |
Line 19981
|
Line 29205
|
|
|
* parse.h, parse.yacc, sudo.tab.c, sudo.tab.h: |
* parse.h, parse.yacc, sudo.tab.c, sudo.tab.h: |
In "sudo -l" mode, the type of the stored (expanded) alias was not |
In "sudo -l" mode, the type of the stored (expanded) alias was not |
stored with the contents. This could lead to incorrect output if | stored with the contents. This could lead to incorrect output if the |
the sudoers file had different alias types with the same name. | sudoers file had different alias types with the same name. Normal |
Normal parsing (ie: not in '-l' mode) is unaffected. | parsing (ie: not in '-l' mode) is unaffected. |
[823fe2bc4b79] |
[823fe2bc4b79] |
|
|
1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com> |
1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 20165
|
Line 29389
|
* INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure, |
* INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure, |
configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c, |
configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c, |
visudo.c: |
visudo.c: |
o Add a "pedentic" flag to the parser. This makes sudo warn in | o Add a "pedentic" flag to the parser. This makes sudo warn in cases |
cases where an alias may be used before it is defined. Only turned | where an alias may be used before it is defined. Only turned on for |
on for visudo and testsudoers. o Add --disable-authentication option | visudo and testsudoers. o Add --disable-authentication option that |
that makes sudo not require authentication by default. The PASSWD | makes sudo not require authentication by default. The PASSWD tag can |
tag can be used to require authentication for an entry. We no | be used to require authentication for an entry. We no longer |
longer overload --without-passwd. | overload --without-passwd. |
[f307e09adf98] |
[f307e09adf98] |
|
|
* lex.yy.c, parse.lex: |
* lex.yy.c, parse.lex: |
Line 20236
|
Line 29460
|
version.c, visudo.c: |
version.c, visudo.c: |
o Move lock_file() and touch() into fileops.c so visudo can use them |
o Move lock_file() and touch() into fileops.c so visudo can use them |
o Visudo now locks the sudoers temp file instead of bailing when the |
o Visudo now locks the sudoers temp file instead of bailing when the |
temp file already exists. This fixes the problem of stale temp | temp file already exists. This fixes the problem of stale temp files |
files but it does *require* that you not try to put the temp file in | but it does *require* that you not try to put the temp file in a |
a world-writable directory. This shoud not be an issue as the temp | world-writable directory. This shoud not be an issue as the temp |
file should live in the same dir as sudoers. o Visudo now only |
file should live in the same dir as sudoers. o Visudo now only |
installs the temp file as sudoers if it changed. |
installs the temp file as sudoers if it changed. |
[2517cd06c070] |
[2517cd06c070] |
Line 20327
|
Line 29551
|
o Add '!' correctly when expanding Aliases. o Add shortcut macros |
o Add '!' correctly when expanding Aliases. o Add shortcut macros |
for append() to make things more readable. o The separator in |
for append() to make things more readable. o The separator in |
append() is now a string instead of a char. o In append(), only |
append() is now a string instead of a char. o In append(), only |
prepend the separator if the last char is not a '!'. This is a | prepend the separator if the last char is not a '!'. This is a hack |
hack but it greatly simplifies '!' handling. o In -l mode, Runas | but it greatly simplifies '!' handling. o In -l mode, Runas lists |
lists and NOPASSWD/PASSWD tags are now inherited across entries in | and NOPASSWD/PASSWD tags are now inherited across entries in a list |
a list (matches current behavior). o Fix formatting in -l mode such | (matches current behavior). o Fix formatting in -l mode such that |
that items in a list are separated by a space. Greatlt improves | items in a list are separated by a space. Greatlt improves |
readability. o Space for name field in struct aliasinfo is now |
readability. o Space for name field in struct aliasinfo is now |
allocated dyanically instead of using a (big) buffer. o In |
allocated dyanically instead of using a (big) buffer. o In |
add_alias(), only search the list once (lsearch instead of lfind + |
add_alias(), only search the list once (lsearch instead of lfind + |
Line 20352
|
Line 29576
|
set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since |
set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since |
it gets fill()'d in parse.lex--fixes a small memory leak. In the |
it gets fill()'d in parse.lex--fixes a small memory leak. In the |
long run it may be better to just fix parse.lex and make ALL back |
long run it may be better to just fix parse.lex and make ALL back |
into a token. However, having it be a string is useful since it | into a token. However, having it be a string is useful since it can |
can be easily passed back to the parent rule if we so desire. | be easily passed back to the parent rule if we so desire. |
[b3c64b443018] |
[b3c64b443018] |
|
|
* parse.lex: |
* parse.lex: |
Line 20615
|
Line 29839
|
[db48202df1bb] |
[db48202df1bb] |
|
|
* Makefile.in: |
* Makefile.in: |
BSD-style copyright. Update to reflect reality wrt new files and | BSD-style copyright. Update to reflect reality wrt new files and new |
new auth modules. | auth modules. |
[61a2ca7940fb] |
[61a2ca7940fb] |
|
|
* INSTALL: |
* INSTALL: |
Line 20654
|
Line 29878
|
user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible |
user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible |
to mix tty and non-tty based ticket schemes but this may change in |
to mix tty and non-tty based ticket schemes but this may change in |
the future (it requires sudo to use a directory instead of a file in |
the future (it requires sudo to use a directory instead of a file in |
the non-tty case). Also, ``sudo -k'' now sets the ticket back to | the non-tty case). Also, ``sudo -k'' now sets the ticket back to the |
the epoch and ``sudo -K'' really deletes the file. That way you | epoch and ``sudo -K'' really deletes the file. That way you don't |
don't get the lecture again just because you killed your ticket in | get the lecture again just because you killed your ticket in |
.logout. BSD-style copyright now. |
.logout. BSD-style copyright now. |
[ec3460f85be8] |
[ec3460f85be8] |
|
|
Line 20909
|
Line 30133
|
parse.yacc, sudo.c, sudo.tab.c, tgetpass.c: |
parse.yacc, sudo.c, sudo.tab.c, tgetpass.c: |
o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It |
o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It |
turns out the old DES crypt does the right thing with passwords |
turns out the old DES crypt does the right thing with passwords |
longert than 8 characters. o Fix common typo (necesary -> | longert than 8 characters. o Fix common typo (necesary -> necessary) |
necessary) o Update TODO list | o Update TODO list |
[ad75007a6f13] |
[ad75007a6f13] |
|
|
1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com> |
1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 21221
|
Line 30445
|
1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com> |
1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* CHANGES, lex.yy.c, parse.lex: |
* CHANGES, lex.yy.c, parse.lex: |
Fix a bug wrt quoting characters in command args. Stop processing | Fix a bug wrt quoting characters in command args. Stop processing an |
an arg when you hit a backslash so the quoted-character detection | arg when you hit a backslash so the quoted-character detection can |
can catch it. | catch it. |
[2281438d7f41] |
[2281438d7f41] |
|
|
1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com> |
1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 21310
|
Line 30534
|
|
|
* check.c, sudo.h: |
* check.c, sudo.h: |
If the user enters an empty password and really has no password, |
If the user enters an empty password and really has no password, |
accept the empty password they entered. Perviously, they could | accept the empty password they entered. Perviously, they could enter |
enter anything | anything |
*but* an empty password. Also, add GETPASS macro that calls either |
*but* an empty password. Also, add GETPASS macro that calls either |
tgetpass() or getpass() depending on how sudo was configured. |
tgetpass() or getpass() depending on how sudo was configured. |
Problem noted by jdg@maths.qmw.ac.uk |
Problem noted by jdg@maths.qmw.ac.uk |
Line 24350
|
Line 33574
|
|
|
* sudo.h: |
* sudo.h: |
added support for NO_PASSWD and runas from garp@opustel.com replaced |
added support for NO_PASSWD and runas from garp@opustel.com replaced |
SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support | SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro |
fro SUDOERS_MODE | SUDOERS_MODE |
[cea6f26679b7] |
[cea6f26679b7] |
|
|
* sudo.c: |
* sudo.c: |
Line 26996
|
Line 36220
|
[044023063eca] |
[044023063eca] |
|
|
* aclocal.m4: |
* aclocal.m4: |
OS was being set to unknown before non-uname based host checks. | OS was being set to unknown before non-uname based host checks. This |
This caused no checks to happen since $OS was not zero-length. | caused no checks to happen since $OS was not zero-length. |
[335a7267479d] |
[335a7267479d] |
|
|
* sudo.c: |
* sudo.c: |
Line 27466
|
Line 36690
|
[1194d01fa5c5] |
[1194d01fa5c5] |
|
|
* visudo.c: |
* visudo.c: |
whatnow_help was prototyped to be static be was not declared as | whatnow_help was prototyped to be static be was not declared as such |
such | |
[0f85489dd426] |
[0f85489dd426] |
|
|
* configure.in: |
* configure.in: |
Line 29607
|
Line 38830
|
[34331c7dee90] |
[34331c7dee90] |
|
|
* logging.c: |
* logging.c: |
split long log lines. FOr syslog, split into multiple entries, for | split long log lines. FOr syslog, split into multiple entries, for a |
a log file, indent the extra for readability | log file, indent the extra for readability |
[72c9e4cdba6e] |
[72c9e4cdba6e] |
|
|
1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com> |
1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 29630
|
Line 38853
|
1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com> |
1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* sudo.c: |
* sudo.c: |
added rmenv() to remove stuff from environ. can now uses execvp() | added rmenv() to remove stuff from environ. can now uses execvp() OR |
OR execve() becuase of this. | execve() becuase of this. |
[e7fc2535bd67] |
[e7fc2535bd67] |
|
|
* logging.c: |
* logging.c: |
Line 29929
|
Line 39152
|
[5c4bf716de21] |
[5c4bf716de21] |
|
|
* check.c, find_path.c, parse.c, sudo.c: |
* check.c, find_path.c, parse.c, sudo.c: |
added patches from John_Rouillard directory spec | added patches from John_Rouillard directory spec uses EDITOR |
uses EDITOR | |
[f62a435f8c41] |
[f62a435f8c41] |
|
|
1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com> |
1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com> |