version 1.1.1.5, 2013/10/14 07:56:33
|
version 1.1.1.6, 2014/06/15 16:12:53
|
Line 1
|
Line 1
|
|
2014-05-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/getgrouplist.c, plugins/group_file/group_file.c, |
|
plugins/system_group/system_group.c: |
|
deal with NULL gr_mem here too |
|
[0db43ed71001] |
|
|
|
* NEWS, configure, configure.ac: |
|
Sudo 1.8.10p3 |
|
[3f415a180023] |
|
|
|
2014-05-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/event.c: |
|
Fix non-blocking mode. We only want to exit the event loop when |
|
poll() or select() returns 0 and there are no active events. This |
|
fixes a problem on some systems where the last buffer was not being |
|
written when the command exited. |
|
[deb6b1a7b241] |
|
|
|
2014-04-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h: |
|
Make get_boottime() return bool. |
|
[9ff15a995d01] |
|
|
|
* doc/CONTRIBUTORS, plugins/sudoers/boottime.c: |
|
Fix fd leak on Linux when determing boot time. This is usually |
|
masked by the closefrom() call in sudo. From Jamie Anderson. Bug |
|
#645 |
|
[0b4c430e8b88] |
|
|
|
2014-04-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS, plugins/sudoers/auth/pam.c: |
|
Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when |
|
changing the user. This is the correct flag to use with a program |
|
that changes the uid like su or sudo and fixes a role problem on |
|
Solaris. From Gary Winiger; Bug #642 |
|
[ec23c3bf41bb] |
|
|
|
* plugins/sudoers/defaults.c: |
|
pam_setcred should default to true; from Gary Winiger Bug #642 |
|
[23e6628ec546] |
|
|
|
2014-04-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, plugins/sudoers/match.c, |
|
plugins/sudoers/regress/testsudoers/test6.out.ok, |
|
plugins/sudoers/regress/testsudoers/test6.sh, |
|
plugins/sudoers/regress/testsudoers/test7.out.ok, |
|
plugins/sudoers/regress/testsudoers/test7.sh: |
|
Fix matching of uids and gids broken in sudo 1.8.9. |
|
[315eff4add59] |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Fix -P option in usage() |
|
[50753b6222b7] |
|
|
|
2014-03-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/check.c, plugins/sudoers/prompt.c, |
|
plugins/sudoers/sudoers.h: |
|
Fix expansion of %p in the prompt for "sudo -l" when rootpw, runaspw |
|
or targetpw is set. Bug #639 |
|
[dff0208d1194] |
|
|
|
2014-03-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.ac: |
|
Sudo 1.8.10p2 |
|
[774ebec63b41] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Don't write an empty timestamp record when timestamp_timeout is |
|
zero. If we find an empty record in the timestamp file, overwrite it |
|
with a good one, truncating the file as needed. |
|
[9c226d81b660] |
|
|
|
2014-03-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in: |
|
Fix typos in description of the -x option. Bug #637 |
|
[6ff2bfaaf99d] |
|
|
|
2014-03-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.ac: |
|
Sudo 1.8.10p1 |
|
[33828a3385ad] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Fix typo/thinko that prevented "Defaults !tty_tickets" from working. |
|
[f65cc29dbcc7] |
|
|
|
* plugins/sudoers/parse.c: |
|
Fix "sudo -l command" output when the matching command is negated. |
|
Bug #636 |
|
[b4a92803f733] |
|
|
|
2014-03-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/Makefile.in, common/regress/atofoo/atofoo_test.c, |
|
common/regress/sudo_conf/test5.err.ok, |
|
common/regress/tailq/hltq_test.c: |
|
The atofoo_test and hltq_test tests now display their own test error |
|
rate. Display pass/fail count separately for sudo_conf and |
|
sudo_parseln tests. Check stderr output for the sudo_conf test. |
|
[5c814709ac70] |
|
|
|
* src/Makefile.in: |
|
Don't run the check_ttyname test if cross compiling. |
|
[874ecc1c3db0] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
CWD no longer used. |
|
[13b2f3c4269b] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Fix diff of toke and err output files in "make check" |
|
[485cdf3c75e7] |
|
|
|
2014-03-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/po/de.mo, src/po/de.po: |
|
sync with translationproject.org |
|
[d246c72a2350] |
|
|
|
2014-03-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.ac: |
|
Check whether ber.h is needed before ldap.h even if we are not using |
|
any ber functions. Needed for older versions of nss ldap. |
|
[c2310324dc34] |
|
|
|
* plugins/sudoers/sssd.c: |
|
Fix compiler warning in debug code. |
|
[8ee4cb6cafad] |
|
|
|
* MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/ca.mo, src/po/ca.po: |
|
Catalan translation for sudo from translationproject.org. |
|
[d6af7d06ee36] |
|
|
|
2014-03-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Document negation fix in JSON output. |
|
[37a85423ae49] |
|
|
|
2014-03-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
Fix handling of '!' operator when converting sudoers. We now add a |
|
"negated" boolean flag to objects that have the '!' operator. |
|
[071926c10280] |
|
|
|
2014-03-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, NEWS, plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po: |
|
Czech translation for sudoers from translationproject.org |
|
[c0aae297f7c1] |
|
|
|
2014-02-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.ac: |
|
Try -libmldap before -lldap in case there is no link from |
|
libibmldap.so to libldap.so. Since IBM ldap is installed under /opt |
|
we should only be able to reach it if --with-ldap was given an |
|
explicit path. |
|
|
|
Only check for ber_set_option() if LBER_OPT_DEBUG_LEVEL is defined. |
|
[89d50c29d737] |
|
|
|
2014-02-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/set_perms.c: |
|
Fix typo in setreuid() PERM_ROOT error message. |
|
[533415f53165] |
|
|
|
* mkpkg: |
|
No longer need to disable setresuid() on debian. |
|
[96ba687c35f0] |
|
|
|
2014-02-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Fix conversion of timestamp_timeout from double to struct timeval. |
|
Also quiet a printf format warning on 32-bit systems. |
|
[59d1f3094dda] |
|
|
|
2014-02-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, NEWS, plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po: |
|
Serbian translation for sudoers from translationproject.org. |
|
[7134b386d658] |
|
|
|
2014-02-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS: |
|
Add Ingo Schwarze |
|
[114cdf286987] |
|
|
|
* NEWS, plugins/sudoers/visudo_json.c: |
|
When exporting sudoers in JSON format, use the same type of Options |
|
object for both Defaults and Cmnd_Specs. |
|
[caa57043e197] |
|
|
|
2014-02-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/inet_pton.c: |
|
Silence cppcheck false positive. |
|
[b2781c42a80f] |
|
|
|
* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po: |
|
sync with translationproject.org |
|
[baba43a6d682] |
|
|
|
* NEWS, doc/UPGRADE: |
|
Mention init.d scripts on AIX and HP-UX Mention sudoers group |
|
mismatch fix |
|
[0259cb1f7cae] |
|
|
|
* INSTALL: |
|
Talk about clearing files at boot time, not reboot time since it |
|
happens when the system comes up, not down. |
|
[e8e480bc34fd] |
|
|
|
* plugins/sudoers/sudoers.c: |
|
We also need to open the sudoers file as root if there is a GID |
|
mismatch. |
|
[2fb2ba6fc4e6] |
|
|
|
* sudo.pp: |
|
Install /etc/rc.d/init.d/sudo and /etc/rc.d/rc2.d/S90sudo for AIX |
|
rpm packages. |
|
[4aca1d318599] |
|
|
|
2014-02-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/Makefile.in: |
|
Remove init.d file and link in uninstall target. |
|
[249a9f105cdd] |
|
|
|
* configure, configure.ac, sudo.pp: |
|
Fix INIT_DIR for real this time. |
|
[5444eb1afbc5] |
|
|
|
* configure, configure.ac, sudo.pp: |
|
Use correct init.d dir on HP-UX. Fix pp warnings from rc.d and |
|
init.d dirs. |
|
[809b54ef95f8] |
|
|
|
* .hgignore, MANIFEST, configure, configure.ac, init.d/aix.sh.in, |
|
init.d/hpux.sh.in, src/Makefile.in, sudo.pp: |
|
First cut add installing an init.d file for HP-UX and AIX to remove |
|
old sudo timestamp files at boot time. |
|
[ec6d35c62d88] |
|
|
|
2014-02-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: |
|
Use .Ar macro instead of "file ..." Use ".Cm -" instead of ".Li -" |
|
for the default login class. From Ingo Schwarze. |
|
[f13ea603760e] |
|
|
|
* doc/sudo.conf.mdoc.in, doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, |
|
doc/sudoers.ldap.mdoc.in, doc/sudoers.mdoc.in, |
|
doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in: |
|
Remove some extraneous markup; from Ingo Schwarze |
|
* No need to explicitly end a macro with No before | because | counts |
|
as middle punctuation and falls out of the macro, anyway. |
|
* No need to explicitly re-open in-line macros after | because | |
|
counts as middle punctuation and the macros resume afterwards, |
|
anyway. |
|
* Simplify the mnemonic remarks regarding the option letters, no need |
|
for manual font and spacing control with No and Ns. |
|
* Trim Ns No to just Ns, it already implies No. |
|
[cc63d66c6655] |
|
|
|
* doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Move zerowidth space in :alpha: after the colon for consistency. |
|
[799f6656c6e8] |
|
|
|
* doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, |
|
doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudoers.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in, |
|
doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat, |
|
doc/visudo.man.in: |
|
regen |
|
[14d682732b6f] |
|
|
|
* doc/sudo.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in: |
|
Remove extraneous keeps in SYNOPSIS now that mandoc does implied |
|
keeps when converting from mdoc to man. |
|
[0f48fc289f29] |
|
|
|
* doc/sudoers.mdoc.in: |
|
Properly escape the : in :alpha: |
|
[e41d4533a55f] |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: |
|
Replace some uses of .Sy with .Ar, .Ev and .Pa as appropriate. From |
|
Jan Stary. |
|
[90ec488905de] |
|
|
|
2014-02-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
Fix indentation of Defaults entries. The initial indent should be |
|
outside the loop iterating over the entries. |
|
[dc493c888fb2] |
|
|
|
2014-02-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, |
|
plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, |
|
plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po: |
|
sync with translationproject.org |
|
[fc517bc0908e] |
|
|
|
* common/aix.c, common/alloc.c, common/atoid.c, common/atomode.c, |
|
common/fatal.c, common/gidlist.c, common/sudo_conf.c, |
|
common/sudo_debug.c, compat/strsignal.c, compat/strtonum.c, |
|
plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c, |
|
plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, |
|
src/locale_stub.c, src/net_ifs.c, src/sesh.c, src/sudo.h: |
|
We must include gettext.h before missing.h as it includes system |
|
headers. Also add missing DEFAULT_TEXT_DOMAIN defines in sudoers |
|
audit code that does not include sudoers.h. |
|
[3ac4aa43ce40] |
|
|
|
* common/sudo_dso.c: |
|
When emulating DSO_NEXT with shl_get() we need to skip the program's |
|
handle. This used to be documented as being index -2 but now it |
|
seems to be index 0. As this is not guaranteed we need to look up |
|
the real handle value for PROG_HANDLE and skip it when interating |
|
through all the DSOs. Fixes infinite recursion on HP-UX in the |
|
getenv() replacement. |
|
[ade1b3045232] |
|
|
|
* src/env_hooks.c: |
|
Export getenv() so it is visible to shared objects we link with. |
|
[1ac08446a3a7] |
|
|
|
2014-02-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/regress/atofoo/atofoo_test.c, |
|
common/regress/sudo_conf/conf_test.c, |
|
common/regress/sudo_parseln/parseln_test.c, |
|
common/regress/tailq/hltq_test.c, |
|
plugins/sudoers/regress/parser/check_fill.c: |
|
Add some initprogname() calls to the test programs. |
|
[e4320585a88b] |
|
|
|
2014-02-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
regen |
|
[038d066a866d] |
|
|
|
* doc/UPGRADE: |
|
Mention that there is now a default LDAP search filter. |
|
[6351da3f8377] |
|
|
|
* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, |
|
doc/sudoers.ldap.mdoc.in: |
|
Minor word choice change. |
|
[7e59ab3eb453] |
|
|
|
* NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, |
|
plugins/sudoers/def_data.c, plugins/sudoers/def_data.h, |
|
plugins/sudoers/def_data.in, plugins/sudoers/defaults.c, |
|
plugins/sudoers/ldap.c, plugins/sudoers/match.c: |
|
Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup |
|
support requires an expensive substring match on the server. If |
|
netgroups are not needed, this option can be disabled to reduce the |
|
load on the LDAP server. |
|
[e6bd6c103390] |
|
|
|
2014-02-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
Update copyright year. |
|
[1299eed430a5] |
|
|
|
* NEWS: |
|
Mention LDAP changes. |
|
[512b1e363587] |
|
|
|
* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, |
|
doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c: |
|
Use a default LDAP search filter of (objectClass=sudoRole). When |
|
constructing the netgroup query, add (sudoUser=*) to the query so we |
|
don't fall below the 3 character OpenLDAP substring threshold. |
|
Otherwise the index for sudoUser will never be used for that query. |
|
Pointed out by Michael Stroeder. |
|
[54856973af41] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Don't warn about an insecure lecture dir twice. Display warnings in |
|
the user's locale. |
|
[2c56b8b6d6f9] |
|
|
|
2014-02-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Mention the fix for ^Z at the password prompt when sudo was started |
|
in the background. |
|
[352d52ad1f7d] |
|
|
|
* common/term.c, src/exec_pty.c: |
|
In term_restore(), only restores the terminal if we are in the |
|
foregroup process group. Instead of calling tcgetpgrp(), which is |
|
racy, we set a temporary handler for SIGTTOU and check whether it |
|
was received after a failed call to tcsetattr(). |
|
[94979d51daa2] |
|
|
|
* MANIFEST, compat/getaddrinfo.c, compat/inet_pton.c, config.h.in, |
|
configure, configure.ac, doc/LICENSE, include/missing.h, mkdep.pl, |
|
plugins/sudoers/interfaces.c, plugins/sudoers/match_addr.c: |
|
Use inet_pton() instead of inet_aton() and include a version from |
|
BIND for those without it. |
|
[fe61a27c76d3] |
|
|
|
* common/regress/atofoo/atofoo_test.c: |
|
Quiet a gcc warning. |
|
[f197821892ea] |
|
|
|
* compat/getaddrinfo.c: |
|
Need to include limits.h for USHRT_MAX. |
|
[d1d8bd9a0e01] |
|
|
|
2014-02-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/term.c, include/sudo_util.h: |
|
Use bool for function return values instead of 1 or 0. |
|
[99e357c0800b] |
|
|
|
* configure, configure.ac: |
|
Warn the user if the rundir needs to be cleared in the rc files. |
|
Neither AIX not HP-UX clear /var/run (if it even exists). |
|
[6cdbf57a2f9e] |
|
|
|
* NEWS: |
|
Update for sudo 1.8.9p5 |
|
[efb737c32615] |
|
|
|
* src/preserve_fds.c: |
|
When the closefrom limit is greater than any of the preserved fds, |
|
the pfds list will be non-empty but lastfd will be -1 triggering an |
|
ecalloc(0) assertion. Instead, test for lastfd being -1 and make |
|
sure we always update it, even if dup() fails. Also restore initial |
|
value of lowfd after we are done relocating. Fixes bug #633 |
|
[a11206a31f28] |
|
|
|
* common/term.c: |
|
Document function return values. |
|
[267bc85f6fbb] |
|
|
|
2014-02-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_pty.c: |
|
term_restore() now restarts itself so we don't need to do it |
|
ourselves. |
|
[a17e885d0b0a] |
|
|
|
* common/term.c: |
|
syscall restarting is broken on Mac OS X when interrupted by a tty |
|
signal so restart tcsetattr() by hand. For details, see. |
|
http://openradar.appspot.com/radar?id=6402578615107584 |
|
[3997b2a0577e] |
|
|
|
* MANIFEST, common/Makefile.in, common/regress/atofoo/atofoo_test.c: |
|
Add regress for atobool(), atoid() and atomode() |
|
[e1cbdf86d6e2] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Add back boottime.lo |
|
[0b7ddc31e13e] |
|
|
|
* INSTALL: |
|
Mention that rundir and vardir may be the same and what to do if |
|
they are. |
|
[301df9a31d43] |
|
|
|
* MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, |
|
plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/timestamp.c: |
|
Bring back boot time checking code and zero out time stamp files |
|
that predate the boot time. This should help systems w/o /var/run |
|
where the admin has setup rc.d to clear the timestamp directory. |
|
[e09389a8b1ca] |
|
|
|
* configure, configure.ac: |
|
Check libraries for inet_pton() if not in libc. |
|
[9f9bd83895e8] |
|
|
|
2014-02-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.ac: |
|
Fix clock_gettime() detection when it lives in librt. Some systems |
|
have inet_aton() in libresolv (older Solaris). |
|
[e5f7c8bc9a81] |
|
|
|
* sudo.pp: |
|
Avoid duplicate directories if vardir and rundir are the same. |
|
[c5df5ebc191b] |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
regen |
|
[740b2cc42fea] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Elaborate on time stamp error message causes. |
|
[2838fea2e21a] |
|
|
|
2014-02-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* sudo.pp: |
|
Remove the time stamp dir and its contents when uninstalling. We |
|
currently leave the lecture status files installed until there is a |
|
better way to detect upgrades. |
|
[61532b7113ff] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Update time stamp error messages and regen. |
|
[edf570c98cd5] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Restore warning when sudoers is unable to update the time stamp |
|
file. |
|
[86648a771250] |
|
|
|
* INSTALL, Makefile.in, configure, configure.ac, doc/sudoers.mdoc.in, |
|
m4/sudo.m4, plugins/sudoers/Makefile.in, sudo.pp: |
|
Replace --with-timedir and --with-lecture_dir with --with-rundir and |
|
--with-vardir which are the parent directories of the time stamp and |
|
lecture dirs. These directories need to be searchable by non-root so |
|
that the timestampowner setting can function. |
|
[5c38d77a2d0c] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Fix use of timestampowner in the new time stamp world order. Parent |
|
directories for timestampdir and lecture_dir are now created with |
|
the execute bit set so that we can traverse them as non-root. |
|
[9ff6f07c0a5d] |
|
|
|
2014-01-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/Makefile.in, plugins/sample/Makefile.in, |
|
plugins/sudoers/Makefile.in: |
|
Regen Makefiles. |
|
[59542bcdb222] |
|
|
|
* common/sudo_debug.c, config.h.in, include/sudo_util.h, |
|
plugins/sample/sample_plugin.c: |
|
Move ctim_get and mtim_get to sudo_util.h |
|
[d565391f5491] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
sprinkle some debug printfs and add function header comments |
|
[1842d9b8170d] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Properly handle the case where /var/run/sudo/ts doesn't exist. |
|
[895f3ad6ad60] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
fix typo |
|
[50041ebb6ce6] |
|
|
|
* NEWS: |
|
Mention "sudo -K" change. |
|
[e99bd7657aae] |
|
|
|
* doc/UPGRADE: |
|
Upgrade info for 1.8.10 |
|
[0867718b9af5] |
|
|
|
2014-01-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Warn on ftruncate failure(). |
|
[d2081876da25] |
|
|
|
* plugins/sudoers/timestamp.c: |
|
Fix checking of lecture status. |
|
[e12d78234d17] |
|
|
|
* mkpkg: |
|
Do not override timedir on Debian. |
|
[283fa2e69a0a] |
|
|
|
* common/event.c, common/event_select.c, include/missing.h, |
|
plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/visudo.c, src/sudo_edit.c: |
|
Use sudo_timeval macros and remove compat macros from missing.h |
|
[1de76d8b811e] |
|
|
|
* INSTALL, MANIFEST, NEWS, compat/Makefile.in, compat/clock_gettime.c, |
|
config.h.in, configure, configure.ac, doc/sudoers.cat, |
|
doc/sudoers.man.in, doc/sudoers.mdoc.in, include/missing.h, |
|
include/sudo_util.h, m4/sudo.m4, mkdep.pl, pathnames.h.in, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/boottime.c, |
|
plugins/sudoers/check.h, plugins/sudoers/def_data.c, |
|
plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, |
|
plugins/sudoers/defaults.c, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/timestamp.c, src/Makefile.in: |
|
Switch to new time stamp file format. Each user now has a single |
|
file which may contain multiple records when per-tty time stamps are |
|
in use (the default). The time stamps use a monotonic timer where |
|
available and are once again stored in /var/run/sudo. The lecture |
|
status is now stored separately from the time stamps in a different |
|
directory. |
|
[7e16eb37bacc] |
|
|
|
2014-01-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in, |
|
plugins/sudoers/check.c: |
|
When listing a user's privileges, always prompt the user for their |
|
own password, regardless of the value of target_pw, root_pw or |
|
runas_pw. |
|
[73a13ccc7933] |
|
|
|
2014-01-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/atomode.c: |
|
Zero out errstr when there is no error; fixes bug #632 |
|
[74950ef1a0dc] |
|
|
|
2014-01-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.ac, plugins/sudoers/interfaces.c, |
|
plugins/sudoers/match_addr.c: |
|
Use inet_aton() instead of inet_addr() as it allows us to |
|
distinguish between the address (or mask 255.255.255.255) and an |
|
error. In the future we may consider switching to inet_pton() for |
|
IPv4 too. |
|
[b6b4e4c77e9a] |
|
|
|
2014-01-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* include/missing.h: |
|
Fix typo, ULONG_MAX vs. ULLONG_MAX |
|
[5d274daa9fb1] |
|
|
|
* plugins/sudoers/sudo_nss.c: |
|
Fix typo in the AIX case. |
|
[ee531c950fce] |
|
|
|
* plugins/sudoers/sudo_nss.c: |
|
Size pointer for sudo_parseln() should be size_t not ssize_t. This |
|
was already correct for the nsswitch.conf case. |
|
[cfaf895c1db4] |
|
|
|
2014-01-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in, |
|
doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/net_ifs.c: |
|
It is now possible to disable network interface probing in sudo.conf |
|
by changing the value of the probe_interfaces setting. |
|
[e9dc28c7db60] |
|
|
|
2014-01-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/match_addr.c: |
|
If inet_addr() returns INADDR_NONE, return false instead of |
|
iterating through the interfaces looking for a match that will never |
|
happen. |
|
[1559c301caec] |
|
|
|
* configure, configure.ac, src/Makefile.in: |
|
Add explicit dependency on sudoers.la to sudo target when sudoers is |
|
compiled statically into the sudo binary. |
|
[d08cc66e18bd] |
|
|
|
2014-01-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, |
|
plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/timestr.c: |
|
Do not assume localtime(), gmtime() and ctime() always return non- |
|
NULL. |
|
[a1b5b67436de] |
|
|
|
2014-01-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* Makefile.in, common/Makefile.in, compat/Makefile.in, |
|
doc/Makefile.in, include/Makefile.in, |
|
plugins/group_file/Makefile.in, plugins/sample/Makefile.in, |
|
plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, |
|
src/Makefile.in, zlib/Makefile.in: |
|
Update copyright years |
|
[37d2aaa92544] |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
Eliminate dead store found by clang checker. |
|
[86874d5340f1] |
|
|
|
* NEWS, configure, configure.ac: |
|
Update for sudo 1.8.9p4 |
|
[f79ab7c6c1c5] |
|
|
|
* common/sudo_debug.c, include/sudo_debug.h, src/preserve_fds.c: |
|
When relocating fds, update the debug fd if it is set so we are |
|
guaranteed to get debugging output. |
|
[b1deaa472aa6] |
|
|
|
2014-01-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c: |
|
If the event loop exits due to an error and we are not logging I/O, |
|
kill the command if still running. Fixes a bug where sudo could exit |
|
while the command was still running. |
|
[844018ff8a8c] |
|
|
|
* src/preserve_fds.c: |
|
When relocating preserved fds, start with the highest ones first to |
|
avoid moving fds around more than we have to. Now uses a bitmap to |
|
keep track of which fds are being preserved. Fixes a bug where the |
|
debugging fd could be relocated to the same fd as the error |
|
backchannel temporarily, resulting in debugging output being printed |
|
to the backchannel if util@debug was enabled. |
|
[55e006dbeaf3] |
|
|
|
* src/preserve_fds.c: |
|
When restoring fds traverse list from high -> low, not low -> high |
|
to avoid implicitly closing an fd we want to relocate. |
|
[6351225f47d7] |
|
|
|
* src/exec.c: |
|
If not logging I/O we may get EOF when the command is executed and |
|
the other end of the backchannel is closed. Just remove the |
|
backchannel event in this case or we will continue to receive the |
|
event. Bug #631 |
|
[a204b69d91f7] |
|
|
|
* src/po/sr.mo, src/po/sr.po: |
|
sync with translationproject.org |
|
[987087ce4658] |
|
|
|
2014-01-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/ttyname.c: |
|
Fix strtonum() usage when parsing /proc/self/stat on Linux. Bug #630 |
|
[3448dffe9701] |
|
|
|
* NEWS, configure, configure.ac: |
|
Update for sudo 1.8.9p3 |
|
[22e5a6f69999] |
|
|
|
* plugins/sudoers/logwrap.c: |
|
Remove dead store; found by cppcheck |
|
[a59833af3401] |
|
|
|
2014-01-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/sesh.c: |
|
Quiet a cppcheck warning about a negative subscript. |
|
[ab98b72f5bdf] |
|
|
|
* src/exec_common.c, src/selinux.c, src/sesh.c, src/sudo_exec.h: |
|
Make noexec parameter to sudo_execve() bool. |
|
[daa75e4c248a] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Quiet a few innocuous cppcheck warnings. |
|
[90ffa16d27b1] |
|
|
|
* plugins/sudoers/sssd.c: |
|
Handle in_res being NULL for sudo_debug_printf() in |
|
sudo_sss_filter_result(). |
|
[8595cc05d2a8] |
|
|
|
* plugins/sudoers/iolog.c: |
|
When writing length to timing file, use %u not %d as it is unsigned. |
|
[a7f2fcb6919e] |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
Close export_fp in the error path too, but do not close stdout. |
|
[5c918718ab45] |
|
|
|
* plugins/sudoers/auth/secureware.c: |
|
Move right brace outside #ifdef HAVE_DISPCRYPT; found by cppcheck. |
|
[f2619d2eb7a8] |
|
|
|
2014-01-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/group_file/plugin_test.c: |
|
Make this compile again |
|
[f0ff8df475e8] |
|
|
|
* common/term.c: |
|
Add suppression line to quiet a bogus (inconclusive) cppcheck |
|
warning. |
|
[065207271e5d] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Do not leak old istack if realloc fails; found by cppcheck. Also |
|
modify yyless() to avoid a harmless cppcheck warning every time it |
|
is used. |
|
[021077017a23] |
|
|
|
* Makefile.in, common/Makefile.in, compat/Makefile.in, |
|
doc/Makefile.in, include/Makefile.in, |
|
plugins/group_file/Makefile.in, plugins/sample/Makefile.in, |
|
plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, |
|
src/Makefile.in, zlib/Makefile.in: |
|
Add cppcheck target to run cppcheck on all source files. |
|
[d207c2ef49a2] |
|
|
|
2014-01-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.ac: |
|
Update for sudo 1.8.9p2 |
|
[2e7fe6e371a4] |
|
|
|
* config.h.in, configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, |
|
m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4: |
|
Update to libtool-2.4.2.418 |
|
[d1dbed89d733] |
|
|
|
* config.guess, config.sub: |
|
Update from http://git.savannah.gnu.org/gitweb/?p=config.git |
|
[2b5e32d23be5] |
|
|
|
2014-01-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
Sudo 1.8.9 also fixes bug #617 |
|
[cc5c18228719] |
|
|
|
2014-01-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS: |
|
The fix for the hang was already in the 1.8.9 tarballs. |
|
[f038ebcc1071] |
|
|
|
* NEWS, configure, configure.ac: |
|
Update for sudo 1.8.9p1 |
|
[732fca0003cf] |
|
|
|
* common/atobool.c, common/event.c, plugins/sudoers/iolog.c, |
|
plugins/sudoers/parse.h, src/exec.c, src/preserve_fds.c: |
|
Update copyright year. |
|
[fdeb5956810e] |
|
|
|
* plugins/sudoers/parse.h: |
|
Go back to making the bit fields in struct cmndtag explicitly |
|
signed. This fixes a problem on gcc 4.8 (at least) which appears to |
|
be treating the value as unsigned by default. |
|
[46b9a7bb10ac] |
|
|
|
* common/atobool.c: |
|
Use debug_return_int() instead of bare return for debugging support. |
|
[c273f822de5f] |
|
|
|
2014-01-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/event.c: |
|
Fix infinite loop that could be triggered by sudo_ev_loopbreak() and |
|
sudo_ev_loopcontinue(). |
|
[1723561c46b0] |
|
|
|
* NEWS: |
|
Update for 1.8.9 final. |
|
[d49c14d21410] |
|
|
|
2014-01-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/iolog.c: |
|
Handle a sequence file with no trailing newline. |
|
[aa29306e4f6d] |
|
|
|
2014-01-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/iolog.c: |
|
Truncate io log and timing files on open when recycling them. Only |
|
an issue when the sequence number wraps around. |
|
[01b2dfe15ff0] |
|
|
|
* plugins/sudoers/iolog.c: |
|
Repair reading of the iolog sequence number that got broken when |
|
adding stricter strtoul() checks. |
|
[e0f4a11c3437] |
|
|
|
* src/exec.c: |
|
If invoked as sudoedit we can't just exec the command directly since |
|
the temporary files need to be updated before sudo exits. |
|
[508503be1c4f] |
|
|
|
* src/preserve_fds.c: |
|
Fix restoration of the close-on-exec flag when moving a relocated fd |
|
back into its original position. |
|
[5572f1f8b48a] |
|
|
|
2014-01-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Add "see below" to reference "Secure editing" section in "Preventing |
|
shell escapes". |
|
[b2db990a36b3] |
|
|
|
2014-01-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Add initial "Secure editing" section. |
|
[0d7a192e0e25] |
|
|
|
* doc/LICENSE: |
|
Update copyright year. |
|
[4a639d9207a9] |
|
|
|
2013-12-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, src/po/eo.mo, |
|
src/po/eo.po, src/po/fi.mo, src/po/fi.po: |
|
sync with translationproject.org |
|
[5c15a411b10d] |
|
|
|
* plugins/sudoers/policy.c: |
|
Make user_cwd and user_tty dynamically allocated even for the |
|
"unknown" case. |
|
[015454bf97f8] |
|
|
|
2013-12-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.ac: |
|
Use -fstack-protector-strong in preference to -fstack-protector-all |
|
or -fstack-protector. |
|
[bdd1066eefc4] |
|
|
|
* doc/HISTORY: |
|
Dell acquired Quest |
|
[3d5b7d27a313] |
|
|
|
2013-12-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/ru.mo, |
|
src/po/ru.po, src/po/vi.mo, src/po/vi.po: |
|
sync with translationproject.org |
|
[f964671d08ce] |
|
|
|
2013-12-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, |
|
plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, |
|
plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/cs.mo, src/po/cs.po, src/po/da.mo, src/po/da.po, |
|
src/po/it.mo, src/po/it.po, src/po/pl.mo, src/po/pl.po, |
|
src/po/pt_BR.mo, src/po/pt_BR.po, src/po/uk.mo, src/po/uk.po, |
|
src/po/zh_CN.mo, src/po/zh_CN.po: |
|
sync with translationproject.org |
|
[5f5becf5fb7a] |
|
|
|
* doc/sudoers.ldap.cat: |
|
regen |
|
[77745e6bc0d5] |
|
|
|
* NEWS: |
|
Update for recent changes. |
|
[365b9084268a] |
|
|
|
* plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/visudo.c: |
|
Fix typo; we want setlocale(LC_ALL, "") since we are setting the |
|
locale for the first time. |
|
[e2b9660e9d48] |
|
|
|
2013-12-27 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/visudo.c: |
|
Use sudoers_initlocale() in main() startup, not sudoers_setlocal() |
|
as the latter assumes we are already in the user's locale which may |
|
not be the case. For sudoreplay, we can just use setlocale() |
|
directly as there is no sudoers locale. |
|
[12235e50dea0] |
|
|
|
2013-12-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/preserve_fds.c, src/sudo.c, src/sudo.h: |
|
Redo preserve_fds support to remap high fds so we can get the most |
|
out of closefrom(). The fds are then restored after closefrom(). |
|
[7d712ec49db7] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
Fix install-plugin when sudoers is compiled statically. |
|
[36a8bf3b588d] |
|
|
|
2013-12-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/sudo_debug.c, doc/sudo_plugin.cat, |
|
doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, |
|
include/sudo_debug.h, include/sudo_plugin.h, src/Makefile.in, |
|
src/exec.c, src/exec_pty.c, src/preserve_fds.c, src/sudo.c, |
|
src/sudo.h, src/sudo_exec.h: |
|
Add support for preventing fds from getting clobbered by |
|
closefrom(). |
|
[269f45964ff0] |
|
|
|
2013-12-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/Makefile.in: |
|
regen |
|
[b8f458379b5b] |
|
|
|
2013-12-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/alloc.c: |
|
Need to include limits.h here too. |
|
[b53c6edef597] |
|
|
|
2013-12-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* config.h.in, configure, configure.ac, plugins/sudoers/parse.h: |
|
No need to use __signed. |
|
[05f9648d1953] |
|
|
|
* plugins/sudoers/regress/logging/check_wrap.c: |
|
Need limits.h here too. |
|
[54aac3bbf66a] |
|
|
|
* compat/closefrom.c: |
|
Still need limits.h here. |
|
[0abc6b2be208] |
|
|
|
* plugins/sudoers/po/sudoers.pot: |
|
regen |
|
[386b47ced07f] |
|
|
|
* compat/closefrom.c: |
|
Go back to using /proc/self/fd instead of /proc/$$/fd as only AIX |
|
lacks /proc/self and it has F_CLOSEM. |
|
[b5735fbcfdce] |
|
|
|
2013-12-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
Use a switch to map digest type to name instead of an array of |
|
strings. |
|
[ab17ceb4dd60] |
|
|
|
* compat/closefrom.c: |
|
Use /dev/fd in closefrom() on FreeBSD < 8.0 and Mac OS X. |
|
[e70df3b3144b] |
|
|
|
* compat/snprintf.c: |
|
Remove _MAX and _MIN compat; we rely on missing.h for that. We |
|
already require the compiler handle long long so there's no need to |
|
use HAVE_LONG_LONG_INT everywhere. |
|
[2bda15071439] |
|
|
|
* common/ttysize.c, include/missing.h: |
|
Remove _MAX and _MIN defines that any system from the last 20 years |
|
should have. Add ULLONG_MAX in case it is missing. |
|
[2db0cee4aaa8] |
|
|
|
* doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, |
|
plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c: |
|
Change visudo -x to take a file name argument, which may be '-' to |
|
write the exported sudoers file to stdout. |
|
[84cb72c3c391] |
|
|
|
* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.y, plugins/sudoers/parse.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l, plugins/sudoers/visudo.c, |
|
plugins/sudoers/visudo_json.c, src/regress/ttyname/check_ttyname.c: |
|
Move symbol extern defs into sudoers.h |
|
[b631a0b57fae] |
|
|
|
* plugins/sudoers/regress/check_symbols/check_symbols.c, |
|
plugins/sudoers/regress/logging/check_wrap.c: |
|
Add missing sudo_util.h |
|
[ed0edc2e2d0c] |
|
|
|
2013-12-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Warn if the time stamp in the I/O log file does not fit in time_t. |
|
Warn if the info line is not well-formed instead of silently |
|
ignoring it. |
|
[37a050de5be5] |
|
|
|
2013-12-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in: |
|
Rename libcommon libsudo_util |
|
[df3ffd4229e5] |
|
|
|
2013-12-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/Makefile.in, common/aix.c, common/atobool.c, |
|
common/atoid.c, common/atomode.c, common/fmt_string.c, |
|
common/gidlist.c, common/progname.c, common/setgroups.c, |
|
common/sudo_conf.c, common/term.c, common/ttysize.c, |
|
include/missing.h, include/sudo_util.h, |
|
plugins/group_file/Makefile.in, plugins/group_file/getgrent.c, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.h, |
|
plugins/sudoers/sudoreplay.c, plugins/system_group/Makefile.in, |
|
plugins/system_group/system_group.c, src/Makefile.in, src/sudo.h: |
|
Move prototypes for functions provided by libcommon that don't have |
|
their own header files into sudo_util.h. |
|
[43f423a24416] |
|
|
|
2013-12-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/def_data.c, |
|
plugins/sudoers/def_data.h, plugins/sudoers/def_data.in, |
|
plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, |
|
plugins/sudoers/logging.c, plugins/sudoers/logging.h, |
|
plugins/sudoers/mkdefaults: |
|
Now that we have proper number parsing functions we should store |
|
T_UINT defaults values as unsigned int, not int. |
|
[67d8c2244f1d] |
|
|
|
* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h: |
|
Don't use int where we really mean enum def_tuple. When this code |
|
was written it was assumed that we may have multiple tuple types. |
|
However, that hasn't happened and probably never will. |
|
[8491f970f343] |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
Regen after string parsing changes. |
|
[fd6bf79c3286] |
|
|
|
* common/atoid.c, common/atomode.c, compat/strtonum.c, configure, |
|
configure.ac, include/missing.h, plugins/sudoers/defaults.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/sudoreplay.c, src/parse_args.c, src/ttyname.c: |
|
The OpenBSD strtonum() uses very short error strings that can't be |
|
translated usefully. Convert them to longer strings on error. Also |
|
use the longer strings for atomode() and atoid(). |
|
[dace028594da] |
|
|
|
2013-12-10 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/Makefile.in, common/atoid.c, common/atomode.c, |
|
plugins/sudoers/defaults.c, plugins/sudoers/policy.c, |
|
plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h: |
|
Add atomode() function for parsing a file mode. |
|
[44e29629aa5e] |
|
|
|
* common/sudo_conf.c, common/ttysize.c, compat/Makefile.in, |
|
compat/closefrom.c, compat/getaddrinfo.c, compat/strtonum.c, |
|
configure, configure.ac, include/missing.h, |
|
plugins/sudoers/boottime.c, plugins/sudoers/defaults.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/match_addr.c, plugins/sudoers/policy.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/sudoreplay.c, plugins/system_group/system_group.c, |
|
src/parse_args.c, src/sudo.c, src/ttyname.c: |
|
Use strtonum() instead of atoi(), strtol() or strtoul() where |
|
possible. |
|
[e4a1fc84b893] |
|
|
|
* MANIFEST, compat/Makefile.in, compat/strtonum.c, config.h.in, |
|
configure, configure.ac, include/missing.h, mkdep.pl: |
|
Add strtonum.c to compat for simpler number parsing. |
|
[a4c69b003da0] |
|
|
|
2013-12-09 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_common.c: |
|
Fix a warning on Solaris, we need to use debug_return_const_ptr. |
|
[932aa94c0cac] |
|
|
|
* plugins/sudoers/Makefile.in: |
|
check_symbols needs to link with SUDO_LIBS in order to get -lpthread |
|
on HP-UX for libldap (which uses threads). It would be better to |
|
have a separate variable for the pthread library but this is no |
|
worse than it used to be. |
|
[94591b765371] |
|
|
|
2013-12-08 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: |
|
add missing comma |
|
[7dcbd1c6dd25] |
|
|
|
* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in: |
|
Make -c option description more accurate. |
|
[3f305ae6037e] |
|
|
|
2013-12-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS, plugins/sudoers/sudoers.c: |
|
When checking whether a user may change the login class, just check |
|
pw_uid of the runas user, which was passed in to set_loginclass(). |
|
[aaf736440441] |
|
|
|
2013-12-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
Use atoid() when parsing user/group IDs and print them as unsigned |
|
int. |
|
[40c77459a36a] |
|
|
|
2013-12-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Correctly parse 64-bit times in I/O log files. |
|
[d053ee75adc3] |
|
|
|
* compat/getgrouplist.c, plugins/group_file/getgrent.c, |
|
plugins/sudoers/pwutil.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c: |
|
Use atoid() not atoi() when parsing uids/gids. |
|
[491146596626] |
|
|
|
* plugins/sudoers/match.c, plugins/sudoers/match_addr.c, |
|
plugins/sudoers/parse.h, plugins/sudoers/pwutil.c, |
|
plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c, |
|
plugins/sudoers/sudoers.h: |
|
Better match debugging. Sprinkle const in match functions. |
|
[4cd8d793f165] |
|
|
|
2013-12-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in, |
|
doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in, |
|
doc/sudo_plugin.cat, doc/sudo_plugin.man.in, |
|
doc/sudo_plugin.mdoc.in: |
|
Document that plugins can be compiled statically into the sudo |
|
binary. |
|
[434061cf909f] |
|
|
|
2013-12-03 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sssd.c: |
|
sudo_sss_filter_user_netgroup(): fix comment typos, break out of |
|
loop early if we match ALL or netgroup. |
|
[0691731f4b12] |
|
|
|
* plugins/sudoers/sssd.c: |
|
When filtering netgroups, use the passwd struct stashed in the |
|
handle, not user_name since we may be listing another users |
|
privileges. |
|
[f2669cf7b70c] |
|
|
|
* mkpkg: |
|
RHEL 6 and above builds sudo with SSSD support |
|
[afc3d894851e] |
|
|
|
* plugins/sudoers/sssd.c: |
|
Avoid passing NULL domainname to sudo_debug_printf(). |
|
[b08abe5e6d23] |
|
|
|
* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in: |
|
Document sssd debug subsystem. |
|
[250c3ab1bcf0] |
|
|
|
* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in: |
|
Document "event" debug subsystem. |
|
[85d220b48edc] |
|
|
|
* plugins/sudoers/match.c: |
|
Use atoid() instead of atoi() when parsing uids/gids so we get |
|
proper range checking. |
|
[5c3e2f3f6cb9] |
|
|
|
* plugins/sudoers/sssd.c: |
|
Add user netgroup filtering for SSSD. Previously, rules for a |
|
netgroup were applied to all even when they did not belong to the |
|
specified netgroup. RedHat Bugzilla 880150. |
|
[784848b5462c] |
|
|
|
* plugins/sudoers/sssd.c: |
|
Fix several issues found by the clang static analyzer; Daniel |
|
Kopecek |
|
[520261dd7461] |
|
|
|
2013-12-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* README.LDAP: |
|
Mention how to dump sudoers info from LDAP. |
|
[a53c93790a30] |
|
|
|
* src/exec_common.c: |
|
On Solaris, disabling the proc_exec privilege appears to interfere |
|
with DAC file permissions. Adding DAC override permissions to the |
|
inheritable set works around this for commands run as root without |
|
giving extra permissions to other users. Bug #626 |
|
[391ad44026c3] |
|
|
|
2013-12-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* MANIFEST, common/Makefile.in, common/progname.c, compat/Makefile.in, |
|
compat/getprogname.c, configure, configure.ac, include/missing.h, |
|
mkdep.pl, plugins/sample/sample_plugin.c, plugins/sudoers/policy.c, |
|
plugins/sudoers/regress/check_symbols/check_symbols.c, |
|
plugins/sudoers/regress/iolog_path/check_iolog_path.c, |
|
plugins/sudoers/regress/logging/check_wrap.c, |
|
plugins/sudoers/regress/parser/check_addr.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/visudo.c, src/parse_args.c, |
|
src/regress/ttyname/check_ttyname.c, src/sudo.c: |
|
Instead of setprogname(), add initprogname() which gets the program |
|
name for getprogname() using /proc or pstat() if possible. |
|
[e2d48d81456f] |
|
|
|
2013-11-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/ttyname.c: |
|
Ignore EOVERFLOW from pstat_getproc(). The HP-UX kernel appears to |
|
return this in certain situations but it appears to be harmless at |
|
least insofar as retrieving the tty goes. |
|
[105bea4e1c20] |
|
|
|
* plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po, |
|
plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, |
|
plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, |
|
plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, |
|
plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, |
|
plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, |
|
plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, |
|
plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, |
|
plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, |
|
src/po/cs.mo, src/po/cs.po, src/po/eo.mo, src/po/eo.po, |
|
src/po/fi.mo, src/po/fi.po, src/po/it.mo, src/po/it.po, |
|
src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po, |
|
src/po/ru.mo, src/po/ru.po, src/po/uk.mo, src/po/uk.po, |
|
src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po: |
|
Sync with translationproject.org |
|
[3694d7ad4c9d] |
|
|
|
2013-11-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo.c: |
|
Add missing newline in help message after export option. |
|
[1c0bff0c181e] |
|
|
|
2013-11-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.ac, plugins/sudoers/Makefile.in, |
|
src/Makefile.in: |
|
Do not add LIBDL to SUDO_LIBS or SUDOERS_LIBS in configure, do it in |
|
Makefile.in so we can make it last. Fixes a linking problem on |
|
Ubuntu precise. |
|
[f8d3bddbe742] |
|
|
|
2013-11-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, m4/ax_func_getaddrinfo.m4: |
|
Do not rely on NULL being defined for getaddrinfo() test. Fixes the |
|
check on HP-UX 11.23. |
|
[a5dcf0283693] |
|
|
|
2013-11-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot: |
|
Regen for sudo 1.8.9b1 |
|
[945f27a7aa1c] |
|
|
|
* src/po/de.mo, src/po/de.po, src/po/sr.mo, src/po/sr.po: |
|
Sync with translationproject.org |
|
[52abae16ccfa] |
|
|
|
2013-11-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* INSTALL, MANIFEST, NEWS, common/Makefile.in, common/sudo_dso.c, |
|
compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c, config.h.in, |
|
configure, configure.ac, include/sudo_dso.h, mkdep.pl, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/group_plugin.c, |
|
plugins/sudoers/ldap.c, |
|
plugins/sudoers/regress/check_symbols/check_symbols.c, |
|
plugins/sudoers/sssd.c, plugins/system_group/Makefile.in, |
|
plugins/system_group/system_group.c, src/Makefile.in, |
|
src/env_hooks.c, src/load_plugins.c, src/preload.c, src/sudo.c, |
|
src/sudo.h: |
|
Add wrapper functions for dlopen() et al so that we can support |
|
statically compiling in the sudoers plugin but still allow other |
|
plugins to be loaded. The new --enable-static-sudoers configure |
|
option will cause the sudoers plugin to be compiled statically into |
|
the sudo binary. This does not prevent other plugins from being |
|
loaded as per sudo.conf. |
|
[9425770e9d2b] |
|
|
|
2013-11-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
Handle non-unix groups correctly. Get rid of runasuser and |
|
runasgroup types and use username and usergroup instead. The fact |
|
that the user or group is inside a Runas_List doesn't affect its |
|
underlying type. |
|
[ea1789258c11] |
|
|
|
2013-11-20 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
Simplify Defaults list option object. The name and value strings are |
|
superfluous. |
|
[5852b0184669] |
|
|
|
* compat/dlopen.c: |
|
Back out unintended change. |
|
[85156e49e96e] |
|
|
|
* MANIFEST, aclocal.m4, configure, configure.ac, |
|
m4/ax_func_getaddrinfo.m4: |
|
Add dedicated test for getaddrinfo(). Tru64 UNIX contains two |
|
versions of getaddrinfo and we must include netdb.h to get the |
|
proper definition. |
|
[9882e3e1e8e3] |
|
|
|
* compat/dlopen.c, |
|
plugins/sudoers/regress/check_symbols/check_symbols.c: |
|
Define RTLD_GLOBAL for older systems without it. Bug #621 |
|
[ed38ac84f1da] |
|
|
|
2013-11-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* compat/snprintf.c, include/missing.h: |
|
Rename snprintf replacement rpl_snprintf since we may now replace |
|
the libc version and #define rpl_snprintf snprintf in missing.h so |
|
we get our version when needed. This is consistent with how we |
|
replace glob and fnmatch. |
|
[309aa17d0dfe] |
|
|
|
* common/Makefile.in, common/regress/sudo_conf/conf_test.c, |
|
common/regress/sudo_parseln/parseln_test.c, |
|
common/regress/tailq/hltq_test.c, src/Makefile.in: |
|
libcommon tests need locale_stub.lo to link. |
|
[baae40f36de5] |
|
|
|
* MANIFEST, aclocal.m4, compat/snprintf.c, config.h.in, configure, |
|
configure.ac, m4/ax_func_snprintf.m4: |
|
Add check for C99 compliant (v)snprintf function. |
|
[79e02551543c] |
|
|
|
* compat/sig2str.c, configure, configure.ac: |
|
Include unistd.h in sig2str.c for Tru64 as it defines SIGRTMIN and |
|
SIGRTMAX in terms of sysconf(), which is prototyped in unistd.h. Bug |
|
#621; from Daniel Richard G. |
|
[2a59ccb8c966] |
|
|
|
* include/gettext.h, plugins/sudoers/locale.c, src/locale_stub.c: |
|
Add definition of U_ for --disable-nsl Don't define warning_gettext |
|
if --disable-nsl Bug #621; from Daniel Richard G. |
|
[c0054eb89c2b] |
|
|
|
2013-11-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
When merging Defaults entries we need to check the type of the next |
|
entry and not just assume it is the same as the previous one. |
|
[e97d9b9cf0d5] |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
runasgroups not runasgroup in the Cmnd_Spec. |
|
[92ea5dc20e4d] |
|
|
|
* plugins/sudoers/visudo_json.c: |
|
Fix some syntax errors and change how lists are handled. |
|
[027b8dea44b2] |
|
|
|
* common/sudo_debug.c, config.h.in, configure, configure.ac, |
|
include/fatal.h, include/sudo_debug.h: |
|
Allow sudo to compile without variadic macro support in cpp. |
|
Debugging support will be limited (no file info from warnings.) From |
|
Daniel Richard G.; Bug #621 |
|
[51b8b868cd4b] |
|
|
|
* Makefile.in, common/aix.c, common/fatal.c, common/gidlist.c, |
|
common/sudo_conf.c, include/fatal.h, include/gettext.h, |
|
include/missing.h, plugins/sudoers/auth/fwtk.c, |
|
plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c, |
|
plugins/sudoers/bsm_audit.c, plugins/sudoers/defaults.c, |
|
plugins/sudoers/env.c, plugins/sudoers/group_plugin.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c, |
|
plugins/sudoers/logging.c, plugins/sudoers/match.c, |
|
plugins/sudoers/policy.c, plugins/sudoers/prompt.c, |
|
plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c, |
|
plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c, |
|
plugins/sudoers/timestamp.c, plugins/sudoers/toke.c, |
|
plugins/sudoers/toke.l, plugins/sudoers/toke_util.c, |
|
plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, src/exec.c, |
|
src/exec_common.c, src/exec_pty.c, src/load_plugins.c, |
|
src/locale_stub.c, src/net_ifs.c, src/parse_args.c, src/selinux.c, |
|
src/sesh.c, src/signal.c, src/solaris.c, src/sudo.c, |
|
src/sudo_edit.c, src/tgetpass.c, src/utmp.c: |
|
Add warning_gettext() wrapper function that changes to the user |
|
locale, then calls gettext(). Add U_ macro that calls |
|
warning_gettext() instead of gettext(). Rename warning2()/error2() |
|
back to warning_nodebug()/error_nodebug(). |
|
[f3bb207db201] |
|
|
|
2013-11-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/fileops.c, compat/getaddrinfo.c, compat/mktemp.c, |
|
compat/utimes.c, configure.ac, plugins/sudoers/boottime.c, |
|
plugins/sudoers/check.c, plugins/sudoers/getdate.c, |
|
plugins/sudoers/getdate.y, plugins/sudoers/group_plugin.c, |
|
plugins/sudoers/iolog.c, plugins/sudoers/ldap.c, |
|
plugins/sudoers/logging.h, plugins/sudoers/sssd.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, |
|
plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/preload.c, |
|
src/sudo.c, src/sudo_edit.c, src/ttyname.c, src/utmp.c: |
|
Fix some #if vs. #ifdef and remove an extraneous semicolon. Bug |
|
#624; from Daniel Richard G. |
|
[b212e4694018] |
|
|
|
* include/sudo_debug.h, plugins/sudoers/defaults.c, |
|
plugins/sudoers/ldap.c, src/exec_common.c: |
|
Add debug_return_const_str and debug_return_const_ptr for returning |
|
a const string or pointer. Using const for the normal versions |
|
produces warnings with the Tru64 compiler. |
|
[45018a149cb4] |
|
|
|
* common/event_poll.c, compat/getaddrinfo.c, config.h.in, configure, |
|
configure.ac, m4/sudo.m4: |
|
Fixes for building under Tru64; from Daniel Richard G. Bug #624 |
|
[fc4a6cbae1ba] |
|
|
|
2013-11-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/logging.c: |
|
log_{fatal,warning} now logs to the debug file itself. |
|
log_{fatal,warning} now calls warningx2() after setting the locale |
|
itself instead of using the wrapper macros. This removes the only |
|
use of warningx(ngettext(...)). |
|
[930129361e0a] |
|
|
|
2013-11-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* configure, configure.ac: |
|
Add -Wpointer-arith to --enable-warnings |
|
[2043ae306d1b] |
|
|
|
* configure, configure.ac: |
|
Fix more instances of #include directives where the '#' was not in |
|
column 1. From Daniel Richard G. (bug #622) |
|
[75f36f39dcab] |
|
|
|
* MANIFEST, doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/visudo.c, |
|
plugins/sudoers/visudo_json.c: |
|
Add support to visudo to export sudoers in JSON format. |
|
[1697b2b4bfd2] |
|
|
|
2013-11-13 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/parse.h: |
|
Remove unused digest field from struct cmndspec, the digest really |
|
lives in struct sudo_command. |
|
[e9a1e2e112d6] |
|
|
|
* config.h.in, configure: |
|
Regen with autoconf 2.69 |
|
[275f69f98f9e] |
|
|
|
* MANIFEST, Makefile.in, config.h.in, configure.ac, configure.in, |
|
doc/Makefile.in: |
|
Rename configure.in -> configure.ac |
|
[0aeafe425373] |
|
|
|
* MANIFEST, aclocal.m4, autogen.sh, config.h.in, configure, |
|
configure.in, ltmain.sh, m4/sudo.m4: |
|
From Daniel Richard G. (bug #622) Add an autogen.sh script that |
|
rebuilds the autoconf world. Move old aclocal.m4 contents to |
|
m4/sudo.m4. New (generayed) aclocal.m4 contains the m4_include |
|
directives. Some tests had #include directives where the '#' was not |
|
in column 1. Updated obsolete macro usage via autoupdate. |
|
[5fe8de5a56df] |
|
|
|
2013-11-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/sudo_exec.h: |
|
Very old systems (pre XPG 4.2) may not support MSG_WAITALL. The |
|
likelihood of receiving a partial message is quite low so this is |
|
not a big deal. |
|
[900a304f9548] |
|
|
|
* configure, configure.in: |
|
HP-UX may require _XOPEN_SOURCE_EXTENDED to be defined for |
|
MSG_WAITALL to be visible. |
|
[f08b1a00a30a] |
|
|
|
* MANIFEST, plugins/sudoers/regress/visudo/test5.out.ok, |
|
plugins/sudoers/regress/visudo/test5.sh: |
|
Add regress test for bug #623 |
|
[8e83cfccaf14] |
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
|
Cope with a comment on the last line of the file with no newline. |
|
Bug #623 |
|
[f826243bc4e6] |
|
|
|
* compat/getaddrinfo.c: |
|
Include arpa/inet.h for HP-UX; from Daniel Richard G. |
|
[d4d7a4303bae] |
|
|
|
* doc/Makefile.in: |
|
Add missing $(mansrcdir) to visudo.mdoc and visudo.man. From Daniel |
|
Richard G. |
|
[f664c8d2f961] |
|
|
|
2013-11-11 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* include/fatal.h: |
|
In v{warning,fatal}x?() make a new copy of ap for the debug |
|
functions. It is not legal to use ap twice without reinitializing |
|
it. Noticed by Daniel Richard G. |
|
[6ca8bc48ecb3] |
|
|
|
* include/fatal.h: |
|
Remove errant warning_restore_locale() call. |
|
[4ef7aecefcbb] |
|
|
|
* include/missing.h, plugins/sudoers/logging.c: |
|
Move va_copy compat macro to missing.h |
|
[c873e4cc4c8a] |
|
|
|
* common/Makefile.in, compat/Makefile.in, mkdep.pl, |
|
plugins/group_file/Makefile.in, plugins/sample/Makefile.in, |
|
plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, |
|
src/Makefile.in, zlib/Makefile.in: |
|
Uniquify header dependencies so we don't end up with duplicates when |
|
a header file includes other headers. The header dependencies are |
|
sorted so the generated order is stable. |
|
[95747db2f07a] |
|
|
|
* compat/Makefile.in, configure, configure.in, doc/CONTRIBUTORS, |
|
mkdep.pl: |
|
Add getaddrinfo.lo to LTLIBOBJS for systems that need it. From |
|
Daniel Richard G. |
|
[e94ee99a52a9] |
|
|
|
* plugins/sudoers/testsudoers.c: |
|
Fix pasto |
|
[5262735e78e0] |
|
|
|
2013-11-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoers.mdoc.in: |
|
Fix typo. |
|
[6b11a4eec6b6] |
|
|
|
2013-11-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/getdate.c, plugins/sudoers/gram.c: |
|
regen |
|
[995ca9f21862] |
|
|
|
* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c: |
|
Fix warnings from -Wold-style-definition |
|
[a748c5c7b423] |
|
|
|
* configure, configure.in: |
|
Add -Wold-style-definition to --enable-warnings |
|
[0484de0deb59] |
|
|
|
* common/event_poll.c: |
|
Extra debugging for ready fds. |
|
[91fb85cdecbb] |
|
|
|
* common/event_select.c: |
|
When deleting an event, check ev->events to determine whether to |
|
remove from readfds or writefds instead of blinding removing from |
|
both. Also fix highfd adjustment. |
|
[7384db65ca9c] |
|
|
|
2013-11-02 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/event_select.c: |
|
Only check an fd that is >= 0. Timeout-only events may have a |
|
negative fd. |
|
[fa0e5cbc3cc2] |
|
|
|
2013-11-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/event.c: |
|
Don't call sudo_ev_{add,del}_impl() for timeout-only events. This |
|
makes it possible to pass sudo_ev_alloc() an fd of -1 for events |
|
only use SUDO_EV_TIMEOUT. |
|
[6838657a1a2f] |
|
|
|
2013-10-31 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/alloc.c, common/event_select.c, include/sudo_event.h: |
|
Make a copy of readfds/writefds before calling select() instead of |
|
calculating it each time. Keep track of high fd in the base. |
|
[6048b78f2e94] |
|
|
|
2013-10-30 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/CONTRIBUTORS: |
|
Add Stephen Gelman |
|
[0028c7a91a4f] |
|
|
|
* plugins/sudoers/getdate.c, plugins/sudoers/gram.c: |
|
Fix sign comparison warning. |
|
[914cb36b9ed2] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Fix potential NULL dereference in non-interactive mode. |
|
[9233428d3f32] |
|
|
|
2013-10-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c, src/exec_pty.c: |
|
Use MSG_WAITALL when receiving struct command_status over the Unix |
|
domain socket since we no longer use datagrams. This should avoid |
|
the need to handle incomplete reads, though in theory it is still |
|
possible. |
|
[28a92888a908] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
SIGKILL is not catchable |
|
[79f82e4cb11d] |
|
|
|
* common/event.c, include/sudo_event.h, plugins/sudoers/sudoreplay.c: |
|
Add sudo_ev_get_timeleft() to get the amount of time left before an |
|
event times out and use it in sudoreplay. |
|
[d5b17ee30fa4] |
|
|
|
2013-10-28 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, |
|
plugins/sudoers/sudoreplay.c: |
|
If the user presses <return> or <enter> in sudoreplay, skip to the |
|
next event. Useful for skipping past long pauses in the data. |
|
[43343f45c94d] |
|
|
|
* common/event.c, common/event_poll.c, common/event_select.c: |
|
Fix sudo_ev_scan_impl() return value in event_poll.c. Make sure we |
|
clear active flag from unprocessed events if sudo_ev_loopbreak() or |
|
sudo_ev_loopcontinue() are used. Remove bogus optimization when the |
|
timeout is zero or negative; it could prevent an I/O event from |
|
being triggered. |
|
[a13603fb3134] |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Move session replay into its own function. |
|
[e323f7729595] |
|
|
|
* common/event.c, common/event_poll.c, common/event_select.c, |
|
include/sudo_event.h: |
|
Get rid of cur and pending pointers in struct sudo_event_base. We |
|
now pop the first event off the active queue instead of using a |
|
foreach loop with deferred removal of the event. Add |
|
SUDO_EVQ_INSERTED and SUDO_EVQ_TIMEOUTS flags to indicate that the |
|
event on the event queue and timeouts queue respectively. No longer |
|
need to compare the timeout to {0,0} or compare the event's base |
|
pointer to NULL to determine queue membership. |
|
[f2b2251fd523] |
|
|
|
* common/event_poll.c: |
|
rename sudo_ev_loop_impl() -> sudo_ev_scan_impl() |
|
[614faaff04e3] |
|
|
|
* MANIFEST, common/event.c, common/event_poll.c, |
|
common/event_select.c, compat/Makefile.in, compat/nanosleep.c, |
|
config.h.in, configure, configure.in, include/missing.h, |
|
include/sudo_event.h, mkdep.pl, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/sudoreplay.c, src/exec.c, src/exec_pty.c: |
|
Add support for libevent-style timed events. Adding a timed event is |
|
currently O(n). The only consumer of timed events is sudoreplay |
|
which only used a singled one so O(n) == O(1) for now. This also |
|
allows us to remove the nanosleep compat function as we now use a |
|
timeout event instead. |
|
[db41c08e92dc] |
|
|
|
2013-10-26 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec.c, src/exec_pty.c: |
|
Now that sudo_ev_base_free() removes all events before freeing we |
|
don't need to do this by hand. |
|
[b59d43658c5f] |
|
|
|
* common/event.c, common/event_poll.c, common/event_select.c, |
|
include/sudo_event.h: |
|
Add a list of active events in the base that the back end sets when |
|
it calls poll or select. This allows the front end to iterate over |
|
the events instead of having that code in both back ends. It will |
|
also simplify support for timeout events. Also make sure we can't |
|
touch freed memory if a callback frees its own event. |
|
[933b99b3f2bc] |
|
|
|
* common/event.c: |
|
Remove any existing events before freeing the event base. |
|
[2543c6620cf1] |
|
|
|
2013-10-25 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_pty.c: |
|
mon_handler() should be static |
|
[b1a62ef65c96] |
|
|
|
2013-10-24 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
If user specified start_tls and ldaps, display a warning and ignore |
|
start_tls. There's no reason to make this a fatal error. |
|
[bf446dd1e740] |
|
|
|
* src/exec_pty.c: |
|
Add missing else when the connection from the monitor to the parent |
|
sudo process is broken (due to the parent dying). Prevents a |
|
spurious "unexpected reply type on backchannel" warning. |
|
[5c44053cef08] |
|
|
|
* src/exec_pty.c: |
|
When flushing output we don't care whether we are the foreground |
|
process or not, we still need to flush to /dev/tty. If we are in the |
|
background, it is OK to get SIGTTOU. |
|
[9716892d1fb5] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Should not attempt start_tls on an ldaps connection. |
|
[9d01d461c52c] |
|
|
|
2013-10-23 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/regress/parser/check_fill.c: |
|
Fix sign compare warning. |
|
[6130fa8df758] |
|
|
|
* doc/Makefile.in: |
|
Eliminate warning about circular dependency from GNU make. |
|
[7ed5df762089] |
|
|
|
* plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c, |
|
src/ttyname.c: |
|
More sign compare fixes. On Solaris id_t is signed so use uid_t in |
|
the set_perms.c ID macro instead. |
|
[8166dcc50d0b] |
|
|
|
* common/fileops.c, common/lbuf.c, common/secure_path.c, |
|
common/sudo_debug.c, include/secure_path.h, |
|
plugins/sudoers/find_path.c, plugins/sudoers/getdate.c, |
|
plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.h, |
|
plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c, |
|
plugins/sudoers/ldap.c, plugins/sudoers/logging.c, |
|
plugins/sudoers/match_addr.c, plugins/sudoers/parse.h, |
|
plugins/sudoers/policy.c, plugins/sudoers/prompt.c, |
|
plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c, |
|
plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l, |
|
plugins/sudoers/toke_util.c, src/load_plugins.c, src/sudo.c, |
|
src/ttyname.c: |
|
Quiet sign comparision warnings. |
|
[e34f45dad10c] |
|
|
|
* configure, configure.in: |
|
Add -Wsign-compare to --enable-warnings |
|
[d560e274a6ae] |
|
|
|
* plugins/sudoers/ldap.c: |
|
Ignore SIGPIPE when connecting to the LDAP server so we can get a |
|
proper error message with the IBM LDAP libs. Also return |
|
LDAP_SUCCESS instead of 0 from most sudo_ldap_* functions that |
|
return an int. |
|
[611a4ed9b8ee] |
|
|
|
* plugins/sudoers/regress/parser/check_base64.c, |
|
plugins/sudoers/regress/parser/check_digest.c: |
|
Quiet compiler warnings. |
|
[7d82dcca7126] |
|
|
|
2013-10-22 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/ldap.c: |
|
sudo_ldap_parse_uri() should join multiple URIs in the string list |
|
together but it was clearing the host entry each time through the |
|
loop. Fixes a bug with multiple URI entries in ldap.conf where only |
|
the last one was being honored. |
|
[83cee19b136d] |
|
|
|
* src/exec_pty.c: |
|
Avoid a double free introduced when plugging a memory leak in |
|
safe_close(). A new ev_free_by_fd() function is used to remove and |
|
free any events sharing the specified fd. This can be used after |
|
safe_close() to make sure we don't try to select() on a closed fd. |
|
[54f48a281147] |
|
|
|
* plugins/sudoers/gram.c, plugins/sudoers/gram.y, src/exec.c: |
|
Quiet some llvm check false positives. The common idiom of using |
|
TAILQ_FIRST, TAILQ_REMOVE and free in a loop to free each entry in a |
|
TAILQ confuses llvm. Use TAILQ_FOREACH_SAFE instead (which is |
|
probably faster anyway). |
|
[bd1b8c11f416] |
|
|
|
* plugins/sudoers/auth/pam.c: |
|
If pam_open_session() fails don't call pam_getenvlist() with a NULL |
|
pam handle. |
|
[352e0329acba] |
|
|
|
* plugins/sudoers/defaults.c: |
|
Fix newly introduced use after frees found by llvm checker. |
|
[a81080230f1f] |
|
|
|
* common/event_select.c: |
|
Remove an errant list_next() call that should have been removed in |
|
the TAILQ conversion. |
|
[3bbf8d117ce4] |
|
|
|
* MANIFEST, common/Makefile.in, common/list.c, |
|
common/regress/tailq/hltq_test.c, include/list.h, include/queue.h, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/alias.c, |
|
plugins/sudoers/defaults.c, plugins/sudoers/gram.c, |
|
plugins/sudoers/gram.y, plugins/sudoers/match.c, |
|
plugins/sudoers/parse.c, plugins/sudoers/parse.h, |
|
plugins/sudoers/regress/parser/check_fill.c, |
|
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: |
|
Add "headless" tail queues and use them in place of the semi- |
|
circular lists in sudoers. Once the headless tail queue is built up |
|
it is converted to a normal TAILQ. This removes the last consumer of |
|
list.c and list.h so those can now be removed. |
|
[5986ba762a24] |
|
|
|
* common/Makefile.in, common/fatal.c, plugins/sudoers/Makefile.in, |
|
plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, |
|
plugins/sudoers/env.c, plugins/sudoers/interfaces.c, |
|
plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c, |
|
plugins/sudoers/match_addr.c, plugins/sudoers/sudoreplay.c, |
|
plugins/sudoers/toke.c, plugins/sudoers/toke.l, |
|
plugins/sudoers/visudo.c, src/Makefile.in, src/exec_pty.c, |
|
src/hooks.c: |
|
Use SLIST and STAILQ macros instead of doing headless singly linked |
|
lists manually. As a bonus we now use a tail queue for ldap.c and |
|
sudoreplay.c. |
|
[c31bc2d99082] |
|
|
|
* MANIFEST, common/Makefile.in, common/event.c, common/event_poll.c, |
|
common/event_select.c, common/list.c, |
|
common/regress/sudo_conf/conf_test.c, common/sudo_conf.c, |
|
doc/LICENSE, include/list.h, include/missing.h, include/queue.h, |
|
include/sudo_conf.h, include/sudo_event.h, |
|
plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c, |
|
plugins/sudoers/parse.c, plugins/sudoers/parse.h, |
|
plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c, |
|
plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.c, |
|
plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, |
|
src/Makefile.in, src/exec.c, src/exec_pty.c, src/load_plugins.c, |
|
src/sudo.c, src/sudo.h, src/sudo_plugin_int.h: |
|
Convert sudo to use BSD TAILQ macros instead of home ground tail |
|
queue functions. This includes a private queue.h header derived from |
|
FreeBSD. It is simpler to just use our own header rather than try to |
|
deal with macros that may or may not be present in various queue.h |
|
incarnations. |
|
[450bce095d7c] |
|
|
|
2013-10-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Fix AND operator broken by changes to fix OR. |
|
[a4d3485ee943] |
|
|
|
2013-10-19 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/sudoreplay.c: |
|
Fix OR operator. |
|
[f5c1c90ee284] |
|
|
|
2013-10-18 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_pty.c: |
|
Fix memory leak of I/O buffer events in safe_close(). |
|
[08cd790cfbba] |
|
|
|
2013-10-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_debug.c: |
|
Don't allow the debug subsystem to be initialized twice. Otherwise |
|
we can exhuast our stack when built in static mode. |
|
[fadacb6a4617] |
|
|
|
* common/event_poll.c: |
|
Make sure we do not try to usie index -1 in base->pfds[]. |
|
[beeb922aba3f] |
|
|
|
2013-10-14 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* NEWS, configure, configure.in: |
|
Bump version to 1.8.9 |
|
[758dbb464796] |
|
|
|
2013-10-12 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* src/exec_pty.c: |
|
Convert the monitor process to the event subsystem. |
|
[c4fe8e2ba53c] |
|
|
|
* src/exec.c, src/exec_pty.c, src/sudo_exec.h: |
|
Convert the main sudo event loop to use the event subsystem. Read |
|
events for I/O buffers are added before the loop starts. Write |
|
events are added on demand as the buffers are filled. |
|
[72a603e997e0] |
|
|
|
* INSTALL, MANIFEST, common/Makefile.in, common/event.c, |
|
common/event_poll.c, common/event_select.c, common/list.c, |
|
common/sudo_debug.c, config.h.in, configure, configure.in, |
|
include/list.h, include/sudo_debug.h, include/sudo_event.h, |
|
mkdep.pl, plugins/sudoers/Makefile.in, src/Makefile.in, |
|
src/exec_pty.c: |
|
Simple event subsystem that uses poll() or select(). Basically a |
|
simplied subset of libevent2. Currently only fd events are supported |
|
(since that's all we need). The poll() backend is used by default, |
|
except on Mac OS X where poll() is broken for devices (including |
|
/dev/tty and ptys). |
|
[8773142b4117] |
|
|
|
* src/exec.c, src/exec_pty.c: |
|
Use SOCK_STREAM for socketpair, not SOCK_DGRAM so we get consistent |
|
semantics when the other end closes. This should make the conversion |
|
to poll() less problematic. |
|
[b6a321722a91] |
|
|
|
2013-10-06 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* common/sudo_debug.c: |
|
Fix removal of trailing newlines in a debug message. |
|
[6f5ce5ac64e0] |
|
|
|
2013-10-04 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
|
* plugins/sudoers/visudo.c: |
|
When checking for unused Runas_Aliases, count those used as part of |
|
a Runas Group too. Fixes a false positive warning. |
|
[f13271a4a377] |
|
|
2013-09-29 Todd C. Miller <Todd.Miller@courtesan.com> |
2013-09-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* include/missing.h: |
* include/missing.h: |
Line 182
|
Line 2225
|
|
|
* plugins/sudoers/ldap.c: |
* plugins/sudoers/ldap.c: |
Fix error display from ldap_ssl_client_init(). There are two error |
Fix error display from ldap_ssl_client_init(). There are two error |
codes. The return value can be decoded via ldap_err2string() but | codes. The return value can be decoded via ldap_err2string() but the |
the ssl reason code cannot (you have to look it up in a table | ssl reason code cannot (you have to look it up in a table online). |
online). | |
[0267125ce9f0] |
[0267125ce9f0] |
|
|
2013-08-19 Todd C. Miller <Todd.Miller@courtesan.com> |
2013-08-19 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 330
|
Line 2372
|
[3a3827f10f04] |
[3a3827f10f04] |
|
|
* common/sudo_debug.c, include/sudo_debug.h: |
* common/sudo_debug.c, include/sudo_debug.h: |
Add support to the debug subsystem for zero-length strings. This | Add support to the debug subsystem for zero-length strings. This can |
can happen for things like warning(NULL) or fatal(NULL) where we | happen for things like warning(NULL) or fatal(NULL) where we just |
just want to log the errno string. | want to log the errno string. |
[3ed739c5cc91] |
[3ed739c5cc91] |
|
|
* include/error.h: |
* include/error.h: |
Line 392
|
Line 2434
|
plugins/sudoers/logging.c, plugins/sudoers/match.c, |
plugins/sudoers/logging.c, plugins/sudoers/match.c, |
plugins/sudoers/policy.c, plugins/sudoers/sudo_nss.c, |
plugins/sudoers/policy.c, plugins/sudoers/sudo_nss.c, |
plugins/sudoers/sudoers.h: |
plugins/sudoers/sudoers.h: |
Add limited support for "sudo -l -h other_host". Since group | Add limited support for "sudo -l -h other_host". Since group lookups |
lookups are done on the local host, rules that use group membership | are done on the local host, rules that use group membership may be |
may be incorrect if the group database is not synchronized between | incorrect if the group database is not synchronized between hosts. |
hosts. | |
[2c8b222a5f7f] |
[2c8b222a5f7f] |
|
|
* src/parse_args.c: |
* src/parse_args.c: |
Line 516
|
Line 2557
|
|
|
* plugins/sudoers/atoid.c: |
* plugins/sudoers/atoid.c: |
Add atoid() function to convert a string to an id_t (uid, gid or |
Add atoid() function to convert a string to an id_t (uid, gid or |
pid). We have to be careful to choose() either strtol() or | pid). We have to be careful to choose() either strtol() or strtoul() |
strtoul() depending on whether the string appears to be signed or | depending on whether the string appears to be signed or unsigned. |
unsigned. Always using strtoul() is unsafe on 64-bit platforms since | Always using strtoul() is unsafe on 64-bit platforms since the uid |
the uid might be represented as a negative number and (unsigned | might be represented as a negative number and (unsigned long)-1 on a |
long)-1 on a 64-bit system is 0xffffffffffffffff not 0xffffffff. | 64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem |
Fixes a problem with uids larger than 0x7fffffff on 32-bit | with uids larger than 0x7fffffff on 32-bit platforms. |
platforms. | |
[5d818e399157] |
[5d818e399157] |
|
|
* MANIFEST, config.h.in, configure, configure.in, |
* MANIFEST, config.h.in, configure, configure.in, |
plugins/sudoers/Makefile.in, plugins/sudoers/policy.c, |
plugins/sudoers/Makefile.in, plugins/sudoers/policy.c, |
plugins/sudoers/sudoers.h: |
plugins/sudoers/sudoers.h: |
Add atoid() function to convert a string to an id_t (uid, gid or |
Add atoid() function to convert a string to an id_t (uid, gid or |
pid). We have to be careful to choose() either strtol() or | pid). We have to be careful to choose() either strtol() or strtoul() |
strtoul() depending on whether the string appears to be signed or | depending on whether the string appears to be signed or unsigned. |
unsigned. Always using strtoul() is unsafe on 64-bit platforms since | Always using strtoul() is unsafe on 64-bit platforms since the uid |
the uid might be represented as a negative number and (unsigned | might be represented as a negative number and (unsigned long)-1 on a |
long)-1 on a 64-bit system is 0xffffffffffffffff not 0xffffffff. | 64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem |
Fixes a problem with uids larger than 0x7fffffff on 32-bit | with uids larger than 0x7fffffff on 32-bit platforms. |
platforms. | |
[cd92246a710f] |
[cd92246a710f] |
|
|
* plugins/sudoers/sudoers.c: |
* plugins/sudoers/sudoers.c: |
Line 642
|
Line 2681
|
* plugins/sudoers/ldap.c, src/preload.c: |
* plugins/sudoers/ldap.c, src/preload.c: |
Now that the ldap code runs with the real and effective uid set to |
Now that the ldap code runs with the real and effective uid set to |
0, it is not possible for the gssapi libs to find the user's krb5 |
0, it is not possible for the gssapi libs to find the user's krb5 |
credential cache file. To work around this, we make a temporary | credential cache file. To work around this, we make a temporary copy |
copy of the user's credential cache specified by KRB5CCNAME (opened | of the user's credential cache specified by KRB5CCNAME (opened with |
with the user's effective uid) and point gssapi to it. To set the | the user's effective uid) and point gssapi to it. To set the |
credential cache file name, we dynamically look up |
credential cache file name, we dynamically look up |
gss_krb5_ccache_name() and use it if available, otherwise fall back |
gss_krb5_ccache_name() and use it if available, otherwise fall back |
to setting KRB5CCNAME. |
to setting KRB5CCNAME. |
Line 799
|
Line 2838
|
* INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING: |
* INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING: |
Restrict default creation of PIE binaries (-fPIE and -pie) to Linux. |
Restrict default creation of PIE binaries (-fPIE and -pie) to Linux. |
OpenBSD also supports PIE but enables it by default so we don't need |
OpenBSD also supports PIE but enables it by default so we don't need |
to do anything. This fixes problems on systems with a version of | to do anything. This fixes problems on systems with a version of GNU |
GNU ld that accepts -pie but where the run-time linker doesn't | ld that accepts -pie but where the run-time linker doesn't actually |
actually support PIE. Also verify that a trivial PIE binary works | support PIE. Also verify that a trivial PIE binary works unless PIE |
unless PIE is explicitly enabled. | is explicitly enabled. |
[3c5f125efeb1] |
[3c5f125efeb1] |
|
|
2013-05-24 Todd C. Miller <Todd.Miller@courtesan.com> |
2013-05-24 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 835
|
Line 2874
|
plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c: |
plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c: |
Replace sequence number-based cycle detection in visudo with a |
Replace sequence number-based cycle detection in visudo with a |
"used" flag in struct alias. The caller is required to call |
"used" flag in struct alias. The caller is required to call |
alias_put() when it is done with the alias. Inspired by a patch | alias_put() when it is done with the alias. Inspired by a patch from |
from Daniel Kopecek. | Daniel Kopecek. |
[0bdbac1b3b39] |
[0bdbac1b3b39] |
|
|
2013-05-20 Todd C. Miller <Todd.Miller@courtesan.com> |
2013-05-20 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 870
|
Line 2909
|
|
|
* plugins/sudoers/check.h, plugins/sudoers/timestamp.c: |
* plugins/sudoers/check.h, plugins/sudoers/timestamp.c: |
No longer store the ctime of a devpts tty. The handling of ctime on |
No longer store the ctime of a devpts tty. The handling of ctime on |
devpts in Linux has been changed to conform to POSIX. As a result | devpts in Linux has been changed to conform to POSIX. As a result we |
we can no longer assume that the ctime will stay unchanged | can no longer assume that the ctime will stay unchanged throughout |
throughout the life of the session. We store the session ID in the | the life of the session. We store the session ID in the time stamp |
time stamp file so there is a much smaller chance of the time stamp | file so there is a much smaller chance of the time stamp file being |
file being reused by a new login. While here, store the uid/gid in | reused by a new login. While here, store the uid/gid in the |
the timestamp file too for good measure. | timestamp file too for good measure. |
[7028b21f7a9b] |
[7028b21f7a9b] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Line 1289
|
Line 3328
|
plugins/sudoers/toke_util.c: |
plugins/sudoers/toke_util.c: |
Initial implementation of checksum support in sudoers. Currently |
Initial implementation of checksum support in sudoers. Currently |
supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format |
supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format |
validation in parser and base64 support. checksum support for | validation in parser and base64 support. checksum support for ldap |
ldap sudoers | sudoers |
[b8f196346eca] |
[b8f196346eca] |
|
|
2013-04-13 Todd C. Miller <Todd.Miller@courtesan.com> |
2013-04-13 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 1917
|
Line 3956
|
* src/exec_pty.c: |
* src/exec_pty.c: |
When running the command in a pty, defer the call to exec_setup() |
When running the command in a pty, defer the call to exec_setup() |
until just before we exec the command. This is consistent with the |
until just before we exec the command. This is consistent with the |
non-pty path. As a side effect, the monitor process runs as root | non-pty path. As a side effect, the monitor process runs as root and |
and not the runas user. | not the runas user. |
[e2a7f8c7ee4c] |
[e2a7f8c7ee4c] |
|
|
2013-03-02 Todd C. Miller <Todd.Miller@courtesan.com> |
2013-03-02 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 2363
|
Line 4402
|
|
|
* common/sudo_conf.c, include/sudo_conf.h, src/sudo.c: |
* common/sudo_conf.c, include/sudo_conf.h, src/sudo.c: |
Add group_source setting in sudo.conf to allow the admin to specify |
Add group_source setting in sudo.conf to allow the admin to specify |
how a user's groups are looked up. Legal values are static (just | how a user's groups are looked up. Legal values are static (just the |
the kernel list from getgroups), dynamic (whatever the group | kernel list from getgroups), dynamic (whatever the group database |
database includes) and adaptive (only use group db if kernel group | includes) and adaptive (only use group db if kernel group list is |
list is full). | full). |
[87a5b02e22ad] |
[87a5b02e22ad] |
|
|
* plugins/sudoers/policy.c: |
* plugins/sudoers/policy.c: |
Line 2434
|
Line 4473
|
|
|
* MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in, |
* MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in, |
configure, configure.in: |
configure, configure.in: |
Use nss_search() to implement getgrouplist() where available. | Use nss_search() to implement getgrouplist() where available. Tested |
Tested on Solaris and HP-UX. We need to include a compatibility | on Solaris and HP-UX. We need to include a compatibility header for |
header for HP-UX which uses the Solaris nsswitch implementation but | HP-UX which uses the Solaris nsswitch implementation but doesn't |
doesn't ship nss_dbdefs.h. | ship nss_dbdefs.h. |
[d29dbc4dc06d] |
[d29dbc4dc06d] |
|
|
2013-01-19 Todd C. Miller <Todd.Miller@courtesan.com> |
2013-01-19 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 2514
|
Line 4553
|
plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h: |
plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h: |
Add exec_background option in plugin command info and a sudoers |
Add exec_background option in plugin command info and a sudoers |
option to match. When set, commands are started in the background |
option to match. When set, commands are started in the background |
and automatically foregrounded as needed. There are issues with | and automatically foregrounded as needed. There are issues with some |
some ill-mannered programs (like Linux su) so this is not the | ill-mannered programs (like Linux su) so this is not the default. |
default. | |
[c0b32b0938f2] |
[c0b32b0938f2] |
|
|
* common/Makefile.in: |
* common/Makefile.in: |
Line 2578
|
Line 4616
|
|
|
* src/exec_pty.c: |
* src/exec_pty.c: |
No need to restore default signal handler for SIGSTOP as it is not |
No need to restore default signal handler for SIGSTOP as it is not |
catchable. Attempting to do so is harmless but sigaction() will | catchable. Attempting to do so is harmless but sigaction() will fail |
fail and set errno to EINVAL which makes it looks like there is an | and set errno to EINVAL which makes it looks like there is an error. |
error. | |
[be7c0b759e9a] |
[be7c0b759e9a] |
|
|
* src/exec.c: |
* src/exec.c: |
Line 2816
|
Line 4853
|
plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, |
plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, |
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: |
plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c: |
Allow sudoers programs (visudo, sudoreplay, visudo) to use |
Allow sudoers programs (visudo, sudoreplay, visudo) to use |
plugin_error.c instead of the error.c from the front-end. This | plugin_error.c instead of the error.c from the front-end. This means |
means sudoers_setlocale() needs to be independent of the sudo_user | sudoers_setlocale() needs to be independent of the sudo_user struct |
struct and the defaults table. The sudoers locale is now updated | and the defaults table. The sudoers locale is now updated via a |
via a callback. | callback. |
[e356f5f8cd6a] |
[e356f5f8cd6a] |
|
|
* plugins/sudoers/iolog.c, plugins/sudoers/logging.c, |
* plugins/sudoers/iolog.c, plugins/sudoers/logging.c, |
Line 3429
|
Line 5466
|
|
|
* src/exec.c: |
* src/exec.c: |
Shells typically change their process group when they start up so |
Shells typically change their process group when they start up so |
that they can implement job control. Most well-behaved shells | that they can implement job control. Most well-behaved shells change |
change the pgrp back to its original value before suspending so we | the pgrp back to its original value before suspending so we must not |
must not try to restore in that case, lest we race with the child | try to restore in that case, lest we race with the child upon |
upon resume, potentially stopping sudo with SIGTTOU while the | resume, potentially stopping sudo with SIGTTOU while the command |
command continues to run. Some shells, such as pdksh, just suspend | continues to run. Some shells, such as pdksh, just suspend the shell |
the shell by sending SIGSTOP to themselves without restoring the | by sending SIGSTOP to themselves without restoring the pgrp. In this |
pgrp. In this case we need to change the pgrp back for them. Should | case we need to change the pgrp back for them. Should fix bug #568 |
fix bug #568 | |
[6ac6751ffd17] |
[6ac6751ffd17] |
|
|
2012-08-26 Todd C. Miller <Todd.Miller@courtesan.com> |
2012-08-26 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 3593
|
Line 5629
|
* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, |
* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h, |
plugins/sudoers/visudo.c: |
plugins/sudoers/visudo.c: |
Add new check_defaults() function to check (but not update) the |
Add new check_defaults() function to check (but not update) the |
Defaults entries. Visudo can now use this instead of | Defaults entries. Visudo can now use this instead of update_defaults |
update_defaults to check all the defaults regardless instead of just | to check all the defaults regardless instead of just the global |
the global Defaults entries. | Defaults entries. |
[3fa879ce1b65] |
[3fa879ce1b65] |
|
|
2012-08-13 Todd C. Miller <Todd.Miller@courtesan.com> |
2012-08-13 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 3810
|
Line 5846
|
Previously, we just checked RLIMIT_NPROC and, if it was unlimited, |
Previously, we just checked RLIMIT_NPROC and, if it was unlimited, |
restored the previous value of RLIMIT_NPROC. However, that makes it |
restored the previous value of RLIMIT_NPROC. However, that makes it |
impossible to set nproc to unlimited. We now only restore the nproc |
impossible to set nproc to unlimited. We now only restore the nproc |
resource limit if sysconf(_SC_CHILD_MAX) is negative. In most | resource limit if sysconf(_SC_CHILD_MAX) is negative. In most cases, |
cases, pam_limits will set RLIMIT_NPROC for us. | pam_limits will set RLIMIT_NPROC for us. |
[cb71cc8d0b08] |
[cb71cc8d0b08] |
|
|
2012-07-30 Todd C. Miller <Todd.Miller@courtesan.com> |
2012-07-30 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 3993
|
Line 6029
|
call audit_failure() for us. |
call audit_failure() for us. |
|
|
This subtly changes logging for commands that are denied by sudoers |
This subtly changes logging for commands that are denied by sudoers |
but where the user failed to enter the correct password. | but where the user failed to enter the correct password. Previously, |
Previously, these would be logged as "N incorrect password attempts" | these would be logged as "N incorrect password attempts" but now are |
but now are logged as "command not allowed". Fixes bug #563 | logged as "command not allowed". Fixes bug #563 |
[cad35f0b3ad7] |
[cad35f0b3ad7] |
|
|
2012-07-06 Todd C. Miller <Todd.Miller@courtesan.com> |
2012-07-06 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 4207
|
Line 6243
|
[b8961cd82337] |
[b8961cd82337] |
|
|
* plugins/sudoers/regress/check_symbols/check_symbols.c: |
* plugins/sudoers/regress/check_symbols/check_symbols.c: |
Add check for exported local symbols. This will cause a "make | Add check for exported local symbols. This will cause a "make check" |
check" failure on systems where we don't support symbol hiding. | failure on systems where we don't support symbol hiding. |
[8aa549389bb1] |
[8aa549389bb1] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Line 4290
|
Line 6326
|
plugins/system_group/system_group.map, src/sudo_noexec.c, |
plugins/system_group/system_group.map, src/sudo_noexec.c, |
src/sudo_noexec.map: |
src/sudo_noexec.map: |
Use gcc's visibility attribute to specify when symbols are visible |
Use gcc's visibility attribute to specify when symbols are visible |
or hidden, if available. If not available, use an ELF version | or hidden, if available. If not available, use an ELF version script |
script if it is supported. If all else fails, fall back to using | if it is supported. If all else fails, fall back to using libtool's |
libtool's -export-symbols. | -export-symbols. |
[64e889921727] |
[64e889921727] |
|
|
2012-06-12 Todd C. Miller <Todd.Miller@courtesan.com> |
2012-06-12 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 4436
|
Line 6472
|
|
|
* plugins/sudoers/sudoreplay.c: |
* plugins/sudoers/sudoreplay.c: |
Instead of doing extra write()s when replaying stdout, build up a |
Instead of doing extra write()s when replaying stdout, build up a |
vector for writev() instead. This results in far fewer system | vector for writev() instead. This results in far fewer system calls. |
calls. | |
[303d866c025c] |
[303d866c025c] |
|
|
2012-05-27 Todd C. Miller <Todd.Miller@courtesan.com> |
2012-05-27 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 4885
|
Line 6920
|
Rototill code to determine the tty. For Linux, we now look up the |
Rototill code to determine the tty. For Linux, we now look up the |
tty device in /proc/pid/stat instead of trying to open |
tty device in /proc/pid/stat instead of trying to open |
/proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given |
/proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given |
device number to a string. On BSD, we can use devname(). On | device number to a string. On BSD, we can use devname(). On Solaris, |
Solaris, _ttyname_dev() does what we want. TODO: write /dev/ | _ttyname_dev() does what we want. TODO: write /dev/ traversal code |
traversal code for the generic sudo_ttyname_dev(). | for the generic sudo_ttyname_dev(). |
[6b22be4d09f0] |
[6b22be4d09f0] |
|
|
2012-04-10 Todd C. Miller <Todd.Miller@courtesan.com> |
2012-04-10 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 5498
|
Line 7533
|
|
|
* src/hooks.c, src/sudo.c, src/sudo.h: |
* src/hooks.c, src/sudo.c, src/sudo.h: |
Disable environment hooks after we get user_env back to make sure a |
Disable environment hooks after we get user_env back to make sure a |
plugin can't to modify user_env after we "own" it. This is kind of | plugin can't to modify user_env after we "own" it. This is kind of a |
a hack but we don't want the init_session plugin function to modify | hack but we don't want the init_session plugin function to modify |
user_env. |
user_env. |
[8e6d119452a5] |
[8e6d119452a5] |
|
|
Line 5523
|
Line 7558
|
plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c, |
plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c, |
src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h, |
src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h, |
src/sudo_plugin_int.h: |
src/sudo_plugin_int.h: |
Initial cut at a hooks implementation. The plugin can register | Initial cut at a hooks implementation. The plugin can register hooks |
hooks for getenv, putenv, setenv and unsetenv. This makes it | for getenv, putenv, setenv and unsetenv. This makes it possible for |
possible for the plugin to trap changes to the environment made by | the plugin to trap changes to the environment made by authentication |
authentication methods such as PAM or BSD auth so that such changes | methods such as PAM or BSD auth so that such changes are reflected |
are reflected in the environment passed back to sudo for execve(). | in the environment passed back to sudo for execve(). |
[61cffa06f863] |
[61cffa06f863] |
|
|
2012-03-05 Todd C. Miller <Todd.Miller@courtesan.com> |
2012-03-05 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 5590
|
Line 7625
|
[b2d6ee1e547a] |
[b2d6ee1e547a] |
|
|
* config.h.in, configure, configure.in, src/ttyname.c: |
* config.h.in, configure, configure.in, src/ttyname.c: |
Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some | Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some versions |
versions of OpenBSD versions that have KERN_PROC2 but not KERN_PROC. | of OpenBSD versions that have KERN_PROC2 but not KERN_PROC. |
[159f6a50456a] |
[159f6a50456a] |
|
|
2012-02-27 Todd C. Miller <Todd.Miller@courtesan.com> |
2012-02-27 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 5650
|
Line 7685
|
Relax the user/group/mode checks on sudoers files. As long as the |
Relax the user/group/mode checks on sudoers files. As long as the |
file is owned by the right user, not world-writable and not writable |
file is owned by the right user, not world-writable and not writable |
by a group other than the one specified at configure time (gid 0 by |
by a group other than the one specified at configure time (gid 0 by |
default), the file is considered OK. Note that visudo will still | default), the file is considered OK. Note that visudo will still set |
set the mode to the value specified at configure time. | the mode to the value specified at configure time. |
[241174babfcc] |
[241174babfcc] |
|
|
2012-02-21 Todd C. Miller <Todd.Miller@courtesan.com> |
2012-02-21 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 5728
|
Line 7763
|
|
|
* plugins/sudoers/Makefile.in, src/Makefile.in: |
* plugins/sudoers/Makefile.in, src/Makefile.in: |
Got back to using "install-sh -M" for files installed as non- |
Got back to using "install-sh -M" for files installed as non- |
readable by owner. This fixes "make install" as non-root for | readable by owner. This fixes "make install" as non-root for package |
package building. | building. |
[967804ee77d6] |
[967804ee77d6] |
|
|
2012-02-09 Todd C. Miller <Todd.Miller@courtesan.com> |
2012-02-09 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 5947
|
Line 7982
|
* plugins/sudoers/sudoers.c: |
* plugins/sudoers/sudoers.c: |
For "sudo -g" prepend the specified group ID to the beginning of the |
For "sudo -g" prepend the specified group ID to the beginning of the |
groups list. This matches BSD convention where the effective gid is |
groups list. This matches BSD convention where the effective gid is |
the first entry in the group list. This is required on newer | the first entry in the group list. This is required on newer FreeBSD |
FreeBSD where the effective gid is not tracked separately and thus | where the effective gid is not tracked separately and thus |
setgroups() changes the egid if this convention is not followed. |
setgroups() changes the egid if this convention is not followed. |
Fixes bug #532 |
Fixes bug #532 |
[782d6909108b] |
[782d6909108b] |
Line 6278
|
Line 8313
|
|
|
* plugins/sudoers/Makefile.in: |
* plugins/sudoers/Makefile.in: |
If srcdir is "." just use the basename of the yacc/lex file when |
If srcdir is "." just use the basename of the yacc/lex file when |
generating the C version. This matches the generated files | generating the C version. This matches the generated files currently |
currently in the repo. | in the repo. |
[0b11c3df87a8] |
[0b11c3df87a8] |
|
|
* doc/Makefile.in, plugins/sudoers/Makefile.in: |
* doc/Makefile.in, plugins/sudoers/Makefile.in: |
Line 6300
|
Line 8335
|
|
|
* src/exec_pty.c: |
* src/exec_pty.c: |
Catch common signals in the monitor process so they get passed to |
Catch common signals in the monitor process so they get passed to |
the command. Fixes a problem when the entire login session is | the command. Fixes a problem when the entire login session is killed |
killed when ssh is disconnected or the terminal window is closed. | when ssh is disconnected or the terminal window is closed. |
Previously, the monitor would exit and plugin's close method would |
Previously, the monitor would exit and plugin's close method would |
not be called. |
not be called. |
[0e4658263138] |
[0e4658263138] |
Line 6368
|
Line 8403
|
|
|
* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c: |
* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c: |
Fetch the login class for the user we authenticate specifically when |
Fetch the login class for the user we authenticate specifically when |
using BSD authentication. That user may have a different login | using BSD authentication. That user may have a different login class |
class than what we will use to run the command. When setting the | than what we will use to run the command. When setting the login |
login class for the command, use the target user's struct passwd, | class for the command, use the target user's struct passwd, not the |
not the invoking user's. Fixes bug 526 | invoking user's. Fixes bug 526 |
[21bf0af892f7] |
[21bf0af892f7] |
|
|
* compat/Makefile.in, configure, configure.in, doc/Makefile.in, |
* compat/Makefile.in, configure, configure.in, doc/Makefile.in, |
Line 6417
|
Line 8452
|
|
|
* aclocal.m4, config.h.in, configure, configure.in: |
* aclocal.m4, config.h.in, configure, configure.in: |
No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default |
No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default |
includes have unistd.h in them. Add check for socklen_t for | includes have unistd.h in them. Add check for socklen_t for upcoming |
upcoming getaddrinfo compat. | getaddrinfo compat. |
[d705465bef69] |
[d705465bef69] |
|
|
* common/fileops.c, compat/nanosleep.c, config.h.in, configure, |
* common/fileops.c, compat/nanosleep.c, config.h.in, configure, |
Line 6873
|
Line 8908
|
* plugins/sudoers/pwutil.c: |
* plugins/sudoers/pwutil.c: |
Instead of trying to grow the buffer in make_grlist_item(), simply |
Instead of trying to grow the buffer in make_grlist_item(), simply |
increase the total length, free the old buffer and allocate a new |
increase the total length, free the old buffer and allocate a new |
one. This is less error prone and saves us from having to adjust | one. This is less error prone and saves us from having to adjust all |
all the pointers in the buffer. This code path is only taken when | the pointers in the buffer. This code path is only taken when there |
there are groups longer than the length of the user field in struct | are groups longer than the length of the user field in struct utmp |
utmp or utmpx, which should be quite rare. | or utmpx, which should be quite rare. |
[5587dc8cffaf] |
[5587dc8cffaf] |
|
|
* src/po/it.mo: |
* src/po/it.mo: |
Line 6956
|
Line 8991
|
|
|
* plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, |
* plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c, |
plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c: |
plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c: |
Fix a PAM_USER mismatch in session open/close. We update PAM_USER | Fix a PAM_USER mismatch in session open/close. We update PAM_USER to |
to the target user immediately before setting resource limits, which | the target user immediately before setting resource limits, which is |
is after the monitor process has forked (so it has the old value). | after the monitor process has forked (so it has the old value). |
Also, if the user did not authenticate, there is no pamh in the |
Also, if the user did not authenticate, there is no pamh in the |
monitor so we need to init pam here too. This means we end up |
monitor so we need to init pam here too. This means we end up |
calling pam_start() twice, which should be fixed, but at least the |
calling pam_start() twice, which should be fixed, but at least the |
Line 7083
|
Line 9118
|
|
|
* INSTALL, configure, configure.in: |
* INSTALL, configure, configure.in: |
Remove --with-CC option; it doesn't work correctly now that we use |
Remove --with-CC option; it doesn't work correctly now that we use |
libtool. Users can get the same effect by setting the CC | libtool. Users can get the same effect by setting the CC environment |
environment variable when running configure. | variable when running configure. |
[ec22bd1a55e0] |
[ec22bd1a55e0] |
|
|
2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 7336
|
Line 9371
|
|
|
* plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c: |
* plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c: |
Go back to escaping the command args for "sudo -i" and "sudo -s" |
Go back to escaping the command args for "sudo -i" and "sudo -s" |
before calling the plugin. Otherwise, spaces in the command args | before calling the plugin. Otherwise, spaces in the command args are |
are not treated properly. The sudoers plugin will unescape non- | not treated properly. The sudoers plugin will unescape non- spaces |
spaces to make matching easier. | to make matching easier. |
[dfa2c4636f33] |
[dfa2c4636f33] |
|
|
2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 7491
|
Line 9526
|
plugins/sudoers/regress/logging/check_wrap.in, |
plugins/sudoers/regress/logging/check_wrap.in, |
plugins/sudoers/regress/logging/check_wrap.out.ok: |
plugins/sudoers/regress/logging/check_wrap.out.ok: |
Split out log file word wrap code into its own file and add unit |
Split out log file word wrap code into its own file and add unit |
tests. Fixes an off-by one in the word wrap when the log line | tests. Fixes an off-by one in the word wrap when the log line length |
length matches loglinelen. | matches loglinelen. |
[52ed277f6690] |
[52ed277f6690] |
|
|
2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 7507
|
Line 9542
|
[b994f7b0d8b4] |
[b994f7b0d8b4] |
|
|
* configure, configure.in: |
* configure, configure.in: |
Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX | Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX 5.3 |
5.3 and above. | and above. |
[c2a6f9b472f3] |
[c2a6f9b472f3] |
|
|
2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 7804
|
Line 9839
|
|
|
* Makefile.in, compat/Makefile.in, mkdep.pl, |
* Makefile.in, compat/Makefile.in, mkdep.pl, |
plugins/sudoers/Makefile.in: |
plugins/sudoers/Makefile.in: |
Add dependency for siglist.lo in compat. This is a generated file | Add dependency for siglist.lo in compat. This is a generated file so |
so "make depend" needs to depend on it. | "make depend" needs to depend on it. |
[28d0932f8b50] |
[28d0932f8b50] |
|
|
* compat/Makefile.in: |
* compat/Makefile.in: |
Line 8248
|
Line 10283
|
|
|
* src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: |
* src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h: |
Load plugins after parsing arguments and potentially printing the |
Load plugins after parsing arguments and potentially printing the |
version. That way, an error loading or initializing a plugin | version. That way, an error loading or initializing a plugin doesn't |
doesn't break "sudo -h" or "sudo -V". | break "sudo -h" or "sudo -V". |
[1b76f2b096a2] |
[1b76f2b096a2] |
|
|
* Makefile.in: |
* Makefile.in: |
Line 8330
|
Line 10365
|
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: |
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: |
The --with-libpath option now adds to SUDOERS_LDFLAGS as well as |
The --with-libpath option now adds to SUDOERS_LDFLAGS as well as |
LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and |
LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and |
set it to -Wc,-static-libgcc if not using GNU ld so we don't | set it to -Wc,-static-libgcc if not using GNU ld so we don't have a |
have a dependency on the shared libgcc in sudoers.so. | dependency on the shared libgcc in sudoers.so. |
[66ad8bc5e32d] |
[66ad8bc5e32d] |
|
|
* doc/sudoers.pod: |
* doc/sudoers.pod: |
Line 8621
|
Line 10656
|
* plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, |
* plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c, |
plugins/sudoers/toke.l: |
plugins/sudoers/toke.l: |
Make lex tracing settable at run-time in testsudoers via the -t |
Make lex tracing settable at run-time in testsudoers via the -t |
flag. Trace output goes to stderr. Will be used by regress tests | flag. Trace output goes to stderr. Will be used by regress tests to |
to check lexer. | check lexer. |
[93bd53c413c8] |
[93bd53c413c8] |
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
Line 8655
|
Line 10690
|
|
|
* src/exec_pty.c: |
* src/exec_pty.c: |
Save the controlling tty process group before suspending in pty |
Save the controlling tty process group before suspending in pty |
mode. Previously, we assumed that the child pgrp == child pid | mode. Previously, we assumed that the child pgrp == child pid (which |
(which is usually, but not always, the case). | is usually, but not always, the case). |
[10b2883b7875] |
[10b2883b7875] |
|
|
* doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: |
* doc/sudoers.ldap.pod, plugins/sudoers/ldap.c: |
Add support for sudoers_search_filter setting in ldap.conf. This | Add support for sudoers_search_filter setting in ldap.conf. This can |
can be used to restrict the set of records returned by the LDAP | be used to restrict the set of records returned by the LDAP query. |
query. | |
[b0f1b721d102] |
[b0f1b721d102] |
|
|
2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 8894
|
Line 10928
|
|
|
* configure, configure.in, plugins/sample/Makefile.in, |
* configure, configure.in, plugins/sample/Makefile.in, |
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: |
plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in: |
Install plugins manually instead of using libtool. This works | Install plugins manually instead of using libtool. This works around |
around a problem on AIX where libtool will install a .a file | a problem on AIX where libtool will install a .a file containing the |
containing the .so file instead of the .so file itself. | .so file instead of the .so file itself. |
[796971cfbddb] |
[796971cfbddb] |
|
|
* Makefile.in: |
* Makefile.in: |
Line 8955
|
Line 10989
|
|
|
* plugins/sudoers/sudoers.c: |
* plugins/sudoers/sudoers.c: |
Fix return value of "sudo -l command" when command is not allowed, |
Fix return value of "sudo -l command" when command is not allowed, |
broken in [c7097ea22111]. The default return value is now TRUE and | broken in [c7097ea22111]. The default return value is now TRUE and a |
a bad: label is used when permission is denied. Also fixed missing | bad: label is used when permission is denied. Also fixed missing |
permissions restoration on certain errors. On error()/errorx(), the |
permissions restoration on certain errors. On error()/errorx(), the |
password and group files are now closed before returning. |
password and group files are now closed before returning. |
[4f2d0e869ae5] |
[4f2d0e869ae5] |
Line 9446
|
Line 11480
|
|
|
* plugins/sudoers/ldap.c: |
* plugins/sudoers/ldap.c: |
Stash pointer to user group vector in LDAP handle and only reuse the |
Stash pointer to user group vector in LDAP handle and only reuse the |
query if it has not changed. We always allocate a new buffer when | query if it has not changed. We always allocate a new buffer when we |
we reset the group vector so a simple pointer check is sufficient. | reset the group vector so a simple pointer check is sufficient. |
[88861d4eba69] |
[88861d4eba69] |
|
|
* plugins/sudoers/sudo_nss.c: |
* plugins/sudoers/sudo_nss.c: |
Line 9767
|
Line 11801
|
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
Allow sudoers to specify the iolog file in addition to the iolog |
Allow sudoers to specify the iolog file in addition to the iolog |
dir. Add escape sequence support to iolog file and dir: sequence |
dir. Add escape sequence support to iolog file and dir: sequence |
number, user, group, runas_user, runas_group, hostname and | number, user, group, runas_user, runas_group, hostname and command |
command in addition to any escape sequence recognized by | in addition to any escape sequence recognized by strftime(3). |
strftime(3). | |
[75cd32ee0435] |
[75cd32ee0435] |
|
|
* plugins/sudoers/iolog.c: |
* plugins/sudoers/iolog.c: |
Line 9786
|
Line 11819
|
[d29784fd2a66] |
[d29784fd2a66] |
|
|
* common/term.c: |
* common/term.c: |
Clear OPOST from c_oflag like we used to. Fixes screen-based | Clear OPOST from c_oflag like we used to. Fixes screen-based editors |
editors such as vi. | such as vi. |
[506ad5ae9b4e] |
[506ad5ae9b4e] |
|
|
* doc/sudoers.pod: |
* doc/sudoers.pod: |
Line 10523
|
Line 12556
|
* plugins/sudoers/match.c: |
* plugins/sudoers/match.c: |
When matching the runas user and runas group (-u and -g command line |
When matching the runas user and runas group (-u and -g command line |
options), keep track of runas group and runas user matches |
options), keep track of runas group and runas user matches |
separately. Only return a positive match if we have a match for | separately. Only return a positive match if we have a match for both |
both runas user and runas group (if specified). | runas user and runas group (if specified). |
[815219e04cc8] |
[815219e04cc8] |
|
|
2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com> |
2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 10749
|
Line 12782
|
* plugins/sudoers/check.c, plugins/sudoers/ldap.c, |
* plugins/sudoers/check.c, plugins/sudoers/ldap.c, |
plugins/sudoers/match.c, plugins/sudoers/pwutil.c, |
plugins/sudoers/match.c, plugins/sudoers/pwutil.c, |
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h: |
Reference count cached passwd and group structs. The cache holds | Reference count cached passwd and group structs. The cache holds one |
one reference itself and another is added by sudo_getgr{gid,nam} and | reference itself and another is added by sudo_getgr{gid,nam} and |
sudo_getpw{uid,nam}. The final ref on the runas and user passwd and |
sudo_getpw{uid,nam}. The final ref on the runas and user passwd and |
group structs are persistent for now. |
group structs are persistent for now. |
[e544685523c3] |
[e544685523c3] |
Line 10883
|
Line 12916
|
|
|
* plugins/sudoers/sudoreplay.c: |
* plugins/sudoers/sudoreplay.c: |
Add setlocale() so the command line arguments that use floating |
Add setlocale() so the command line arguments that use floating |
point work in different locales. Since sudo now logs the timing | point work in different locales. Since sudo now logs the timing data |
data in the C locale we must Parse the seconds in the timing file | in the C locale we must Parse the seconds in the timing file |
manually instead of using strtod(). Furthermore, sudo 1.7.3 logged |
manually instead of using strtod(). Furthermore, sudo 1.7.3 logged |
the number of seconds with the user's locale so if the decimal point |
the number of seconds with the user's locale so if the decimal point |
is not '.' try using the locale-specific version. |
is not '.' try using the locale-specific version. |
Line 11063
|
Line 13096
|
|
|
* common/aix.c: |
* common/aix.c: |
setauthdb() only sets the "old" registry if it was set by a previous |
setauthdb() only sets the "old" registry if it was set by a previous |
call to setauthdb(). To restore the original value, passing NULL | call to setauthdb(). To restore the original value, passing NULL (or |
(or an empty string) to setauthdb() is sufficient. | an empty string) to setauthdb() is sufficient. |
[470da190a254] |
[470da190a254] |
|
|
2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com> |
2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 11174
|
Line 13207
|
Use tab indents to reduce the chance of problem with <<- Fix the |
Use tab indents to reduce the chance of problem with <<- Fix the |
debian %set section, pp does not set pp_deb_distro Uncomment %sudo |
debian %set section, pp does not set pp_deb_distro Uncomment %sudo |
line in sudoers for debian Uncomment some env_keep lines for RHEL, |
line in sudoers for debian Uncomment some env_keep lines for RHEL, |
SLES and debian to more closely match the vendor sudoers files. | SLES and debian to more closely match the vendor sudoers files. Add |
Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on | /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on |
debian for ldap flavor |
debian for ldap flavor |
[c5b49feb1a0c] |
[c5b49feb1a0c] |
|
|
Line 11813
|
Line 13846
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
A comment character may not be part of a command line argument |
A comment character may not be part of a command line argument |
unless it is quoted with a backslash. Fixes parsing of: | unless it is quoted with a backslash. Fixes parsing of: testuser |
testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441 | ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441 |
[ea2e990f85ed] |
[ea2e990f85ed] |
|
|
* doc/sudoers.pod: |
* doc/sudoers.pod: |
Line 11935
|
Line 13968
|
include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c, |
include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c, |
src/conversation.c, src/sudo.h, src/tgetpass.c: |
src/conversation.c, src/sudo.h, src/tgetpass.c: |
Add SUDO_CONV_PROMPT_MASK define which corresponds to the |
Add SUDO_CONV_PROMPT_MASK define which corresponds to the |
"pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is | "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is set. |
set. | |
[e0550590cabe] |
[e0550590cabe] |
|
|
* src/exec_pty.c: |
* src/exec_pty.c: |
Line 11988
|
Line 14020
|
|
|
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
* plugins/sudoers/toke.c, plugins/sudoers/toke.l: |
If a file in a #includedir has improper permissions or owner just |
If a file in a #includedir has improper permissions or owner just |
skip it. This prevents packages that incorrectly install a file | skip it. This prevents packages that incorrectly install a file into |
into /etc/sudoers.d from breaking sudo so easily. Syntax errors in | /etc/sudoers.d from breaking sudo so easily. Syntax errors in |
#includedir files still result in a parse error (for now). |
#includedir files still result in a parse error (for now). |
[ade99a4549a4] |
[ade99a4549a4] |
|
|
Line 12487
|
Line 14519
|
[31b69a6ecda7] |
[31b69a6ecda7] |
|
|
* src/script.c, src/sudo.h: |
* src/script.c, src/sudo.h: |
Cosmetic changes: add comments, remove orphaned prototype and | Cosmetic changes: add comments, remove orphaned prototype and make a |
make a global static. | global static. |
[f7851af0143e] |
[f7851af0143e] |
|
|
2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com> |
2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 12562
|
Line 14594
|
* plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h, |
* plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h, |
src/sudo_edit.c: |
src/sudo_edit.c: |
If plugin sets "sudoedit=true" in the command info, enable sudoedit |
If plugin sets "sudoedit=true" in the command info, enable sudoedit |
mode even if not invoked as sudoedit. This allows a plugin to | mode even if not invoked as sudoedit. This allows a plugin to enable |
enable sudoedit when the user runs an editor. | sudoedit when the user runs an editor. |
[96d67b99e42e] |
[96d67b99e42e] |
|
|
2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com> |
2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 12615
|
Line 14647
|
[4cbf5196d993] |
[4cbf5196d993] |
|
|
* plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c: |
* plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c: |
Change how we handle the sudoedit argv. We now require that there | Change how we handle the sudoedit argv. We now require that there be |
be a "--" in argv to separate the editor and any command line | a "--" in argv to separate the editor and any command line arguments |
arguments from the files to be edited. | from the files to be edited. |
[20623d549a3c] |
[20623d549a3c] |
|
|
* include/sudo_plugin.h, plugins/sample/sample_plugin.c, |
* include/sudo_plugin.h, plugins/sample/sample_plugin.c, |
Line 12709
|
Line 14741
|
[dd5464257c69] |
[dd5464257c69] |
|
|
* src/script.c: |
* src/script.c: |
Fix SIGPIPE handling. Now that we use may use pipes for | Fix SIGPIPE handling. Now that we use may use pipes for stdin/stdout |
stdin/stdout we need to pass any SIGPIPE we receive to the running | we need to pass any SIGPIPE we receive to the running command. |
command. | |
[3f6b1991f4fd] |
[3f6b1991f4fd] |
|
|
* src/script.c: |
* src/script.c: |
Line 12924
|
Line 14955
|
* src/script.c: |
* src/script.c: |
Defer call to alarm() until after we fork the child. Pass correct |
Defer call to alarm() until after we fork the child. Pass correct |
pid to terminate_child() If the command exits due to signal, set |
pid to terminate_child() If the command exits due to signal, set |
alive to false like we do when it exits normally. Add missing | alive to false like we do when it exits normally. Add missing check |
check for errpipe[0] != -1 before using it in FD_ISSET | for errpipe[0] != -1 before using it in FD_ISSET |
[22f0a1549391] |
[22f0a1549391] |
|
|
2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com> |
2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 13790
|
Line 15821
|
[04a233b6c491] |
[04a233b6c491] |
|
|
* include/compat.h: |
* include/compat.h: |
Add definition of WCOREDUMP for systems without it. This is known | Add definition of WCOREDUMP for systems without it. This is known to |
to work on AIX and SunOS 4, but may be incorrect on other systems | work on AIX and SunOS 4, but may be incorrect on other systems that |
that lack WCOREDUMP. | lack WCOREDUMP. |
[c85b3ce6b77d] |
[c85b3ce6b77d] |
|
|
2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com> |
2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 14399
|
Line 16430
|
|
|
* match.c: |
* match.c: |
cmnd_matches() already deals with negation so _cmndlist_matches() |
cmnd_matches() already deals with negation so _cmndlist_matches() |
does not need to do so itself. Fixes a bug with negated entries in | does not need to do so itself. Fixes a bug with negated entries in a |
a Cmnd_List. | Cmnd_List. |
[71c845f6ce73] |
[71c845f6ce73] |
|
|
2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com> |
2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 14444
|
Line 16475
|
allows the parent to distinguish between signals it has been sent |
allows the parent to distinguish between signals it has been sent |
directly and signals the command has received. It also means the |
directly and signals the command has received. It also means the |
parent can once again print the signal notifications to the tty so |
parent can once again print the signal notifications to the tty so |
all writes to the pty master occur in the parent. The command is | all writes to the pty master occur in the parent. The command is now |
now always started in background mode with tty signals handled by | always started in background mode with tty signals handled by the |
the parent. | parent. |
[c6790b82986d] |
[c6790b82986d] |
|
|
2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com> |
2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 14706
|
Line 16737
|
[85f590a03275] |
[85f590a03275] |
|
|
* script.c: |
* script.c: |
Don't set stdout to blocking mode when flushing remaining output. | Don't set stdout to blocking mode when flushing remaining output. It |
It can cause us to hang when trying to exit. Need to investigate | can cause us to hang when trying to exit. Need to investigate why. |
why. | |
[6f803a3e33ca] |
[6f803a3e33ca] |
|
|
* script.c: |
* script.c: |
Line 15233
|
Line 17263
|
configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h, |
configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h, |
gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c, |
gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c, |
tgetpass.c: |
tgetpass.c: |
First cut at session logging for sudo. Still need to write | First cut at session logging for sudo. Still need to write get_pty() |
get_pty() for Unix 98 and old-style BSD ptys. Also needs | for Unix 98 and old-style BSD ptys. Also needs documentation and |
documentation and general cleanup. | general cleanup. |
[77e3f5e25738] |
[77e3f5e25738] |
|
|
2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com> |
2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 15751
|
Line 17781
|
[2bcbbb45d389] |
[2bcbbb45d389] |
|
|
* auth/pam.c: |
* auth/pam.c: |
Make sure def_prompt is always defined. This is a workaround for | Make sure def_prompt is always defined. This is a workaround for pam |
pam configs that prompt for a password in the session but don't have | configs that prompt for a password in the session but don't have an |
an auth line. A better fix is to expand the sudo prompt earlier and | auth line. A better fix is to expand the sudo prompt earlier and set |
set def_prompt to that when initializing. | def_prompt to that when initializing. |
[ee073c04aec3] |
[ee073c04aec3] |
|
|
* sudo.pod: |
* sudo.pod: |
Line 16905
|
Line 18935
|
|
|
* INSTALL, configure, configure.in: |
* INSTALL, configure, configure.in: |
Disable use of gss_krb5_ccache_name() by default and add |
Disable use of gss_krb5_ccache_name() by default and add |
--enable-gss-krb5-ccache-name configure option to enable it. It | --enable-gss-krb5-ccache-name configure option to enable it. It seems |
seems that gss_krb5_ccache_name() doesn't work properly with some | that gss_krb5_ccache_name() doesn't work properly with some |
combinations of Heimdal and OpenLDAP. |
combinations of Heimdal and OpenLDAP. |
[f61ebd3b19bd] |
[f61ebd3b19bd] |
|
|
Line 16976
|
Line 19006
|
|
|
* Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod: |
* Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod: |
Remove the =cut on the first line (above the copyright notice) to |
Remove the =cut on the first line (above the copyright notice) to |
quiet pod2man. Also remove the hackery in the FILES section and | quiet pod2man. Also remove the hackery in the FILES section and just |
just deal with the fact that there will a newline between each | deal with the fact that there will a newline between each pathname. |
pathname. | |
[2ac1ab191835] |
[2ac1ab191835] |
|
|
2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 17042
|
Line 19071
|
* sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in, |
* sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in, |
sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod, |
sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod, |
testsudoers.c, toke.c, toke.l: |
testsudoers.c, toke.c, toke.l: |
Add support for SELinux RBAC. Sudoers entries may specify a role | Add support for SELinux RBAC. Sudoers entries may specify a role and |
and type. There are also role and type defaults that may be used. | type. There are also role and type defaults that may be used. To |
To make sure a transition occurs, when using RBAC commands are | make sure a transition occurs, when using RBAC commands are executed |
executed via the new sesh binary. Based on initial changes from Dan | via the new sesh binary. Based on initial changes from Dan Walsh. |
Walsh. | |
[1d4abfe2c004] |
[1d4abfe2c004] |
|
|
* sesh.c: |
* sesh.c: |
Add support for SELinux RBAC. Sudoers entries may specify a role | Add support for SELinux RBAC. Sudoers entries may specify a role and |
and type. There are also role and type defaults that may be used. | type. There are also role and type defaults that may be used. To |
To make sure a transition occurs, when using RBAC commands are | make sure a transition occurs, when using RBAC commands are executed |
executed via the new sesh binary. Based on initial changes from Dan | via the new sesh binary. Based on initial changes from Dan Walsh. |
Walsh. | |
[1e3b395ce049] |
[1e3b395ce049] |
|
|
* Makefile.in, config.h.in, configure.in, def_data.c, def_data.h, |
* Makefile.in, config.h.in, configure.in, def_data.c, def_data.h, |
def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h, |
def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h, |
pathnames.h.in, selinux.c: |
pathnames.h.in, selinux.c: |
Add support for SELinux RBAC. Sudoers entries may specify a role | Add support for SELinux RBAC. Sudoers entries may specify a role and |
and type. There are also role and type defaults that may be used. | type. There are also role and type defaults that may be used. To |
To make sure a transition occurs, when using RBAC commands are | make sure a transition occurs, when using RBAC commands are executed |
executed via the new sesh binary. Based on initial changes from Dan | via the new sesh binary. Based on initial changes from Dan Walsh. |
Walsh. | |
[6b421948286e] |
[6b421948286e] |
|
|
2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com> |
2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 17095
|
Line 19121
|
* sudo.c: |
* sudo.c: |
Unlimit nproc on Linux systems where calling the setuid() family of |
Unlimit nproc on Linux systems where calling the setuid() family of |
syscalls causes the nroc resource limit to be checked. The limits |
syscalls causes the nroc resource limit to be checked. The limits |
will be reset by pam_limits.so when PAM is used. In the non-PAM | will be reset by pam_limits.so when PAM is used. In the non-PAM case |
case the nproc limit will remain unlimited but there doesn't seem to | the nproc limit will remain unlimited but there doesn't seem to be a |
be a way around that other than having sudo parse | way around that other than having sudo parse |
/etc/security/limits.conf directly. |
/etc/security/limits.conf directly. |
[df024b415a8d] |
[df024b415a8d] |
|
|
Line 17193
|
Line 19219
|
|
|
* pwutil.c: |
* pwutil.c: |
When copying gr_mem we must guarantee that the storage space for |
When copying gr_mem we must guarantee that the storage space for |
gr_mem is properly aligned. The simplest way to do this is to | gr_mem is properly aligned. The simplest way to do this is to simply |
simply store gr_mem directly after struct group. This is not a | store gr_mem directly after struct group. This is not a problem for |
problem for gr_passwd or gr_name as they are simple strings. | gr_passwd or gr_name as they are simple strings. |
[af58fc76f1ed] |
[af58fc76f1ed] |
|
|
* ldap.c: |
* ldap.c: |
Line 17543
|
Line 19569
|
2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com> |
2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* env.c, pathnames.h.in, sudo.c, sudo.h: |
* env.c, pathnames.h.in, sudo.c, sudo.h: |
Add support for reading and /etc/environment file. Still needs to | Add support for reading and /etc/environment file. Still needs to be |
be documented and should probably only applies to OSes that have it | documented and should probably only applies to OSes that have it |
(AIX and Linux, maybe others). |
(AIX and Linux, maybe others). |
[15d3edae27e4] |
[15d3edae27e4] |
|
|
Line 17776
|
Line 19802
|
[e486024574a1] |
[e486024574a1] |
|
|
* ldap.c: |
* ldap.c: |
Make sudo ALL imply setenv. Note that unlike with file-based | Make sudo ALL imply setenv. Note that unlike with file-based sudoers |
sudoers this does affect all the commands in the sudoRole. | this does affect all the commands in the sudoRole. |
[bc12f54321d1] |
[bc12f54321d1] |
|
|
* gram.c, gram.y, parse.c, parse.h: |
* gram.c, gram.y, parse.c, parse.h: |
Line 17878
|
Line 19904
|
|
|
* tgetpass.c: |
* tgetpass.c: |
Avoid printing the prompt if we are already backgrounded. E.g. if |
Avoid printing the prompt if we are already backgrounded. E.g. if |
the user runs "sudo foo &" from the shell. In this case, the call | the user runs "sudo foo &" from the shell. In this case, the call to |
to tcsetattr() will cause SIGTTOU to be delivered. | tcsetattr() will cause SIGTTOU to be delivered. |
[db2139a8d8b8] |
[db2139a8d8b8] |
|
|
2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com> |
2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 18090
|
Line 20116
|
|
|
* match.c, parse.c, testsudoers.c: |
* match.c, parse.c, testsudoers.c: |
Use LH_FOREACH_REV when checking permission and short-circuit on the |
Use LH_FOREACH_REV when checking permission and short-circuit on the |
first non-UNSPEC hit we get for the command. This means that | first non-UNSPEC hit we get for the command. This means that instead |
instead of cycling through the all the parsed sudoers entries we | of cycling through the all the parsed sudoers entries we start at |
start at the end and work backwards and quit after the first | the end and work backwards and quit after the first positive or |
positive or negative match. | negative match. |
[881474532f3e] |
[881474532f3e] |
|
|
* gram.c: |
* gram.c: |
Line 18124
|
Line 20150
|
* alias.c, defaults.c, gram.y, match.c, parse.c, parse.h, |
* alias.c, defaults.c, gram.y, match.c, parse.c, parse.h, |
testsudoers.c, visudo.c: |
testsudoers.c, visudo.c: |
Use a list head struct when storing the semi-circular lists and |
Use a list head struct when storing the semi-circular lists and |
convert to tail queues in the process. This will allow us to | convert to tail queues in the process. This will allow us to reverse |
reverse foreach loops more easily and it makes it clearer which | foreach loops more easily and it makes it clearer which functions |
functions expect a list as opposed to a single member. | expect a list as opposed to a single member. |
|
|
Add macros for manipulating lists. Some of these should become |
Add macros for manipulating lists. Some of these should become |
functions. |
functions. |
Line 18250
|
Line 20276
|
|
|
* toke.l: |
* toke.l: |
Require that the first character after a comment not be a digit or a |
Require that the first character after a comment not be a digit or a |
dash. This allows us to remove the GOTRUNAS state and treat | dash. This allows us to remove the GOTRUNAS state and treat uid/gids |
uid/gids similar to other words. It also means that we can now | similar to other words. It also means that we can now specify uids |
specify uids in User_Lists and a User_Spec may now contain a uid. | in User_Lists and a User_Spec may now contain a uid. |
[461fe01f8392] |
[461fe01f8392] |
|
|
* gram.y, toke.l: |
* gram.y, toke.l: |
Line 19067
|
Line 21093
|
|
|
* auth/kerb5.c: |
* auth/kerb5.c: |
If we cannot get a valid service key using the default keytab it is |
If we cannot get a valid service key using the default keytab it is |
a fatal error. Fixes a bug where sudo could be tricked into | a fatal error. Fixes a bug where sudo could be tricked into allowing |
allowing access when it should not by a fake KDC. From Thor Lancelot | access when it should not by a fake KDC. From Thor Lancelot Simon. |
Simon. | |
[a3ae6a47cb23] |
[a3ae6a47cb23] |
|
|
2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com> |
2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 19151
|
Line 21176
|
|
|
* env.c: |
* env.c: |
Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and |
Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and |
LDR_PRELOAD64. The 64-bit version is not currently supported. | LDR_PRELOAD64. The 64-bit version is not currently supported. Remove |
Remove zero_env() prototype as it no longer exists. | zero_env() prototype as it no longer exists. |
[b4fe65027fb6] |
[b4fe65027fb6] |
|
|
2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com> |
2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 19537
|
Line 21562
|
[1dfc2e8c9f2b] |
[1dfc2e8c9f2b] |
|
|
* ldap.c: |
* ldap.c: |
Reorganize LDAP code to better match normal sudoers parsing. | Reorganize LDAP code to better match normal sudoers parsing. Instead |
Instead of storing strings for later printing in -l mode we do | of storing strings for later printing in -l mode we do another query |
another query since the authenticating user and the user being | since the authenticating user and the user being listed may not be |
listed may not be the same (the new -U flag). Also add support for | the same (the new -U flag). Also add support for "sudo -l command". |
"sudo -l command". | |
|
|
There is still a fair bit if duplicated code that can probably be |
There is still a fair bit if duplicated code that can probably be |
refactored. |
refactored. |
Line 20126
|
Line 22150
|
|
|
* match.c, testsudoers.c, visudo.c: |
* match.c, testsudoers.c, visudo.c: |
Only check group vector in usergr_matches() if we are matching the |
Only check group vector in usergr_matches() if we are matching the |
invoking or list user. Always check the group members, even if | invoking or list user. Always check the group members, even if there |
there was a group vector. | was a group vector. |
[d0c7ceb2a041] |
[d0c7ceb2a041] |
|
|
2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 20202
|
Line 22226
|
[d69959681c87] |
[d69959681c87] |
|
|
* getspwuid.c: |
* getspwuid.c: |
Check rbinsert() return value. In the case of faked up entries | Check rbinsert() return value. In the case of faked up entries there |
there is usually a negative response cached that we need to | is usually a negative response cached that we need to overwrite. |
overwrite. | |
|
|
In pwfree() don't try to zero out a NULL pw_passwd pointer. |
In pwfree() don't try to zero out a NULL pw_passwd pointer. |
[00b32d1a48c1] |
[00b32d1a48c1] |
Line 20296
|
Line 22319
|
[e56fe33db916] |
[e56fe33db916] |
|
|
* ldap.c, parse.c, sudo.c, sudo.h: |
* ldap.c, parse.c, sudo.c, sudo.h: |
Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags. | Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags. Instead, |
Instead, we just set the approriate defaults variable. | we just set the approriate defaults variable. |
[756eeecc1d86] |
[756eeecc1d86] |
|
|
* sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod: |
* sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod: |
Line 20313
|
Line 22336
|
* defaults.c, match.c, parse.c, parse.h, testsudoers.c: |
* defaults.c, match.c, parse.c, parse.h, testsudoers.c: |
Change an occurence of user_matches() -> runas_matches() missed |
Change an occurence of user_matches() -> runas_matches() missed |
previously runas_matches(), host_matches() and cmnd_matches() only |
previously runas_matches(), host_matches() and cmnd_matches() only |
really need to pass in a list of members. user_matches() still | really need to pass in a list of members. user_matches() still needs |
needs to pass in a passwd struct because of "sudo -l" | to pass in a passwd struct because of "sudo -l" |
[833b22fc6fa0] |
[833b22fc6fa0] |
|
|
* parse.c: |
* parse.c: |
Line 20622
|
Line 22645
|
[ad462ede3094] |
[ad462ede3094] |
|
|
* testsudoers.c: |
* testsudoers.c: |
Rewrite for the new parser. Now supports a -d flag (dump) and adds | Rewrite for the new parser. Now supports a -d flag (dump) and adds a |
a -h flag (host). It now defaults to the local hostname unless | -h flag (host). It now defaults to the local hostname unless |
otherwise specified. |
otherwise specified. |
[1b69685cc601] |
[1b69685cc601] |
|
|
Line 20805
|
Line 22828
|
2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com> |
2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* mon_systrace.c: |
* mon_systrace.c: |
Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably | Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably means |
means we are out of space in the stack gap... | we are out of space in the stack gap... |
[5b02b702021e] |
[5b02b702021e] |
|
|
* CHANGES: |
* CHANGES: |
Line 20952
|
Line 22975
|
[ba481d9ed1aa] |
[ba481d9ed1aa] |
|
|
* visudo.c: |
* visudo.c: |
Overhaul visudo for editing multiple files: o visudo has been | Overhaul visudo for editing multiple files: o visudo has been broken |
broken out into functions (more work needed here) o each file is | out into functions (more work needed here) o each file is now edited |
now edited before sudoers is re-parsed o if a #include line is | before sudoers is re-parsed o if a #include line is added that file |
added that file will be edited too | will be edited too |
|
|
TODO: o cleanup temp files when exiting via err() or errx() o |
TODO: o cleanup temp files when exiting via err() or errx() o |
continue breaking things out into separate functions |
continue breaking things out into separate functions |
Line 21011
|
Line 23034
|
|
|
* parse.c, parse.h, parse.lex, parse.yacc: |
* parse.c, parse.h, parse.lex, parse.yacc: |
More scaffolding for dealing with multiple sudoers files: o |
More scaffolding for dealing with multiple sudoers files: o |
init_parser() now takes a path used to populate the sudoers global | init_parser() now takes a path used to populate the sudoers global o |
o the sudoers global is used to print the correct file in yyerror() | the sudoers global is used to print the correct file in yyerror() o |
o when switching to a new sudoers file, perserve old file name and | when switching to a new sudoers file, perserve old file name and |
line number |
line number |
[d9be4970b8bd] |
[d9be4970b8bd] |
|
|
Line 21097
|
Line 23120
|
|
|
* getspwuid.c: |
* getspwuid.c: |
Add flag to sudo_pwdup that indicates whether or not to lookup the |
Add flag to sudo_pwdup that indicates whether or not to lookup the |
shadow password. Will be used to a struct passwd that has the | shadow password. Will be used to a struct passwd that has the shadow |
shadow password already filled in. | password already filled in. |
[e19d43dd7238] |
[e19d43dd7238] |
|
|
* mon_systrace.c: |
* mon_systrace.c: |
Line 21148
|
Line 23171
|
[1703fd2fdef6] |
[1703fd2fdef6] |
|
|
* mon_systrace.c: |
* mon_systrace.c: |
systrace(4) support for sudo. On systems with the systrace(4) | systrace(4) support for sudo. On systems with the systrace(4) kernel |
kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can | facility (OpenBSD, NetBSD, Linux w/ patches) sudo can intercept exec |
intercept exec calls and check the exec args against the sudoers | calls and check the exec args against the sudoers file. In other |
file. In other words, sudo can now control subcommands and shell | words, sudo can now control subcommands and shell escapes. |
escapes. | |
[928c9217c386] |
[928c9217c386] |
|
|
* sudo.c, sudo.h: |
* sudo.c, sudo.h: |
Line 22061
|
Line 24083
|
2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com> |
2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* INSTALL, README.LDAP, config.h.in, configure.in: |
* INSTALL, README.LDAP, config.h.in, configure.in: |
o --with-ldap now takes an optional dir as a parameter o added | o --with-ldap now takes an optional dir as a parameter o added check |
check for ldap_initialize() and start_tls_s() | for ldap_initialize() and start_tls_s() |
[2b846c7974c6] |
[2b846c7974c6] |
|
|
* README.LDAP: |
* README.LDAP: |
Line 22128
|
Line 24150
|
* parse.c: |
* parse.c: |
In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was |
In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was |
explicitly denied and the command matched. This fixes a long- |
explicitly denied and the command matched. This fixes a long- |
standing bug and makes: foo machine = (ALL) /usr/bin/blah | standing bug and makes: foo machine = (ALL) /usr/bin/blah foo |
foo machine = (!bar) /usr/bin/blah | machine = (!bar) /usr/bin/blah |
|
|
equivalent to: foo machine = (ALL, !bar) /usr/bin/blah |
equivalent to: foo machine = (ALL, !bar) /usr/bin/blah |
[2f5ee244985a] |
[2f5ee244985a] |
Line 22228
|
Line 24250
|
[6058c4cefcec] |
[6058c4cefcec] |
|
|
* set_perms.c, sudo.c, tgetpass.c, visudo.c: |
* set_perms.c, sudo.c, tgetpass.c, visudo.c: |
Preliminary changes to support nsr-tandem-nsk. Based on patches | Preliminary changes to support nsr-tandem-nsk. Based on patches from |
from Tom Bates. | Tom Bates. |
[2e5f81834383] |
[2e5f81834383] |
|
|
* logging.c: |
* logging.c: |
Preliminary changes to support nsr-tandem-nsk. Based on patches | Preliminary changes to support nsr-tandem-nsk. Based on patches from |
from Tom Bates. | Tom Bates. |
[934bbe6872b6] |
[934bbe6872b6] |
|
|
* check.c, compat.h: |
* check.c, compat.h: |
Preliminary changes to support nsr-tandem-nsk. Based on patches | Preliminary changes to support nsr-tandem-nsk. Based on patches from |
from Tom Bates. | Tom Bates. |
[390b698b5924] |
[390b698b5924] |
|
|
2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com> |
2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 22587
|
Line 24609
|
[773165eb6057] |
[773165eb6057] |
|
|
* visudo.c: |
* visudo.c: |
Use WIFEXITED and WEXITSTATUS macros. If there are systems out | Use WIFEXITED and WEXITSTATUS macros. If there are systems out there |
there that want to run sudo that still don't support these we can | that want to run sudo that still don't support these we can try to |
try to deal with that later. | deal with that later. |
[6af68e4aff60] |
[6af68e4aff60] |
|
|
* lex.yy.c: |
* lex.yy.c: |
Line 22623
|
Line 24645
|
* sudo.h: |
* sudo.h: |
Add a new flag, -e, that makes it possible to give users the ability |
Add a new flag, -e, that makes it possible to give users the ability |
to edit files with the editor of their choice as the invoking user, |
to edit files with the editor of their choice as the invoking user, |
not the runas user. Temporary files are used for the actual edit | not the runas user. Temporary files are used for the actual edit and |
and the temp file is copied over the original after the editor is | the temp file is copied over the original after the editor is done. |
done. | |
[c4051414c1f4] |
[c4051414c1f4] |
|
|
* Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c: |
* Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c: |
Add a new flag, -e, that makes it possible to give users the ability |
Add a new flag, -e, that makes it possible to give users the ability |
to edit files with the editor of their choice as the invoking user, |
to edit files with the editor of their choice as the invoking user, |
not the runas user. Temporary files are used for the actual edit | not the runas user. Temporary files are used for the actual edit and |
and the temp file is copied over the original after the editor is | the temp file is copied over the original after the editor is done. |
done. | |
[37ac05c8ac3c] |
[37ac05c8ac3c] |
|
|
* env.c, sudo.c: |
* env.c, sudo.c: |
If real uid == 0 and the SUDO_USER environment variables is set, use |
If real uid == 0 and the SUDO_USER environment variables is set, use |
that to determine the invoking user's true identity. That way the |
that to determine the invoking user's true identity. That way the |
proper info gets logged by someone who has done "sudo su" but still |
proper info gets logged by someone who has done "sudo su" but still |
uses sudo to as root. We can't do this for non-root users since | uses sudo to as root. We can't do this for non-root users since that |
that would open up a security hole, though perhaps it would be | would open up a security hole, though perhaps it would be acceptable |
acceptable to use getlogin(2) on OSes where this a system call (and | to use getlogin(2) on OSes where this a system call (and doesn't |
doesn't just look in the utmp file). | just look in the utmp file). |
[c2f9198708a1] |
[c2f9198708a1] |
|
|
* pathnames.h.in: |
* pathnames.h.in: |
Line 22692
|
Line 24712
|
2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* sudo.c: |
* sudo.c: |
Change euid to runas user before calling find_path(). | Change euid to runas user before calling find_path(). Unfortunately, |
Unfortunately, though runas_user can be modified in sudoers we | though runas_user can be modified in sudoers we haven't parsed |
haven't parsed sudoers yet. | sudoers yet. |
[f469fdf2e313] |
[f469fdf2e313] |
|
|
* sudoers.man.in, sudoers.pod: |
* sudoers.man.in, sudoers.pod: |
Line 22703
|
Line 24723
|
[f7bed6e909bf] |
[f7bed6e909bf] |
|
|
* sudo.c: |
* sudo.c: |
Fix a bug when set_runaspw() is used as a callback. We don't want | Fix a bug when set_runaspw() is used as a callback. We don't want to |
to reset the contents of runas_pw if the user specified a user via | reset the contents of runas_pw if the user specified a user via the |
the -u flag. | -u flag. |
|
|
Avoid unnecessary passwd lookups in set_authpw(). In most cases we |
Avoid unnecessary passwd lookups in set_authpw(). In most cases we |
already have the info in runas_pw. |
already have the info in runas_pw. |
Line 22730
|
Line 24750
|
[42aa37050053] |
[42aa37050053] |
|
|
* sudo.c: |
* sudo.c: |
Add set_runaspw() function to fill in runas_pw. This will be used | Add set_runaspw() function to fill in runas_pw. This will be used as |
as a callback to update runas_pw when the runas user changes. | a callback to update runas_pw when the runas user changes. |
[e570aa0088d0] |
[e570aa0088d0] |
|
|
* env.c, sudo.c: |
* env.c, sudo.c: |
Line 22947
|
Line 24967
|
Add support for preloading a shared object containing a dummy |
Add support for preloading a shared object containing a dummy |
execve() function that just sets error and returns -1. This adds a |
execve() function that just sets error and returns -1. This adds a |
"noexec_file" option to load the filename as well as a "noexec" flag |
"noexec_file" option to load the filename as well as a "noexec" flag |
to enable it unconditionally. There is also a NOEXEC tag that can | to enable it unconditionally. There is also a NOEXEC tag that can be |
be attached to specific commands and an EXEC tag to disable it. | attached to specific commands and an EXEC tag to disable it. |
[c8b6712feb91] |
[c8b6712feb91] |
|
|
* mkdefaults: |
* mkdefaults: |
Line 23085
|
Line 25105
|
|
|
* auth/pam.c: |
* auth/pam.c: |
Fix a core dump on Solaris by preserving the pam_handle_t we used |
Fix a core dump on Solaris by preserving the pam_handle_t we used |
during authentication for pam_prep_user(). If we didn't | during authentication for pam_prep_user(). If we didn't authenticate |
authenticate (ie: ticket still valid), we call pam_init() from | (ie: ticket still valid), we call pam_init() from pam_prep_user(). |
pam_prep_user(). This is something of a hack; it may be better to | This is something of a hack; it may be better to change the auth API |
change the auth API and add an auth_final() function that acts like | and add an auth_final() function that acts like pam_prep_user(). |
pam_prep_user(). | |
[f787de49b175] |
[f787de49b175] |
|
|
2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com> |
2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 23289
|
Line 25308
|
[aba0126f0059] |
[aba0126f0059] |
|
|
* auth/kerb5.c: |
* auth/kerb5.c: |
Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is | Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is no |
no longer defined by MIT kerb5 (though it used to be and indeed | longer defined by MIT kerb5 (though it used to be and indeed remains |
remains so in Heimdal). | so in Heimdal). |
[e5a6c64d7cd5] |
[e5a6c64d7cd5] |
|
|
2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com> |
2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 23834
|
Line 25853
|
[587f8a2df857] |
[587f8a2df857] |
|
|
* parse.lex: |
* parse.lex: |
Better fix for sudoers files w/o a newline before EOF. It looks | Better fix for sudoers files w/o a newline before EOF. It looks like |
like the issue is that yyrestart() does not reset the start | the issue is that yyrestart() does not reset the start condition to |
condition to INITIAL which is an issue since we parse sudoers | INITIAL which is an issue since we parse sudoers multiple times. |
multiple times. | |
[920f8326968a] |
[920f8326968a] |
|
|
2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com> |
2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 23851
|
Line 25869
|
|
|
* visudo.c: |
* visudo.c: |
o The parser needs sudoers to end with a newline but some editors |
o The parser needs sudoers to end with a newline but some editors |
(emacs) may not add one. Check for a missing newline at EOF and | (emacs) may not add one. Check for a missing newline at EOF and add |
add one if needed. o Set quiet flag during initial sudoers parse (to | one if needed. o Set quiet flag during initial sudoers parse (to get |
get options) o Move yyrestart() call and always use freopen() to | options) o Move yyrestart() call and always use freopen() to open |
open yyin after initial sudoers parse. | yyin after initial sudoers parse. |
[12d12f9b07aa] |
[12d12f9b07aa] |
|
|
2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com> |
2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 24071
|
Line 26089
|
|
|
* env.c: |
* env.c: |
Don't try to pre-compute the size of the new envp, just allocate |
Don't try to pre-compute the size of the new envp, just allocate |
space up front and realloc as needed. Changes to the new env | space up front and realloc as needed. Changes to the new env pointer |
pointer must all be made through insert_env() which now keeps track | must all be made through insert_env() which now keeps track of |
of spaced used and allocates as needed. | spaced used and allocates as needed. |
[39bc934a9f2c] |
[39bc934a9f2c] |
|
|
2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com> |
2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 24103
|
Line 26121
|
|
|
* check.c: |
* check.c: |
The the loop used to expand %h and %u, the lastchar variable was not |
The the loop used to expand %h and %u, the lastchar variable was not |
being initialized. This means that if the last char in the prompt | being initialized. This means that if the last char in the prompt is |
is '%' and the first char is 'h' or 'u' a extra copy of the host or | '%' and the first char is 'h' or 'u' a extra copy of the host or |
user name would be copied, for which space had not been allocated. |
user name would be copied, for which space had not been allocated. |
[b2e27197857d] |
[b2e27197857d] |
|
|
Line 24524
|
Line 26542
|
2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com> |
2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* Makefile.in: |
* Makefile.in: |
o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and | o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and -g |
-g to facilitate non-root installs | to facilitate non-root installs |
[619216038f56] |
[619216038f56] |
|
|
* install-sh: |
* install-sh: |
Line 24568
|
Line 26586
|
* auth/pam.c: |
* auth/pam.c: |
o Add pam_prep_user function to call pam_setcred() for the target |
o Add pam_prep_user function to call pam_setcred() for the target |
user; on Linux this often sets resource limits. o When calling |
user; on Linux this often sets resource limits. o When calling |
pam_end(), try to convert the auth->result to a PAM_FOO value. | pam_end(), try to convert the auth->result to a PAM_FOO value. This |
This is a hack--we really need to stash the last PAM_FOO value | is a hack--we really need to stash the last PAM_FOO value received |
received and use that instead. | and use that instead. |
[6ad6f340dd2a] |
[6ad6f340dd2a] |
|
|
* set_perms.c, sudo.h: |
* set_perms.c, sudo.h: |
Line 24776
|
Line 26794
|
[6fa41c89ab20] |
[6fa41c89ab20] |
|
|
* sudo.c: |
* sudo.c: |
XXX - should call find_path() as runas user, not root. Can't do | XXX - should call find_path() as runas user, not root. Can't do that |
that until the parser changes though. | until the parser changes though. |
[f0b4f85651bd] |
[f0b4f85651bd] |
|
|
* sudo.c: |
* sudo.c: |
Line 25034
|
Line 27052
|
|
|
* parse.lex: |
* parse.lex: |
o Use exclusive start conditions to remove some ambiguity in the |
o Use exclusive start conditions to remove some ambiguity in the |
lexer. Also reorder some things for clarity. o Add support for | lexer. Also reorder some things for clarity. o Add support for "+=" |
"+=" and "-=" list operators. o Use the new DEFVAR token to denote | and "-=" list operators. o Use the new DEFVAR token to denote a |
a Defaults variable name. | Defaults variable name. |
[3a2cf8323e26] |
[3a2cf8323e26] |
|
|
* sudo.h: |
* sudo.h: |
Line 25044
|
Line 27062
|
[b74916469dab] |
[b74916469dab] |
|
|
* env.c: |
* env.c: |
o Convert environment handling to use lists instead of strings. | o Convert environment handling to use lists instead of strings. This |
This greatly simplifies routines that need to do "foreach" type | greatly simplifies routines that need to do "foreach" type |
operations. o Add new init_envtables() function to set env_check | operations. o Add new init_envtables() function to set env_check and |
and env_delete defaults based on initial_badenv_table and | env_delete defaults based on initial_badenv_table and |
initial_checkenv_table (formerly sudo_badenv_table). |
initial_checkenv_table (formerly sudo_badenv_table). |
[0a8b404658b6] |
[0a8b404658b6] |
|
|
* defaults.c, defaults.h: |
* defaults.c, defaults.h: |
o Add a new LIST type and functions to manipulate it. o This is for |
o Add a new LIST type and functions to manipulate it. o This is for |
use with environment handling variables. o Call new | use with environment handling variables. o Call new init_envtables() |
init_envtables() routine inside init_defaults() to initialize the | routine inside init_defaults() to initialize the environment lists. |
environment lists. | |
[ae73e64f0902] |
[ae73e64f0902] |
|
|
* def_data.c, def_data.h, def_data.in: |
* def_data.c, def_data.h, def_data.in: |
Line 25375
|
Line 27392
|
|
|
* check.c: |
* check.c: |
Use stashed user_gid when checking against exempt gid since sudo |
Use stashed user_gid when checking against exempt gid since sudo |
sets its gid to a a value that makes sudoers readable. Previously | sets its gid to a a value that makes sudoers readable. Previously if |
if you used gid 0 as the exempt group everyone would be exempt. From | you used gid 0 as the exempt group everyone would be exempt. From |
Paul Kranenburg <pk@cs.few.eur.nl> |
Paul Kranenburg <pk@cs.few.eur.nl> |
[0b140cc3a817] |
[0b140cc3a817] |
|
|
Line 25421
|
Line 27438
|
2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com> |
2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* visudo.c: |
* visudo.c: |
Block all signals in Exit() to avoid a signal race. There is still | Block all signals in Exit() to avoid a signal race. There is still a |
a tiny window but I'm not going to worry about it. | tiny window but I'm not going to worry about it. |
[6661805c0458] |
[6661805c0458] |
|
|
2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com> |
2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 25862
|
Line 27879
|
2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com> |
2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* sudo.c: |
* sudo.c: |
Fix -H flag. runas_homedir is only valid after | Fix -H flag. runas_homedir is only valid after set_perms(PERM_RUNAS, |
set_perms(PERM_RUNAS, mode) | mode) |
[ce9b1c6f68a6] |
[ce9b1c6f68a6] |
|
|
2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com> |
2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 25913
|
Line 27930
|
sensible error if it does not exist. |
sensible error if it does not exist. |
|
|
The path to the editor for visudo is now a colon-separated list of |
The path to the editor for visudo is now a colon-separated list of |
allowable editors. If the user has $EDITOR set and it matches one | allowable editors. If the user has $EDITOR set and it matches one of |
of the allowed editors that editor will be used. If not, the first | the allowed editors that editor will be used. If not, the first |
editor in the list that actually exists is used. |
editor in the list that actually exists is used. |
[cc86eb9f5440] |
[cc86eb9f5440] |
|
|
Line 26372
|
Line 28389
|
[055fa61a7c61] |
[055fa61a7c61] |
|
|
* INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod: |
* INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod: |
Add 'shell_noargs' runtime option back in. We have to defer | Add 'shell_noargs' runtime option back in. We have to defer checking |
checking until after the sudoers file has been parsed but since | until after the sudoers file has been parsed but since there are now |
there are now other options that operate that way this one can too. | other options that operate that way this one can too. Based on a |
Based on a patch from bguillory@email.com. | patch from bguillory@email.com. |
[231db7a007a6] |
[231db7a007a6] |
|
|
* defaults.c, defaults.h, parse.c, sudo.c, sudo.h: |
* defaults.c, defaults.h, parse.c, sudo.c, sudo.h: |
Line 26500
|
Line 28517
|
* CHANGES, parse.yacc, sudo.tab.c: |
* CHANGES, parse.yacc, sudo.tab.c: |
fix parsing of runas lists: o oprunasuser and runaslist now return a |
fix parsing of runas lists: o oprunasuser and runaslist now return a |
value o in a runasspec, if a runaslist does not return TRUE, set |
value o in a runasspec, if a runaslist does not return TRUE, set |
runas_matches to FALSE. Normally, a runaslist only returns FALSE | runas_matches to FALSE. Normally, a runaslist only returns FALSE for |
for explicitly denied users. o since runaslist does not modify the | explicitly denied users. o since runaslist does not modify the stack |
stack there is no need for a push/pop in runasalias. | there is no need for a push/pop in runasalias. |
[82b305b34a8c] |
[82b305b34a8c] |
|
|
* check.c, sudo.c: |
* check.c, sudo.c: |
Line 26527
|
Line 28544
|
o Kill shell_noargs option, it cannot work since the command needs |
o Kill shell_noargs option, it cannot work since the command needs |
to be set before sudoers is parsed. o Fix the "set_home" sudoers |
to be set before sudoers is parsed. o Fix the "set_home" sudoers |
option (only worked at compile time). o Fix "fqdn" sudoers option. |
option (only worked at compile time). o Fix "fqdn" sudoers option. |
We now set host/shost via set_fqdn which gets called when the | We now set host/shost via set_fqdn which gets called when the "fqdn" |
"fqdn" option is set in sudoers. o Move the openlog() to | option is set in sudoers. o Move the openlog() to store_syslogfac() |
store_syslogfac() so this gets overridden correctly from the | so this gets overridden correctly from the sudoers file. |
sudoers file. | |
[3dca861f0f5d] |
[3dca861f0f5d] |
|
|
* auth/securid.c: |
* auth/securid.c: |
Line 26661
|
Line 28677
|
|
|
* lex.yy.c, parse.lex: |
* lex.yy.c, parse.lex: |
Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c |
Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c |
since it might not get called in yywrap if we get a parse error | since it might not get called in yywrap if we get a parse error (and |
(and we only reread the file on error anyway). | we only reread the file on error anyway). |
[37f4b449e28e] |
[37f4b449e28e] |
|
|
* lex.yy.c, parse.lex: |
* lex.yy.c, parse.lex: |
Line 26745
|
Line 28761
|
[e3ed0c1f312b] |
[e3ed0c1f312b] |
|
|
* logging.h: |
* logging.h: |
Fix compilation problem when --with-logging=file was specified. | Fix compilation problem when --with-logging=file was specified. This |
This means that syslog is now required to build sudo but that should | means that syslog is now required to build sudo but that should not |
not be a problem. If it is it can be fixed trivially with a | be a problem. If it is it can be fixed trivially with a configure |
configure check for syslog() or syslog.h. | check for syslog() or syslog.h. |
[839a4b069190] |
[839a4b069190] |
|
|
* tgetpass.c: |
* tgetpass.c: |
Line 26770
|
Line 28786
|
1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com> |
1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* defaults.c: |
* defaults.c: |
Error out if syslog parameters are given without a value. For | Error out if syslog parameters are given without a value. For Ultrix |
Ultrix or 4.2BSD "syslog" is allowed without a value since there are | or 4.2BSD "syslog" is allowed without a value since there are no |
no facilities in the 4.2BSD syslog. | facilities in the 4.2BSD syslog. |
[69e7a686f5f0] |
[69e7a686f5f0] |
|
|
1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com> |
1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 26878
|
Line 28894
|
getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c: |
getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c: |
o Change defaults stuff to put the value right in the struct. o |
o Change defaults stuff to put the value right in the struct. o |
Implement mailer_flags o Store syslog stuff both in int and string |
Implement mailer_flags o Store syslog stuff both in int and string |
form. Setting the string form magically updates the int version. | form. Setting the string form magically updates the int version. o |
o Add boolean attribute to strings where it makes sense to say !foo | Add boolean attribute to strings where it makes sense to say !foo |
[4698953f9a36] |
[4698953f9a36] |
|
|
* tgetpass.c: |
* tgetpass.c: |
Line 27189
|
Line 29205
|
|
|
* parse.h, parse.yacc, sudo.tab.c, sudo.tab.h: |
* parse.h, parse.yacc, sudo.tab.c, sudo.tab.h: |
In "sudo -l" mode, the type of the stored (expanded) alias was not |
In "sudo -l" mode, the type of the stored (expanded) alias was not |
stored with the contents. This could lead to incorrect output if | stored with the contents. This could lead to incorrect output if the |
the sudoers file had different alias types with the same name. | sudoers file had different alias types with the same name. Normal |
Normal parsing (ie: not in '-l' mode) is unaffected. | parsing (ie: not in '-l' mode) is unaffected. |
[823fe2bc4b79] |
[823fe2bc4b79] |
|
|
1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com> |
1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 27373
|
Line 29389
|
* INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure, |
* INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure, |
configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c, |
configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c, |
visudo.c: |
visudo.c: |
o Add a "pedentic" flag to the parser. This makes sudo warn in | o Add a "pedentic" flag to the parser. This makes sudo warn in cases |
cases where an alias may be used before it is defined. Only turned | where an alias may be used before it is defined. Only turned on for |
on for visudo and testsudoers. o Add --disable-authentication option | visudo and testsudoers. o Add --disable-authentication option that |
that makes sudo not require authentication by default. The PASSWD | makes sudo not require authentication by default. The PASSWD tag can |
tag can be used to require authentication for an entry. We no | be used to require authentication for an entry. We no longer |
longer overload --without-passwd. | overload --without-passwd. |
[f307e09adf98] |
[f307e09adf98] |
|
|
* lex.yy.c, parse.lex: |
* lex.yy.c, parse.lex: |
Line 27444
|
Line 29460
|
version.c, visudo.c: |
version.c, visudo.c: |
o Move lock_file() and touch() into fileops.c so visudo can use them |
o Move lock_file() and touch() into fileops.c so visudo can use them |
o Visudo now locks the sudoers temp file instead of bailing when the |
o Visudo now locks the sudoers temp file instead of bailing when the |
temp file already exists. This fixes the problem of stale temp | temp file already exists. This fixes the problem of stale temp files |
files but it does *require* that you not try to put the temp file in | but it does *require* that you not try to put the temp file in a |
a world-writable directory. This shoud not be an issue as the temp | world-writable directory. This shoud not be an issue as the temp |
file should live in the same dir as sudoers. o Visudo now only |
file should live in the same dir as sudoers. o Visudo now only |
installs the temp file as sudoers if it changed. |
installs the temp file as sudoers if it changed. |
[2517cd06c070] |
[2517cd06c070] |
Line 27535
|
Line 29551
|
o Add '!' correctly when expanding Aliases. o Add shortcut macros |
o Add '!' correctly when expanding Aliases. o Add shortcut macros |
for append() to make things more readable. o The separator in |
for append() to make things more readable. o The separator in |
append() is now a string instead of a char. o In append(), only |
append() is now a string instead of a char. o In append(), only |
prepend the separator if the last char is not a '!'. This is a | prepend the separator if the last char is not a '!'. This is a hack |
hack but it greatly simplifies '!' handling. o In -l mode, Runas | but it greatly simplifies '!' handling. o In -l mode, Runas lists |
lists and NOPASSWD/PASSWD tags are now inherited across entries in | and NOPASSWD/PASSWD tags are now inherited across entries in a list |
a list (matches current behavior). o Fix formatting in -l mode such | (matches current behavior). o Fix formatting in -l mode such that |
that items in a list are separated by a space. Greatlt improves | items in a list are separated by a space. Greatlt improves |
readability. o Space for name field in struct aliasinfo is now |
readability. o Space for name field in struct aliasinfo is now |
allocated dyanically instead of using a (big) buffer. o In |
allocated dyanically instead of using a (big) buffer. o In |
add_alias(), only search the list once (lsearch instead of lfind + |
add_alias(), only search the list once (lsearch instead of lfind + |
Line 27560
|
Line 29576
|
set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since |
set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since |
it gets fill()'d in parse.lex--fixes a small memory leak. In the |
it gets fill()'d in parse.lex--fixes a small memory leak. In the |
long run it may be better to just fix parse.lex and make ALL back |
long run it may be better to just fix parse.lex and make ALL back |
into a token. However, having it be a string is useful since it | into a token. However, having it be a string is useful since it can |
can be easily passed back to the parent rule if we so desire. | be easily passed back to the parent rule if we so desire. |
[b3c64b443018] |
[b3c64b443018] |
|
|
* parse.lex: |
* parse.lex: |
Line 27823
|
Line 29839
|
[db48202df1bb] |
[db48202df1bb] |
|
|
* Makefile.in: |
* Makefile.in: |
BSD-style copyright. Update to reflect reality wrt new files and | BSD-style copyright. Update to reflect reality wrt new files and new |
new auth modules. | auth modules. |
[61a2ca7940fb] |
[61a2ca7940fb] |
|
|
* INSTALL: |
* INSTALL: |
Line 27862
|
Line 29878
|
user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible |
user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible |
to mix tty and non-tty based ticket schemes but this may change in |
to mix tty and non-tty based ticket schemes but this may change in |
the future (it requires sudo to use a directory instead of a file in |
the future (it requires sudo to use a directory instead of a file in |
the non-tty case). Also, ``sudo -k'' now sets the ticket back to | the non-tty case). Also, ``sudo -k'' now sets the ticket back to the |
the epoch and ``sudo -K'' really deletes the file. That way you | epoch and ``sudo -K'' really deletes the file. That way you don't |
don't get the lecture again just because you killed your ticket in | get the lecture again just because you killed your ticket in |
.logout. BSD-style copyright now. |
.logout. BSD-style copyright now. |
[ec3460f85be8] |
[ec3460f85be8] |
|
|
Line 28117
|
Line 30133
|
parse.yacc, sudo.c, sudo.tab.c, tgetpass.c: |
parse.yacc, sudo.c, sudo.tab.c, tgetpass.c: |
o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It |
o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It |
turns out the old DES crypt does the right thing with passwords |
turns out the old DES crypt does the right thing with passwords |
longert than 8 characters. o Fix common typo (necesary -> | longert than 8 characters. o Fix common typo (necesary -> necessary) |
necessary) o Update TODO list | o Update TODO list |
[ad75007a6f13] |
[ad75007a6f13] |
|
|
1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com> |
1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 28429
|
Line 30445
|
1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com> |
1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* CHANGES, lex.yy.c, parse.lex: |
* CHANGES, lex.yy.c, parse.lex: |
Fix a bug wrt quoting characters in command args. Stop processing | Fix a bug wrt quoting characters in command args. Stop processing an |
an arg when you hit a backslash so the quoted-character detection | arg when you hit a backslash so the quoted-character detection can |
can catch it. | catch it. |
[2281438d7f41] |
[2281438d7f41] |
|
|
1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com> |
1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 28518
|
Line 30534
|
|
|
* check.c, sudo.h: |
* check.c, sudo.h: |
If the user enters an empty password and really has no password, |
If the user enters an empty password and really has no password, |
accept the empty password they entered. Perviously, they could | accept the empty password they entered. Perviously, they could enter |
enter anything | anything |
*but* an empty password. Also, add GETPASS macro that calls either |
*but* an empty password. Also, add GETPASS macro that calls either |
tgetpass() or getpass() depending on how sudo was configured. |
tgetpass() or getpass() depending on how sudo was configured. |
Problem noted by jdg@maths.qmw.ac.uk |
Problem noted by jdg@maths.qmw.ac.uk |
Line 31558
|
Line 33574
|
|
|
* sudo.h: |
* sudo.h: |
added support for NO_PASSWD and runas from garp@opustel.com replaced |
added support for NO_PASSWD and runas from garp@opustel.com replaced |
SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support | SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro |
fro SUDOERS_MODE | SUDOERS_MODE |
[cea6f26679b7] |
[cea6f26679b7] |
|
|
* sudo.c: |
* sudo.c: |
Line 34204
|
Line 36220
|
[044023063eca] |
[044023063eca] |
|
|
* aclocal.m4: |
* aclocal.m4: |
OS was being set to unknown before non-uname based host checks. | OS was being set to unknown before non-uname based host checks. This |
This caused no checks to happen since $OS was not zero-length. | caused no checks to happen since $OS was not zero-length. |
[335a7267479d] |
[335a7267479d] |
|
|
* sudo.c: |
* sudo.c: |
Line 34674
|
Line 36690
|
[1194d01fa5c5] |
[1194d01fa5c5] |
|
|
* visudo.c: |
* visudo.c: |
whatnow_help was prototyped to be static be was not declared as | whatnow_help was prototyped to be static be was not declared as such |
such | |
[0f85489dd426] |
[0f85489dd426] |
|
|
* configure.in: |
* configure.in: |
Line 36815
|
Line 38830
|
[34331c7dee90] |
[34331c7dee90] |
|
|
* logging.c: |
* logging.c: |
split long log lines. FOr syslog, split into multiple entries, for | split long log lines. FOr syslog, split into multiple entries, for a |
a log file, indent the extra for readability | log file, indent the extra for readability |
[72c9e4cdba6e] |
[72c9e4cdba6e] |
|
|
1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com> |
1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com> |
Line 36838
|
Line 38853
|
1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com> |
1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com> |
|
|
* sudo.c: |
* sudo.c: |
added rmenv() to remove stuff from environ. can now uses execvp() | added rmenv() to remove stuff from environ. can now uses execvp() OR |
OR execve() becuase of this. | execve() becuase of this. |
[e7fc2535bd67] |
[e7fc2535bd67] |
|
|
* logging.c: |
* logging.c: |
Line 37137
|
Line 39152
|
[5c4bf716de21] |
[5c4bf716de21] |
|
|
* check.c, find_path.c, parse.c, sudo.c: |
* check.c, find_path.c, parse.c, sudo.c: |
added patches from John_Rouillard directory spec | added patches from John_Rouillard directory spec uses EDITOR |
uses EDITOR | |
[f62a435f8c41] |
[f62a435f8c41] |
|
|
1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com> |
1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com> |