Annotation of embedaddon/sudo/ChangeLog, revision 1.1.1.1
1.1 misho 1: 2012-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
2:
3: * src/sudo.c:
4: Fixed a format string vulnerability when the sudo binary (or a
5: symbolic link to the sudo binary) contains printf format escapes
6: and the -D (debugging) flag is used.
7:
8: 2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
9:
10: * sudo.pp:
11: Include parent directories in case they don't already exist. This
12: fixes a directory permissions problem with the AIX package when the
13: /usr/local directories don't already exist.
14:
15: 2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
16:
17: * plugins/sudoers/Makefile.in:
18: check_addr needs to link with the network libraries on Solaris
19: [322bd70e316e]
20:
21: * plugins/sudoers/match.c:
22: When matching a RunasAlias for a runas group, pass the alias in as
23: the group_list, not the user_list. From Daniel Kopecek.
24: [766545edf141]
25:
26: * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
27: We need to init the auth system regardless of whether we need a
28: password since we will be closing the PAM session in the monitor
29: process. Fixes a crash in the monitor on Solaris; bugzilla #518
30: [e82809f86fb3]
31:
32: 2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
33:
34: * .hgtags:
35: Added tag SUDO_1_8_3 for changeset 82bec4d3a203
36: [6c953ef6f577] <1.8>
37:
38: * Update Japanese sudoers translation from translationproject.org
39: [82bec4d3a203] [SUDO_1_8_3] <1.8>
40:
41: 2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
42:
43: * configure, configure.in:
44: Override and ignore the --disable-static option. Sudo already runs
45: libtool with -tag=disable-static where applicable and we need non-
46: PIC objects to build the executables.
47: [dff177464029] <1.8>
48:
49: 2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
50:
51: * NEWS:
52: Add sudoedit fix
53: [3238dc7e4fb2] <1.8>
54:
55: * plugins/sudoers/po/sudoers.pot:
56: regen pot files
57: [7981d6cbf1ab] <1.8>
58:
59: * Ignore set_logname (which is now the default) for sudoedit since we
60: want the LOGNAME, USER and USERNAME environment variables to refer
61: to the calling user since that is who the editor runs as. This
62: allows the editor to find the user's startup files. Fixes bugzilla
63: #515
64: [3b9486e5fddb] <1.8>
65:
66: * Instead of trying to grow the buffer in make_grlist_item(), simply
67: increase the total length, free the old buffer and allocate a new
68: one. This is less error prone and saves us from having to adjust
69: all the pointers in the buffer. This code path is only taken when
70: there are groups longer than the length of the user field in struct
71: utmp or utmpx, which should be quite rare.
72: [cb7c5ac834b5] <1.8>
73:
74: * Add Italian translation for sudo from translationproject.org
75: [c7876fccbc38] <1.8>
76:
77: * NEWS:
78: Japanese translation for sudo and sudoers from
79: translationproject.org
80: [9945a3ef7ff7] <1.8>
81:
82: 2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
83:
84: * sudoreplay depends on timestr.lo too; from Mike Frysinger
85: [ad9ae493205f] <1.8>
86:
87: 2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
88:
89: * plugins/sudoers/po/sudoers.pot:
90: Regen sudoers pot file.
91: [2c4d99361994] <1.8>
92:
93: * NEWS:
94: Update with latest sudo 1.8.3 news
95: [4e7f59d339d4] <1.8>
96:
97: * ldap_start_tls_s() on Debian (at least) sets the effective and saved
98: uids to the same value as the real uid. This prevents sudo from
99: setting the uid or gid later on. As a workaround, we now set perms
100: to root during sudoers_policy_open().
101: [eb4c4f15833a] <1.8>
102:
103: * Better warning message on setuid() failure for the setreuid()
104: version of set_perms().
105: [308c72f601e4] <1.8>
106:
107: 2011-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
108:
109: * NEWS:
110: Combine new translations in NEWS item
111: [0aa07471a5e6] <1.8>
112:
113: 2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
114:
115: * Delref auth_pw at the end of check_user() instead of getting a ref
116: twice.
117: [1c882f2fb46c] <1.8>
118:
119: * Make sudo_auth_{init,cleanup} return TRUE on success and check for
120: sudo_auth_init() return value in check_user().
121: [573bf35ecac9] <1.8>
122:
123: * Do not return without restoring permissions.
124: [2444a0b96469] <1.8>
125:
126: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
127: regen pot files
128: [d286bce8dbb1] <1.8>
129:
130: * NEWS:
131: Update for latest release candidate
132: [63d184ba6263] <1.8>
133:
134: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
135: regen pot files
136: [ac3ec1315df7] <1.8>
137:
138: * Modify the authentication API such that the init and cleanup
139: functions are always called, regardless of whether or not we are
140: going to verify a password. This is needed for proper PAM session
141: support.
142: [ea281ca46d94] <1.8>
143:
144: * Add missing dependency for getspwgen other depends.
145: [9c124272910d] <1.8>
146:
147: * Fix a PAM_USER mismatch in session open/close. We update PAM_USER
148: to the target user immediately before setting resource limits, which
149: is after the monitor process has forked (so it has the old value).
150: Also, if the user did not authenticate, there is no pamh in the
151: monitor so we need to init pam here too. This means we end up
152: calling pam_start() twice, which should be fixed, but at least the
153: session is always properly closed now.
154: [d0866ee5f190] <1.8>
155:
156: * Add check for old being NULL in utmp_setid(); from Steven McDonald
157: [30cc283ac2b4] <1.8>
158:
159: 2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
160:
161: * If the invoking user cannot be resolved by uid fake the struct
162: passwd and store it in the cache so we can delref it on exit.
163: [19d44f44d45d] <1.8>
164:
165: 2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
166:
167: * Don't error out if the group plugin cannot be loaded, just warn.
168: [e91d9912c9a0] <1.8>
169:
170: 2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
171:
172: * Quiet a false positive found by several static analysis tools. These
173: tools don't know that log_error() does not return (it longjmps to
174: error_jmp which returns to the sudo front-end).
175: [3cc319e31ed6] <1.8>
176:
177: 2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
178:
179: * Add Italian translation for sudo from translationproject.org Regen
180: .mo files
181: [c0b27f9d7e57] <1.8>
182:
183: * .hgtags:
184: Added tag SUDO_1_8_2 for changeset 3682e51af1d0
185: [f0be566e9ea2] <1.8>
186:
187: 2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
188:
189: * Update to current reality and add bit about ssh auth
190: [48dcb86ce9be] <1.8>
191:
192: * Make "verbose" static; fixes a namespace clash with
193: pam_ssh_agent_auth (and it doesn't need to be extern these days).
194: [b60fdd82de94] <1.8>
195:
196: * configure, configure.in:
197: FreeBSD has libutil.h not util.h
198: [c03b121e0193] <1.8>
199:
200: * configure, configure.in:
201: Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD
202: [002e3e0bb173] <1.8>
203:
204: * Update po files from translationproject.org
205: [2b36af902213] <1.8>
206:
207: 2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
208:
209: * NEWS:
210: Mention DEREF support
211: [dfeb152f1686] <1.8>
212:
213: * plugins/sudoers/po/sudoers.pot:
214: sync pot files
215: [1fba22e927a3] <1.8>
216:
217: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
218: Add support for DEREF in ldap.conf.
219: [fe1cf6ad0add] <1.8>
220:
221: * Makefile.in:
222: install target should depend on ChangeLog too, not just install-doc
223: [f54e2ab633b8] <1.8>
224:
225: * NEWS, configure.in, doc/sudoers.cat, doc/sudoers.man.in:
226: Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
227: [44a25099594e] <1.8>
228:
229: * configure.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
230: regen pot files
231: [e14ee85cf49b] <1.8>
232:
233: * configure, configure.in:
234: Fix some square brackets in case statements that needed to be
235: doubled up. While here, use $OSMAJOR when it makes sense.
236: [853c6e5f994c] <1.8>
237:
238: * Fix a crash in make_grlist_item() on 64-bit machines with strict
239: alignment.
240: [e877c89ae32f] <1.8>
241:
242: * Remove list_options() function that is no longer used now that "sudo
243: -L" is gone.
244: [f31543c80b98] <1.8>
245:
246: * configure, configure.in:
247: Error message if user tries --with-CC
248: [0ed7558b8924] <1.8>
249:
250: * configure, configure.in:
251: Check for -libmldap too when looking for ldap libs, which is the
252: Tivoli Directory Server client library.
253: [831e32d1453c] <1.8>
254:
255: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
256: regen pot files for 1.8.3
257: [df2fb085cff2] <1.8>
258:
259: * NEWS, configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
260: doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
261: doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
262: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
263: doc/visudo.man.in:
264: Update for version 1.8.3
265: [38cf153add0a] <1.8>
266:
267: 2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
268:
269: * Honor NOPASSWD tag for denied commands too.
270: [f473c443ad54] <1.8>
271:
272: * INSTALL, configure, configure.in:
273: Remove --with-CC option; it doesn't work correctly now that we use
274: libtool. Users can get the same effect by setting the CC
275: environment variable when running configure.
276: [4f04869d74fd] <1.8>
277:
278: 2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
279:
280: * configure, configure.in:
281: Assume all modern systems support fstat(2).
282: [0422b19dced3] <1.8>
283:
284: 2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
285:
286: * configure, configure.in:
287: Add configure test for missing errno declaration and only declare it
288: ourselves if it is missing.
289: [6d26974f7e16] <1.8>
290:
291: * Include errno.h before sudo.h to avoid conflicting with the system
292: definition of errno.
293: [8000bdc0968f] <1.8>
294:
295: 2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
296:
297: * Only print individual check status when there is a failure.
298: [bbdd669e7615] <1.8>
299:
300: * Add calls to setprogname() for test programs.
301: [c721f3466a3a] <1.8>
302:
303: * configure, configure.in:
304: Add -Wall and -Werror after all tests so they don't cause failures.
305: [20d75ce40086] <1.8>
306:
307: * Actually run check_addr in the check target
308: [dcd96ef0dc57] <1.8>
309:
310: * Split out address matching into its own file and add regression
311: tests for it.
312: [863f28589c24] <1.8>
313:
314: 2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
315:
316: * Fix matching a network number with netmask when the network number
317: is not the first address in the CIDR block.
318: [719942c986e9] <1.8>
319:
320: 2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
321:
322: * Don't assume all editors support the +linenumber command line
323: argument, use a whitelist of known good editors.
324: [d8d884af3b05] <1.8>
325:
326: 2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
327:
328: * Silence compiler warnings on Solaris with gcc 3.4.3
329: [8047cdb5d6a1] <1.8>
330:
331: * Fix building on RHEL 3
332: [6bb0464a7450] <1.8>
333:
334: * INSTALL, configure, configure.in:
335: Add --enable-werror configure option.
336: [aa40fd459836] <1.8>
337:
338: * setgroups() proto lives in grp.h on RHEL4, perhaps others.
339: [92f98cbaebf0] <1.8>
340:
341: * configure, configure.in:
342: Use PAM by default on AIX 6 and higher.
343: [7ef53d5ac819] <1.8>
344:
345: 2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
346:
347: * Add new Esperanto translation from translationproject.org
348: [109ed683b885] <1.8>
349:
350: 2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
351:
352: * Quiet an innocuous valgrind warning.
353: [fc453e49f9dd] <1.8>
354:
355: 2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
356:
357: * Fix expansion of strftime() escapes in log_dir and add a regress
358: test that exhibited the problem.
359: [784e60d21f11] <1.8>
360:
361: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
362: Fix "make check" return value.
363: [d3608efd8da6] <1.8>
364:
365: 2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
366:
367: * plugins/sudoers/po/sudoers.pot:
368: Regen pot files
369: [3682e51af1d0] [SUDO_1_8_2] <1.8>
370:
371: * Makefile.in:
372: Fix logic inversion in pot file up to date check.
373: [343dbbca9422] <1.8>
374:
375: * doc/sudo.cat, doc/sudo.man.in, doc/sudoers.cat,
376: doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
377: doc/visudo.cat, doc/visudo.man.in:
378: regen docs
379: [96234478bde2] <1.8>
380:
381: 2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
382:
383: * configure, configure.in:
384: Add caching for gettext() checks.
385: [4039d21424c3] <1.8>
386:
387: * configure, configure.in:
388: Better handling of libintl header and library mismatch.
389: [cc9faee8e486] <1.8>
390:
391: 2011-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
392:
393: * NEWS:
394: sync
395: [73649a44d934] <1.8>
396:
397: 2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
398:
399: * Also check sudoers gid if sudoers is group writable.
400: [3d345347f6ac] <1.8>
401:
402: * NEWS:
403: Update for 1.8.2 final
404: [441c22fea363] <1.8>
405:
406: 2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
407:
408: * configure, configure.in:
409: If dlopen is present but libtool doesn't find it, error out since it
410: probably means that libtool doesn't support the system.
411: [6fc7c0de4f6d] <1.8>
412:
413: * configure args on the command line should override builtin defaults.
414: Disable NLS for non-Linux/Solaris unless explicitly enabled.
415: [0ef165f892c2] <1.8>
416:
417: * Fix loop that calls authenticate(). If there was an error message
418: from authenticate(), display it.
419: [f0686011ff2e] <1.8>
420:
421: 2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
422:
423: * configure, configure.in:
424: Update to autoconf 2.68 and libtool 2.4
425: [00df5f3647e1] <1.8>
426:
427: * Fix typo; OPT should be OTP
428: [31da1f989740] <1.8>
429:
430: * Rename libsudoers convenience library to libparsesudoers to avoid
431: libtool confusion.
432: [e9ae9d611dd5] <1.8>
433:
434: 2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
435:
436: * Add Danish sudoers translation from translationproject.org
437: [fa9cd9758249] <1.8>
438:
439: * Add dedicated callback function for runas_default sudoers setting
440: that only sets runas_pw if no runas user or group was specified by
441: the user.
442: [3fb4b18525de] <1.8>
443:
444: 2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
445:
446: * Update Finish, Polish, Russian and Ukrainian translations from
447: translationproject.org.
448: [0fcd8f6aff0a] <1.8>
449:
450: * Makefile.in:
451: Go back to using a callback for runas_default to keep runas_pw in
452: sync. This is needed to make per-entry runas_default settings work
453: with LDAP-based sudoers. Instead of declaring it a callback in
454: def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
455: bit naughty, but avoids requiring stub functions in visudo and the
456: tests.
457: [4e8e70832f06] <1.8>
458:
459: 2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
460:
461: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
462: Regen pot files
463: [ca5c58c599a6] <1.8>
464:
465: * Makefile.in:
466: Add check for out of date message catalogs when doing "make dist".
467: [36414e5c762b] <1.8>
468:
469: 2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
470:
471: * configure, configure.in:
472: Make sure compiler supports static-libgcc before using it.
473: [6c98e8809291] <1.8>
474:
475: 2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
476:
477: * Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
478: [a0a3a3fa6470] <1.8>
479:
480: 2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
481:
482: * Add new Russian sudo translation from translationproject.org and
483: rebuild the other translation files.
484: [e953d7d1ca6d] <1.8>
485:
486: 2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
487:
488: * Update Finish and Polish translations from translationproject.org
489: [17e408d73c85] <1.8>
490:
491: * Go back to escaping the command args for "sudo -i" and "sudo -s"
492: before calling the plugin. Otherwise, spaces in the command args
493: are not treated properly. The sudoers plugin will unescape non-
494: spaces to make matching easier.
495: [f666191a4e80] <1.8>
496:
497: 2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
498:
499: * Fix some potential problems found by the clang static analyzer, none
500: serious.
501: [c1ab4b940980] <1.8>
502:
503: * Updated Ukranian and Chinese (simplified) po files from
504: translationproject.org
505: [792a66672715] <1.8>
506:
507: 2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
508:
509: * Updated Polish translation from translationproject.org
510: [5f434cc04482] <1.8>
511:
512: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
513: Rebuild pot files
514: [639230dbd741] <1.8>
515:
516: * Don't try to audit failure if the runas user does not exist. We
517: don't have the user's command at this point so there is nothing to
518: audit. Add a NULL check in audit_success() and audit_failure() just
519: to be on the safe side.
520: [2bfb96a32b00] <1.8>
521:
522: * Add -g to CFLAG for PIE builds.
523: [e4c94977ca4e] <1.8>
524:
525: 2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
526:
527: * Remove fallback to per-group lookup when matching groups in sudoers.
528: The sudo front-end will now use getgrouplist() to get the user's
529: list of groups if getgroups() fails or returns zero groups so we
530: always have a list of the user's groups. For systems with
531: mbr_check_membership() which support more that NGROUPS_MAX groups
532: (Mac OS X), skip the call to getgroups() and use getgrouplist() so
533: we get all the groups.
534: [168d6d4a386b] <1.8>
535:
536: 2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
537:
538: * Fix setgroups() fallback code on EINVAL.
539: [dd1310945ab3] <1.8>
540:
541: * Fix two PERM_INITIAL cases that were still using user_gids.
542: [d497d0d47a23] <1.8>
543:
544: * Add Polish sudo message catalog
545: [1a0aa3f9f179] <1.8>
546:
547: * user_group is no longer used, remove it
548: [379185a76094] <1.8>
549:
550: 2011-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
551:
552: * Add Polish translation from translationproject.org
553: [2e7cdfe4ef41] <1.8>
554:
555: * Add a wrapper for setgroups() that trims off extra groups and
556: retries if setgroups() fails. Also add some missing addrefs for
557: PERM_USER and PERM_FULL_USER.
558: [bacb4170a510] <1.8>
559:
560: * configure, configure.in:
561: Instead of keeping separate groups and gids arrays, create struct
562: group_info and use it to store both, along with a count for each.
563: Cache group info on a per-user basis using getgrouplist() to get the
564: groups. We no longer need special to special case the user or list
565: user for user_in_group() and thus no longer need to reset the groups
566: list when listing another user.
567: [f1d8962821a0] <1.8>
568:
569: * Don't rely on NULL since we don't include a header for it.
570: [ed46286f848b] <1.8>
571:
572: * Fix typo
573: [a38b8fbb0e70] <1.8>
574:
575: * Do not shadow global sudo_mode with a local variable in set_cmnd()
576: [8e462ebafea4] <1.8>
577:
578: 2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
579:
580: * bash 2.x doesd not support the -l flag and exits with an error if it
581: is specified so use --login instead. This causes an error with bash
582: 1.x (which uses -login instead) but this version is hopefully less
583: used than 2.x.
584: [73020a67b9d5] <1.8>
585:
586: * Add Polish translation from translationproject.org
587: [8cac0da9ffb1] <1.8>
588:
589: 2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
590:
591: * Make error strings translatable.
592: [d1ff594f27b5] <1.8>
593:
594: * Only run configure with --with-pam-login for RHEL 5 and above.
595: [2f1a0ff5230e] <1.8>
596:
597: * Fix typo in summary
598: [1e1d7dcae9ab] <1.8>
599:
600: 2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
601:
602: * Add missing logwrap.c
603: [abcd28c194d2] <1.8>
604:
605: * Split out log file word wrap code into its own file and add unit
606: tests. Fixes an off-by one in the word wrap when the log line
607: length matches loglinelen.
608: [0ae1c7aa9ef1] <1.8>
609:
610: 2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
611:
612: * For SuSE, only use /usr/lib64 as libexec if generating 64-bit
613: binaries.
614: [4448fa1c639f] <1.8>
615:
616: * Fix build error when --without-noexec configure option is used.
617: [f6bfd748ae45] <1.8>
618:
619: * configure, configure.in:
620: Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX
621: 5.3 and above.
622: [9d957ae1840d] <1.8>
623:
624: 2011-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
625:
626: * NEWS, doc/UPGRADE:
627: Document group lookup change and possible side effects.
628: [fe4b2d2701b2] <1.8>
629:
630: 2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
631:
632: * Resolve the list of gids passed in from the sudo frontend (the
633: result of getgroups()) to names and store both the group names and
634: ids in the sudo_user struct. When matching groups in the sudoers
635: file, match based on the names in the groups list first and only do
636: a gid-based match when we absolutely have to. By matching on the
637: group name (as it is listed in sudoers) instead of id (which we
638: would have to resolve) we save a lot of group lookups for sudoers
639: files with a lot of groups in them.
640: [c10d208bd7e5] <1.8>
641:
642: 2011-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
643:
644: * NEWS:
645: Update for 1.8.2rc5
646: [f6a3aa2edf7a] <1.8>
647:
648: 2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
649:
650: * Workaround for "sudo -i command" and newer versions of bash which
651: don't go into login mode when -c is specified unless -l is too.
652: [381e74d35006] <1.8>
653:
654: 2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
655:
656: * Rewrite logfile word wrapping code to be more straight-forward and
657: actually wrap at the correct place.
658: [8a7862d6a82f] <1.8>
659:
660: 2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
661:
662: * NEWS:
663: Fix typo
664: [2456ad2ad3e3] <1.8>
665:
666: * NEWS:
667: Mention use_pty bug fix
668: [f4eab5193452] <1.8>
669:
670: * Set use_pty=true in command details when use_pty is set in sudoers.
671: From Ludwig Nussel
672: [abaafc5793d9] <1.8>
673:
674: 2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
675:
676: * Sync Chinese (simplified) PO files from translationproject.org
677: [a4cf84dd9ddf] <1.8>
678:
679: 2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
680:
681: * Add Danish translation from translationproject.org and add missing
682: Basque mo files.
683: [672b88adcc34] <1.8>
684:
685: * Makefile.in, configure, configure.in:
686: No longer need to specify LINGUAS in configure, "make install-nls"
687: now just installs all the .mo files it finds.
688: [c226a39ece48] <1.8>
689:
690: 2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
691:
692: * Build CONTRIBUTORS from newly-added contributors.pod
693: [b8871dd293ff] <1.8>
694:
695: * Rework the wording in the leading paragraph
696: [d8b081dedeb3] <1.8>
697:
698: 2011-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
699:
700: * Add a CONTRIBUTORS file with the names of folks who have contributed
701: code or patches to sudo since I started maintaining it (plus the
702: original authors).
703: [8b064e8996af] <1.8>
704:
705: 2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
706:
707: * Preserve SHELL variable for "sudo -s". Otherwise we can end up with
708: a situation where the SHELL variable and the actual shell being run
709: do not match.
710: [8f5bb61a8b76] <1.8>
711:
712: 2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
713:
714: * configure, configure.in:
715: Only enable Solaris project support when setproject() is present in
716: libproject.
717: [bf370ff3c194] <1.8>
718:
719: * Explicitly set mode and owner of /etc/sudoers instead of relying on
720: "cp -p" to work in the postinstall script. On AIX 6.1 at least the
721: postinstall script runs before the final file permissions are set.
722: [7a4a87405349] <1.8>
723:
724: * Refer the user to the "Command Environment" section in description
725: of sudo's -i option.
726: [1a063eaf9670] <1.8>
727:
728: * Fix typo
729: [442c50370c44] <1.8>
730:
731: * If there is no old dependency for an object file, use the MANIFEST
732: to find its source.
733: [d95c77ad283f] <1.8>
734:
735: * Remove dependency for getgrouplist.lo as we don't ship that source
736: file.
737: [bbede77e6256] <1.8>
738:
739: * Do not declare yyparse() static as the actual function generated by
740: yacc is extern.
741: [8e615bd15a4c] <1.8>
742:
743: * Makefile.in:
744: Remove locale files in "make uninstall"
745: [9791be90d5ac] <1.8>
746:
747: 2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
748:
749: * configure.in:
750: Add Basque translation and sync Finish and Ukranian translations.
751: [64af34789164] <1.8>
752:
753: * NEWS:
754: Update PAM change to reflect latest checkin.
755: [657cddf2077a] <1.8>
756:
757: * configure, configure.in:
758: FreeBSD no longer needs the main sudo binary to link with -lpam now
759: that plug-ins are loaded with RTLD_GLOBAL.
760: [573a6f4b29af] <1.8>
761:
762: * Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
763: problems with pam modules not having access to symbols provided by
764: libpam on some platforms. Affects FreeBSD and SLES 10 at least.
765: [4ec864fdba46] <1.8>
766:
767: * Makefile.in:
768: Move xgettext invocation out of update-po target into update-pot
769: [421ac1a073ea] <1.8>
770:
771: 2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
772:
773: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
774: Regenerate .pot files for 1.8.2rc2
775: [d2a891e3d3dd] <1.8>
776:
777: * Makefile.in:
778: Move nls targets to the top level Makefile so the paths in the pot
779: file are saner
780: [6c256cb77f78] <1.8>
781:
782: * NEWS:
783: Update 1.8.2 news
784: [17bd04278b04] <1.8>
785:
786: * Add compiled version of sudo Finish translation
787: [ff9d20a02aa0] <1.8>
788:
789: * Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
790: files
791: [60c4f3b3829c] <1.8>
792:
793: * configure, configure.in:
794: Add Finish translation from translationproject.org
795: [ade788a35521] <1.8>
796:
797: * The group named by exempt_group should not have a % prefix.
798: [1f74c691c1e1] <1.8>
799:
800: * Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
801: [58d36c0e76f9] <1.8>
802:
803: * Fix compressed io log corruption in background mode by using _exit()
804: instead of exit() to avoid flushing buffers twice.
805:
806: Improved background mode support. When not allocating a pty, the
807: command is run in its own process group. This prevents write access
808: to the tty. When running in a pty, stdin is not hooked up and we
809: never read from /dev/tty, which results in similar behavior.
810: [fe50d6a5c5b9] <1.8>
811:
812: 2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
813:
814: * Clean up regress files Generate proper dependencies for regress objs
815: in compat
816: [264196584549] <1.8>
817:
818: * Add missing dependency for check_fill.o.
819: [c41f4e6ff078] <1.8>
820:
821: 2011-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
822:
823: * INSTALL, configure, configure.in:
824: Add support for --enable-nls[=location]
825: [0ea8e7bd1739] <1.8>
826:
827: 2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
828:
829: * Include gettext.h
830: [fe8bab6403c6] <1.8>
831:
832: * Quiet gcc warnings.
833: [aa16d09710a7] <1.8>
834:
835: * configure, configure.in:
836: Don't install .mo files if gettext was not found.
837: [c6b233e829aa] <1.8>
838:
839: 2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
840:
841: * Always allocate a pty when running a command in the background but
842: call setsid() after forking to make sure we don't end up with a
843: controlling tty.
844: [77c6b2923714] <1.8>
845:
846: * Add missing space between command name and the first command line
847: argument.
848: [d0a36b9c0f38] <1.8>
849:
850: * Quiet a compiler warning on some platforms.
851: [654e76cf0574] <1.8>
852:
853: * README file that directs people to translationproject.org
854: [5545e9a5ae37] <1.8>
855:
856: * Sync translations with TP
857: [b054ce577022] <1.8>
858:
859: * Makefile.in:
860: Add 'sync-po' target to top-level Makefile to rsync the po files
861: from translationproject.org.
862: [87a5011b0410] <1.8>
863:
864: * install nls files from install target
865: [a3feba9ef323] <1.8>
866:
867: * Makefile.in:
868: Include .mo files in sudo binary packags.
869: [bc3ee7e7fb44] <1.8>
870:
871: * configure, configure.in:
872: Add simplified chinese translation
873: [c22e6842c766] <1.8>
874:
875: 2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
876:
877: * configure, configure.in:
878: Add ukranian translation
879: [0bb9e6437f0f] <1.8>
880:
881: * refer to siglist.c, not ./siglist.c since not all makes will treat
882: foo and ./foo the same.
883: [909051ff6061] <1.8>
884:
885: * Set def_preserve_groups before searching for the command when the -P
886: flag is specified.
887: [08e9378f50e4] <1.8>
888:
889: * Makefile.in:
890: Add dependency for siglist.lo in compat. This is a generated file
891: so "make depend" needs to depend on it.
892: [e6c0daf36af0] <1.8>
893:
894: * More dependency fixes.
895: [7fed03624689] <1.8>
896:
897: * Fix a few dependencies.
898: [7cb86c721961] <1.8>
899:
900: * Place compiled mo files in the src dir, not the build dir. When
901: installing compiled mo files, display a status message.
902: [b87aa18a9968] <1.8>
903:
904: 2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
905:
906: * Tivoli Directory Server requires that seconds be present in a
907: timestamp, even though RFC 4517 states that they are optional.
908: [47ebf110ea7a] <1.8>
909:
910: * Add missing bit of copyright
911: [d05d28a91bc4] <1.8>
912:
913: * Mention cycle detection warnings
914: [ee8231aa1aed] <1.8>
915:
916: * When checking aliases, also check the contents of the alias in case
917: there are problems with an alias that is referenced inside another.
918: Replace the self reference check with real alias cycle detection.
919: [abcfe1bc95d8] <1.8>
920:
921: * Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
922: ENOENT in alias_find() and alias_remove() if the entry could not be
923: found.
924: [e73d169f4e9b] <1.8>
925:
926: * Increment alias_seqno before calls to alias_remove_recursive() to
927: avoid false positives with the alias loop detection. Fixes spurious
928: warnings about unused aliases when they are nested.
929: [ac094820ef19] <1.8>
930:
931: * add mkdep.pl
932: [3721e9654ba6] <1.8>
933:
934: * Add dependency on convenience libs to binaries
935: [8a4db8226dfe] <1.8>
936:
937: * Makefile.in:
938: mkdep.pl only works when run from the src dir
939: [2480427a0680] <1.8>
940:
941: * Makefile.in:
942: Auto-generate Makefile dependencies with a perl script.
943: [ef5f56907d97] <1.8>
944:
945: 2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
946:
947: * If the user specifies a runas group via sudo's -g option that
948: matches the runas user's group in the passwd database and that group
949: is not denied in the Runas_Spec, allow it. Thus, if user root's gid
950: in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
951: no groups are present in the Runas_Spec.
952: [942e1e7c5090] <1.8>
953:
954: 2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
955:
956: * NEWS:
957: Mention what is new in 1.8.2 (for now)
958: [d44b26eceee5] <1.8>
959:
960: * Add dependencies on gettext.h
961: [32c61c6af852] <1.8>
962:
963: * Fix install-nls target with HP-UX sh when gettext is not present.
964: [3441cece9638] <1.8>
965:
966: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
967: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
968: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
969: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
970: Regen for sudo 1.8.2
971: [9ea124b542cc] <1.8>
972:
973: 2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
974:
975: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
976: regenerate .pot files for lbuf changes
977: [a8a9cc62c3a5] <1.8>
978:
979: * configure, configure.in:
980: Add missing "checking" message for gettext when using the cache.
981: [4136bc346576] <1.8>
982:
983: * Add primitive format string support to the lbuf code to make
984: translations simpler.
985: [22fc74618d09] <1.8>
986:
987: * configure, configure.in, plugins/sudoers/po/sudoers.pot,
988: src/po/sudo.pot:
989: Bump version to 1.8.2
990: [999de1ac5b3e] <1.8>
991:
992: * Add message catalog template files for sudo and the sudoers module.
993: [6afad75e7afa] <1.8>
994:
995: * configure.in:
996: Add gettext.h convenience header. This is similar to but distinct
997: from the one included with the gettext package.
998: [5ae5a86e0d06] <1.8>
999:
1000: * configure, configure.in:
1001: Add checks for nroff -c and -Tascii flags
1002: [580c21905280] <1.8>
1003:
1004: * configure, configure.in:
1005: Add check for HP bundled C Compiler (which cannot create shared
1006: libs)
1007: [34f616cbb0f3] <1.8>
1008:
1009: * Fix C format warnings.
1010: [f20a43a817f0] <1.8>
1011:
1012: * Add __printflike
1013: [76bf8a4bf075] <1.8>
1014:
1015: * Translate help / usage strings.
1016: [16c5b7902d4c] <1.8>
1017:
1018: * Set --msgid-bugs-address to the bugzilla url
1019: [3e3cfa7b4ceb] <1.8>
1020:
1021: * INSTALL, Makefile.in, README, configure, configure.in:
1022: Add scaffolding to update .po files and install .mo files.
1023: [a51e60b35e47] <1.8>
1024:
1025: * Minor warning/error cleanup
1026: [593144ac87ff] <1.8>
1027:
1028: * configure.in:
1029: Emulate ngettext for the non-nls case
1030: [7cdf82de4dee] <1.8>
1031:
1032: * Do not mark untranslatable strings for translation
1033: [088271ed02d0] <1.8>
1034:
1035: * Use ROOT_UID not 0.
1036: [f901fa2fdaf2] <1.8>
1037:
1038: * Minor warning/error message cleanup
1039: [b99c7ef46236] <1.8>
1040:
1041: * cannot -> "unable to" in warning/error messages can't -> "unable to"
1042: in warning/error messages
1043: [5119140fabc7] <1.8>
1044:
1045: * configure, configure.in:
1046: FreeBSD needs the main sudo executable to link with -lpam when
1047: loading dynaic pam modules for some reason.
1048: [738b6778a505] <1.8>
1049:
1050: * We don't want to translate debugging messages.
1051: [357a575c2dfd] <1.8>
1052:
1053: * configure, configure.in:
1054: Add calls to bindtextdomain() and textdomain() Currently there are
1055: two domains, one for the sudo front-end and one for the sudoers
1056: plugin and its associated utilities.
1057: [907f39439d80] <1.8>
1058:
1059: * configure, configure.in:
1060: Fix caching of libc gettext check.
1061: [e229c21f412f] <1.8>
1062:
1063: * Mark defaults descriptions for translation
1064: [65e03d1f8203] <1.8>
1065:
1066: * NEWS:
1067: Update for sudo 1.8.1p2
1068: [89c31f2aa11e] <1.8>
1069:
1070: * Quiet compiler warning when SELinux is enabled.
1071: [51b1d7c8aa86] <1.8>
1072:
1073: * dd missing includes of libintl.h.
1074: [25662143d36d] <1.8>
1075:
1076: * Fix gettext marker.
1077: [7618856ba5de] <1.8>
1078:
1079: * Include libint.h where needed.
1080: [cc256b297b9d] <1.8>
1081:
1082: * Prepare sudoers module messages for translation.
1083: [1b7f0bbaa55f] <1.8>
1084:
1085: * Only check gid of sudoers file if it is group-readable.
1086: [f3cae943f35a] <1.8>
1087:
1088: * For AIX, keep calling authenticate() until reenter reaches 0.
1089: [e412676bac73] <1.8>
1090:
1091: * configure, configure.in:
1092: Cache the status of the initial gettext() check.
1093: [c32281768c0f] <1.8>
1094:
1095: * INSTALL, configure, configure.in:
1096: Add --disable-nls flag and improve checks for gettext.
1097: [b39674c1e538] <1.8>
1098:
1099: * configure, configure.in:
1100: When building with gcc on HP-UX, use -march=1.1 to produce portable
1101: binaries on a pa-risc2 host. Previously, the +Dportable option was
1102: used for the HP-UX C compiler but gcc always produced native
1103: binaries.
1104: [41351c23ad41] <1.8>
1105:
1106: * Prepare sudo front end messages for translation.
1107: [7807d6f74dac] <1.8>
1108:
1109: * configure, configure.in:
1110: Add initial scaffolding to support localization via gettext()
1111: [cdbbff7e6376] <1.8>
1112:
1113: 2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
1114:
1115: * doc/license.pod:
1116: update copyright year
1117: [d681661f03cc] <1.8>
1118:
1119: * INSTALL, README:
1120: No need to include version number at the top of these files.
1121: [7e11f673f773] <1.8>
1122:
1123: * README:
1124: This is sudo 1.8.1 not 1.8.0
1125: [4d674f230d8a] <1.8>
1126:
1127: 2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
1128:
1129: * Don't let the fnmatch/glob macros expand the function prototype.
1130: [d449e9a8f447] <1.8>
1131:
1132: 2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
1133:
1134: * Resolve namespace collisions on HP-UX ia64 and possibly others by
1135: adding a rpl_ prefix to our fnmatch and glob replacements and
1136: #defining rpl_foo to foo in the header files.
1137: [d23889375b21] <1.8>
1138:
1139: 2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
1140:
1141: * Split ALL, ROLE and TYPE into their own actions. Since you can only
1142: have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
1143: the non-SELinux case. This is safe because the actions are in one
1144: big switch() statement.
1145: [0bd9b7e37ab1] <1.8>
1146:
1147: * Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
1148: [8dec97b359e0] <1.8>
1149:
1150: * askpass moved from sudoers to sudo.conf in sudo 1.8.0
1151: [1001d87d82ed] <1.8>
1152:
1153: * Remove obsolete warning about runas_default and ordering. Move
1154: syslog facility and priority lists into the section where the
1155: relevant options are described.
1156: [1286b9624021] <1.8>
1157:
1158: 2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
1159:
1160: * Fix SIA support; we no longer have access to the real argc and argv
1161: so allocate space for a fake one and use the argv passed to the
1162: plugin with "sudo" for argv[0].
1163: [7c11eeffb91c] <1.8>
1164:
1165: * Remove useless realloc when trying to get the buffer size right.
1166: [58128e7f4e28] <1.8>
1167:
1168: * Be explicit when setting euid to 0 before call to setreuid(0, 0)
1169: [95769a564ab8] <1.8>
1170:
1171: 2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
1172:
1173: * NEWS:
1174: sudo 1.8.1p1 updates
1175: [de3d688b5bb1] <1.8>
1176:
1177: * configure, configure.in:
1178: Need to do checks for krb5_verify_user, krb5_init_secure_context and
1179: krb5_get_init_creds_opt_alloc regardless of whether or
1180: notkrb5-config is present.
1181: [456c4a9cd5d6] <1.8>
1182:
1183: 2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
1184:
1185: * Work around weird AIX saved uid semantics on setuid() and
1186: setreuid(). On AIX, setuid() will only set the saved uid if the euid
1187: is already 0.
1188: [5d0a69e9d181] <1.8>
1189:
1190: 2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
1191:
1192: * update copyright year
1193: [fa8da6d55783] <1.8>
1194:
1195: * Treat a missing includedir like an empty one and do not return an
1196: error.
1197: [5fd9fe004728] <1.8>
1198:
1199: 2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
1200:
1201: * Fix ARCH setting in cross-compile Solaris packages.
1202: [8ce40940f6c9] <1.8>
1203:
1204: * Fix aix version setting.
1205: [02a9e25d46ba] <1.8>
1206:
1207: * Remove extraneous parens in LDAP filter when sudoers_search_filter
1208: is enabled that causes a search error. From Matthew Thomas.
1209: [b67be9b51ec6] <1.8>
1210:
1211: 2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
1212:
1213: * Correct sizeof() to fix test failure.
1214: [a11b89fd13f9] <1.8>
1215:
1216: * "install" target should depend on "install-dirs". Fixes "make -j"
1217: problem and closes bz #487. From Chris Coleman.
1218: [06ab0558f848] <1.8>
1219:
1220: 2011-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
1221:
1222: * .hgtags:
1223: Added tag SUDO_1_8_1 for changeset 0ed6281995f0
1224: [543d41a163e9] <1.8>
1225:
1226: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
1227: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
1228: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
1229: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
1230: Regen man pages for 1.8.1
1231: [0ed6281995f0] [SUDO_1_8_1] <1.8>
1232:
1233: 2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
1234:
1235: * Add HAVE_RFC1938_SKEYCHALLENGE
1236: [c0d7eb39799d] <1.8>
1237:
1238: 2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
1239:
1240: * Mention plugin loading and libgcc changes
1241: [b74929cba37c] <1.8>
1242:
1243: * Load plugins after parsing arguments and potentially printing the
1244: version. That way, an error loading or initializing a plugin
1245: doesn't break "sudo -h" or "sudo -V".
1246: [c1ecb5979cf0] <1.8>
1247:
1248: * Makefile.in:
1249: When using a sub-shell to invoke the sub-make, exec make instead of
1250: running it inside the shell to avoid an extra process.
1251: [9439f016c993] <1.8>
1252:
1253: * Stop testing unspecified behavior in fnmatch Make glob test more
1254: portable
1255: [87a91d76fbff] <1.8>
1256:
1257: * No need to add current dir to include path and having it breaks the
1258: test programs that expect to get the system glob.h and fnmatch.h
1259: [3ae7f9e7b710] <1.8>
1260:
1261: * configure, configure.in:
1262: Fix and document --with-plugindir; partially from Diego Elio Petteno
1263: [0220a0c2606f] <1.8>
1264:
1265: * Fix fnmatch and glob tests to not use hard-coded flag values in the
1266: input file. Link test programs with libreplace so we get our
1267: replacement verions as needed.
1268: [66bab80241e0] <1.8>
1269:
1270: * Makefile.in:
1271: If make in a subdir fails, fail the target in the upper level
1272: Makefile too. Adapted from a patch from Diego Elio Petteno
1273: [bc35b7813507] <1.8>
1274:
1275: * configure, configure.in:
1276: Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
1277: has this. Adapted from a patch from Diego Elio Petteno
1278: [bb6228f484b9] <1.8>
1279:
1280: * Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
1281: directly.
1282: [47e6d5fadc6d] <1.8>
1283:
1284: * configure, configure.in:
1285: Fix warnings when -without-skey, --without-opie, --without-kerb4,
1286: --without-kerb5 or --without-SecurID were specified.
1287: [1b75035dd129] <1.8>
1288:
1289: * Add plugins/sudoers/sudoers_version.h
1290: [1d470c6033ca] <1.8>
1291:
1292: * configure, configure.in:
1293: Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
1294: now include LDFLAGS in the sudoers Makefile.in. Add missing settng
1295: of @LDFLAGS@ in plugin Makefile.in files.
1296: [dd237f43aa12] <1.8>
1297:
1298: 2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
1299:
1300: * Mention %#gid support in User_List and Runas_List
1301: [37e259b9181b] <1.8>
1302:
1303: * Keep track of sudoers grammar version and report it in the -V
1304: output.
1305: [0e0b891dd8a4] <1.8>
1306:
1307: * Add multiple inclusion guard
1308: [ec6884f51ea8] <1.8>
1309:
1310: * configure, configure.in:
1311: The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
1312: LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
1313: set it to -Wc,-static-libgcc if not using GNU ld so we don't
1314: have a dependency on the shared libgcc in sudoers.so.
1315: [28d03f3eb0d2] <1.8>
1316:
1317: * Fix typo; from Petr Uzel
1318: [d19b9bd92bd3] <1.8>
1319:
1320: 2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
1321:
1322: * In dump-only mode, use "root" as the default username instead of
1323: "nobody" as the latter may not be available on all systems.
1324: [b304111616dd] <1.8>
1325:
1326: 2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
1327:
1328: * Remove NewArgv/NewArgc, they are no longer needed.
1329: [c0a36a42a68c] <1.8>
1330:
1331: * Fix setting of user_args
1332: [529e79ea95d1] <1.8>
1333:
1334: * Add '!' token to lex tracing
1335: [aef295d428e7] <1.8>
1336:
1337: * Use group bin in test, not wheel as most systems have the bin group
1338: but the same is no longer true of wheel.
1339: [350347f09c1a] <1.8>
1340:
1341: * Avoid using pre or post increment in a parameter to a ctype(3)
1342: function as it might be a macro that causes the increment to happen
1343: more than once.
1344: [8a94ebdd53b8] <1.8>
1345:
1346: 2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
1347:
1348: * Strip off the beta or release candidate version when building AIX
1349: packages.
1350: [00ad950764e2] <1.8>
1351:
1352: * configure, configure.in:
1353: We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
1354: structure checks for glibc which only has __e_termination visible
1355: when _GNU_SOURCE is *not* defined.
1356: [1d58420a4a4a] <1.8>
1357:
1358: * getuserattr(user, ...) will fall back to the "default" entry
1359: automatically, there's no need to check "default" manually.
1360: [cefffa82967d] <1.8>
1361:
1362: * Document parser changes.
1363: [5038238f60eb] <1.8>
1364:
1365: 2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
1366:
1367: * Makefile.in:
1368: If there is an existing sudoers file, only install if it passes a
1369: syntax check.
1370: [b1e4c9c56fe0] <1.8>
1371:
1372: * Add runasgroup support to testsudoers
1373: [30838590e9de] <1.8>
1374:
1375: * For "make check", keep going even if a test fails.
1376: [d3a72f67227e] <1.8>
1377:
1378: * More useful exit codes:
1379: * 0 - parsed OK and command matched.
1380: * 1 - parse error
1381: * 2 - command not matched
1382: * 3 - command denied
1383: [59301e0769cd] <1.8>
1384:
1385: * Document %#gid, and %:#nonunix_gid syntax.
1386: [39ee15af58e9] <1.8>
1387:
1388: * Add support to user_in_group() for treating group names that begin
1389: with a '#' as gids.
1390: [0eb19980cf5f] <1.8>
1391:
1392: * configure, configure.in:
1393: Add explicit check for struct utmpx.ut_exit.e_termination and struct
1394: utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
1395: ut_exit if we detect one or the other.
1396: [ab5b665fc04b] <1.8>
1397:
1398: 2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
1399:
1400: * Add back missing #include of config.h
1401: [9c82bec81018] <1.8>
1402:
1403: * Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
1404: strftime() does.
1405: [1ae630470f8a] <1.8>
1406:
1407: * Quote first argument to AC_DEFUN(); from Elan Ruusamae
1408: [c467e9e3b399] <1.8>
1409:
1410: 2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
1411:
1412: * add new sudoers tests
1413: [05f2a0924acc] <1.8>
1414:
1415: * Add test for a newline in the middle of a string when no line
1416: continuation character is used.
1417: [24b79be5822b] <1.8>
1418:
1419: * Use bitwise AND instead of modulus to check for length being odd. A
1420: newline in the middle of a string is an error unless a line
1421: continuation character is used.
1422: [65c468599688] <1.8>
1423:
1424: * Move lexer globals initialization into init_lexer.
1425: [07a1171a1853] <1.8>
1426:
1427: * Fix a potential crash when a non-regular file is present in an
1428: includedir. Fixes bz #452
1429: [5057cb9516e4] <1.8>
1430:
1431: * On some Linux systems, "uname -p" contains detailed processor info
1432: so check "uname -m" first and then "uname -p" if needed. Recognize
1433: PLD Linux.
1434: [56226c84a060] <1.8>
1435:
1436: 2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
1437:
1438: * Don't need all sudoers.h here.
1439: [43b6ae5999c5] <1.8>
1440:
1441: * Print sudo version early, in case policy plugin init fails.
1442: [620f2d0ec4b1] <1.8>
1443:
1444: 2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
1445:
1446: * Update to match change in input.
1447: [69540f84721d] <1.8>
1448:
1449: * Make an empty group or netgroup a syntax error.
1450: [4b85bddc494e] <1.8>
1451:
1452: * An empty group or netgroup should be a syntax error.
1453: [6ec796972eff] <1.8>
1454:
1455: * Check that uids work in per-user and per-runas Defaults Check that
1456: uids and gids work in a Command_Spec
1457: [68cf62353420] <1.8>
1458:
1459: * Test empty string in User_Alias and Command_Spec
1460: [017d487c31be] <1.8>
1461:
1462: * Allow a group ID in the User_Spec.
1463: [37e0bf69c8d8] <1.8>
1464:
1465: * Return an error for the empty string when a word is expected. Allow
1466: an ID for per-user or per-runas Defaults.
1467: [4c9020779582] <1.8>
1468:
1469: 2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
1470:
1471: * Fix printing "User_Alias FOO = ALL"
1472: [97c9fd7caeb7] <1.8>
1473:
1474: 2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
1475:
1476: * Better error message about invalid -C argument
1477: [2301e7a3835b] <1.8>
1478:
1479: * fix typo
1480: [c5acde62a309] <1.8>
1481:
1482: * Fix placement of equal size ('=') in user specification summary.
1483: [4d0ffef77ae4] <1.8>
1484:
1485: 2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
1486:
1487: * update to match sudoers regress
1488: [0efb8dc9092a] <1.8>
1489:
1490: * Restore ability to define TRACELEXER and have trace output go to
1491: stderr.
1492: [441c8b372217] <1.8>
1493:
1494: * Restore old behavior of setting sawspace = TRUE for command line
1495: args when a line continuation character is hit to avoid causing
1496: problems for existing sudoers files.
1497: [963ded6ce070] <1.8>
1498:
1499: * Add test for line continuation and aliases
1500: [5703d11a3c46] <1.8>
1501:
1502: * Make test output line up nicely for parse vs. toke
1503: [15321ce2d7d9] <1.8>
1504:
1505: * plugins/sudoers/regress/testsudoers/test1.ok,
1506: plugins/sudoers/regress/testsudoers/test2.out,
1507: plugins/sudoers/regress/testsudoers/test2.sh,
1508: plugins/sudoers/regress/testsudoers/test3.ok,
1509: plugins/sudoers/regress/testsudoers/test3.sh,
1510: plugins/sudoers/regress/visudo/test1.ok,
1511: plugins/sudoers/regress/visudo/test1.sh:
1512: Move parser tests to sudoers directory and test the tokenizer output
1513: too.
1514: [111c1ccda334] <1.8>
1515:
1516: * If we match a rule anchored to the beginning of a line after parsing
1517: a line continuation character, return an ERROR token. It would be
1518: nicer to use REJECT instead but that substantially slows down the
1519: lexer.
1520: [67e54b14aa9d] <1.8>
1521:
1522: * Move LEXTRACE macro to toke.h so we can use it in yyerror().
1523: [e6e04037deed] <1.8>
1524:
1525: * Make lex tracing settable at run-time in testsudoers via the -t
1526: flag. Trace output goes to stderr. Will be used by regress tests
1527: to check lexer.
1528: [a973f43cc0c2] <1.8>
1529:
1530: * Allow whitespace after the modifier in a Defaults entry. E.g.
1531: "Defaults: username set_home"
1532: [bf876c9fc5bb] <1.8>
1533:
1534: 2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
1535:
1536: * Don't set CC when cross-compiling.
1537: [d3c33dcb02f2] <1.8>
1538:
1539: * Credit Matthew Thomas for the sudoers_search_filter changes.
1540: [2209b80664af] <1.8>
1541:
1542: * Add the .sym files to the MANIFEST
1543: [bb452b28a009] <1.8>
1544:
1545: * Update for sudo 1.8.1 beta
1546: [700d42d80e00] <1.8>
1547:
1548: * user_shell -> run_shell to avoid confusion with the user's SHELL
1549: variable.
1550: [451b96d5f97e] <1.8>
1551:
1552: * Save the controlling tty process group before suspending in pty
1553: mode. Previously, we assumed that the child pgrp == child pid
1554: (which is usually, but not always, the case).
1555: [b0841d861191] <1.8>
1556:
1557: * Add support for sudoers_search_filter setting in ldap.conf. This
1558: can be used to restrict the set of records returned by the LDAP
1559: query.
1560: [70c5f496e2b3] <1.8>
1561:
1562: 2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
1563:
1564: * configure, configure.in:
1565: Remove the hack to disable -g in CFLAGS unless --with-devel
1566: [9459839f50ba] <1.8>
1567:
1568: * The '@' character does not normally need to be quoted.
1569: [e66c4c64e514] <1.8>
1570:
1571: * We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
1572: if that whitespace is followed by a comma, we want to treat it as
1573: part of a list and not transition.
1574: [52ae2df9959d] <1.8>
1575:
1576: * Add check for whitespace when a User_List is used for a per-user
1577: Defaults entry.
1578: [44a4db95be86] <1.8>
1579:
1580: * Expand quoted name checks to cover recent fixes.
1581: [bd494b5c2bed] <1.8>
1582:
1583: * Fix parsing of double-quoted names in Defaults and Aliases which was
1584: broken in 601d97ea8792.
1585: [dfdd58c3eb3b] <1.8>
1586:
1587: * toke_util.c lives in $(srcdir) not $(devdir)
1588: [94f8f024782e] <1.8>
1589:
1590: 2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
1591:
1592: * configure, configure.in:
1593: Update version to 1.8.1
1594: [531a7d520f18] <1.8>
1595:
1596: * Document major changes in 1.8.1 and add upgrade notes.
1597: [116821646140] <1.8>
1598:
1599: * Be careful not to deref user_stat if it is NULL. This cannot
1600: currently happen in sudo but might in other programs using the
1601: parser.
1602: [d72a9c7151c4] <1.8>
1603:
1604: * configure will not add -O2 to CFLAGS if it is already defined to add
1605: -O2 to the CFLAGS we pass in when PIE is being used.
1606: [2c7fe82be93d] <1.8>
1607:
1608: * Warn about the dangers of log_input and mention iolog_file and
1609: iolog_dir in the log_input and log_output descriptions.
1610: [edc6aa59aa45] <1.8>
1611:
1612: * sync with git version
1613: [b121cf739c77] <1.8>
1614:
1615: * It seems that h comes after i
1616: [99ad15015f05] <1.8>
1617:
1618: * Move log_input and log_output to their proper, sorted, location.
1619: Document set_utmp and utmp_runas.
1620: [216ce8b0ae1a] <1.8>
1621:
1622: * Save the controlling tty process group before suspending so we can
1623: restore it when we resume. Fixes job control problems on Linux
1624: caused by the previous attemp to fix resuming a shell when I/O
1625: logging not enabled.
1626: [dfe038f733be] <1.8>
1627:
1628: * Fix printing of the remainder after a newline. Fixes "sudo -l"
1629: output corruption that could occur in some cases.
1630: [ab2f0a629e0d] <1.8>
1631:
1632: * Add support for ut_exit
1633: [7039ec6a73fa] <1.8>
1634:
1635: * Add support for controlling whether utmp is updated and which user
1636: is listed in the entry.
1637: [1b008ce71eab] <1.8>
1638:
1639: * Fix typo; tupple vs. tuple
1640: [67bb5c67ae3d] <1.8>
1641:
1642: * For legacy utmp, strip the /dev/ prefix before trying to determine
1643: slot since the ttys file does not include the /dev/ prefix.
1644: [8f597114381d] <1.8>
1645:
1646: * Add check for _PATH_UTMP
1647: [fe7e2456f017] <1.8>
1648:
1649: * Adapt check_iolog_path to sessid changes
1650: [3016201869b6] <1.8>
1651:
1652: * Redo utmp handling. If no getutent()/getutxent() is available,
1653: assume a ttyslot-based utmp. If getttyent() is available, use that
1654: directly instead of ttyslot() so we don't have to do the stdin dup2
1655: dance.
1656: [817490c7c20e] <1.8>
1657:
1658: * Move utmp handling into utmp.c
1659: [e4729d9259e9] <1.8>
1660:
1661: * Update copyright years.
1662: [1065afc00233] <1.8>
1663:
1664: 2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
1665:
1666: * Add "user_shell" boolean as a way to indicate to the plugin that the
1667: -s flag was given.
1668: [6e8bc49b7ea7] <1.8>
1669:
1670: * Move sessid out of sudo_user.
1671: [00d67d5ba894] <1.8>
1672:
1673: * Log the TSID even if it is not a simple session ID.
1674: [490cf0adae29] <1.8>
1675:
1676: * Document noexec in sample.sudo.conf and add back noexec_file section
1677: in sudoers with a note that it is deprecated.
1678: [c7a2d8d0c563] <1.8>
1679:
1680: * Fix running commands as non-root on systems where setreuid() changes
1681: the saved uid based on the effective uid we are changing to.
1682: [f3b27db56ba6] <1.8>
1683:
1684: 2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
1685:
1686: * Move noexec path into sudo.conf now that sudo itself handles noexec.
1687: Currently can be configured in sudoers too but is now undocumented
1688: and will be removed in a future release.
1689: [9c5f64709994] <1.8>
1690:
1691: * Document "Path noexec ..." in sudo.conf. No longer document
1692: noexec_file in sudoers, it will be removed in a future release.
1693: [959fa6b5217b] <1.8>
1694:
1695: * Move noexec handling to sudo front-end where it is documented as
1696: being.
1697: [ef6cd4a40c61] <1.8>
1698:
1699: * Add support for disabling exec via solaris privileges. Includes
1700: preparation for moving noexec support out of sudoers and into front
1701: end as documented.
1702: [d9c05ba9a24f] <1.8>
1703:
1704: * Only export the symbols corresponding to the plugin structs.
1705: [cb07af1d9b39] <1.8>
1706:
1707: * Install plugins manually instead of using libtool. This works
1708: around a problem on AIX where libtool will install a .a file
1709: containing the .so file instead of the .so file itself.
1710: [1ccf5af58c05] <1.8>
1711:
1712: * Makefile.in:
1713: Move check into its own rule since some versions of make will run
1714: both targets as the default rule.
1715: [7159f37eb552] <1.8>
1716:
1717: * Update to libtool 2.2.10
1718: [9e49773b32b7] <1.8>
1719:
1720: * In handle_signals(), restart the read() on EINTR to make sure we
1721: keep up with the signal pipe. Don't return -1 on EAGAIN, it just
1722: means we have emptied the pipe.
1723: [dc2926097b2d] <1.8>
1724:
1725: * Reorder functions to quiet a compiler warning.
1726: [5201367e5db4] <1.8>
1727:
1728: * Use the Sun Studio C compiler on Solaris if possible
1729: [b8d43b423fb9] <1.8>
1730:
1731: 2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
1732:
1733: * Fix default setting of osversion variable.
1734: [e12905851be5] <1.8>
1735:
1736: * Make two login_class entris consistent.
1737: [0671d7b204be] <1.8>
1738:
1739: * Add support for adding a utmp entry when allocating a new pty.
1740: Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
1741: Currently only creates a new entry if the existing tty has a utmp
1742: entry.
1743: [40ff30099e79] <1.8>
1744:
1745: * Avoid pulling in headers we don't need on Linux For getutx?id(),
1746: call setutx?ent() first and always call endutx?ent().
1747: [b86f7a13aae9] <1.8>
1748:
1749: * Add some more libs to SUDOERS_LIBS instead of relying on them to be
1750: pulled in by SUDO_LIBS.
1751: [bcbd16ec56c6] <1.8>
1752:
1753: * Fix return value of "sudo -l command" when command is not allowed,
1754: broken in [c7097ea22111]. The default return value is now TRUE and
1755: a bad: label is used when permission is denied. Also fixed missing
1756: permissions restoration on certain errors. On error()/errorx(), the
1757: password and group files are now closed before returning.
1758: [757c941a47b2] <1.8>
1759:
1760: 2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
1761:
1762: * Fix passing of login class back to sudo front end.
1763: [5e649de6b7f5] <1.8>
1764:
1765: * Add --osversion flag to specify OS instead of running "pp
1766: --probeonly"
1767: [8a03943ac5e8] <1.8>
1768:
1769: * Fix expr usage w/ GNU expr
1770: [bdecfa1f54fc] <1.8>
1771:
1772: 2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
1773:
1774: * Fix exit value for validate and list mode.
1775: [6f8b20199935] <1.8>
1776:
1777: * Fix non-interactive mode with sudoers plugin.
1778: [cf5aca4fcbcf] <1.8>
1779:
1780: 2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
1781:
1782: * sudoreplay can now find IDs other than %{seq} and display the
1783: session.
1784: [60396b417633] <1.8>
1785:
1786: * Add support for replaying sessions when iolog_file is set to
1787: something other than %{seq}.
1788: [1cd2baa74d56] <1.8>
1789:
1790: 2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
1791:
1792: * If we are killed by a signal, display the name of the signal that
1793: got us.
1794: [1b38c4d42282] <1.8>
1795:
1796: * Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
1797: where they belong.
1798: [78e97a921104] <1.8>
1799:
1800: * Fix bug in skey/opie check that could cause a shell warning.
1801: [f20229a04f30] <1.8>
1802:
1803: * No longer need sudo_getepw() stubs.
1804: [795631ac7db0] <1.8>
1805:
1806: 2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
1807:
1808: * Fix exit value of "sudo -l command" in sudoers module.
1809: [4a05d6019b3d] <1.8>
1810:
1811: 2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
1812:
1813: * Use fgets() not fgetln() for portability.
1814: [1f2050745096] <1.8>
1815:
1816: * Don't use the beta or release candidate version as the rpm release.
1817: [a5b049477646] <1.8>
1818:
1819: 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
1820:
1821: * Makefile.in:
1822: Adjust ChangeLog rule now that 1.8 is branched
1823: [a994ac361e44] <1.8>
1824:
1825: * .hgtags:
1826: Added tag SUDO_1_8_0 for changeset f6530d56f6ae
1827: [99a2b3801419] <1.8>
1828:
1829: 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
1830:
1831: * configure, configure.in:
1832: version 1.8.0
1833: [f6530d56f6ae] [SUDO_1_8_0]
1834:
1835: * NEWS:
1836: update sudo 1.8 section
1837: [f2ee2cf95d18]
1838:
1839: 2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
1840:
1841: * plugins/sudoers/regress/testsudoers/test2.sh:
1842: fix test description
1843: [cd5730fa9f09]
1844:
1845: * plugins/sudoers/regress/testsudoers/test2.out,
1846: plugins/sudoers/regress/testsudoers/test2.sh,
1847: plugins/sudoers/regress/visudo/test2.out,
1848: plugins/sudoers/regress/visudo/test2.sh:
1849: convert test2 to use testsudoers
1850: [b5ec3f0b69f1]
1851:
1852: * include/sudo_plugin.h, src/sudo_plugin_int.h:
1853: Move struct generic_plugin to sudo_plugin_int.h
1854: [6f7bc629329c]
1855:
1856: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
1857: plugins/sudoers/parse.c, plugins/sudoers/parse.h,
1858: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
1859: plugins/sudoers/sudoers.h:
1860: Allow sudoers file name, mode, uid and gid to be specified in the
1861: settings list. The sudo front end does not currently set these but
1862: may in the future.
1863: [22f38a0fda2a]
1864:
1865: 2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
1866:
1867: * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
1868: doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
1869: doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
1870: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
1871: doc/visudo.man.in:
1872: 1.8.0rc1
1873: [5d4588b9c057]
1874:
1875: * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
1876: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
1877: src/parse_args.c, src/sudo.h:
1878: add help text to sudo, visudo and sudoreplay for the -h option
1879: [52e7378d8476]
1880:
1881: 2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
1882:
1883: * compat/snprintf.c:
1884: avoid using "howmany" for a parameter name since it is a select-
1885: related macro
1886: [a14d565401a1]
1887:
1888: * doc/sudoers.pod:
1889: mention group_plugin when describing nonunix_group
1890: [e0d1d0034b17]
1891:
1892: * doc/sudo_plugin.pod:
1893: Add missing period at end of sentence
1894: [6744d7e9056d]
1895:
1896: * Makefile.in, doc/Makefile.in, include/Makefile.in,
1897: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
1898: plugins/sudoers/Makefile.in, src/Makefile.in:
1899: add localstatedir; closes bug 471
1900: [7aefcab85088]
1901:
1902: * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
1903: src/exec.c, src/exec_pty.c:
1904: The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
1905: Bug 470
1906: [927ed6740f32]
1907:
1908: * configure.in:
1909: add missing AH_TEMPLATE for ENV_RESET
1910: [16300010c986]
1911:
1912: * src/exec.c:
1913: SVR5 systems return non-zero for success on socketpair(), check for
1914: -1 instead. Closes Bug 469
1915: [4d276494bf8e]
1916:
1917: 2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
1918:
1919: * configure, configure.in:
1920: 1.8.0b5
1921: [d611cd5d73d3]
1922:
1923: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
1924: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
1925: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
1926: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
1927: regen
1928: [85e96eeaed82]
1929:
1930: * doc/sudo.pod:
1931: Document that a sudo.conf file with no Pligin lines uses the default
1932: sudoers plugins.
1933: [88bd52da977f]
1934:
1935: * src/load_plugins.c:
1936: If sudo.conf contains no Plugin lines, use the default sudoers
1937: policy and I/O plugins.
1938: [fd8f4cb811ab]
1939:
1940: 2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
1941:
1942: * plugins/sudoers/sudo_nss.c:
1943: Avoid printing empty "Runas and Command-specific defaults for user"
1944: line.
1945: [2dd330fe4f8b]
1946:
1947: * common/lbuf.c:
1948: Truncate the buffer at buf.len before printing in the non-wordwrap
1949: case.
1950: [901e9833f80d]
1951:
1952: * common/lbuf.c:
1953: Remove extra newline when the tty width is very small or unavailable
1954: [245c05506c0e]
1955:
1956: 2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
1957:
1958: * plugins/sudoers/alias.c:
1959: Remove unneeded variable.
1960: [2c086d30b796]
1961:
1962: 2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
1963:
1964: * configure, configure.in:
1965: Prefer getutxid over getutid
1966: [3f3322e9c93e]
1967:
1968: * plugins/sudoers/boottime.c:
1969: Include utmp.h / utmpx.h before missing.h as apparently including it
1970: afterwards causes a compilation problem on GNU Hurd.
1971: [a528029ae962]
1972:
1973: 2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
1974:
1975: * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
1976: #include "foo.h", not <foo.h> for local includes.
1977: [f65ec693998e]
1978:
1979: * src/parse_args.c:
1980: remove bogus XXX
1981: [9136c17d53ce]
1982:
1983: * compat/mksiglist.c:
1984: Fix typo
1985: [1a3bb7b455c9]
1986:
1987: * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
1988: plugins/sudoers/match.c:
1989: return foo not return(foo)
1990: [5c9e0647359a]
1991:
1992: 2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
1993:
1994: * src/exec.c:
1995: Remove duplicate FD_SET of signal_pipe[0]
1996: [3096527d2215]
1997:
1998: 2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
1999:
2000: * compat/mksiglist.c:
2001: Use "missing.h" not <missing.h> in generated code.
2002: [d8e09cffbe09]
2003:
2004: 2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
2005:
2006: * aclocal.m4, configure:
2007: fix --with-iologdir=no
2008: [a89699cb5f5f]
2009:
2010: * aclocal.m4, configure:
2011: fix typo that broke --with-iologdir
2012: [91b54eb22403]
2013:
2014: 2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
2015:
2016: * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
2017: doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
2018: doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
2019: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
2020: doc/visudo.man.in:
2021: Bump version to 1.8.0b4
2022: [e2b7f2cdc02e]
2023:
2024: * NEWS:
2025: sync
2026: [decf5a0a8a33]
2027:
2028: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2029: Attempt to clarify how users and groups interact in Runas_Specs
2030: [e6fb3a2dbd77]
2031:
2032: * plugins/sudoers/regress/visudo/test2.out,
2033: plugins/sudoers/regress/visudo/test2.sh:
2034: Add test for quoted group that contains escaped double quotes
2035: [44596c48c629]
2036:
2037: * src/exec.c, src/exec_pty.c:
2038: Pass SIGUSR1/SIGUSR2 through to the child.
2039: [c3108a827b01]
2040:
2041: * src/exec_pty.c, src/sudo_exec.h:
2042: Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
2043: SIGUSR2 to indicate whether the child should be continued in the
2044: foreground or background.
2045: [35ca47cc6785]
2046:
2047: * src/exec.c:
2048: Use pid_t not int and check the return value of kill()
2049: [36ae7d37d7f9]
2050:
2051: 2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
2052:
2053: * src/exec_pty.c:
2054: Remove obsolete comment
2055: [baebef4919f6]
2056:
2057: * src/exec.c:
2058: In non-pty mode before continuing the child, make it the foreground
2059: pgrp if possible. Fixes resuming a shell.
2060: [fef5b1d02ddb]
2061:
2062: * src/exec_pty.c:
2063: If we get a signal other than SIGCHLD in the monitor, pass it
2064: directly to the child.
2065: [b3ecb28163a0]
2066:
2067: * src/exec.c, src/exec_pty.c, src/sudo.h:
2068: Save signal state before changing handlers and restore before we
2069: execute the command.
2070: [faf7475dc4bf]
2071:
2072: 2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
2073:
2074: * plugins/sudoers/iolog.c:
2075: Use a char array to map a number to a base36 digit.
2076: [257576c51f8b]
2077:
2078: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
2079: Be clear about what versions of sudo support new LDAP attributes.
2080: Fix up some formatting of attribute names. Minor other tweaks.
2081: [39f65df71f65]
2082:
2083: 2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
2084:
2085: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2086: match quoted strings the same way whether in a Defaults line or as a
2087: user/group/netgroup name. Fixes escaped double quotes in quoted
2088: user/group/netgroup names.
2089: [601d97ea8792]
2090:
2091: * plugins/sudoers/Makefile.in:
2092: 'make check' depends on visudo and testsudoers
2093: [127c5a24df8f]
2094:
2095: * plugins/sudoers/sudoers2ldif:
2096: Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
2097: [9029163a58c3]
2098:
2099: 2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
2100:
2101: * doc/UPGRADE:
2102: Mention LDAP attribute compatibility status.
2103: [2c3595aaec63]
2104:
2105: 2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
2106:
2107: * README.LDAP:
2108: Mention phpQLAdmin
2109: [9304c9064fbe]
2110:
2111: * INSTALL, NEWS, config.h.in, configure, configure.in,
2112: doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
2113: Add --disable-env-reset configure option.
2114: [8a753aa13a46]
2115:
2116: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2117: Document that sudoers_locale also affects logging and email.
2118: [998d6ac11277]
2119:
2120: * NEWS, config.h.in, configure, configure.in,
2121: plugins/sudoers/logging.c:
2122: Do logging and email sending in the locale specified by the
2123: "sudoers_locale" setting ("C" by default). Email send by sudo
2124: includes MIME headers when the sudoers locale is not "C".
2125: [cb7e55408400]
2126:
2127: 2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
2128:
2129: * plugins/sudoers/check.c:
2130: Fix indentation
2131: [65ae7e92b9e4]
2132:
2133: 2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
2134:
2135: * NEWS, src/parse_args.c, src/sudo.c:
2136: Perform command escaping for "sudo -s" and "sudo -i" after
2137: validating sudoers so the sudoers entries don't need to have all the
2138: backslashes.
2139: [4e168c103f4b]
2140:
2141: 2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
2142:
2143: * plugins/sudoers/logging.c:
2144: Prepend "list " to the command logged when "sudo -l command" is used
2145: to make it clear that the command was listed, not run.
2146: [f392a6056cd6]
2147:
2148: * plugins/sudoers/parse.c:
2149: cosmetic change
2150: [7c0951dbc2dd]
2151:
2152: * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
2153: common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
2154: compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
2155: compat/nanosleep.c, compat/regress/glob/globtest.c,
2156: compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
2157: compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
2158: plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
2159: plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
2160: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
2161: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
2162: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
2163: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
2164: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
2165: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
2166: plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
2167: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
2168: plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
2169: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2170: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
2171: plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
2172: plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
2173: plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
2174: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
2175: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
2176: plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
2177: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
2178: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
2179: src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
2180: src/sudo_noexec.c, src/tgetpass.c:
2181: standardize on "return foo;" rather than "return(foo);" or "return
2182: (foo);"
2183: [32d76c5aaf8c]
2184:
2185: * plugins/sudoers/sudoers.c:
2186: Do not reject sudoers file just because it is root-writable.
2187: [0febc579185b]
2188:
2189: 2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
2190:
2191: * NEWS:
2192: sync
2193: [1ab03f8278ff]
2194:
2195: * plugins/sudoers/sudo_nss.c:
2196: For "sudo -U user -l" if user is not authorized on the host, say so.
2197: [289afe6dd15c]
2198:
2199: * plugins/sudoers/ldap.c:
2200: In sudo_ldap_lookup(), always do the initial sudoers check as the
2201: invoking user. If we are listing another user's privs we will do a
2202: separate lookup using list_pw later.
2203: [e52bc15de76d]
2204:
2205: 2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
2206:
2207: * MANIFEST:
2208: add parser fill tests
2209: [4f65140d3515]
2210:
2211: * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
2212: Don't test features not supported by the bundled glob()
2213: [8ec7ace11949]
2214:
2215: * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
2216: compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
2217: doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
2218: doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
2219: doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
2220: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2221: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
2222: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2223: plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
2224: plugins/sudoers/ldap.c, plugins/sudoers/match.c,
2225: plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
2226: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
2227: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
2228: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
2229: plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
2230: Update copyright year to 2011
2231: [ac1b45cb1809]
2232:
2233: * plugins/sudoers/sudo_nss.c:
2234: When listing, use separate lbufs for the defaults and the privileges
2235: and only print something if the number of privileges is non-zero.
2236: Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
2237: [d0854d39f8ef]
2238:
2239: * plugins/sudoers/ldap.c:
2240: Stash pointer to user group vector in LDAP handle and only reuse the
2241: query if it has not changed. We always allocate a new buffer when
2242: we reset the group vector so a simple pointer check is sufficient.
2243: [88861d4eba69]
2244:
2245: * plugins/sudoers/sudo_nss.c:
2246: Check initgroups() return value.
2247: [3bdaf58408a7]
2248:
2249: * plugins/sudoers/Makefile.in,
2250: plugins/sudoers/regress/parser/check_fill.c:
2251: Add tests for the fill functions in toke_util.c
2252: [bca587ab4956]
2253:
2254: 2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
2255:
2256: * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
2257: fix copyright year
2258: [e2038cdaf055]
2259:
2260: * NEWS:
2261: sync
2262: [56ca5d5eaebe]
2263:
2264: 2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
2265:
2266: * common/term.c:
2267: Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
2268: [b91f266624ec]
2269:
2270: 2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
2271:
2272: * mkpkg, sudo.pp:
2273: Add Requires line for audit-libs >= 1.4 for RHEL5+
2274: [6c02f976171b]
2275:
2276: * pp:
2277: sync with git version
2278: [d301c32d5865]
2279:
2280: 2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
2281:
2282: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2283: fix typo
2284: [39353f92976f]
2285:
2286: 2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
2287:
2288: * NEWS:
2289: Update for sudo 1.7.4p5
2290: [b444da76901f]
2291:
2292: * doc/schema.OpenLDAP, doc/schema.iPlanet:
2293: Add sudoNotBefore and sudoNotAfter attributes as optional attributes
2294: to the sudoRole object class. From Andreas Mueller
2295: [dacfad7e7a95]
2296:
2297: 2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
2298:
2299: * NEWS:
2300: Mention "sudo -g group" password check fix.
2301: [1eb8fb14e53b]
2302:
2303: * plugins/sudoers/sudoers.c:
2304: Fix "sudo -g" support in the sudoers module.
2305: [07d1b0ce530e]
2306:
2307: * plugins/sudoers/check.c:
2308: If the user is running sudo as himself but as a different group we
2309: need to prompt for a password.
2310: [caf1fcc9a117]
2311:
2312: 2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
2313:
2314: * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
2315: doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
2316: plugins/sudoers/ldap.c:
2317: Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
2318: LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
2319: derived LDAP SDKs but we can pass the timeout parameter to
2320: ldap_search_ext_s() or ldap_search_st() when possible.
2321: [5537049991f7]
2322:
2323: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
2324: regen
2325: [5b361c3c4324]
2326:
2327: * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
2328: Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
2329: with OpenLDAP ldap.conf files.
2330: [e97843bd16fb]
2331:
2332: * plugins/sudoers/pwutil.c:
2333: If user has no supplementary groups, fall back on checking the group
2334: file expliticly.
2335: [5223ad4eb690]
2336:
2337: 2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
2338:
2339: * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
2340: constify
2341: [6e132a4cca61]
2342:
2343: * plugins/sudoers/toke.c, plugins/sudoers/toke.h,
2344: plugins/sudoers/toke.l:
2345: Move fill macro to toke.h
2346: [623d430798cf]
2347:
2348: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
2349: plugins/sudoers/toke.h, plugins/sudoers/toke.l,
2350: plugins/sudoers/toke_util.c:
2351: Split tokenizer utility functions out into toke_util.c
2352: [89a97bd51618]
2353:
2354: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
2355: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
2356: ANSIfy
2357: [ca0eba1dfaa9]
2358:
2359: 2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
2360:
2361: * MANIFEST:
2362: sync
2363: [a43f94064bb3]
2364:
2365: * plugins/sudoers/Makefile.in:
2366: Add visudo tests to check target
2367: [8c82fb4ed40f]
2368:
2369: * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
2370: compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
2371: compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
2372: Add my regress tests for fnmatch() and glob() from OpenBSD.
2373: [6e8c1f211723]
2374:
2375: * plugins/sudoers/regress/testsudoers/test1.sh,
2376: plugins/sudoers/regress/visudo/test1.ok,
2377: plugins/sudoers/regress/visudo/test1.sh:
2378: Add regress test for command tags using visudo -c
2379: [18b0ef207c0f]
2380:
2381: * plugins/sudoers/Makefile.in,
2382: plugins/sudoers/regress/testsudoers/test1.ok,
2383: plugins/sudoers/regress/testsudoers/test1.sh:
2384: Add support for regress tests using testsudoers
2385: [1fa94bd2671b]
2386:
2387: * plugins/sudoers/testsudoers.c:
2388: Need to set user_name explicitly due to internal changes made when
2389: converting sudoers to a plugin.
2390: [1fa54e86a364]
2391:
2392: 2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
2393:
2394: * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
2395: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
2396: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2397: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
2398: plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
2399: zlib/Makefile.in:
2400: Add regression tests for iolog_path()
2401: [afa4b416e559]
2402:
2403: * Makefile.in, common/Makefile.in, compat/Makefile.in,
2404: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
2405: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2406: src/Makefile.in, zlib/Makefile.in:
2407: Add support for "make Makefile" to regenerate Makefile from
2408: Makefile.in
2409: [98bd2dda3294]
2410:
2411: * plugins/sudoers/iolog_path.c:
2412: Quiest a bogus compiler warning.
2413: [5ff932a7ad67]
2414:
2415: 2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
2416:
2417: * plugins/sudoers/iolog_path.c:
2418: Protect call to setlocale() with HAVE_SETLOCALE
2419: [2c29ee3ccc81]
2420:
2421: 2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
2422:
2423: * MANIFEST:
2424: mkstemps.c was renamed mktemp.c
2425: [ae299c3b1827]
2426:
2427: * NEWS:
2428: Update from 1.7 branch
2429: [20817d79717b]
2430:
2431: * Makefile.in:
2432: Use "mv -f" when regenerating ChangeLog
2433: [c163635206c6]
2434:
2435: * plugins/sudoers/match.c:
2436: Fix NULL dereference with "sudo -g group" when the sudoers rule has
2437: no runas user or group listed. Fixes RedHat bug Bug 667103.
2438: [41a6a1243d9e]
2439:
2440: 2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
2441:
2442: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
2443: Correct the default sudo.conf example
2444: [4e791698cad1]
2445:
2446: 2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
2447:
2448: * plugins/sudoers/iolog_path.c:
2449: Reset slashp if we allocate a new buffer for strftime()
2450: [e491daa4203b]
2451:
2452: * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
2453: plugins/sudoers/sudoers.h:
2454: Add extra out parameter to expand_iolog_path() to allow the caller
2455: to split the path into dir and file components if needed.
2456: [88346bc5ae39]
2457:
2458: 2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
2459:
2460: * plugins/sudoers/iolog.c:
2461: mkdir_iopath() returns size_t now that it uses strlcpy() and not
2462: snprintf()
2463: [3c4c64d265eb]
2464:
2465: * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
2466: Trim leading slashes from iolog_file and trailing slashes from
2467: iolog_dir
2468: [a803b51f8948]
2469:
2470: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
2471: plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
2472: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
2473: Pass a single I/O log file name in command_details instead of
2474: separate dir + file parameters.
2475: [d672a3e46e80]
2476:
2477: * plugins/sudoers/sudoreplay.c:
2478: change an error() to errorx()
2479: [8013dcfdd69d]
2480:
2481: * plugins/sudoers/iolog.c:
2482: Add missing cwd line to I/O log info file that got dropped when
2483: iolog_deserialize_info() was added
2484: [7cf84f208423]
2485:
2486: 2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
2487:
2488: * plugins/sudoers/iolog.c:
2489: Avoid relying on globals filled in by the sudoers policy module for
2490: the sudoers I/O log module. The I/O log open function now pulls the
2491: bits it needs out of user_info and command_info.
2492: [c02f6951b0cc]
2493:
2494: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
2495: plugins/sudoers/sudoers.h:
2496: If no iolog file is specified by the policy plugin, use io_nextid()
2497: to determine the next file in the sequence.
2498: [faa1130b1020]
2499:
2500: 2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
2501:
2502: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
2503: Document iolog_compress in command_info
2504: [58895c7d12f5]
2505:
2506: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
2507: Add support for the iolog_compress variable in command_info.
2508: [36f13a2fd1c1]
2509:
2510: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
2511: Add sigsetjmp() calls to all plugin entry points just to be safe.
2512: [3fa482355bc4]
2513:
2514: * src/sudo.c, src/sudo.h:
2515: Don't need iolog variables in struct command_details, they are for
2516: the I/O log plugins to handle.
2517: [5111579ffd9d]
2518:
2519: 2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
2520:
2521: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
2522: Document use of mkdtemp() for iolog path teplates
2523: [5db6101408a9]
2524:
2525: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
2526: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
2527: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
2528: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
2529: regen
2530: [1ee11fd6d4eb]
2531:
2532: * doc/sudo_plugin.pod, doc/sudoers.pod:
2533: Document iolog_file and supported escape sequences for sudoers.
2534: Clarify that iolog_file can contain directories.
2535: [da611dedcbdb]
2536:
2537: * compat/Makefile.in, configure, configure.in:
2538: Fix building of mkstemps/mkdtemp replacements.
2539: [793a5e303122]
2540:
2541: * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
2542: configure.in, include/missing.h:
2543: Provide mkdtemp() for systems without it.
2544: [b0527dfa965c]
2545:
2546: * plugins/sudoers/iolog_path.c:
2547: Fix typo
2548: [277f6c514cba]
2549:
2550: * plugins/sudoers/iolog.c:
2551: Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
2552: glibc mkdtemp() returns EINVAL.
2553: [2e7323b05579]
2554:
2555: * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
2556: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
2557: plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
2558: plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
2559: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
2560: Allow sudoers to specify the iolog file in addition to the iolog
2561: dir. Add escape sequence support to iolog file and dir: sequence
2562: number, user, group, runas_user, runas_group, hostname and
2563: command in addition to any escape sequence recognized by
2564: strftime(3).
2565: [75cd32ee0435]
2566:
2567: * plugins/sudoers/iolog.c:
2568: Add missing sigsetjmp() call in I/O plugin open function. Fixes a
2569: crash when the I/O plugin calls error(), errorx() or log_error().
2570: [1a6718bd817d]
2571:
2572: 2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
2573:
2574: * doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
2575: plugins/sudoers/sudoers.c:
2576: Give the policy module fine-grained control over what the I/O plugin
2577: logs.
2578: [d29784fd2a66]
2579:
2580: * common/term.c:
2581: Clear OPOST from c_oflag like we used to. Fixes screen-based
2582: editors such as vi.
2583: [506ad5ae9b4e]
2584:
2585: * doc/sudoers.pod:
2586: Clarify umask option description. From Reuben Thomas.
2587: [1294ac84222b]
2588:
2589: 2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
2590:
2591: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
2592: Pick last match in LDAP sudoers too
2593: [fbfd8e85703b]
2594:
2595: * doc/sudo_plugin.pod:
2596: Document iolog_file, iolog_dir and use_pty
2597: [26120a59c20e]
2598:
2599: * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
2600: plugins/sudoers/sudoers.c:
2601: Adapt plugins to version I/O logging ABI 1.1
2602: [880dd64bc1e8]
2603:
2604: * src/exec.c, src/sudo.h:
2605: Add use_pty command_info flag for policies to indicate that a pty
2606: should be allocated even if no I/O logging is performed.
2607: [e7b167f8a6e5]
2608:
2609: * src/sudo.c:
2610: Add remaining plugin convenience functions
2611: [ffeaf96da031]
2612:
2613: * include/sudo_plugin.h, src/sudo.c, src/sudo.h,
2614: src/sudo_plugin_int.h:
2615: Change I/O log API to pass in command info to the I/O log open
2616: function. Add iolog_file and iolog_dir parameters to command info.
2617: This allows the policy plugin to specify the I/O log pathname. Add
2618: convenience functions for calling plugin functions that handle ABI
2619: backwards compatibility.
2620: [9b81dce76ce5]
2621:
2622: * compat/dlopen.c:
2623: Remove useless cast
2624: [7cecce969739]
2625:
2626: 2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
2627:
2628: * configure, configure.in:
2629: Bump version to 1.8.0b3
2630: [1dc9f040aae0]
2631:
2632: 2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
2633:
2634: * configure.in:
2635: Remove extraneous newline
2636: [71c94551eea5]
2637:
2638: 2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
2639:
2640: * doc/sudoers.pod, plugins/sudoers/def_data.c,
2641: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
2642: plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
2643: Make I/O log dir configurable.
2644: [99b576667a38]
2645:
2646: * aclocal.m4, configure, configure.in, doc/sudoers.pod:
2647: Rename io_logdir to iolog_dir
2648: [0731662acc8d]
2649:
2650: 2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
2651:
2652: * pp:
2653: Add missing '*' that prevented the generic ELF case from matching.
2654: [be77ca26bfb2]
2655:
2656: * pp:
2657: If file(1) can't identify the ELF binary type, try readelf(1).
2658: [38a18d32a9e3]
2659:
2660: 2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
2661:
2662: * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
2663: plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
2664: plugins/sudoers/sudoers.c, src/sudo.c:
2665: Use %u to print uid/gid, not %lu and adjust casts to match.
2666: [03c43b8749cf]
2667:
2668: * doc/sudoers.ldap.pod:
2669: Clarify ordering of entries and attributes.
2670: [924e2a6bb603]
2671:
2672: * doc/sudoers.ldap.pod:
2673: Fix typo and editing goof.
2674: [79dc7ccd85a8]
2675:
2676: * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
2677: doc/sudoers.ldap.pod:
2678: Merge in ordered LDAP entry support from Andreas Mueller.
2679: [ea5885989bad]
2680:
2681: * plugins/sudoers/ldap.c:
2682: Make sure we don't dereference a NULL handle.
2683: [1a9f9ee15371]
2684:
2685: 2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
2686:
2687: * pp:
2688: Add support for RHEL 6 file modes that include a trailing dot on
2689: files with an SELinux security context
2690: [dc09be959547]
2691:
2692: 2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
2693:
2694: * src/sudo.c:
2695: exec_setup() does not need to setuid(0), the Ubuntu issue was in the
2696: sudoers module.
2697: [d6dd99fc6062]
2698:
2699: * plugins/sudoers/sudoers.c:
2700: create_admin_success_flag() should use restore_perms() rather than
2701: set_perms() to restore the uid.
2702: [eba7a91c1f57]
2703:
2704: * src/sudo.c:
2705: In exec_setup() call setuid(0) to make certain the subsequent uid
2706: and gid changes will succeed. Fixes a problem on Ubuntu.
2707: [c5d32abf0645]
2708:
2709: * src/sudo_edit.c:
2710: Error out if we cannot change to root's uid so we catch the failure
2711: early.
2712: [7a2e7f8f2c80]
2713:
2714: 2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
2715:
2716: * doc/sudoers.pod:
2717: fix typo; from Michael T Hunter
2718: [a574a9d0db5b]
2719:
2720: * plugins/sudoers/match.c:
2721: In sudoedit mode, assume command line arguments are paths and pass
2722: FNM_PATHNAME to fnmatch().
2723: [ce0abff8ce9f]
2724:
2725: 2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
2726:
2727: * configure, configure.in:
2728: Add workaround for an error in sys/types.h on HP-UX 11.23 when large
2729: file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
2730: broken bits of the header file.
2731: [e337217f097a]
2732:
2733: * aclocal.m4:
2734: Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
2735: [fbbcee28961f]
2736:
2737: * sudo.pp:
2738: For Tru64, strip off beta version.
2739: [eeccd762df5e]
2740:
2741: * MANIFEST, plugins/sudoers/testsudoers.c,
2742: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
2743: Avoid conflicts with system definitions in grp.h and pwd.h
2744: [b219ffe1da09]
2745:
2746: * zlib/gzguts.h:
2747: Include stdio.h after zlib.h, not before. We need the large file
2748: defines to come first.
2749: [21d6df39790f]
2750:
2751: 2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
2752:
2753: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
2754: regen
2755: [3ff8750d0aac]
2756:
2757: * Makefile.in:
2758: Don't clean ChangeLog
2759: [ab0d30d289d4]
2760:
2761: * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
2762: Add prototype for cleanup()
2763: [75626fd3769a]
2764:
2765: 2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
2766:
2767: * plugins/sudoers/group_plugin.c:
2768: Avoid deferencing group_plugin if it is NULL in
2769: group_plugin_query(). This should not happen.
2770: [4f2933c8da7e]
2771:
2772: * plugins/sudoers/group_plugin.c:
2773: group plugin init function return TRUE when successful
2774: [198024477030]
2775:
2776: 2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
2777:
2778: * plugins/sudoers/ldap.c:
2779: Enlarge the array of entry wrappers int blocks of 100 entries to
2780: save on allocation time. From Andreas Mueller
2781: [375c916bb03b]
2782:
2783: * plugins/sudoers/ldap.c:
2784: Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
2785: that was mistakenly dropped.
2786: [1555f5bc132d]
2787:
2788: 2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
2789:
2790: * doc/TROUBLESHOOTING:
2791: Mention that sudo needs "ar" to build.
2792: [65582ace2d09]
2793:
2794: * configure, configure.in:
2795: Fail with a more useful error if "ar" is not found.
2796: [d1cb83719c17]
2797:
2798: 2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
2799:
2800: * plugins/sudoers/ldap.c:
2801: Merge in ordered LDAP entry support from Andreas Mueller and add
2802: local changes from the 1.7 branch.
2803: [bca29e461618]
2804:
2805: 2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
2806:
2807: * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
2808: doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
2809: Add timed entry support from Andreas Mueller.
2810: [e18d1df46a8d]
2811:
2812: * plugins/sudoers/group_plugin.c:
2813: Don't try to unload if group_plugin is NULL. Don't call dlclose() if
2814: group_handle is NULL
2815: [de2273da37d5]
2816:
2817: * plugins/sudoers/sudoers.h:
2818: It is now plugin_cleanup(), not cleanup()
2819: [da62a4e1a78c]
2820:
2821: * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
2822: Call plugin_cleanup(), not cleanup()
2823: [e800ad8b33ad]
2824:
2825: 2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
2826:
2827: * plugins/sudoers/ldap.c:
2828: Use efree() not free() and remove malloc.h include since we never
2829: directly call malloc() or free().
2830: [107fffd134bb]
2831:
2832: 2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
2833:
2834: * sudo.pp:
2835: set PSTAMP for Solaris and move the backend-specific bits to their
2836: own %if [xxx] %endif blocks in %set.
2837: [a94ebe8920c1]
2838:
2839: * pp:
2840: sync with git repo
2841: [75ff509696b4]
2842:
2843: * configure, configure.in:
2844: Only substitute file zlib files when using the builtin zlib
2845: [6c8145b2deb4]
2846:
2847: * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
2848: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
2849: src/Makefile.in, zlib/Makefile.in:
2850: Give up on using VPATH to find sources as it is implemented
2851: inconsistenly in different versions of make.
2852: [60517c69aaee]
2853:
2854: * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
2855: plugins/sudoers/gram.c, plugins/sudoers/toke.c:
2856: Include config.h before any other includes to make sure we get the
2857: right value for _FILE_OFFSET_BITS.
2858: [8fb007ca832e]
2859:
2860: * MANIFEST:
2861: Add zlib
2862: [04a3e23dfaa9]
2863:
2864: * zlib/Makefile.in:
2865: Add missing targets
2866: [40e45a177168]
2867:
2868: * src/Makefile.in:
2869: g/c unused $(GENERATED)
2870: [c8758068c1bc]
2871:
2872: 2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
2873:
2874: * plugins/sudoers/group_plugin.c:
2875: Zero out group_plugin on unload just to be safe.
2876: [0b10f4d101ca]
2877:
2878: * plugins/sudoers/group_plugin.c:
2879: Unload group plugin if its init function fails.
2880: [6552cdac4b7c]
2881:
2882: * src/sudo.c:
2883: Only chdir to cwd if it is different from the current cwd or there
2884: is a new root (chroot).
2885: [b8203e875e84]
2886:
2887: * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
2888: doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
2889: doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
2890: Bump version to 1.8.0b2
2891: [6dadeb75a878]
2892:
2893: 2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
2894:
2895: * INSTALL:
2896: Better --enable-zlib description
2897: [e0da54fa59a6]
2898:
2899: * mkpkg:
2900: Use system zlib on Linux Let configure decide on Solaris For all
2901: others, use builtin zlib
2902: [3d52eddb523c]
2903:
2904: * zlib/zconf.h.in:
2905: Add large file support.
2906: [bec01215270d]
2907:
2908: * config.h.in:
2909: Add large file support.
2910: [244e95b034ec]
2911:
2912: * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
2913: zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
2914: zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
2915: zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
2916: zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
2917: zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
2918: zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
2919: zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
2920: Add local copy of zlib for systems that lack it.
2921: [7542ca465c5a]
2922:
2923: 2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
2924:
2925: * src/exec.c:
2926: If perform_io() fails, kill the child before exiting so it doesn't
2927: complain about connection reset. We can get an I/O error if, for
2928: example, and we get EIO reading from stdin.
2929: [e59a05fa729f]
2930:
2931: 2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
2932:
2933: * plugins/sudoers/sudoers.c, src/sudo.c:
2934: Fix complilation on systems with set_auth_parameters() Sprinkle
2935: volatile to quiet warnings from gcc 2.8.0
2936: [a34c2b924ba7]
2937:
2938: * compat/dlfcn.h, compat/dlopen.c:
2939: Avoid potential namespace issues with dlopen() emulation.
2940: [aedfababd6ca]
2941:
2942: * MANIFEST:
2943: sync
2944: [6afb97e6d308]
2945:
2946: * plugins/sudoers/interfaces.c:
2947: Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
2948: exist).
2949: [ddfca5af1a36]
2950:
2951: * Makefile.in:
2952: Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
2953: [e9d04bfa4505]
2954:
2955: * configure, configure.in:
2956: HP-UX 10.20 libc has an incompatible getline
2957: [2e7bc202e78d]
2958:
2959: * plugins/sudoers/visudo.c:
2960: Quiet an HP-UX compiler warning.
2961: [55b9d587ac8c]
2962:
2963: * configure, configure.in:
2964: Check for vi even with --with-editor specified; the sample plugin
2965: needs it.
2966: [94dfc3643f76]
2967:
2968: 2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
2969:
2970: * compat/dlopen.c:
2971: Fix remaining syntax errors.
2972: [9d729b5b577e]
2973:
2974: * src/Makefile.in:
2975: sudo binary depends on the libtool-generated libs
2976: [9e6148406adb]
2977:
2978: * plugins/sudoers/group_plugin.c, src/load_plugins.c:
2979: Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
2980: include the local or system dlfcn.h
2981: [68cfe4c1089b]
2982:
2983: * pp:
2984: Don't use run_as_superuser=false on HP-UX
2985: [532242370b09]
2986:
2987: * src/net_ifs.c:
2988: Use memset() instead of zero_bytes() since we don't include
2989: sudoers.h
2990: [a187c18c2472]
2991:
2992: * plugins/sudoers/interfaces.c:
2993: Fix pasto; AF_INET not AF_INET6
2994: [2d2e9d7dc6f9]
2995:
2996: * compat/dlopen.c:
2997: Actually call shl_load()
2998: [ed8153b8a3cd]
2999:
3000: * pp:
3001: Update from git repo. Debian: version numbers now compliant with
3002: policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
3003: 10.20
3004: [ecf2692bceeb]
3005:
3006: * configure, configure.in:
3007: Fix dlopen() detection for systems where dlopen() is in a separate
3008: library.
3009: [fa6b175582b6]
3010:
3011: * plugins/sudoers/auth/pam.c:
3012: If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
3013: useful message and return AUTH_FATAL so sudo does not keep trying to
3014: validate the user.
3015: [1be8857e5291]
3016:
3017: * src/preload.c:
3018: sudo_preload_table is an array
3019: [b7704e72a9da]
3020:
3021: * compat/dlopen.c:
3022: Quiet a compiler warning and fix sudo_preload_table external
3023: definition.
3024: [8234987664cc]
3025:
3026: * compat/dlfcn.h:
3027: Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
3028: [8bab6a4053cc]
3029:
3030: * plugins/sudoers/group_plugin.c:
3031: Make this compile correctly when no dlopen is available.
3032: [57643879bd2b]
3033:
3034: 2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
3035:
3036: * plugins/sudoers/check.c:
3037: Having a timestamp file defined is no longer indicative of tty
3038: tickets being enabled. Check def_tty_tickets directly.
3039: [efcc11ad157f]
3040:
3041: * src/exec_pty.c, src/sudo.h, src/ttysize.c:
3042: Fix TCGETWINSZ compat.
3043: [da3a8b17cf7a]
3044:
3045: 2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
3046:
3047: * src/exec_pty.c, src/ttysize.c:
3048: Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
3049: [926492dd10a6]
3050:
3051: 2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
3052:
3053: * plugins/sudoers/sudoers.c, src/sudo.c:
3054: Move set_project() from sudoers module into sudo proper.
3055: [beabafac03b4]
3056:
3057: * configure, configure.in:
3058: Fix typo and regenerate
3059: [4a3caf4234f3]
3060:
3061: * plugins/sudoers/ldap.c:
3062: When iterating over returned LDAP entries, keep looking at remaining
3063: matches even if we have a positive match. This catches negative
3064: matches that may exist in other entries and more closely match the
3065: sudoers file behavior.
3066: [f47db6e609b0]
3067:
3068: * pp:
3069: Add support for multiple package instances on Solaris.
3070: [7f2a8b942545]
3071:
3072: * src/exec.c:
3073: Add missing signal_pipe[0] to fdsr for the non-pty case.
3074: [79d01e11b19c]
3075:
3076: * mkpkg:
3077: Add --with-project for Solaris
3078: [ffa4c2bb93f7]
3079:
3080: * README:
3081: Need ar and ranlib too
3082: [5c2f679172ef]
3083:
3084: 2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
3085:
3086: * plugins/sudoers/env.c:
3087: Preserve ODMDIR environment variable by default on AIX.
3088: [bd47cb1e804f]
3089:
3090: 2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
3091:
3092: * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
3093: config.h.in, configure, configure.in, plugins/sample/Makefile.in,
3094: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
3095: plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
3096: plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
3097: src/preload.c:
3098: Add dlopen() emulation for systems without it. For HP-UX 10, emulate
3099: using shl_load(). For others, link sudoers plugin statically and use
3100: a lookup table to emulate dlsym().
3101: [e92edfb3c642]
3102:
3103: 2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
3104:
3105: * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
3106: compat/nanosleep.c, compat/utimes.c:
3107: When including compat headers, use the compat dir as part of the
3108: path so we are sure to get the correct header.
3109: [6c2a45da6af5]
3110:
3111: 2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
3112:
3113: * plugins/sudoers/linux_audit.c:
3114: Ignore ECONNREFUSED from audit_log_user_command() which will occur
3115: if auditd is not running.
3116: [d314fe4c8d03]
3117:
3118: 2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
3119:
3120: * pp:
3121: Sync with git version
3122: [1c0357744222]
3123:
3124: 2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
3125:
3126: * common/fileops.c, plugins/sudoers/defaults.c:
3127: Cast isblank argument to unsigned char.
3128: [c822dbb3ca54]
3129:
3130: 2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
3131:
3132: * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
3133: doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
3134: Implement --with-umask-override configure flag.
3135: [863e3047df22]
3136:
3137: * plugins/sudoers/env.c:
3138: Take MODE_LOGIN_SHELL into account when initially setting reset_home
3139: instead of special-casing it later.
3140: [5d6b16480fd6]
3141:
3142: * plugins/sudoers/sudoers.c:
3143: In login mode, make a copy of the runas user's pw_shell for
3144: NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
3145: freed before exec.
3146: [1d1ccb568dfa]
3147:
3148: * plugins/sudoers/env.c:
3149: Reset HOME for "sudo -i" even if HOME was listed in env_keep.
3150: [c1c1c65a2d63]
3151:
3152: * src/sudo.c:
3153: Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
3154: [7443454e5f88]
3155:
3156: * src/sudo.c:
3157: Reset signal mask at sudo startup time; we need to be able to rely
3158: on normal signal delivery to control the child process.
3159: [95800163ff94]
3160:
3161: 2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
3162:
3163: * install-sh:
3164: Use sed instead of expr to split a flag from its argument. Fixes a
3165: problem with expr interpreting its arguments as a flag when they
3166: start with a dash.
3167: [736065e14301]
3168:
3169: * common/lbuf.c:
3170: Do not need sys/time.h after all
3171: [91f6f668ccda]
3172:
3173: * common/lbuf.c:
3174: Include sys/time.h for utimes() and struct timeval. No longer need
3175: ioctl.h or termios.h
3176: [2d75273d3213]
3177:
3178: * compat/snprintf.c:
3179: Quiet bogus compiler warnings.
3180: [fe252e1968f5]
3181:
3182: * include/missing.h:
3183: Declare innetgr() for HP-UX which is missing a declaration. Declare
3184: domainname() for HP-UX and Solaris which are missing a declaration.
3185: [b37c50751138]
3186:
3187: * plugins/sudoers/bsm_audit.c:
3188: Use __sun for consistency with the rest of the sources.
3189: [6b086b61ccb6]
3190:
3191: * plugins/sudoers/group_plugin.c:
3192: Quiet a bogus compiler warning.
3193: [ebc069842c4a]
3194:
3195: * plugins/sudoers/pwutil.c:
3196: Don't try to delref a NULL group.
3197: [f6ff0838be21]
3198:
3199: * common/alloc.c, common/lbuf.c:
3200: Include memory.h on systems that need it.
3201: [4e676da81c6f]
3202:
3203: 2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
3204:
3205: * src/exec.c:
3206: Quiet gcc warnings on glibc systems that use warn_unused_result for
3207: write(2).
3208: [0532da0b7cf7]
3209:
3210: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3211: sudo_plugin is in section 8; from Ted Percival
3212: [b4506a0de87e]
3213:
3214: * plugins/sudoers/Makefile.in:
3215: testsudoers depends on libsudoers.la, not sudoreplay
3216: [cdb1cc3bf06a]
3217:
3218: 2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
3219:
3220: * src/exec.c:
3221: Read as many signals on the signal pipe as we can before returning.
3222: [b181671da047]
3223:
3224: * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
3225: Instead of using a array to store received signals, open a pipe and
3226: have the signal handler write the signal number to one end and
3227: select() on the other end. This makes it possible to handle signals
3228: similar to I/O without race conditions.
3229: [ee84d65c16b6]
3230:
3231: 2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
3232:
3233: * doc/visudo.pod, plugins/sudoers/visudo.c:
3234: Make "visudo -c -f -" check the standard input.
3235: [195a3d2a9a26]
3236:
3237: * doc/sudoers.pod:
3238: set_home and always_set_home have an effect if HOME is present in
3239: the env_keep list.
3240: [159d0b9dc5c8]
3241:
3242: * plugins/sudoers/env.c:
3243: Make -H flag work when HOME is listed in env_keep. Also makes
3244: "set_home" and "always_set_home" override override HOME in env_keep.
3245: [a3e5b966193f]
3246:
3247: 2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
3248:
3249: * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
3250: plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
3251: plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
3252: plugins/sudoers/visudo.c, src/net_ifs.c:
3253: Convert sudoers plugin to use interface list passed in settings.
3254: [87d9b5f4f586]
3255:
3256: * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
3257: src/parse_args.c, src/sudo.h:
3258: Query local network interfaces in the main sudo driver and pass to
3259: the plugin as "network_addrs" in the settings list.
3260: [7f35bcfe77a7]
3261:
3262: * plugins/sudoers/bsm_audit.c:
3263: Solaris BSM audit return EINVAL when auditing is not enabled,
3264: whereas OpenBSM returns ENOSYS.
3265: [411b980ec58b]
3266:
3267: 2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
3268:
3269: * compat/fnmatch.c:
3270: missing.h should come before most local includes
3271: [53921a7b8b5b]
3272:
3273: * plugins/sudoers/sudoreplay.c:
3274: missing.h should come before most local includes
3275: [e9abb0db1aac]
3276:
3277: * plugins/sudoers/sudoers.h:
3278: Make local includes consistent; use double quotes for local includes
3279: except for generated ones where we use angle brackets.
3280: [09de4faa9547]
3281:
3282: * plugins/sudoers/sudoers.c:
3283: Always fill in NewArgv for audit code.
3284: [7c3aca60519f]
3285:
3286: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3287: Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
3288: [007cf6560f92]
3289:
3290: * common/alloc.c, common/atobool.c, common/fileops.c,
3291: common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
3292: common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
3293: compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
3294: compat/getprogname.c, compat/glob.c, compat/isblank.c,
3295: compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
3296: compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
3297: compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
3298: compat/unsetenv.c, compat/utimes.c, include/compat.h,
3299: plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
3300: plugins/sample_group/plugin_test.c,
3301: plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
3302: plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
3303: plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
3304: plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
3305: plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
3306: plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
3307: src/sudo_noexec.c, src/ttysize.c:
3308: Make local includes consistent; use double quotes for local includes
3309: except for generated ones where we use angle brackets. Also g/c
3310: unused compat.h.
3311: [e57070dc8f04]
3312:
3313: 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
3314:
3315: * plugins/sudoers/match.c:
3316: When matching the runas user and runas group (-u and -g command line
3317: options), keep track of runas group and runas user matches
3318: separately. Only return a positive match if we have a match for
3319: both runas user and runas group (if specified).
3320: [815219e04cc8]
3321:
3322: 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
3323:
3324: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
3325: Add support for multiple URI lines by joining the contents and
3326: passing the result to ldap_initialize.
3327: [a47cae3b72e8]
3328:
3329: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
3330: Do not return -1 on error from the display functions; the caller
3331: expects a return value >= 0.
3332: [101456a7dd00]
3333:
3334: * plugins/sudoers/sudoers.c:
3335: Do not set both MODE_EDIT and MODE_RUN
3336: [8faa36694d54]
3337:
3338: 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
3339:
3340: * include/missing.h:
3341: Move includes to the top of the file.
3342: [a51436798e8c]
3343:
3344: 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
3345:
3346: * plugins/sudoers/Makefile.in:
3347: Add missing definition of timedir
3348: [458a749c2c5e]
3349:
3350: * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
3351: compat/mksiglist.c, compat/strsignal.c,
3352: plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
3353: Add #include of sys/types.h for .c files that include missing.h to
3354: be sure that size_t and ssize_t are defined.
3355: [08e3132dbf4f]
3356:
3357: * plugins/sudoers/Makefile.in:
3358: Install sudoers file from the build dir not hte src dir.
3359: [ca89e962dbf4]
3360:
3361: 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
3362:
3363: * plugins/sudoers/set_perms.c:
3364: If runas_pw changes, reset the stashed runas aux group vector.
3365: Otherwise, if runas_default is set in a per-command Defaults
3366: statement, the command runs with root's aux group vector (i.e. the
3367: one that was used when locating the command).
3368: [24f9107cedd2]
3369:
3370: * plugins/sudoers/Makefile.in:
3371: Add target to generate sudoers file Remove generated sudoers file as
3372: part of distclean
3373: [fb7422e90f03]
3374:
3375: 2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
3376:
3377: * src/exec.c:
3378: When not logging I/O install a handler for SIGCONT and deliver it to
3379: the command upon resume. Fixes bugzilla #431
3380: [495dce52a5aa]
3381:
3382: 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
3383:
3384: * plugins/sudoers/sudoers.h:
3385: g/c unused auth_pw extern definition
3386: [40eb7477ba17]
3387:
3388: * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
3389: Move get_auth() into check.c where it is actually used.
3390: [e31db0ce3a61]
3391:
3392: 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
3393:
3394: * common/lbuf.c:
3395: Convert a remaining puts() and putchar() to use the output function.
3396: [d69e363a506b]
3397:
3398: * plugins/sudoers/plugin_error.c:
3399: Plug memory leak
3400: [68895469ea8d]
3401:
3402: 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
3403:
3404: * plugins/sudoers/env.c:
3405: Set dupcheck to TRUE when setting new HOME value if !env_reset but
3406: always_set_home is true. Prevents a duplicate HOME in the
3407: environment (old value plus the new one) introduced in f421f8827340.
3408: [9ca19183794f]
3409:
3410: * configure, configure.in, plugins/sudoers/sudoers,
3411: plugins/sudoers/sudoers.in:
3412: Substitute sysconfdir in the installed sudoers file to get the
3413: correct path for sudoers.d.
3414: [86072b6cd55d]
3415:
3416: 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
3417:
3418: * src/get_pty.c:
3419: Fix typo that prevented compilation on Irix; Friedrich Haubensak
3420: [b48be51b65fc]
3421:
3422: 2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
3423:
3424: * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
3425: common/atobool.c, common/fileops.c, common/fmt_string.c,
3426: common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
3427: compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
3428: compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
3429: compat/getprogname.c, compat/glob.c, compat/isblank.c,
3430: compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
3431: compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
3432: compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
3433: compat/unsetenv.c, compat/utimes.c, include/compat.h,
3434: include/missing.h, plugins/sample/sample_plugin.c,
3435: plugins/sample_group/getgrent.c,
3436: plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
3437: plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
3438: plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
3439: plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
3440: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
3441: plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
3442: src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
3443: Merge compat.h and missing.h into missing.h
3444: [572909ae9716]
3445:
3446: 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
3447:
3448: * plugins/sudoers/auth/pam.c:
3449: If the user hits ^C while a password is being read, error out before
3450: reading any further passwords in the pam conversation function.
3451: Otherwise, if multiple PAM auth methods are required, the user will
3452: have to hit ^C for each one.
3453: [23782631748c]
3454:
3455: 2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
3456:
3457: * plugins/sudoers/check.c:
3458: Update comment
3459: [a5296cb3a20a]
3460:
3461: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
3462: Document sudo_conv_t function and sudo_printf_t return values.
3463: [745c0017814c]
3464:
3465: * src/conversation.c:
3466: Make _sudo_printf return the number of characters printed on success
3467: like printf(3).
3468: [8eeefe8d7e77]
3469:
3470: 2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
3471:
3472: * plugins/sudoers/sudoers.c:
3473: sudoers.h includes sudo_plugin.h for us
3474: [cabe68e07807]
3475:
3476: * common/Makefile.in, common/gettime.c, compat/mkstemps.c,
3477: plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
3478: src/sudo_edit.c:
3479: Use gettimeofday() directly instead of via the gettime() wrapper.
3480: [7490426c99ae]
3481:
3482: * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
3483: compat/strerror.c, config.h.in, configure, configure.in,
3484: include/compat.h, include/missing.h, plugins/sudoers/logging.c,
3485: plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
3486: Remove some obsolete configure tests, ancient Unix systems are no
3487: longer supported.
3488: [2be6218c3a36]
3489:
3490: 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
3491:
3492: * sudo.pp:
3493: Set pp_kit_version and strip off patch level
3494: [aacfda1b676d]
3495:
3496: * sudo.pp:
3497: Better handling of versions with a patchlevel. For rpm and deb, use
3498: the patchlevel+1 as the release. For AIX, use the patchlevel as the
3499: 4th version number. For the rest, just leave the patchlevel in the
3500: version string.
3501: [638bd35f2346]
3502:
3503: 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
3504:
3505: * plugins/sudoers/auth/sudo_auth.c:
3506: For non-standalone auth methods, stop reading the password if the
3507: user enters ^C at the prompt.
3508: [82c2911bb264]
3509:
3510: * configure, configure.in, plugins/sudoers/Makefile.in,
3511: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
3512: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
3513: plugins/sudoers/pwutil.c:
3514: No need to look up shadow password unless we are doing password-
3515: style authentication. This moves the shadow password lookup to the
3516: auth functions that need it.
3517: [ba9e3eba2b72]
3518:
3519: * plugins/sudoers/sudoers.c:
3520: Retain final passwd/group refs until the policy close() function.
3521: Note that this doesn't get called in all cases so putting this in a
3522: cleanup function is probably better.
3523: [bbe214cb4119]
3524:
3525: * plugins/sudoers/check.c:
3526: Fix mismerge
3527: [395115f89dd6]
3528:
3529: * plugins/sudoers/check.c:
3530: When removing/resetting the timestamp file ignore the tty ticket
3531: contents.
3532: [b709f5667a0b]
3533:
3534: * plugins/sudoers/sudoers.c:
3535: delref sudo_user.pw, runas_pw and runas_gr immediately before we
3536: return.
3537: [4d67d15dfd3b]
3538:
3539: 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
3540:
3541: * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
3542: plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
3543: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
3544: Reference count cached passwd and group structs. The cache holds
3545: one reference itself and another is added by sudo_getgr{gid,nam} and
3546: sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
3547: group structs are persistent for now.
3548: [e544685523c3]
3549:
3550: * doc/UPGRADE:
3551: fix typo
3552: [e32f2d35e6c9]
3553:
3554: 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
3555:
3556: * plugins/sudoers/check.c:
3557: Do not produce a warning for "sudo -k" if the ticket file does not
3558: exist.
3559: [1598f6061b75]
3560:
3561: * plugins/sudoers/pwutil.c:
3562: Instead of caching struct passwd and struct group in the red-black
3563: tree, store a struct cache_item which includes both the key and
3564: datum. This allows us to user the actual name that was looked up as
3565: the key instead of the contents of struct passwd or struct group.
3566: This matters because the name in the database may not match what we
3567: looked up, due either to case folding or truncation (historically at
3568: 8 characters). Also mark the disabled calls to sudo_freepwcache()
3569: and sudo_freegrcache() as broken since we use cached data for things
3570: like set_perms() and the logging functions. Fixing this would
3571: require making a copy of the structs for user and runas or adding a
3572: reference count (better).
3573: [225d4a22f60e]
3574:
3575: * plugins/sudoers/Makefile.in:
3576: Fix path to mkinstalldirs
3577: [b4968379b12d]
3578:
3579: * plugins/sudoers/check.c, plugins/sudoers/logging.c,
3580: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
3581: src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
3582: Quiet gcc warnings on glibc systems that use warn_unused_result for
3583: write(2) and others.
3584: [c99f138960e0]
3585:
3586: 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
3587:
3588: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
3589: Add %option noinput
3590: [72b9cd49b4f1]
3591:
3592: * aclocal.m4, configure, configure.in:
3593: Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
3594: back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
3595: cross-compiling.
3596: [e385c176d0ee]
3597:
3598: 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
3599:
3600: * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
3601: Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
3602: and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
3603: [cf3e60d9c440]
3604:
3605: 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
3606:
3607: * pp:
3608: Update to latest version
3609: [32f93be33961]
3610:
3611: 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
3612:
3613: * sudo.pp:
3614: Let pp determine pp_aix_version itself.
3615: [7cf0245d84ed]
3616:
3617: * INSTALL, config.h.in, configure, configure.in, mkpkg,
3618: plugins/sudoers/sudoers.c:
3619: Add support for Ubuntu admin flag file and enable it when building
3620: Ubuntu packages.
3621: [00e27cff2dfb]
3622:
3623: * plugins/sudoers/sudoers, sudo.pp:
3624: Add commented out SuSE-like targetpw settings
3625: [4605d47b7413]
3626:
3627: * configure, configure.in:
3628: Only try to use +DAportable for non-GCC on hppa
3629: [75d0f284ccf7]
3630:
3631: * configure, configure.in:
3632: Prevent configure from adding the -g flag unless in devel mode
3633: [b1fd3f8d45c0]
3634:
3635: 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
3636:
3637: * sudo.pp:
3638: Go back to sudo-flavor to match existing packages and only use an
3639: underscore for those that need it.
3640: [d737069d1e1c]
3641:
3642: * sudo.pp:
3643: Use sudo_$flavor instead of sudo-$flavor since that causes the least
3644: amount of trouble for the various package managers.
3645: [71f547af35fc]
3646:
3647: * mkpkg:
3648: Fix handling of the ldap flavor Remove destdir unless --debug was
3649: specified Make distclean before running configure if there is a
3650: Makefile present
3651: [6316f08de7d3]
3652:
3653: * sudo.pp:
3654: Add back include file.
3655: [195627bf68b8]
3656:
3657: * mkpkg:
3658: Pass extra args on to configure on HP-UX, if we don't have the HP C
3659: compiler, disable zlib to prevent gcc from finding it in
3660: /usr/local/lib.
3661: [473efa0e2bac]
3662:
3663: * mkpkg:
3664: Use the HP ANSI C compiler on HP-UX if possible
3665: [fb249b6b175d]
3666:
3667: * plugins/sudoers/sudoreplay.c:
3668: Some getline() implementations (FreeBSD 8.0) do not ignore the
3669: length pointer when the line pointer is NULL as they should.
3670: [2410a1a3543c]
3671:
3672: * plugins/sudoers/sudoreplay.c:
3673: Don't need to check for *cp being non-zero, isdigit() will do that.
3674: [7df11ea8a487]
3675:
3676: * plugins/sudoers/sudoreplay.c:
3677: Add setlocale() so the command line arguments that use floating
3678: point work in different locales. Since sudo now logs the timing
3679: data in the C locale we must Parse the seconds in the timing file
3680: manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
3681: the number of seconds with the user's locale so if the decimal point
3682: is not '.' try using the locale-specific version.
3683: [4d385765f23b]
3684:
3685: * src/exec.c:
3686: Do I/O logging in the C locale so the floating point numbers in the
3687: timing file are not locale-dependent.
3688: [5961cec044ec]
3689:
3690: * plugins/sudoers/sudoreplay.c:
3691: Use errorx() not error() for thingsthat don't set errno.
3692: [0fe5e692af84]
3693:
3694: 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
3695:
3696: * pp:
3697: Better support for 1.2.3 style versions in Tru64 kits
3698: [997c549bb777]
3699:
3700: * sudo.pp:
3701: Add Tru64 kit support
3702: [e273a954f981]
3703:
3704: * pp:
3705: Remove apparently unnecessary use of sudo
3706: [be8840d85125]
3707:
3708: * Makefile.in, plugins/sudoers/Makefile.in:
3709: Create timedir as part of install-dirs target.
3710: [c736bc2fb14f]
3711:
3712: * src/exec_pty.c:
3713: Handle ENXIO from read/write which can occur when reading/writing a
3714: pty that has gone away.
3715: [fa2e8059879f]
3716:
3717: * plugins/sudoers/pwutil.c:
3718: sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
3719: [3a045475d5ee]
3720:
3721: * mkpkg:
3722: platform is a pp flag not a variable
3723: [12eba39a47c1]
3724:
3725: * Makefile.in, mkpkg, sudo.pp:
3726: Add simple arg parsing for mkpkg so we can set debug, flavor or
3727: platform.
3728: [ada839fe252d]
3729:
3730: * pp:
3731: Make rpm backend work on AIX 5.x
3732: [549a76d11393]
3733:
3734: 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
3735:
3736: * plugins/sudoers/sudoers:
3737: Add commented out Defaults entry for log_output
3738: [7e67d7588900]
3739:
3740: 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
3741:
3742: * doc/Makefile.in:
3743: Remove sudo docdir completely
3744: [dce8e82878ef]
3745:
3746: * doc/sample.sudo.conf:
3747: Add sample sudo.conf
3748: [aafdba3fc411]
3749:
3750: 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
3751:
3752: * plugins/sudoers/Makefile.in:
3753: Add PACKAGE_TARNAME for docdir
3754: [930c92b8f8f0]
3755:
3756: 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
3757:
3758: * src/Makefile.in:
3759: Pass install-sh -b~ here too.
3760: [c3f5eb446c38]
3761:
3762: * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
3763: plugins/sudoers/Makefile.in, src/Makefile.in:
3764: Install binary files with -b~ to make a backup. Fixes "text file
3765: busy" error on HP-UX during install.
3766: [81f306f54f8c]
3767:
3768: * install-sh:
3769: "mv -f" on HP-UX doesn't unlink the destination first so add an
3770: explicit rm before moving the temporary into place.
3771: [fb719a79582d]
3772:
3773: * configure, configure.in:
3774: Some more ${foo} -> $(foo) conversion for consistent Makefiles.
3775: [0aa098770074]
3776:
3777: * doc/Makefile.in, plugins/sudoers/Makefile.in:
3778: Install sudoers2ldif in the doc dir
3779: [33ac3b53d7f5]
3780:
3781: 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
3782:
3783: * pathnames.h.in:
3784: Add missing include of maillock.h for Solaris
3785: [5a58883be23a]
3786:
3787: * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE,
3788: doc/sample.syslog.conf, doc/sudoers.cat:
3789: Change the default syslog facility from local2 to authpriv (or auth
3790: if the operating system doesn't support authpriv).
3791: [3b70ba514f49]
3792:
3793: * Makefile.in, sudo.pp:
3794: Install sudoers as /etc/sudoers on RPM and debian systems where the
3795: package manager will not replace a user-modified configuration file.
3796: This fixes upgrades from the vendor sudo packages.
3797: [d886b6d60b5b]
3798:
3799: * pp:
3800: RPM: use %config(noreplace) instead of %config for volatile This
3801: results in the new file being installed with a .rpmnew suffix
3802: instead of the file being replaced and the old one renamed with a
3803: .rpmsave suffix.
3804: [58be2119f8e8]
3805:
3806: 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
3807:
3808: * compat/mkstemps.c, plugins/sudoers/boottime.c:
3809: Include time.h for struct timeval
3810: [ddf8b04f0276]
3811:
3812: * src/exec_pty.c:
3813: The return value of strsignal() may be const and should be treated
3814: as const regardless.
3815: [620074ae1e77]
3816:
3817: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3818: Mention that 127.0.0.1 will not match, nor will localhost unless
3819: that is the actual host name.
3820: [8b574122eb8f]
3821:
3822: * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE:
3823: Rename WHATSNEW -> NEWS
3824: [d1a2c8c47d89]
3825:
3826: * pp:
3827: Updated pp with latest patches
3828: [98e16b9b8f62]
3829:
3830: * WHATSNEW:
3831: Sync with 1.7.4
3832: [65ac4dafeef7]
3833:
3834: * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
3835: plugins/sudoers/sudoers:
3836: Add commented out line to add HOME to env_keep and add a warning to
3837: the note about the HOME change in UPGRADE.
3838: [0d6a775bb6c8]
3839:
3840: 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
3841:
3842: * plugins/sudoers/sudoreplay.c:
3843: Add LINE_MAX define for those without it.
3844: [446d9dbe7859]
3845:
3846: * INSTALL, WHATSNEW, config.h.in, configure, configure.in,
3847: doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
3848: plugins/sudoers/defaults.c:
3849: The tty_tickets option is now on by default.
3850: [a01c48206d80]
3851:
3852: * WHATSNEW:
3853: Mention that AIX authdb support has been fixed.
3854: [87bd7f4eba6a]
3855:
3856: * common/aix.c:
3857: setauthdb() only sets the "old" registry if it was set by a previous
3858: call to setauthdb(). To restore the original value, passing NULL
3859: (or an empty string) to setauthdb() is sufficient.
3860: [470da190a254]
3861:
3862: 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
3863:
3864: * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod,
3865: doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
3866: plugins/sudoers/env.c:
3867: Reset HOME when env_reset is enabled unless it is in env_keep
3868: [f421f8827340]
3869:
3870: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3871: The default for set_logname has been "true" for some time now.
3872: [f489da5674c3]
3873:
3874: * plugins/sudoers/boottime.c:
3875: Add missing include of time.h
3876: [624d7014932f]
3877:
3878: * plugins/sudoers/logging.c:
3879: Fix check for dup2() return value.
3880: [140ea2d50d20]
3881:
3882: * plugins/sudoers/env.c:
3883: Add PYTHONUSERBASE to initial_badenv_table
3884: [3149aae5b12c]
3885:
3886: * plugins/sudoers/visudo.c:
3887: Treat an unknown defaults entry as a parse error.
3888: [b3ebad73efb2]
3889:
3890: * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
3891: Check return value of setdefs() but don't stop setting defaults if
3892: we hit an unknown one.
3893: [945e752239ab]
3894:
3895: * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in,
3896: doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
3897: doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in,
3898: plugins/sudoers/env.c:
3899: If env_reset is enabled, set the MAIL environment variable based on
3900: the target user unless MAIL is explicitly preserved in sudoers.
3901: [a1b03e2e0e96]
3902:
3903: 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
3904:
3905: * pp:
3906: decode debian code names
3907: [8741280d9960]
3908:
3909: * WHATSNEW:
3910: fix typo
3911: [a8a19451110b]
3912:
3913: 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
3914:
3915: * WHATSNEW:
3916: Merge with 1.7.4
3917: [9348fa7e15b8]
3918:
3919: * src/sudo.c:
3920: Restore RLIMIT_NPROC after the uid switch if it appears that
3921: runas_setup() did not do it for us. Fixes a bash script problem on
3922: SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
3923: [786fb272e5fd]
3924:
3925: 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
3926:
3927: * mkpkg, pp, sudo.pp:
3928: Restore the dot removal in the os version reported by polypkg. Adapt
3929: mkpkg and sudo.pp to the change.
3930: [dcafdd53b88f]
3931:
3932: 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
3933:
3934: * INSTALL:
3935: document --with-pam-login
3936: [ea93e4c6873c]
3937:
3938: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
3939: The tag is NOSETENV, not UNSETENV. From Petr Uzel.
3940: [2ac90d8de36e]
3941:
3942: 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
3943:
3944: * sudo.pp:
3945: Include flavor in solaris package name
3946: [e605f6364c9f]
3947:
3948: * mkpkg:
3949: Older shells don't support IFS= so set explictly to space, tab,
3950: newline.
3951: [7773960bc8a0]
3952:
3953: * mkpkg:
3954: Use '=' not '==' in test
3955: [c99d42bc48e6]
3956:
3957: * mkpkg:
3958: Fix typo that prevented debian from matching
3959: [84421078fcb7]
3960:
3961: * mkpkg:
3962: Add missing prefix setting for debian
3963: [6466f23de4aa]
3964:
3965: * sudo.pp:
3966: Use tab indents to reduce the chance of problem with <<- Fix the
3967: debian %set section, pp does not set pp_deb_distro Uncomment %sudo
3968: line in sudoers for debian Uncomment some env_keep lines for RHEL,
3969: SLES and debian to more closely match the vendor sudoers files.
3970: Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
3971: debian for ldap flavor
3972: [c5b49feb1a0c]
3973:
3974: * plugins/sudoers/sudoers:
3975: Add commented out env_keep entries, sample Aliases and a %sudo line
3976: for debian.
3977: [387719e52d0f]
3978:
3979: * configure, configure.in:
3980: Move zlib check later on in the script to avoid a strange shell
3981: problem on SLES11.
3982: [1a3153bb1291]
3983:
3984: * configure.in:
3985: Remove check for egrep; configure has its own
3986: [a3b9d98cb5d2]
3987:
3988: 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
3989:
3990: * mkpkg:
3991: Enable zlib for linux distros
3992: [8fa51a1405a4]
3993:
3994: * mkpkg:
3995: Add ldap flavor to default build
3996: [97644f5a555f]
3997:
3998: * mkpkg, sudo.pp:
3999: Simplify rpm linux distro settings
4000: [b9dcf10cdf20]
4001:
4002: * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat:
4003: Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
4004: [2c549c1acde9]
4005:
4006: * Makefile.in:
4007: Fix ChangeLog creation from build dir
4008: [3d0c7904f173]
4009:
4010: * plugins/sudoers/sudoers.c:
4011: Handle getcwd() failure.
4012: [aef7bef87394]
4013:
4014: * doc/Makefile.in, mkpkg, sudo.pp:
4015: Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
4016: environment variable.
4017: [be6ed611b7a8]
4018:
4019: * sudo.pp:
4020: Create sudo group on debian
4021: [6ed6c032042e]
4022:
4023: * mkpkg, sudo.pp:
4024: Add debian 4/5/6 and use the dot when doing version matches
4025: [6bcb664d1f4f]
4026:
4027: * aclocal.m4, configure:
4028: Use a loop when searching for mv, sendmail and sh
4029: [d5e9369f8d13]
4030:
4031: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4032: Remove spurious "and"; from debian
4033: [a21e6f7c5b99]
4034:
4035: * aclocal.m4, configure, configure.in, doc/sudoers.cat,
4036: doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat,
4037: doc/visudo.man.in, doc/visudo.pod:
4038: Substitute the value of EDITOR into the sudoers and visudo manuals.
4039: [cd79e587dd7f]
4040:
4041: 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
4042:
4043: * mkpkg, pp, sudo.pp:
4044: Initial support for debian 4.0
4045: [ac6707915fa8]
4046:
4047: * mkpkg:
4048: Some platforms need -fPIE instead of -fpie
4049: [fd6be19e5bc2]
4050:
4051: * plugins/sudoers/auth/pam.c:
4052: Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
4053: On Linux it causes a DNS lookup via libaudit.
4054: [1e10105ade5b]
4055:
4056: * MANIFEST:
4057: Update MANIFEST to match packaging changes
4058: [ef86ee557b5b]
4059:
4060: * sudo.psf:
4061: We now use pp to generate HP-UX packages
4062: [f7aa8da7844e]
4063:
4064: * INSTALL.binary, plugins/sudoers/Makefile.binary.in:
4065: Remove vestiges of old binary package bits.
4066: [afffd005452f]
4067:
4068: * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in,
4069: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
4070: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
4071: src/Makefile.in:
4072: install-man -> install-doc
4073: [99b5fa05567c]
4074:
4075: * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg,
4076: plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp:
4077: Use http://rc.quest.com/topics/polypkg/ for packaging
4078: [5ca8eb75b223]
4079:
4080: * install-sh:
4081: Just ignore the -c option, it is the default Add support for -d
4082: option
4083: [a8b6b0a131e8]
4084:
4085: 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
4086:
4087: * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c:
4088: Use _PATH_STDPATH instead of _PATH_DEFPATH
4089: [137fa911908e]
4090:
4091: * plugins/sudoers/Makefile.in, src/Makefile.in:
4092: Do not strip binaries.
4093: [20166e287176]
4094:
4095: * INSTALL, configure, configure.in:
4096: Add --insults=disabled configure option to allow people to build in
4097: insult support but have the insults disabled unless explicitly
4098: enabled in sudoers.
4099: [523b8c552e90]
4100:
4101: * compat/mkstemps.c:
4102: Add prototype for gettime()
4103: [275eee40473b]
4104:
4105: * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c,
4106: plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
4107: plugins/sudoers/sudoers.h:
4108: Add support for a sudo-i pam.d file to be used for "sudo -i".
4109: Adapted from a RedHat patch.
4110: [06d34f16520b]
4111:
4112: 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
4113:
4114: * include/missing.h:
4115: Fix mkstemps() prototype
4116: [2421841e815b]
4117:
4118: * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c,
4119: config.h.in, configure, configure.in, include/missing.h,
4120: src/sudo_edit.c:
4121: Use mkstemps() instead of mkstemp() in sudoedit. This allows
4122: sudoedit to preserve the file extension (if any) which may be used
4123: by the editor (like emacs) to choose the editing mode.
4124: [d33172d2c086]
4125:
4126: 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
4127:
4128: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
4129: plugins/sudoers/ldap.c:
4130: TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
4131: TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
4132: code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
4133: should avoid disabling TLS_CHECKPEER is possible.
4134: [196622436212]
4135:
4136: 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
4137:
4138: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
4139: Make sudo_plugin format a bit more like a man page
4140: [048d596e32da]
4141:
4142: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4143: Add suport for negated user/host/command lists in a Defaults entry.
4144: E.g. Defaults:!baduser noexec
4145: [d41112cf0342]
4146:
4147: * Makefile.in, common/Makefile.in, compat/Makefile.in,
4148: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
4149: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
4150: src/Makefile.in:
4151: Add uninstall target
4152: [fea66ebf136a]
4153:
4154: * common/Makefile.in, compat/Makefile.in:
4155: Remove unused AR, SED and RANLIB variables
4156: [2ff9928bfdb3]
4157:
4158: * Makefile.in:
4159: Do not install sample plugins
4160: [5443b87bd1c3]
4161:
4162: 2010-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
4163:
4164: * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure,
4165: configure.in, plugins/sudoers/env.c:
4166: Now that sudoers is a dynamically loaded module we cannot override
4167: the libc environment functions because the symbols may already have
4168: been resolved via libc. Remove getenv/putenv/setenv/unsetenv
4169: replacements from sudoers and add replacements for setenv/unsetenv
4170: for systems that lack them.
4171: [3f2b43cb8851]
4172:
4173: * configure, configure.in, plugins/sudoers/Makefile.in:
4174: Link testsudoers with -ldl when needed
4175: [f79606f9fcd7]
4176:
4177: * plugins/sample_group/plugin_test.c:
4178: Remove unused time.h and add limits.h for PATH_MAX
4179: [3f5d0074d621]
4180:
4181: * doc/sudoers.ldap.pod:
4182: Fix typo.
4183: [bc855fd57397]
4184:
4185: 2010-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
4186:
4187: * plugins/sample_group/plugin_test.c:
4188: Do not depend on strlcpy/strlcat
4189: [6e7e2b5af051]
4190:
4191: * plugins/sample_group/plugin_test.c:
4192: Standalone test driver for sudoers group plugin.
4193: [eb1235fc3b8e]
4194:
4195: 2010-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
4196:
4197: * plugins/sudoers/group_plugin.c, src/load_plugins.c:
4198: Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging
4199: aid.
4200: [2a34e616229b]
4201:
4202: * plugins/sample_group/sample_group.c:
4203: Fix style nit in function declarations
4204: [ab87c7c76bf9]
4205:
4206: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4207: Document group_plugin syntax.
4208: [ed1faf72ddcb]
4209:
4210: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
4211: Document the sudoers group plugin.
4212: [f19a62dc8cfc]
4213:
4214: * INSTALL, MANIFEST, Makefile.in, config.h.in, configure,
4215: configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h,
4216: plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
4217: plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
4218: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
4219: plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c,
4220: plugins/sudoers/match.c, plugins/sudoers/nonunix.h,
4221: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
4222: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
4223: plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c:
4224: Replace built-in non-unix group support with a sudoers group plugin.
4225: Include a sample plugin that can read Unix-format group files.
4226: [8fc58ce0b1a8]
4227:
4228: * configure, configure.in, src/load_plugins.c:
4229: Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage.
4230: [5c491dddb8ef]
4231:
4232: 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
4233:
4234: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
4235: doc/sudoers.man.in, doc/sudoers.pod:
4236: Move sudoers-specific bits out of sudo(8) and into sudoers(5)
4237: [e8a5a5830cfe]
4238:
4239: * aclocal.m4, configure, configure.in:
4240: Substitute @io_logdir@ for the sudoers I/O log directory.
4241: [21a75ca7b0ab]
4242:
4243: 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
4244:
4245: * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
4246: common/atobool.c, common/fileops.c, common/fmt_string.c,
4247: common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
4248: compat/getgrouplist.c, compat/getline.c, compat/glob.c,
4249: compat/snprintf.c, config.h.in, configure, configure.in,
4250: include/fileops.h, plugins/sample/sample_plugin.c,
4251: plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
4252: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
4253: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
4254: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
4255: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
4256: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
4257: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
4258: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
4259: plugins/sudoers/boottime.c, plugins/sudoers/check.c,
4260: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
4261: plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
4262: plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
4263: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
4264: plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
4265: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
4266: plugins/sudoers/logging.c, plugins/sudoers/match.c,
4267: plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
4268: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
4269: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
4270: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4271: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
4272: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
4273: src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c,
4274: src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
4275: src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
4276: Set usrinfo for AIX Set adminstrative domain for the process when
4277: looking up user's password or group info and when preparing for
4278: execve(). Include strings.h even if string.h exists since they may
4279: define different things. Fixes warnings on AIX and others.
4280: [cf8b93e872c9]
4281:
4282: * Makefile.in:
4283: Add a separate all target for AIX make which was using the entire
4284: LHS (not just the first entry) of the first target as the implicit
4285: target.
4286: [a45b980a01ef]
4287:
4288: * plugins/sudoers/env.c:
4289: Do not rely on env.env_len when unsetting a variable, just use the
4290: NULL terminator.
4291: [ca6eb239c829]
4292:
4293: * plugins/sudoers/env.c:
4294: In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
4295: [7046ba7caa4e]
4296:
4297: 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
4298:
4299: * plugins/sudoers/vasgroups.c:
4300: Use warningx() instead of log_error() since the latter is not
4301: available to visudo or testsudoers. This does mean that they don't
4302: end up in syslog.
4303: [152b7c50f426]
4304:
4305: * plugins/sudoers/sudoers.c:
4306: Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
4307: closed the sudoers sources. From Quest sudo.
4308: [c1cd573bab94]
4309:
4310: * plugins/sudoers/pwutil.c:
4311: Ignore case when matching user/group names in the cache. From Quest
4312: sudo.
4313: [2aa4ecc7d7f5]
4314:
4315: 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
4316:
4317: * config.h.in, configure, configure.in, src/selinux.c:
4318: Add check for setkeycreatecon() when --with-selinux is specified.
4319: [affae247b4e0]
4320:
4321: * configure, configure.in:
4322: Error out if libaudit.h is missing or ununable when --with-linux-
4323: audit was specified
4324: [d82e743fac04]
4325:
4326: * doc/HISTORY, doc/history.pod:
4327: Add =head3 entries, mostly for the html version
4328: [ee93112d0308]
4329:
4330: 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
4331:
4332: * doc/HISTORY, doc/history.pod:
4333: Mention when LDAP was incorporate.
4334: [2923dc17f79c]
4335:
4336: 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
4337:
4338: * configure, configure.in:
4339: Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
4340: not covered by _ALL_SOURCE.
4341: [c92fd69809d0]
4342:
4343: 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
4344:
4345: * plugins/sudoers/iolog.c:
4346: Add a cast to quiet a compiler warning.
4347: [a200e07ee1bc]
4348:
4349: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
4350: Quiet a compiler warning.
4351: [c9acfc927cea]
4352:
4353: * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
4354: Call set_fqdn() after sudoers has parsed instead of inline as a
4355: callback.
4356: [5f4e5d075f2d]
4357:
4358: * WHATSNEW, plugins/sudoers/sudoers.c:
4359: Do not call set_fqdn() until sudoers parses (where is gets run as a
4360: callback).
4361: [09040fca6d40]
4362:
4363: * WHATSNEW:
4364: mention the change in tty ticket behavior when there is no tty
4365: [575a1fd98f05]
4366:
4367: * plugins/sudoers/check.c:
4368: Do not update tty ticket if there is no tty.
4369: [63f9c33ce6a7]
4370:
4371: * doc/LICENSE, doc/license.pod:
4372: Update copyright year
4373: [0722ab5d404b]
4374:
4375: * doc/Makefile.in:
4376: Do not rely on BSD make's $>
4377: [936a86398bd9]
4378:
4379: * configure, configure.in:
4380: Set timedir to /var/db/sudo for darwin to match Apple sudo's
4381: location
4382: [d5b9b03096f1]
4383:
4384: 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
4385:
4386: * plugins/sudoers/sudoers.h:
4387: Add stub declarations for struct stat and struct timeval
4388: [f6d90551a4fd]
4389:
4390: * MANIFEST:
4391: Remove compat/sigaction.c
4392: [d0ed6d9a770e]
4393:
4394: * config.h.in, configure, configure.in, plugins/sudoers/defaults.c,
4395: plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
4396: Check for zlib.h in addition to libz.
4397: [6e191b4a6065]
4398:
4399: * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h,
4400: src/sudo_exec.h:
4401: Move functions and symbols shared between exec.c and exec_pty.c into
4402: sudo_exec.h.
4403: [14ae63403544]
4404:
4405: * doc/Makefile.in:
4406: Comment out rules to build .man.in and .cat files unless --with-
4407: devel
4408: [3cf7e5606a85]
4409:
4410: * doc/Makefile.in:
4411: Comment out rules to build .man.in and .cat files unless --with-
4412: devel
4413: [d30495b0e29e]
4414:
4415: * src/parse_args.c:
4416: Quote any non-alphanumeric characters other than '_' or '-' when
4417: passing a command to be run via the shell for the -s and -i options.
4418: [d633f74fe2d9]
4419:
4420: * doc/Makefile.in:
4421: Add back .man suffix
4422: [6e63b60a2739]
4423:
4424: * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in,
4425: plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
4426: plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
4427: plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
4428: src/selinux.c:
4429: Add Linux audit support.
4430: [5a2f445e0bd4]
4431:
4432: 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
4433:
4434: * plugins/sudoers/iolog.c:
4435: Remove an XXX
4436: [a170cbe651d1]
4437:
4438: * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
4439: plugins/sudoers/sudoreplay.c:
4440: Add -f (filter) option to sudoreplay to allow certain streams to be
4441: replayed and others ignored.
4442: [62e51b432ea1]
4443:
4444: * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
4445: src/tgetpass.c:
4446: Fix -A flag when askpass is specified in sudo.conf or if sudo
4447: doesn't need to read a password.
4448: [2e401e4a00e3]
4449:
4450: * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c,
4451: src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
4452: Clean up some XXXs
4453: [689f0b002d3d]
4454:
4455: * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
4456: doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
4457: Add support for multiple sudoers_base entries in ldap.conf. From
4458: Joachim Henke
4459: [e3e4a3c2bd5b]
4460:
4461: * config.h.in, configure, configure.in, plugins/sudoers/logging.c,
4462: src/exec_pty.c:
4463: remove setsid check, we require a POSIX system
4464: [cc73cb9e22c0]
4465:
4466: * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c,
4467: src/sudo.c, src/tgetpass.c:
4468: Check for dup2() failure.
4469: [5d46d66794f5]
4470:
4471: * config.h.in, configure, configure.in:
4472: Remove dup2() check, it is not optional.
4473: [5f1d56de4384]
4474:
4475: 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
4476:
4477: * WHATSNEW:
4478: sync with sudo 1.7.3
4479: [88e5c0bd6d59]
4480:
4481: * INSTALL:
4482: SunOS does not ship with an ANSI compiler
4483: [f13c85c67069]
4484:
4485: * INSTALL:
4486: Update OS specific notes. Delete some really ancient ones and move
4487: older ones to the end of the list.
4488: [59ce592c4c52]
4489:
4490: * README:
4491: Sudo can be downloaded from the web site too Mention "OS dependent
4492: notes" section in INSTALL
4493: [191871538984]
4494:
4495: * src/exec_pty.c, src/selinux.c:
4496: Call selinux_restore_tty() as part of cleanup() so it gets called
4497: from error()/errorx()
4498: [bb017da6b6da]
4499:
4500: * MANIFEST, doc/PORTING:
4501: Remove obsolete porting guide
4502: [321e35591344]
4503:
4504: * plugins/sudoers/interfaces.h, plugins/sudoers/match.c:
4505: Move union sudo_in_addr_un into interfaces.h
4506: [b2c8b19ee094]
4507:
4508: * doc/Makefile.in:
4509: Remove useless circular dependencies
4510: [5682181b59cf]
4511:
4512: * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
4513: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
4514: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
4515: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
4516: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
4517: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
4518: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c:
4519: Convert to ANSI C function declarations
4520: [a4f76927d034]
4521:
4522: * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c,
4523: common/zero_bytes.c, compat/charclass.h, compat/closefrom.c,
4524: compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c,
4525: compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c,
4526: compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
4527: compat/strlcpy.c, compat/timespec.h, compat/utime.h,
4528: compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod,
4529: include/alloc.h, include/error.h, include/lbuf.h, include/list.h,
4530: include/missing.h, pathnames.h.in, plugins/sudoers/alias.c,
4531: plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h,
4532: plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
4533: plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
4534: plugins/sudoers/defaults.h, plugins/sudoers/find_path.c,
4535: plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
4536: plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
4537: plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
4538: plugins/sudoers/logging.h, plugins/sudoers/match.c,
4539: plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c,
4540: plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
4541: plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
4542: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
4543: plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
4544: plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c,
4545: src/conversation.c, src/error.c, src/load_plugins.c,
4546: src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c,
4547: src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c:
4548: Update copyright year
4549: [26ac7991f7d8]
4550:
4551: * doc/Makefile.in:
4552: Fix commented DEVDOCS when not in devel mode.
4553: [e0a97eaf3793]
4554:
4555: * plugins/sudoers/match.c:
4556: Quiet a compiler warning.
4557: [b2a17ebd5d38]
4558:
4559: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
4560: Quiet a compiler warning.
4561: [687843bc593d]
4562:
4563: * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h:
4564: Make all functions in ldap.c static
4565: [b2111e89eeba]
4566:
4567: * doc/schema.ActiveDirectory:
4568: Updates from Alain Roy to provide better examples for importing the
4569: schema and to fix problems caused by Windows validating attributes
4570: which have not yet been added before committing the changes.
4571: [69f4c5ccaf89]
4572:
4573: 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
4574:
4575: * configure, configure.in, doc/Makefile.in, doc/sudo.cat,
4576: doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
4577: doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
4578: doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
4579: doc/visudo.cat, doc/visudo.man.in:
4580: Leave rules to build .man.in and .cat files uncommented but only
4581: make them part of the "all" rule in devel mode. Generate .cat files
4582: directly from .man.in instead of .man using default values in
4583: configure.in
4584: [c3054a44f6a5]
4585:
4586: * configure, configure.in:
4587: Bump sudo version to 1.8.0b1
4588: [8f79c85135e1]
4589:
4590: * configure, configure.in, src/sudo.c, src/sudo_usage.h.in:
4591: Print configure args with verbose version information.
4592: [1ce690660ed2]
4593:
4594: * TODO, plugins/sudoers/visudo.c:
4595: Remove tfd from struct sudoersfile; it is not used. Add prev pointer
4596: to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
4597: Use tq_append to append sudoers entries to the tail queue.
4598: [1743f9a286e4]
4599:
4600: 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
4601:
4602: * WHATSNEW:
4603: Describe tty timestamp improvements
4604: [e214e863a313]
4605:
4606: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4607: A comment character may not be part of a command line argument
4608: unless it is quoted with a backslash. Fixes parsing of:
4609: testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
4610: [ea2e990f85ed]
4611:
4612: * doc/sudoers.pod:
4613: Make this read a little bit better when passwd_timeout is 0.
4614: [39d362757f31]
4615:
4616: * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod:
4617: Attempt to handle a default password prompt timeout of zero more
4618: gracefully.
4619: [ea47d43acf5b]
4620:
4621: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4622: Do not override value of keepopen global, instead restore it to the
4623: value we pushed onto the stack when popping.
4624: [fe282e5a3402]
4625:
4626: * plugins/sudoers/Makefile.in:
4627: Add dependency for utility programs on libreplace and libcommon
4628: [2339aba64928]
4629:
4630: * compat/sigaction.c, config.h.in, configure.in, include/compat.h,
4631: plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
4632: src/exec.c, src/exec_pty.c, src/tgetpass.c:
4633: Remove sigaction emulation Use SA_INTERRUPT in sa_flags
4634: [7dd61f1bd8d2]
4635:
4636: * MANIFEST, config.h.in, configure, configure.in, include/missing.h:
4637: We don't use getgrouplist() at the moment so there's no need to
4638: provide a compat version.
4639: [1597536fbada]
4640:
4641: * TODO:
4642: sync with reality
4643: [9e1a874e7885]
4644:
4645: * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
4646: src/conversation.c, src/sudo.h, src/tgetpass.c:
4647: Fix visiblepw sudoers option; the plugin API portion still needs
4648: documenting
4649: [60b6933ef5e0]
4650:
4651: * src/sudo.c:
4652: Print sudo version as well.
4653: [987ed459b459]
4654:
4655: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
4656: Use sudo_printf for I/O log version Clarify policy plugin version
4657: string
4658: [5a58b7e8c80b]
4659:
4660: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
4661: plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c:
4662: Silence some compiler warnings
4663: [afb1eba90915]
4664:
4665: * src/load_plugins.c, src/tgetpass.c:
4666: Store askpass path in a global instead of uses setenv() which many
4667: systems lack.
4668: [b440bcc0e660]
4669:
4670: 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
4671:
4672: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
4673: doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4674: plugins/sudoers/check.c, plugins/sudoers/def_data.c,
4675: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
4676: plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c,
4677: plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c,
4678: src/tgetpass.c:
4679: Move askpass path specification from sudoers to sudo.conf.
4680: [5507ab867c26]
4681:
4682: * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
4683: Use a flag bit in struct command_details for selinux instead of a
4684: separate field.
4685: [c59ca4acded9]
4686:
4687: * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
4688: Implement background mode. If I/O logging we use pipes instead of a
4689: pty.
4690: [c07a4b356cbd]
4691:
4692: * compat/mksiglist.c, compat/strsignal.c, include/compat.h,
4693: src/exec.c, src/exec_pty.c, src/tgetpass.c:
4694: Move compat definition of NSIG to compat.h
4695: [ab0385467f25]
4696:
4697: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
4698: doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
4699: Mention plugins in the sudo manual and add some missing path
4700: substitution in the sudo_plugin manual.
4701: [570f831f47a3]
4702:
4703: * src/Makefile.in:
4704: Set _PATH_SUDO_CONF based on $(sysconfdir)
4705: [fde51869cf07]
4706:
4707: * common/lbuf.c, common/term.c, config.h.in, configure, configure.in,
4708: src/exec.c, src/exec_pty.c, src/ttysize.c:
4709: Require POSIX termios to build sudo
4710: [9ec6b41f3f95]
4711:
4712: * src/tgetpass.c:
4713: Ignore SIGPIPE for "sudo -S"
4714: [7ad27fde0c06]
4715:
4716: * src/tgetpass.c:
4717: Fix uninitialized variable in TGP_ECHO case and print a newline if
4718: the user interrupted password input.
4719: [ce19204d8dd4]
4720:
4721: * src/tgetpass.c:
4722: Make TGP_ECHO override TGP_MASK and don't try to restore the
4723: terminal if we didn't modify it.
4724: [a7e11abfe7e4]
4725:
4726: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4727: include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
4728: src/conversation.c, src/sudo.h, src/tgetpass.c:
4729: Add SUDO_CONV_PROMPT_MASK define which corresponds to the
4730: "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is
4731: set.
4732: [e0550590cabe]
4733:
4734: * src/exec_pty.c:
4735: Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
4736: [762448182fe3]
4737:
4738: 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
4739:
4740: * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
4741: Add selinux_enabled flag into struct command_details and set it in
4742: command_info_to_details(). Return an error from selinux_setup()
4743: instead of exiting. Call selinux_setup() from exec_setup().
4744: [011bea23a5a0]
4745:
4746: 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
4747:
4748: * src/exec_pty.c:
4749: Remove commented out copy of old sudo_execve() function.
4750: [9c5e21380472]
4751:
4752: 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
4753:
4754: * plugins/sudoers/sudoers.c:
4755: Fix setting selinux type on command line.
4756: [814b20a0b3be]
4757:
4758: * plugins/sudoers/iolog.c:
4759: In sudoers_io_close(), skip NULL io_fds[] elements.
4760: [4011ff7d4daf]
4761:
4762: * include/compat.h:
4763: No longer need NGROUPS_MAX define
4764: [cae4c49d7077]
4765:
4766: * compat/nanosleep.c, config.h.in, configure, configure.in,
4767: include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c,
4768: plugins/sudoers/visudo.c, src/sudo_edit.c:
4769: Replace timerfoo macros with timevalfoo since the timer macros are
4770: known to be busted on some systems.
4771: [4f97d79f2d41]
4772:
4773: * src/exec_pty.c:
4774: Remove duplicate call to selinux_setup().
4775: [82bd52764e21]
4776:
4777: * plugins/sudoers/auth/pam.c:
4778: If pam_open_session() fails, pass its status to pam_end.
4779: [1d8de4cf8ff3]
4780:
4781: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4782: If a file in a #includedir has improper permissions or owner just
4783: skip it. This prevents packages that incorrectly install a file
4784: into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
4785: #includedir files still result in a parse error (for now).
4786: [ade99a4549a4]
4787:
4788: * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
4789: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
4790: plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
4791: Add use_pty sudoers option to force use of a pty even when not
4792: logging I/O.
4793: [b280a8972a79]
4794:
4795: * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
4796: Make env_init() void as it never fails.
4797: [d3890e55daa7]
4798:
4799: * plugins/sudoers/env.c:
4800: No longer use _NSGetEnviron so don't need crt_externs.h
4801: [9b4e0e139881]
4802:
4803: * plugins/sudoers/env.c:
4804: Remove unused VNULL define
4805: [a42cacb263e3]
4806:
4807: 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
4808:
4809: * plugins/sudoers/iolog.c:
4810: Add #define for maximum session id
4811: [9e18c17a28c2]
4812:
4813: * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h:
4814: Split exec.c into exec.c and exec_pty.c
4815: [d52376327332]
4816:
4817: * MANIFEST:
4818: Sync with source file moves.
4819: [4a62c6c9e846]
4820:
4821: * src/Makefile.in, src/get_pty.c, src/pty.c:
4822: Rename pty.c -> get_pty.c
4823: [5696a12bd29b]
4824:
4825: 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
4826:
4827: * plugins/sudoers/iolog.c:
4828: Only use I/O input log file if def_log_input is set and output file
4829: if def_log_output is set.
4830: [d866992f1681]
4831:
4832: 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
4833:
4834: * compat/strsignal.c:
4835: Update copyright year
4836: [a96f2593fd4e]
4837:
4838: * src/pty.c:
4839: uid -> ttyuid
4840: [c3454d74ebcb]
4841:
4842: * plugins/sudoers/sudoers.c:
4843: For sudoedit, make a local copy of editor string si become part of
4844: argv. If no editor environment variable, split def_editor on ':'
4845: since it may be a colon-delimited path.
4846: [2ee298506a6e]
4847:
4848: * src/sudo_edit.c:
4849: Remove unneeded endpwent()/endgrent()
4850: [623f6743d101]
4851:
4852: * doc/Makefile.in:
4853: Use value of nroff from configure
4854: [b2ce649125ab]
4855:
4856: * src/exec.c:
4857: Add missing const to I/O log action function
4858: [d764a3955e04]
4859:
4860: * plugins/sudoers/check.c:
4861: Update copyright year and fix whitespace
4862: [e648c35b16be]
4863:
4864: * configure, configure.in:
4865: Fix typo
4866: [8e0bdfc47da4]
4867:
4868: * plugins/sudoers/iolog.c:
4869: Remove redundant tty signal blocking in log function.
4870: [f17f575dabd4]
4871:
4872: 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
4873:
4874: * plugins/sudoers/iolog.c:
4875: Place static keyword where it belongs
4876: [b01aec7c86b4]
4877:
4878: * plugins/sudoers/logging.c:
4879: Always use a printf format string for send_mail()
4880: [13b1ada644c9]
4881:
4882: * common/atobool.c, plugins/sudoers/ldap.c:
4883: Extend atobool() so we can use it in the LDAP code.
4884: [73f8e6807044]
4885:
4886: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
4887: Sudo now stashes tty ctime for tty_tickets on Solaris too.
4888: [e82df13ad3fd]
4889:
4890: * plugins/sudoers/boottime.c:
4891: Fix dummy version of get_boottime()
4892: [01d69c06013b]
4893:
4894: 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
4895:
4896: * plugins/sudoers/check.c:
4897: Enable tty_is_devpts() support for Solaris with the "devices"
4898: filesystem.
4899: [237c6b25fa84]
4900:
4901: * src/exec.c:
4902: Unbreak the non-io logging case.
4903: [4822b9f709fb]
4904:
4905: * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
4906: Fix symbol name conflict with sudo_printf.
4907: [0d44eab0a8f6]
4908:
4909: * plugins/sudoers/auth/pam.c:
4910: Fix OpenPAM detection for newer versions.
4911: [1b2abed232d8]
4912:
4913: * plugins/sudoers/vasgroups.c:
4914: Sync with Quest sudo git repo
4915: [f1d98b3cba02]
4916:
4917: * aclocal.m4, configure, configure.in:
4918: HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
4919: Add missing template for ENV_DEBUG Adapted from Quest sudo
4920: [695dbd7b28f4]
4921:
4922: * README.LDAP:
4923: Fix typos; from Quest Sudo
4924: [4eba9da33b8e]
4925:
4926: 2010-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
4927:
4928: * plugins/sudoers/Makefile.in:
4929: Add back -I$(top_srcdir); we need it for including compat/foo.h
4930: since we cannot rely on "foo.h" being found relative to the source
4931: file when the cwd is different.
4932: [bbf24695f325]
4933:
4934: * src/exec.c:
4935: Fix a bug where we could treat EAGAIN as a permanent error. Also set
4936: cstat if perform_io() returns an error.
4937: [200475c4326f]
4938:
4939: * common/alloc.c, plugins/sudoers/boottime.c,
4940: plugins/sudoers/sudoers.c:
4941: Add casts to quiet compiler warnings.
4942: [85eb1c336697]
4943:
4944: * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4945: plugins/sudoers/visudo.c:
4946: Fix typo in ternary operator usage.
4947: [6492ac1450e2]
4948:
4949: 2010-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
4950:
4951: * INSTALL, configure, configure.in:
4952: Add --enable-warnings and fix typo in SUDO_IO_LOGDIR
4953: [92121d693b30]
4954:
4955: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
4956: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
4957: Update docs to match sudoers I/O logging changes
4958: [18d651989e49]
4959:
4960: * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in,
4961: pathnames.h.in, plugins/sudoers/def_data.c,
4962: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
4963: plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
4964: plugins/sudoers/gram.h, plugins/sudoers/gram.y,
4965: plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
4966: plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
4967: plugins/sudoers/sudoreplay.c:
4968: Break sudoers transcript feature up into log_input and log_output.
4969: [db3c1248d2ad]
4970:
4971: * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4972: plugins/sudoers/visudo.c:
4973: Use setprogname() as needed.
4974: [6beee63a4553]
4975:
4976: * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
4977: Adapt sudoreplay to iolog changes.
4978: [581f52c05f0f]
4979:
4980: 2010-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
4981:
4982: * plugins/sudoers/iolog.c:
4983: Log all input and output into separate files and store a number on
4984: each timing file line to indicate which file the data is in.
4985: [fb460c5273dd]
4986:
4987: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
4988: plugins/sudoers/sudoers.h:
4989: Make sudoers_io functions static to iolog.c
4990: [b2df3cc3eecb]
4991:
4992: 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
4993:
4994: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
4995: src/sudo_usage.h.in:
4996: Completely remove the -L flag from the sudo front end.
4997: [3d220030b720]
4998:
4999: * plugins/sudoers/sudoreplay.c:
5000: Fix EAGAIN handling when writing to stdout.
5001: [4766d77cea49]
5002:
5003: * plugins/sudoers/sudoers.c:
5004: Eliminate unused variables
5005: [83bd711e79c4]
5006:
5007: * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c:
5008: Re-enable cleanup functions in sudoers plugin and sudo driver for
5009: error()/errorx().
5010: [43093f937dd8]
5011:
5012: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
5013: plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
5014: plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
5015: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
5016: Use sudo_printf to display verbose version information.
5017: [435cc9f8d4a2]
5018:
5019: * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
5020: plugins/sudoers/Makefile.in, src/Makefile.in:
5021: Minor Makefile cleanup: fix a typo, change the removal order in the
5022: clean targets, and remove a superfluous include path for the sudoers
5023: plugin.
5024: [6e3b2d6b4437]
5025:
5026: * plugins/sudoers/env.c:
5027: Handle duplicate variables in the environment. For unsetenv(), keep
5028: looking even after remove the first instance. For sudo_putenv(),
5029: check for and remove dupes after we replace an existing value.
5030: [c1bbb88d0435]
5031:
5032: 2010-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
5033:
5034: * plugins/sudoers/Makefile.in:
5035: Use explicit path to source file instead of $< for files that live
5036: in devdir and top_srcdir.
5037: [358ab7f6cc64]
5038:
5039: * plugins/sudoers/Makefile.in:
5040: Add explicit rules to compile gram.c and toke.c for HP-UX Pevent
5041: ending LIBSUDOERS_OBJS with a backslash
5042: [481a5c96d47e]
5043:
5044: * plugins/sudoers/Makefile.in, src/Makefile.in:
5045: Link libcommon before libreplace since libcommon may use functions
5046: only present in libreplace.
5047: [1847c496ff5b]
5048:
5049: * common/Makefile.in:
5050: Move code common to sudo and the sudoers plugin to a convenience
5051: library, libcommon. Removes the need to make links in the sudoers
5052: plugin dir and reduces re-compilation of duplicate object files.
5053: [4c8986352937]
5054:
5055: * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c,
5056: common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c,
5057: common/term.c, common/zero_bytes.c, configure, configure.in,
5058: plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
5059: src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c,
5060: src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c,
5061: src/zero_bytes.c:
5062: Move code common to sudo and the sudoers plugin to a convenience
5063: library, libcommon. Removes the need to make links in the sudoers
5064: plugin dir and reduces re-compilation of duplicate object files.
5065: [1d1d98bd55b9]
5066:
5067: * src/exec.c, src/sudo.c, src/sudo.h:
5068: Rename script_execve to sudo_execve and rename script_foo in exec.c
5069: [a35ec80de96a]
5070:
5071: * MANIFEST, src/Makefile.in, src/exec.c, src/script.c:
5072: rename script.c exec.c and fix up the MANIFEST file
5073: [36bc3bff9578]
5074:
5075: * src/script.c, src/sudo.c, src/sudo.h:
5076: Rename script_setup() to pty_setup() and call from script_execve()
5077: directly.
5078: [899b0fb2a14d]
5079:
5080: * configure, configure.in:
5081: bump version to 1.8.0a2
5082: [0b1c1ca9d4e5]
5083:
5084: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5085: Document init_session
5086: [b5324785a406]
5087:
5088: * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
5089: plugins/sudoers/auth/sudo_auth.h:
5090: Clean up the sudoers auth API a bit and update the docs.
5091: [c40fd4cb6e68]
5092:
5093: * include/sudo_plugin.h, plugins/sudoers/auth/pam.c,
5094: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
5095: plugins/sudoers/sudoers.h, src/script.c, src/sudo.c:
5096: Add init_session function to struct policy_plugin that gets called
5097: before the uid/gid/etc changes. A struct passwd pointer is passed
5098: in,which may be NULL if the user does not exist in the passwd
5099: database.The sudoers module uses init_session to open the pam
5100: session as needed.
5101: [d71723320ee8]
5102:
5103: 2010-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
5104:
5105: * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
5106: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c,
5107: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5108: Add open/close session to sudo auth, only used by PAM. This allows
5109: us to open (and close) the PAM session from sudoers.
5110: [2665e2920d0d]
5111:
5112: * plugins/sudoers/Makefile.in:
5113: Add explicit rule to build getdate.o for HP-UX make.
5114: [7f049e989956]
5115:
5116: * plugins/sudoers/Makefile.in:
5117: Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c
5118: rules as an alternate way to prevent HP-UX make (and others) from
5119: trying to rebuild the parser in non-dev mode.
5120: [f84badad98c5]
5121:
5122: * plugins/sudoers/sudoers.c:
5123: Re-enable PATH_MAX check for command
5124: [40d8a50da136]
5125:
5126: * Makefile.in:
5127: For distclean, clean the main directory last since the subdirs need
5128: to be able to run libtool to clean things.
5129: [8949a9861634]
5130:
5131: * compat/Makefile.in:
5132: Fix generation of mksiglist.h
5133: [b7cdc9b36650]
5134:
5135: * src/script.c:
5136: Now that we defer sending cstat until the end of script_child() we
5137: cannot reuse cstat when reading command status from parent.
5138: [25c882643466]
5139:
5140: 2010-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
5141:
5142: * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl,
5143: doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
5144: doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat,
5145: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
5146: Use numeric registers to handle conditionals instead of trying to do
5147: it all with text processing.
5148: [478079c3fd4b]
5149:
5150: * doc/sudoers.pod:
5151: Document per-command SELinux settings
5152: [13840d566805]
5153:
5154: * plugins/sudoers/sudoers.c:
5155: Repair "sudo -l -U username"
5156: [10a0dcdf2ddf]
5157:
5158: * plugins/sudoers/sudoers.c:
5159: Set selinux role and type in command details.
5160: [8ae6d35a126d]
5161:
5162: * src/script.c, src/selinux.c, src/sudo.h:
5163: Rework SELinux support.
5164: [83279cc94bf2]
5165:
5166: 2010-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
5167:
5168: * src/script.c, src/selinux.c, src/sudo.h:
5169: Make SELinux support compile again. Needs more work to be complete.
5170: [3d3addebcf82]
5171:
5172: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5173: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5174: src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c,
5175: src/sudo.h:
5176: Bring back closefrom settings.
5177: [b1c6257d4bbb]
5178:
5179: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
5180: plugins/sudoers/sudoers.h:
5181: If running a command or sudoedit in transcript mode, call
5182: io_nextid() before log_allowed() so the session id is logged.
5183: [c42f3ae40150]
5184:
5185: * configure, configure.in:
5186: Use mandoc(1) if nroff(1) is not present.
5187: [daad4bbd04af]
5188:
5189: * doc/Makefile.in:
5190: Use the --file argument to config.status instead of setting
5191: CONFIG_FILES in the environment.
5192: [c89411a8bf70]
5193:
5194: * plugins/sudoers/Makefile.in:
5195: We cannot conditionally update gram.h or the dependency ordering
5196: gets messed up in devel mode.
5197: [c938953231d9]
5198:
5199: 2010-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
5200:
5201: * Makefile.in, compat/Makefile.in, configure, configure.in,
5202: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
5203: plugins/sudoers/Makefile.in, src/Makefile.in:
5204: Substitute @SHELL@ into Makefiles
5205: [36aa6a095335]
5206:
5207: * config.sub:
5208: Fix typo
5209: [16d294d26b58]
5210:
5211: * config.guess, config.sub, configure, configure.in:
5212: Update to autoconf 2.65
5213: [4fa6ea8caea3]
5214:
5215: * Makefile.in:
5216: Fix libtool target (space vs. tabs)
5217: [755cf3892618]
5218:
5219: * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c:
5220: Remove use of RETSIGTYPE; all modern systems have signal handlers
5221: that return void.
5222: [42b4e3aee668]
5223:
5224: * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in,
5225: ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
5226: m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in,
5227: plugins/sudoers/Makefile.in, src/Makefile.in:
5228: Update to libtool-2.2.6b. I haven't made any local modifications
5229: this time, which should be OK since we install sudo_noexec.so by
5230: hand now.
5231: [6f79ced593bb]
5232:
5233: * compat/Makefile.in, plugins/sample/Makefile.in,
5234: plugins/sudoers/Makefile.in, src/Makefile.in:
5235: Use libtool to clean objects
5236: [1581057d6472]
5237:
5238: * include/Makefile.in:
5239: Install sudo_plugin.h as part of "make install" and make other
5240: install targets callable from the top-level Makefile
5241: [aaaeb027d774]
5242:
5243: * configure, configure.in:
5244: regen with autoupdate to eliminate AC_TRY_LINK
5245: [5d5541c230f5]
5246:
5247: * Makefile.in, compat/Makefile.in, configure, configure.in,
5248: doc/Makefile.in, plugins/sample/Makefile.in,
5249: plugins/sudoers/Makefile.in, src/Makefile.in:
5250: Install sudo_plugin.h as part of "make install" and make other
5251: install targets callable from the top-level Makefile
5252: [b258b8401b1c]
5253:
5254: * plugins/sample/sample_plugin.c:
5255: The sample plugin doesn't support being run with no args so return a
5256: usage error in this case.
5257: [473b3cf965be]
5258:
5259: * plugins/sudoers/iolog.c:
5260: Set close on exec flag for descriptors used for I/O logging so they
5261: are not present in the command being run.
5262: [2c7e8708df76]
5263:
5264: * plugins/sudoers/tsgetgrpw.c:
5265: Set close on exec flag in private versions of setpwent() and
5266: setgrent().
5267: [64fef78cb833]
5268:
5269: * src/script.c:
5270: Close the I/O pipes aftering dup2()ing them to std{in,out,err}.
5271: Fixes extra fds being present in the command when it is part of a
5272: pipeline.
5273: [060451617713]
5274:
5275: * plugins/sudoers/sudoers.c:
5276: Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it
5277: is used when logging). Note that user_ttypath will still be NULL if
5278: there is no tty.
5279: [31b69a6ecda7]
5280:
5281: * src/script.c, src/sudo.h:
5282: Cosmetic changes: add comments, remove orphaned prototype and
5283: make a global static.
5284: [f7851af0143e]
5285:
5286: 2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
5287:
5288: * src/script.c:
5289: Move check for maxfd == -1 to flush_output where it belongs.
5290: [b826a95b4491]
5291:
5292: * src/script.c:
5293: Break out of select loop if all the fds we want to select on are -1.
5294: [f5b387024238]
5295:
5296: * src/sudo.c:
5297: Avoid possible malloc(0) if plugin returns an empty groups list.
5298: [9765a8fe5ce7]
5299:
5300: * src/sudo.c:
5301: Add debugging info when calling plugin close function
5302: [95a273c7ff66]
5303:
5304: * src/script.c:
5305: Avoid closing stdin/stdout/stderr when we are piping output.
5306: [330e76423caf]
5307:
5308: * src/script.c:
5309: When execve() of the command fails, it is possible to receive
5310: SIGCHLD before we've read the error status from the pipe. Re-order
5311: things such that we send the final status at the very end and prefer
5312: error status over wait status.
5313: [b0dcf825244f]
5314:
5315: 2010-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
5316:
5317: * plugins/sudoers/auth/sudo_auth.c:
5318: Fix compilation for non PAM/BSD auth/AIX auth
5319: [e382b39d2e4f]
5320:
5321: 2010-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
5322:
5323: * src/script.c:
5324: Additional checks to make sure we don't close /dev/tty by mistake.
5325: When flushing, sleep in select as long as we have buffers that need
5326: to be written out.
5327: [8139cbd3dd54]
5328:
5329: * src/script.c:
5330: Now that we can use pipes for stdin/stdout/stderr there is no longer
5331: a need to error out when there is no tty. We just need to make sure
5332: we don't try to use the tty fd if it is -1.
5333: [666621635d26]
5334:
5335: 2010-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
5336:
5337: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5338: include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5339: plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c:
5340: Add argc and argv to I/O logger open function.
5341: [0d7faa007d27]
5342:
5343: * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h,
5344: plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
5345: src/parse_args.c, src/sudo.c, src/sudo_edit.c:
5346: Remove check_sudoedit function pointer in struct sudo_policy.
5347: Instead, sudo will set sudoedit=true in the settings array. The
5348: plugin should check for this and modify argv_out as appropriate in
5349: check_policy.
5350: [c0328e3276b8]
5351:
5352: 2010-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
5353:
5354: * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
5355: src/sudo_edit.c:
5356: If plugin sets "sudoedit=true" in the command info, enable sudoedit
5357: mode even if not invoked as sudoedit. This allows a plugin to
5358: enable sudoedit when the user runs an editor.
5359: [96d67b99e42e]
5360:
5361: 2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
5362:
5363: * plugins/sudoers/Makefile.in:
5364: gram.h must not depend on gram.y if we want to avoid unnecessary
5365: rebuilding of targets dependent on gram.h when gram.y changes.
5366: [9db4b767fdca]
5367:
5368: * plugins/sample/sample_plugin.c:
5369: Refactor common bits of check_policy and check_edit
5370: [ac4d366a04cf]
5371:
5372: * plugins/sample/sample_plugin.c:
5373: Add sudoedit support
5374: [a1a6cc4c0cef]
5375:
5376: 2010-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
5377:
5378: * plugins/sudoers/Makefile.in:
5379: Rely more on VPATH; fixes a dependency issue with the parser.
5380: [45e406ebdea2]
5381:
5382: * include/compat.h:
5383: Fix typo introduced in last commit
5384: [3ccb0f853d11]
5385:
5386: * include/compat.h:
5387: Emulate seteuid using setreuid() or setresuid() as needed. There are
5388: still a few places that call seteuid() directly.
5389: [36e8efa3a99d]
5390:
5391: * src/parse_args.c, src/sudo_edit.c:
5392: Attempt to fix building on systems that only have setuid.
5393: [8e9ba4083318]
5394:
5395: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5396: Clarify sudoedit a tad.
5397: [d39dfaa14ade]
5398:
5399: 2010-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
5400:
5401: * src/sudo_edit.c:
5402: Fix compilation on HP-UX
5403: [f6e47843d139]
5404:
5405: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5406: Document sudoedit
5407: [4cbf5196d993]
5408:
5409: * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
5410: Change how we handle the sudoedit argv. We now require that there
5411: be a "--" in argv to separate the editor and any command line
5412: arguments from the files to be edited.
5413: [20623d549a3c]
5414:
5415: * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5416: plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
5417: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
5418: src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c,
5419: src/sudo.h, src/sudo_edit.c:
5420: Work in progress support for sudoedit. The actual interface used by
5421: the plugin for sudoedit is likely to change.
5422: [c31262a31997]
5423:
5424: * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
5425: plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
5426: Make find_path() a little more generic by not checking def_foo
5427: variables inside it. Instead, pass in ignore_dot as a function
5428: argument.
5429: [9c23101a094d]
5430:
5431: * plugins/sudoers/env.c:
5432: Add version of getenv(3) that uses our own environ pointer.
5433: [0e3783e63534]
5434:
5435: 2010-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
5436:
5437: * src/script.c:
5438: Avoid a potential race condition if SIGCHLD is received immediately
5439: before we call select().
5440: [99adc5ea7f0a]
5441:
5442: * plugins/sudoers/sudoers.c:
5443: Call env_init() before we open the sudoers sources as those may call
5444: our setenv() replacement.
5445: [5f82601f5ab0]
5446:
5447: * plugins/sudoers/env.c:
5448: Initialize env_len in env_init()
5449: [7ae02b3029b5]
5450:
5451: 2010-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
5452:
5453: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
5454: Document time stamp shortcomings under SECURITY NOTES Use "time
5455: stamp" instead of timestamp.
5456: [2b86120815b2]
5457:
5458: * doc/Makefile.in:
5459: Make sed substitution of mansectsu and mansectform global.
5460: [94588632dba0]
5461:
5462: * plugins/sudoers/check.c:
5463: If the tty lives on a devpts filesystem, stash the ctime in the tty
5464: ticket file, as it is not updated when the tty is written to. This
5465: helps us determine when a tty has been reused without the user
5466: authenticating again with sudo.
5467: [0e62a31bceb0]
5468:
5469: * src/tgetpass.c:
5470: Fix pasto in mulitple signal fix and use _NSIG not NSIG since that
5471: is what our compat checks set.
5472: [df50f0a040c9]
5473:
5474: * configure, configure.in:
5475: Add check for whether sudo need to link with -ldl to get dlopen().
5476: This is a bit of a hack that will get reworked when libtool is
5477: updated.
5478: [63bdcf579533]
5479:
5480: * plugins/sudoers/check.c:
5481: Fix timestamp removal with -k/-K
5482: [6b4639fef973]
5483:
5484: * plugins/sudoers/Makefile.in:
5485: audit.c is now private to the sudoers plugin
5486: [1974f342ae0b]
5487:
5488: * configure, configure.in:
5489: Link with -lpthread on HP-UX since a plugin may be linked with
5490: -lpthread and dlopen() will fail if the shared object has a
5491: dependency on -lpthread but the main program is not linked with it.
5492: [d42139391263]
5493:
5494: * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c:
5495: Add separate test for getresuid() since HP-UX has setresuid() but no
5496: getresuid().
5497: [910fe727a374]
5498:
5499: * doc/Makefile.in:
5500: Remove errant backslash
5501: [dd5464257c69]
5502:
5503: * src/script.c:
5504: Fix SIGPIPE handling. Now that we use may use pipes for
5505: stdin/stdout we need to pass any SIGPIPE we receive to the running
5506: command.
5507: [3f6b1991f4fd]
5508:
5509: * src/script.c:
5510: Also start the command in the background if stdin is not a tty.
5511: [d93bc33a3740]
5512:
5513: 2010-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
5514:
5515: * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c:
5516: No need to use pseudo-cbreak mode now that we use pipes when stdout
5517: is not a tty. Instead, check whether stdin is a tty and if not,
5518: delay setting the tty to raw mode until the command tries to access
5519: it itself (and receives SIGTTIN or SIGTTOU).
5520: [e68315cf8c6b]
5521:
5522: * src/tgetpass.c:
5523: Use an array for signals received instead of a single variable so we
5524: don't lose any when there are multiple different signals.
5525: [2ac726dac864]
5526:
5527: * src/tgetpass.c:
5528: Do signal setup after turning off echo, not before. If we are using
5529: a tty but are not the foreground pgrp this will generate SIGTTOU so
5530: we want the default action to be taken (suspend process).
5531: [bebb6209c795]
5532:
5533: 2010-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
5534:
5535: * src/script.c:
5536: Flush the iobufs on suspend or child exit using the same logic as
5537: the main event loop.
5538: [c627feee1035]
5539:
5540: * src/script.c:
5541: Free memory after we are done with it.
5542: [8db9b611b45a]
5543:
5544: 2010-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
5545:
5546: * doc/HISTORY:
5547: Quest now sponsors Sudo development
5548: [6cc490083bc7]
5549:
5550: 2010-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
5551:
5552: * doc/Makefile.in:
5553: Install sudo_plugin man page.
5554: [c253729790b2]
5555:
5556: * src/script.c:
5557: Go back to reseting io_buffer offset and length (and now also the
5558: EOF handling) in the loop we do the FD_SET, not after we drain the
5559: buffer after write() since we don't know what order reads and writes
5560: will occur in.
5561: [5f38bfa8497f]
5562:
5563: * MANIFEST:
5564: audit files moved to sudoers plugin directory
5565: [b1ead182428e]
5566:
5567: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5568: Document plugin_printf and new logging functions.
5569: [fe9430b60ab5]
5570:
5571: * src/script.c:
5572: Add support for logging stdin when it is not a tty. There is still a
5573: bug where "cat | sudo cat" has problems because both cat and sudo
5574: are trying to read from the tty.
5575: [04c9c59fcfba]
5576:
5577: * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5578: plugins/sudoers/sudoers.c, src/script.c:
5579: Add separate I/O logging functions for tty in/out and
5580: stdin/stdout/stderr. NOTE: stdin logging does not currently work and
5581: is disabled for now.
5582: [a36dfd4ca935]
5583:
5584: 2010-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
5585:
5586: * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
5587: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
5588: plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
5589: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5590: src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
5591: Add pointer to a printf like function to plugin open functon. This
5592: can be used instead of the conversation function to display info and
5593: error messages.
5594: [98734eea8ef1]
5595:
5596: * Makefile.in:
5597: Stop if make in a subdir fails
5598: [228bb3ad2dbc]
5599:
5600: * src/script.c:
5601: Only set user's tty to blocking mode when doing the final flush.
5602: Flush pipes as well as pty master when the process is done.
5603: [20ff67218666]
5604:
5605: 2010-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
5606:
5607: * plugins/sudoers/ldap.c:
5608: Use print_error() when displaying ldap config info in debugging
5609: mode.
5610: [d142e0cacb22]
5611:
5612: * compat/Makefile.in, compat/strdup.c, compat/strndup.c:
5613: No longer need strdup() or strndup() replacements.
5614: [df53697174ec]
5615:
5616: * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
5617: plugins/sudoers/sudoers.h:
5618: Add print_error() function that uses the conversation function to
5619: print a variable number of error strings and use it in log_error().
5620: [b1fa2861b575]
5621:
5622: * src/script.c, src/sudo.h, src/term.c:
5623: Do not need the opost flag to term_copy() now that we use pipes for
5624: stdout/stderr when they are not a tty.
5625: [f42811f70a19]
5626:
5627: * src/script.c:
5628: Use pipes to the sudo process if stdout or stderr is not a tty.
5629: Still needs some polishing and a decision as to whether it is
5630: desirable to add additonal entry points for logging
5631: stdout/stderr/stdin when they are not ttys. That would allow a
5632: replay program to keep things separate and to know whether the
5633: terminal needs to be in raw mode at replay time.
5634: [1a945e0ab2da]
5635:
5636: 2010-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
5637:
5638: * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
5639: plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
5640: src/audit.c, src/bsm_audit.c, src/bsm_audit.h:
5641: Move audit sources into the sudoers plugin dir; the driver does not
5642: use them.
5643: [50ec36422cd0]
5644:
5645: * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c,
5646: compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c,
5647: plugins/sudoers/boottime.c, plugins/sudoers/getdate.c,
5648: plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
5649: plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c,
5650: src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c,
5651: src/term.c, src/ttysize.c:
5652: Use angle brackets when including headers that can only be found
5653: when an -I flag is specified. The files in the compat dir could get
5654: away with double quotes here but I've converted all the source files
5655: to use angle brackets for consistency.
5656: [9e30a8fc6d4b]
5657:
5658: * plugins/sudoers/Makefile.in:
5659: Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat
5660: dir can be found when building outside the source tree.
5661: [1150934b79dd]
5662:
5663: * plugins/sudoers/Makefile.in:
5664: Clean up links in distclean
5665: [78595028be8b]
5666:
5667: * plugins/sudoers/Makefile.in:
5668: Hack around VPATH semantic differences by symlinking files we need
5669: from ../../src into the current directory and build those. A better
5670: fix would be to either make a .a or .la file with those files in it
5671: or simply use a single, flat, Makefile instead of per-subdirs
5672: Makefiles.
5673: [892c332d3f05]
5674:
5675: * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c:
5676: fmt_string is used by the sudoers plugin too so do not include
5677: sudo.h (which is not really needed here anyway)
5678: [231c35e3941f]
5679:
5680: * compat/Makefile.in, plugins/sample/Makefile.in,
5681: plugins/sudoers/Makefile.in, src/Makefile.in:
5682: Fix building with non-BSD versions of make such as GNU make.
5683: Requires VPATH support, which should be in any non-neolithic make.
5684: [dc174f135919]
5685:
5686: * configure, configure.in, plugins/sudoers/Makefile.in,
5687: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
5688: src/Makefile.in:
5689: Re-enable bsm audit. Currently auditing is done within the sudoers
5690: plugin itself. If possible, this should really be done in the main
5691: driver but we don't presently have the needed data to do that. This
5692: will be re-evaluated when Linux audit support is added.
5693: [1d05a3236bfe]
5694:
5695: * compat/Makefile.in, plugins/sample/Makefile.in,
5696: plugins/sudoers/Makefile.in, src/Makefile.in:
5697: Remove extraneous $srcdir and use more .c.lo and .c.o rules instead
5698: of explicit rules in the dependency.
5699: [88f80efd25f0]
5700:
5701: * plugins/sudoers/visudo.c:
5702: Fix mismerge; alias_remove_recursive() now returns int
5703: [6257a4849641]
5704:
5705: 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
5706:
5707: * plugins/sudoers/visudo.c:
5708: Fix a crash when checking a sudoers file that has aliases that
5709: reference themselves. Based on a diff from David Wood.
5710: [545d194484a7]
5711:
5712: * src/script.c:
5713: Print signal info after restoring the tty mode, not before.
5714: [a68618e67435]
5715:
5716: * src/script.c:
5717: Defer call to alarm() until after we fork the child. Pass correct
5718: pid to terminate_child() If the command exits due to signal, set
5719: alive to false like we do when it exits normally. Add missing
5720: check for errpipe[0] != -1 before using it in FD_ISSET
5721: [22f0a1549391]
5722:
5723: 2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
5724:
5725: * plugins/sudoers/boottime.c:
5726: Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h
5727: [0e627170c6e8]
5728:
5729: 2010-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
5730:
5731: * src/Makefile.in:
5732: Simplify dependencies by using .c.o and .c.lo rules.
5733: [6abcaef5d1ac]
5734:
5735: * configure, configure.in, plugins/sudoers/Makefile.in,
5736: src/Makefile.in:
5737: Substitute in @PROGS@ into src/Makefile to add sesh
5738: [cc46d3b6208f]
5739:
5740: 2010-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
5741:
5742: * plugins/sudoers/sudoers.c:
5743: Add back calls to log_denial() if sudoers does not allow the
5744: command.
5745: [9783316207f0]
5746:
5747: * plugins/sudoers/sudoers.c:
5748: Pass in correct pwflag for list and validate.
5749: [973dd56d4b81]
5750:
5751: * plugins/sudoers/env.c:
5752: Add missing check for NULL in validate_env_vars
5753: [1d6eb6957824]
5754:
5755: * src/Makefile.in:
5756: Add sudo_noexec.la to "all" target, otherwise it only gets built at
5757: install time.
5758: [644a9694d2ef]
5759:
5760: * plugins/sudoers/sudoers.c:
5761: Only set sudo_user.env_vars if the env_add list is empty.
5762: [fccdf6f0e0e2]
5763:
5764: * plugins/sudoers/sudoers.c:
5765: Set sudo_user.env_vars so that environment variables specified on
5766: the command line get logged correctly.
5767: [9b51012c491e]
5768:
5769: * plugins/sudoers/env.c, plugins/sudoers/logging.c,
5770: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5771: Re-enable environment files and setting environment variables on the
5772: command line.
5773: [5662d5645dbd]
5774:
5775: 2010-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
5776:
5777: * plugins/sudoers/check.c:
5778: Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime()
5779: a pointer to time_t as tv_sec in struct timeval may be long.
5780: [4de0c46e788e]
5781:
5782: * plugins/sudoers/check.c:
5783: Don't stash ctime in on-disk tty ticket info for now; on many
5784: (most?) systems the ctime is updated when the tty is written to.
5785: Once I have a better idea of what systems do not update ctime on
5786: ttys (and have a way to test for this) the ctime stash will be
5787: conditionally re-enabled.
5788: [a90eeec0f648]
5789:
5790: 2010-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
5791:
5792: * MANIFEST, Makefile.in:
5793: Add back "dist" target, this time using a MANIFEST file
5794: [29277c05499f]
5795:
5796: * Makefile.in:
5797: Remove Makefile in distclean target
5798: [83d695f4f450]
5799:
5800: * Makefile.in, src/Makefile.in:
5801: Update clean and cleandir targets
5802: [ad7b2afeb9c1]
5803:
5804: * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c,
5805: src/sudo.h:
5806: Move fileops.c defines and prototypes to filesops.h
5807: [4545e9b6892d]
5808:
5809: * plugins/sudoers/check.c:
5810: Lock the tty timestamp when writing. We shouldn't have to lock when
5811: reading since the file is updated via a single write system call.
5812: [0c7276f02696]
5813:
5814: 2010-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
5815:
5816: * plugins/sudoers/alias.c, plugins/sudoers/check.c,
5817: plugins/sudoers/defaults.c, plugins/sudoers/find_path.c,
5818: plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c,
5819: plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c,
5820: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
5821: plugins/sudoers/logging.c, plugins/sudoers/match.c,
5822: plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
5823: plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
5824: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
5825: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
5826: plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c,
5827: plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
5828: Convert to ANSI C function declarations
5829: [9c45def57cf7]
5830:
5831: * plugins/sudoers/sudoers.h:
5832: Remove extraneous bits and classify by source file.
5833: [e8ea9f109ebb]
5834:
5835: * include/compat.h:
5836: Add timercmp macro for systems without it
5837: [d3bf87b1d08e]
5838:
5839: * plugins/sudoers/boottime.c, plugins/sudoers/check.c,
5840: plugins/sudoers/sudoers.h:
5841: get_boottime() now fills in a timeval struct
5842: [3573c3f44e11]
5843:
5844: * plugins/sudoers/check.c:
5845: Store info from stat(2)ing the tty in the tty ticket when tty
5846: tickets are in use. On most systems, this closes the loophole
5847: whereby a user can log out of a tty, log back in and still have the
5848: timestamp be valid.
5849: [53380f9f5242]
5850:
5851: * config.h.in, configure.in:
5852: Add timespec2timeval and use it when getting ctime/mtime
5853: [4cb7f7caec2c]
5854:
5855: 2010-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
5856:
5857: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c,
5858: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
5859: plugins/sudoers/testsudoers.c:
5860: Convert perm setting to push/pop model; still needs some work Use
5861: the stashed runas groups instead of using getgrouplist() Reset perms
5862: to the initial value on error
5863: [09c072ebde8b]
5864:
5865: * config.h.in, configure.in:
5866: fix ctim_get and mtim_get macros
5867: [58773dc1e360]
5868:
5869: * config.h.in, configure, configure.in, include/compat.h,
5870: plugins/sudoers/check.c, plugins/sudoers/gettime.c,
5871: plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c:
5872: Use timeval directly instead of converting to timespec when dealing
5873: with file times and time of day.
5874: [a0ce1ae00a67]
5875:
5876: * plugins/sudoers/Makefile.in:
5877: Don't like sudoreplay with libsudoers.la due to a yacc symbol
5878: conflict.
5879: [f1a59cc63a15]
5880:
5881: 2010-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
5882:
5883: * configure, configure.in:
5884: Darwin >= 9.x has real setreuid(2)
5885: [7ec942a64275]
5886:
5887: 2010-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
5888:
5889: * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
5890: Ansify env.c
5891: [f58551bad10a]
5892:
5893: * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
5894: plugins/sudoers/sudoers.h:
5895: Remove remaining references to the environ pointer.
5896: [96faa530816a]
5897:
5898: 2010-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
5899:
5900: * config.h.in, configure, configure.in, plugins/sudoers/env.c:
5901: Don't change the environ directly in the sudoers plugin
5902: [6db48ed3f7e0]
5903:
5904: 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
5905:
5906: * plugins/sudoers/sudoers.c:
5907: Fix typo
5908: [4aa452b07f8f]
5909:
5910: * plugins/sudoers/alias.c:
5911: Fix use after free in error message when a duplicate alias exists.
5912: [ce1d2812ee34]
5913:
5914: 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
5915:
5916: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5917: src/parse_args.c:
5918: Add a "noninteractive" boolean to the settings passed in to the
5919: plugin's open function that is set when the user specifies the -n
5920: flag.
5921: [68f8d9d6d4d0]
5922:
5923: * config.h.in, configure, configure.in, plugins/sudoers/env.c:
5924: Add workaround for the lack of the environ pointer on Mac OS X in
5925: dlopen()ed modules. Use of environ in the sudoers plugin should
5926: ultimately be removed but this will do for the moment.
5927: [80c61647434f]
5928:
5929: * plugins/sudoers/visudo.c:
5930: Set errorfile to the sudoers path if we set parse_error manually.
5931: This prevents a NULL dereference in printf() when checking a sudoers
5932: file in strict mode when alias errors are present.
5933: [45e249ca99f7]
5934:
5935: * plugins/sudoers/sudoers.c:
5936: Main sudo no longer print "unable to execute" on exec failure so do
5937: it here.
5938: [50aaf62b43b5]
5939:
5940: 2010-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
5941:
5942: * src/script.c:
5943: Use a pipe to pass back errno to the parent if execve() fails. If we
5944: get an error in script_child(), kill the command and exit.
5945: [dc3bf870f91b]
5946:
5947: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5948: src/parse_args.c, src/sudo.c:
5949: Handle plugin's open function returning -2 (usage error).
5950: [aadf900c1de8]
5951:
5952: * src/script.c:
5953: If execve() fails, leave it to the plugin to print an error string.
5954: [e25748f2d5b9]
5955:
5956: * src/script.c:
5957: If execve fails in logging mode, pass the errno directly to the
5958: grandparent on the backchannel and exit. The immediate parent will
5959: get SIGCHLD and try to report that status but its parent will no
5960: longer be listening. It would probably be cleaner to pass this over
5961: a pipe in script_child().
5962: [cb122acc81a8]
5963:
5964: * plugins/sudoers/sudoers.c:
5965: Don't override rval with results of check_user() unless it failed.
5966: [46fb7e87ac7d]
5967:
5968: 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
5969:
5970: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
5971: Fix typo
5972: [ccd0b693f3da]
5973:
5974: * src/parse_args.c:
5975: NULL-terminate env_add
5976: [2c534368a0c3]
5977:
5978: 2010-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
5979:
5980: * src/sudo.c:
5981: Call the I/O log open function before the I/O version function.
5982: [e88bf898990b]
5983:
5984: * plugins/sudoers/iolog.c:
5985: Remove io_conv and just use sudo_conv
5986: [a280052468eb]
5987:
5988: * plugins/sudoers/set_perms.c:
5989: Fix set/restore perms for systems w/o setresuid
5990: [4160517f6666]
5991:
5992: 2010-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
5993:
5994: * plugins/sudoers/check.c, plugins/sudoers/logging.c,
5995: plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
5996: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5997: Primitive set/restore permissions. Will be replaced by a push/pop
5998: model.
5999: [aae102290866]
6000:
6001: * src/script.c:
6002: Only need to take action on SIGCHLD in parent if no I/O logger. If
6003: there is an I/O logger we will receive ECONNRESET or EPIPE when we
6004: try to read from the socketpair.
6005: [e1e4560401f6]
6006:
6007: 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
6008:
6009: * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in,
6010: doc/sudoers.pod, plugins/sudoers/find_path.c:
6011: Merge fb4d571495fa from the 1.7 branch to trunk.
6012: [c8fb424ad4d2]
6013:
6014: 2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
6015:
6016: * src/script.c:
6017: Don't set SA_RESTART when registering SIGALRM handler. Do set
6018: SA_RESTART when registering SIGWINCH handler.
6019: [173472b76525]
6020:
6021: * doc/Makefile.in:
6022: Add dev targets for *.man.in and *.cat that don't specfify the
6023: $(srcdir) prefix.
6024: [b62f425da2e4]
6025:
6026: * src/script.c:
6027: If log_input or log_output returns false, terminate the command.
6028: [074f4c0c34a0]
6029:
6030: * src/script.c:
6031: Better signal handling. Instead of using a single variable to store
6032: the received signal, use an array so we can't lose a signal when
6033: multiple are sent. Fix process termination by SIGALRM in non-I/O
6034: logger mode. Fix relaying terminal signals to the child in non-I/O
6035: logger mode.
6036: [7a4723aca99d]
6037:
6038: * src/script.c:
6039: Fix a race between when we get the child pid in the parent and when
6040: the child process exits. The problem exhibited as a hang after a
6041: short-lived process, e.g. "sudo id" when no IO logger was enabled.
6042: [80bcc0aca70b]
6043:
6044: 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
6045:
6046: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6047: Add a note about the security implications of the fast_glob option.
6048: [c37a92ab7c93]
6049:
6050: 2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
6051:
6052: * config.h.in, configure, configure.in:
6053: Fix up some AC_DEFINE descriptions and regen config.h.in
6054: [f4655adc0db3]
6055:
6056: 2010-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
6057:
6058: * include/missing.h:
6059: No longer check for strdup or strndup for LIBOBJ replacement.
6060: [fdc764ee8109]
6061:
6062: * src/script.c:
6063: Avoid installing signal handlers that are io-logger specific. Fixes
6064: job control when no io logger is enabled.
6065: [0853dd0906d4]
6066:
6067: * doc/Makefile.in:
6068: Only regen man pages from pod when configured with --with-devel
6069: [ab1995f8103d]
6070:
6071: 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
6072:
6073: * Makefile, Makefile.in, configure, configure.in:
6074: Top-level Makefile.in. Nothing is currently substituted but this is
6075: needed for separate build dirs.
6076: [e80873cbd201]
6077:
6078: * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in,
6079: plugins/sudoers/Makefile.in, src/Makefile.in:
6080: Fix out-of-tree builds
6081: [59a35bef07b8]
6082:
6083: * Merge
6084: [386b848047e9]
6085:
6086: * doc/Makefile.in:
6087: We always install sudoreplay in 1.8
6088: [ce52ba6617c9]
6089:
6090: 2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
6091:
6092: * compat/siglist.in:
6093: SIGPOLL is sometimes the same as SIGIO (like on HP-UX)
6094: [6d69e1b05faf]
6095:
6096: 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
6097:
6098: * configure, configure.in:
6099: No need to provide strdup() or strndup(), sudo uses estrdup() and
6100: estrndup()
6101: [57ec23b72958]
6102:
6103: 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
6104:
6105: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
6106: Free str after using it in the version method. Use sudo_conv, not
6107: io_conv since we don't have the IO conversation function pointer in
6108: the I/O version method anymore now that io_open is delayed.
6109: [f2ed132adeb0]
6110:
6111: 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
6112:
6113: * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
6114: compat/siglist.in:
6115: Add license to mksiglist.c and note that the bits from pdksh are
6116: public domain
6117: [d8121a2467e8]
6118:
6119: * compat/Makefile.in:
6120: Fix LIBOBJDIR vs. srcdir wrt the siglist bits
6121: [164160148421]
6122:
6123: * plugins/sudoers/Makefile.in:
6124: Add sudoreplay testsudoers and visudo to clean target
6125: [138a17e51c0c]
6126:
6127: * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
6128: compat/siglist.in, compat/strsignal.c, configure, configure.in,
6129: include/missing.h, src/script.c:
6130: Create our own sys_siglist for systems without it for use by
6131: strsignal()
6132: [2e5da011ebc3]
6133:
6134: * compat/Makefile.in:
6135: Remove duplicate $(LIBOBJDIR)
6136: [adf9abc9432f]
6137:
6138: 2010-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
6139:
6140: * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c:
6141: Main sudo should not block signals; the plugin should do this in
6142: check_policy.
6143: [3f3736a7c5ed]
6144:
6145: 2010-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
6146:
6147: * src/script.c:
6148: Fix a sizeof(ptr) vs. sizeof(*ptr)
6149: [aa1bcf5afcce]
6150:
6151: * src/script.c:
6152: Unlike most operating systems, HP-UX select() is not interrupted by
6153: SIGCHLD when the signal is registered with SA_RESTART. If we clear
6154: SA_RESTART when calling sigaction() for SIGCHLD we get the expected
6155: behavior and the code in the select() loops already handles EINTR
6156: correctly.
6157: [9eba0115e35a]
6158:
6159: * compat/getprogname.c:
6160: progname should be const
6161: [130228f062b7]
6162:
6163: * plugins/sudoers/Makefile.in:
6164: Move --tag=disable-static to when we link sudoers.la, not when we
6165: install.
6166: [ceb5e6c3b78b]
6167:
6168: * src/load_plugins.c:
6169: Load the sudoers I/O plugin by default too now that it is hooked up.
6170: [ea38befd0742]
6171:
6172: 2010-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
6173:
6174: * src/pty.c:
6175: It looks like AIX doesn't need to push STREAMS modules for ptys.
6176: [22da618ba0a1]
6177:
6178: 2010-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
6179:
6180: * src/parse_args.c, src/sudo.c:
6181: Delay calling the I/O plugin open function until the policy plugin
6182: returns success.
6183: [f3297c325b48]
6184:
6185: 2010-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
6186:
6187: * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
6188: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
6189: plugins/sudoers/sudoers.h:
6190: Add back io logging (transcript) support. Currently, the open
6191: function runs too early and it is not possible to use the io module
6192: independently of the policy module.
6193: [9bd932f66226]
6194:
6195: * plugins/sudoers/set_perms.c:
6196: Comment out dead code; will be removed when set_perms is rewritten.
6197: [af7a995284f8]
6198:
6199: 2010-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
6200:
6201: * plugins/sudoers/sudoers.c:
6202: Fix off by one error when allocating user_groups.
6203: [6281fcf9c3bb]
6204:
6205: 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
6206:
6207: * configure, configure.in, plugins/sudoers/Makefile.in:
6208: Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris.
6209: [fbce3e9eda3a]
6210:
6211: * plugins/sudoers/sudoers.c:
6212: Fix typo in preserve groups case
6213: [1fd72024fb5a]
6214:
6215: * plugins/sudoers/sudoers.c:
6216: In command_info it is "runas_groups" not "groups".
6217: [5c64dce4f285]
6218:
6219: * src/sudo.c:
6220: Fix iteration over runas_groups list.
6221: [b3c45a0cd643]
6222:
6223: * configure, configure.in, plugins/sudoers/env.c,
6224: plugins/sudoers/match.c, src/script.c:
6225: Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch.
6226: [a8108a0776c2]
6227:
6228: * compat/getgrouplist.c:
6229: getgrouplist(3) for those without it
6230: [4ab4d21e3b16]
6231:
6232: * plugins/sudoers/sudoers.c:
6233: Set preserve_groups or groups list in command_info
6234: [1266119ad654]
6235:
6236: * src/sudo.c:
6237: Fix setting of groups list
6238: [e75315e40bd4]
6239:
6240: * config.h.in, configure, configure.in, include/compat.h,
6241: include/missing.h:
6242: Add checks for getgrset and getgrouplist and use replacement
6243: getgrouplist if the system doesn't support it.
6244: [a62b8ba50863]
6245:
6246: * src/parse_args.c:
6247: Pass in preserve_groups when the -P flag is specified as per the
6248: design
6249: [7420c5d15474]
6250:
6251: * plugins/sudoers/sudoers.c:
6252: Check preserve_groups and ignore_ticket args with atobool instead of
6253: assuming they are true if present.
6254: [71c905702697]
6255:
6256: 2010-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
6257:
6258: * plugins/sudoers/Makefile.in, plugins/sudoers/error.c,
6259: plugins/sudoers/plugin_error.c:
6260: Rename plugin-specific error.c to plugin_error.c Wire up visudo,
6261: sudoreplay and testsudoers in the build
6262: [9d581d5fa4d4]
6263:
6264: * src/Makefile.in, src/term.c:
6265: term.c does not needto include sudo.h
6266: [f6683cdcd2dd]
6267:
6268: * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
6269: doc/sudo_plugin.pod:
6270: Document the -2 return in the check_policy section too
6271: [e9cb4c34bbcf]
6272:
6273: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
6274: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6275: src/parse_args.c, src/sudo.c, src/sudo.h:
6276: Fix the -s and -i flags and add support for the "implied_shell"
6277: option. If the user does not specify a command, sudo will now pass
6278: in the path to the user's shell and set impied_shell=true. The
6279: plugin can them either check the command normally or return -2 to
6280: cause sudo to print a usage message and exit.
6281: [bf889c38f229]
6282:
6283: 2010-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
6284:
6285: * config.h.in, configure, configure.in, src/load_plugins.c:
6286: Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for
6287: Darwin where libraries end in .dylib but modules end in .so
6288: [2c56aaa38e21]
6289:
6290: * plugins/sudoers/parse.c:
6291: Better prefix determination now that we can't rely on len==0 to tell
6292: the beginning on an entry.
6293: [622bf18179e9]
6294:
6295: * plugins/sudoers/ldap.c:
6296: display_bound_defaults() stub should return 0, not 1 since it is a
6297: count, not a boolean.
6298: [0327a6c3d55d]
6299:
6300: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6301: Document progname in settings
6302: [42031d56a2e3]
6303:
6304: * compat/getprogname.c, include/compat.h,
6305: plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
6306: src/parse_args.c, src/sudo.c:
6307: Rewrite compat/getprogname.c and add setprogname(). The progname is
6308: now passed to the plugin via the settings array.
6309: [25d8663e6006]
6310:
6311: * configure, configure.in, plugins/sudoers/Makefile.in:
6312: Fix --with-ldap
6313: [b64b633f426d]
6314:
6315: * plugins/sudoers/sudo_nss.c:
6316: Add missing whitespace for Runas and Command-specific defaults
6317: [65f4ddf5545e]
6318:
6319: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
6320: plugins/sudoers/sudo_nss.c:
6321: Use embedded newlines in lbuf instead of multiple calls to
6322: lbuf_print.
6323: [eed3af9cc3e1]
6324:
6325: * src/lbuf.c:
6326: Add support for embedded newlines.
6327: [e11f79b18deb]
6328:
6329: 2010-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
6330:
6331: * compat/getprogname.c:
6332: If system doesn't support getprogname or __programe and we are
6333: building a shared object don't bother with Argc/Argv, just return
6334: "sudo"
6335: [aebde9062be7]
6336:
6337: * config.h.in, configure, configure.in, src/load_plugins.c:
6338: Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool
6339: appears to always install a shared object with the .so suffix.
6340: [f9bbd0c0e9d3]
6341:
6342: * compat/Makefile.in, configure, configure.in,
6343: plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
6344: src/Makefile.in:
6345: Play more nicely with libtool and let it build libreplace (was
6346: libmissing) for us.
6347: [a4c6ebb2495c]
6348:
6349: * include/missing.h:
6350: Include stdarg.h for va_list rather than requiring all consumers of
6351: missing.h to include stdarg.h themselves.
6352: [37382df948de]
6353:
6354: * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c,
6355: plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c,
6356: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
6357: src/parse_args.c:
6358: Pass in output function to lbuf_init() instead of writing to stdout.
6359: A side effect is that the usage info can now go to stderr as it
6360: should.
6361: [6d261261a072]
6362:
6363: 2010-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
6364:
6365: * include/lbuf.h, plugins/sudoers/sudo_nss.c,
6366: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
6367: src/parse_args.c, src/sudo.c:
6368: Use number of tty columns that is passed in user_info instead of
6369: getting it directly in the lbuf code.
6370: [8a16635c2638]
6371:
6372: * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
6373: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6374: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h,
6375: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
6376: plugins/sudoers/defaults.h, plugins/sudoers/env.c,
6377: plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
6378: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
6379: plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
6380: plugins/sudoers/logging.h, plugins/sudoers/match.c,
6381: plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c,
6382: plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
6383: plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
6384: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h,
6385: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6386: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
6387: plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
6388: plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c,
6389: plugins/sudoers/visudo.c:
6390: Kill __P in sudoers
6391: [63601e6cb171]
6392:
6393: * config.h.in, configure, configure.in, src/load_plugins.c:
6394: Set the sudoers plugin name in configure so we get the extension
6395: right.
6396: [edad89924cd1]
6397:
6398: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6399: Document lines/cols in user_info
6400: [a808872394f3]
6401:
6402: * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c:
6403: Add tty size to user info
6404: [23f3d27e77a7]
6405:
6406: * src/script.c:
6407: Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ
6408: [a2208dd09051]
6409:
6410: 2010-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
6411:
6412: * plugins/sudoers/sudoers.c:
6413: Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error
6414: out if we fail to lookup the user's name that is passed in
6415: [e4e3728ed482]
6416:
6417: * plugins/sudoers/error.c:
6418: Pass the error value back via siglongjmp.
6419: [667b8ad575ce]
6420:
6421: * plugins/sudoers/check.c:
6422: Use conversation function for lecture.
6423: [1ab4719f509b]
6424:
6425: * plugins/sudoers/check.c:
6426: Don't update ticket file if verify_user returns FALSE.
6427: [2bbc46a39a2b]
6428:
6429: 2010-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
6430:
6431: * plugins/sudoers/sudoers.c, src/sudo.c:
6432: Wire up invalidate and validate methods for sudoers
6433: [c0630c7bca47]
6434:
6435: * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
6436: plugins/sudoers/sudoers.h:
6437: Add support for -k flag with a command.
6438: [edad239b098b]
6439:
6440: * src/parse_args.c:
6441: Allow -k to be specified with a command.
6442: [43a45add9974]
6443:
6444: * plugins/sudoers/sudoers.c:
6445: Wire up policy_list
6446: [27cc35699eca]
6447:
6448: * plugins/sudoers/error.c:
6449: Add newline at the end of message and space after the colon in
6450: warning message
6451: [5a591aa8e744]
6452:
6453: * plugins/sudoers/auth/sudo_auth.c:
6454: Add missing newline after pass password warning
6455: [337dba3870a7]
6456:
6457: * plugins/sudoers/sudoers.c:
6458: Set user_groups and user_ngroups based on user_info
6459: [61bee85128c8]
6460:
6461: * plugins/sudoers/error.c:
6462: Make this compile
6463: [7041c441e1c8]
6464:
6465: * plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
6466: Make _warning in error.c use the conversation function and remove
6467: commented out warning/warningx in sudoers.c.
6468: [7c9b09024b63]
6469:
6470: * plugins/sudoers/logging.c:
6471: Use siglongjmp() in log_error for fatal errors
6472: [b50e26f1c73f]
6473:
6474: * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in:
6475: Quiet a libtool warning
6476: [b2331fb006bc]
6477:
6478: * Makefile:
6479: Build sudoers plugin
6480: [5cdf06e66978]
6481:
6482: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
6483: Use warningx in yyerror() so the conversation function gets used
6484: when built as part of sudoers.
6485: [85f964215eef]
6486:
6487: 2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
6488:
6489: * plugins/sudoers/auth/pam.c:
6490: Rename sudo_conv to conversation to avoid a namespace conflict.
6491: [1ad359d36be9]
6492:
6493: * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
6494: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
6495: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
6496: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
6497: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6498: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
6499: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
6500: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
6501: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
6502: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
6503: plugins/sudoers/env.c, plugins/sudoers/error.c,
6504: plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
6505: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
6506: plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
6507: plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
6508: plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
6509: plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
6510: plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
6511: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
6512: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
6513: plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c,
6514: plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
6515: Initial bits of sudoers plugin; still needs work.
6516: [af2a2c59a952]
6517:
6518: * config.h.in:
6519: Add HAVE_STRDUP and HAVE_STRNDUP
6520: [50a3c0dd510f]
6521:
6522: * compat/Makefile.in, configure, configure.in:
6523: Build libmissing in two flavors (one PIC one non-PIC) and link with
6524: the appropriate one.
6525: [b62f411a4c18]
6526:
6527: * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
6528: compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in:
6529: Build libmissing in two flavors (one PIC one non-PIC) and link with
6530: the appropriate one.
6531: [e1e04972b5fe]
6532:
6533: 2010-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
6534:
6535: * include/missing.h:
6536: Add strdup and strndup and fix strsignal
6537: [c159babe2896]
6538:
6539: 2010-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
6540:
6541: * compat/strdup.c, compat/strndup.c, configure, configure.in,
6542: plugins/sample/Makefile.in, src/Makefile.in:
6543: Add strdup and strndup to compat
6544: [25c9fd399a4d]
6545:
6546: * plugins/sample/sample_plugin.c:
6547: Need to include compat.h before missing.h
6548: [c94f7aad380f]
6549:
6550: * compat/strsignal.c:
6551: Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if
6552: it doesn't exist configure will set it to 0.
6553: [384580566389]
6554:
6555: * compat/glob.c:
6556: Fix botched ANSI C coversion of globexp2()
6557: [4a344b8cbe49]
6558:
6559: * configure, configure.in:
6560: Remove redundant getgroups check
6561: [0b16ec210c81]
6562:
6563: * configure, configure.in, src/lbuf.c, src/script.c, src/term.c:
6564: Require either termios or termio, no more sgtty.
6565: [9b2fa2f17a1c]
6566:
6567: * compat/strsignal.c, config.h.in, configure, configure.in:
6568: Change the sys_siglist check to use AC_CHECK_DECLS and also check
6569: for _sys_siglist and__sys_siglist
6570: [2e078fed2408]
6571:
6572: 2010-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
6573:
6574: * configure, configure.in, src/Makefile.in:
6575: Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now
6576: use SUDO_OBJS for the main driver as part of OBJS.
6577: [9ae4a80a5ade]
6578:
6579: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6580: Mention in the conversation function section that a newline is not
6581: implicit.
6582: [04a233b6c491]
6583:
6584: * include/compat.h:
6585: Add definition of WCOREDUMP for systems without it. This is known
6586: to work on AIX and SunOS 4, but may be incorrect on other systems
6587: that lack WCOREDUMP.
6588: [c85b3ce6b77d]
6589:
6590: 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
6591:
6592: * plugins/sample/sample_plugin.c, src/conversation.c:
6593: conversation function no longer puts a newline at the end of info or
6594: error messages.
6595: [c534cae1ac4a]
6596:
6597: 2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
6598:
6599: * src/script.c:
6600: Use parent process group id instead of parent process id when
6601: checking foreground status and suspending parent. Fixes an issue
6602: when running commands under /usr/bin/time and others.
6603: [564f528c3bb7]
6604:
6605: 2010-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
6606:
6607: * aclocal.m4:
6608: transcript option is now --with not --enable
6609: [0646fac4cf93]
6610:
6611: * plugins/sample/sample_plugin.c:
6612: Add support to -u and -g flags Check fmt_string retval Add timeout
6613: for debugging purposes
6614: [cfefa4fa60b5]
6615:
6616: * src/script.c, src/sudo.c:
6617: Wire up SIGALRM handler Set close on exec flag for child side of the
6618: socketpair Fix signal handling when not doing I/O logging
6619: [379581ec7272]
6620:
6621: * src/sudo.c:
6622: g/c unused SIGCHLD handler
6623: [0afa03912dce]
6624:
6625: * src/fmt_string.c, src/parse_args.c, src/sudo.c:
6626: Don't use emalloc() in fmt_string(); we want to be able to use it
6627: from a plugin.
6628: [ade64d368147]
6629:
6630: * include/list.h:
6631: tq_remove not list_remove
6632: [0e0e1fd5c31c]
6633:
6634: * configure, configure.in:
6635: AUTH_OBJS should contain .lo files not .o files.
6636: [c64c82c9d5a2]
6637:
6638: 2010-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
6639:
6640: * src/parse_args.c:
6641: Simplify conversion of command line args to name=value pairs.
6642: [75ab127c6a94]
6643:
6644: * plugins/sample/sample_plugin.c:
6645: Handle NULL reply from conversation function
6646: [6ce09b6cb204]
6647:
6648: * compat/getline.c:
6649: Don't depend on emalloc/erealloc
6650: [73df09e2109f]
6651:
6652: * plugins/sample/Makefile.in:
6653: Use $(OBJS) instead of sample_plugin.lo
6654: [2d995db9aa99]
6655:
6656: * plugins/sample/sample_plugin.c:
6657: runas_user is in settings not user_info
6658: [7ee12068bc57]
6659:
6660: * src/parse_args.c:
6661: Fix a mismatch between sudo_settings and settings_pairs that causes
6662: some settings to get the wrong values.
6663: [b1bc6d81a65f]
6664:
6665: 2010-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
6666:
6667: * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c,
6668: src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c,
6669: src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c:
6670: Convert to ANSI C
6671: [d03b6e4a3b75]
6672:
6673: * src/load_plugins.c:
6674: Fix strlcpy() return value check.
6675: [7cd66999a374]
6676:
6677: * INSTALL, configure, configure.in:
6678: No longer need to substitute in script.o and pty.o; I/O logging
6679: support is always built.
6680: [45250024c5dc]
6681:
6682: 2010-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
6683:
6684: * src/script.c:
6685: Add fallback to /bin/sh when execve() fails with ENOEXEC.
6686: [7684a15a1352]
6687:
6688: * include/alloc.h, src/alloc.c:
6689: Add estrndup()
6690: [47621c83bed9]
6691:
6692: 2010-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
6693:
6694: * src/script.c, src/sudo.c:
6695: Refactor script_execve() a bit so that it can be used in non-script
6696: mode. Needs more cleanup.
6697: [f09e022d547c]
6698:
6699: * src/sudo.c:
6700: Ignore empty entries in command_info list
6701: [1eea9a8de21c]
6702:
6703: * include/list.h, src/list.c:
6704: Add tq_remove
6705: [40908a617cb2]
6706:
6707: * src/conversation.c:
6708: Pass timeout to tgetpass()
6709: [9e66c918b771]
6710:
6711: * Makefile:
6712: Add ChangeLog target
6713: [da4a39150838]
6714:
6715: * README, WHATSNEW:
6716: Bump version and update things slightly for sudo 1.8.0
6717: [4b73cc45e2d4]
6718:
6719: * configure, configure.in:
6720: Sudo now requires an ANSI/ISO C compiler
6721: [1e51f72e6964]
6722:
6723: * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c,
6724: src/sudo_noexec.c:
6725: Convert to ANSI C
6726: [5cbd315dbde8]
6727:
6728: * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
6729: include/list.h, include/missing.h:
6730: Convert to ANSI C
6731: [3f5016ff64f4]
6732:
6733: * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c,
6734: compat/fnmatch.h, compat/getcwd.c, compat/getline.c,
6735: compat/getprogname.c, compat/glob.c, compat/glob.h,
6736: compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
6737: compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
6738: compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
6739: compat/strlcpy.c, compat/strsignal.c, compat/utime.h,
6740: compat/utimes.c:
6741: Convert to ANSI C
6742: [0d635c85461c]
6743:
6744: 2010-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
6745:
6746: * src/sudo.c, src/tgetpass.c:
6747: Make user_details extern so tgetpass can get at the uid and gid. Set
6748: uid/gid to user before executing askpass program. Check environment
6749: for SUDO_ASKPASS and use that if set. TODO: a way for the policy to
6750: set the askpass program itself
6751: [d33606396176]
6752:
6753: * src/sudo.c:
6754: No longer need sudo_usage.h in sudo.c
6755: [063e2946c382]
6756:
6757: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in,
6758: doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c,
6759: src/sudo_usage.h.in:
6760: Document -D level command line flag which maps to the debug_level
6761: setting.
6762: [61f1e2ab3ac1]
6763:
6764: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6765: Document debug_level in plugin doc. Still need to document the -D
6766: flag in sudo itself.
6767: [8c62daea3e9b]
6768:
6769: 2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
6770:
6771: * plugins/sample/sample_plugin.c:
6772: include missing,h for vasprintf
6773: [92503de49b39]
6774:
6775: * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat,
6776: doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6777: Rename plugin.pod -> sudo_plugin.pod and wire into Makefile
6778: [14cfb4775238]
6779:
6780: * plugins/sample/sample_plugin.c:
6781: Need to include limits.h
6782: [bda7f74343d2]
6783:
6784: * compat/glob.c:
6785: No more sudo_getpw*
6786: [232e52907634]
6787:
6788: * plugins/sample/Makefile.in, src/Makefile.in:
6789: Add missing compat bits
6790: [4843dd000e08]
6791:
6792: * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in:
6793: compat files should not include sudo.h wire up compat in sample
6794: plugin
6795: [a175b8185e0f]
6796:
6797: * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in:
6798: Fix up compat dependencies. Fix distclean target in doc/Makefile.in
6799: [57e49bc20857]
6800:
6801: * configure, configure.in:
6802: Fix typo
6803: [333655e3d5fe]
6804:
6805: * plugins/sample/sample_plugin.c:
6806: Log input and output to temp files for proof of concept.
6807: [ae1dfc34f7d6]
6808:
6809: * Makefile, configure, configure.in, doc/Makefile.in:
6810: Add doc Makefile.in and wire it up
6811: [6a310443c87d]
6812:
6813: * src/script.c:
6814: Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with
6815: suspending a shell with the "suspend" builtint.
6816: [3d65f182819a]
6817:
6818: * src/script.c:
6819: In child, handle parent side of the pipe going away.
6820: [a29c14d78cd9]
6821:
6822: * src/script.c:
6823: No longer need to check for explicit death of the child (process #2)
6824: since if it dies we will get EPIPE from the socketpair. Fix a
6825: sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to
6826: sudo_debug.
6827: [24c55dd4ff60]
6828:
6829: * src/sudo.c:
6830: Make sudo_debug do a single vfprintf() which will result in a single
6831: write call on most systems. Avoids problems with interleaved debug
6832: printf from different processes. Also remove an extraneous error
6833: case since recv() can't return a short read and add some more XXX.
6834: [b37a8533ef1e]
6835:
6836: 2010-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
6837:
6838: * src/script.c:
6839: Fix uninitialized variable.
6840: [e012a0a30890]
6841:
6842: * src/Makefile.in:
6843: Fix sudo install target
6844: [1417fa4b4ab9]
6845:
6846: * src/parse_args.c, src/sudo.c, src/sudo.h:
6847: Wire up debug_level
6848: [144fab289c73]
6849:
6850: * src/Makefile.in:
6851: Fix dependencies
6852: [5170940af2ce]
6853:
6854: * configure, configure.in:
6855: Fix setting of plugin dir
6856: [144eda170a72]
6857:
6858: * Makefile:
6859: add clean targets
6860: [d53f6f6f5c3a]
6861:
6862: * src/atobool.c:
6863: Add missing source for sudo front end
6864: [42487de9c489]
6865:
6866: * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c:
6867: Sample plugin demonstrating the sudo plugin API
6868: [f1fd62d7644f]
6869:
6870: * Makefile, configure, configure.in, install-sh, pathnames.h.in,
6871: plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c,
6872: src/fileops.c, src/fmt_string.c, src/load_plugins.c,
6873: src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h,
6874: src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c,
6875: sudo_usage.h.in:
6876: Modular sudo front-end which loads policy and I/O plugins that do
6877: most the actual work. Currently relies on dynamic loading using
6878: dlopen(). See doc/plugin.pod for the plugin API.
6879: [924f6eb2fbba]
6880:
6881: * doc/plugin.pod, include/sudo_plugin.h:
6882: Sudo plugin API
6883: [374ccbbd24ae]
6884:
6885: * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
6886: compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c,
6887: plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
6888: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
6889: src/fileops.c, src/sudo_edit.c:
6890: Replace emul/include.h with compat/include.h to match new source
6891: tree layout.
6892: [7eccd10449a1]
6893:
6894: * src/lbuf.c:
6895: Include missing.h for memrchr() proto
6896: [03abd63a8a33]
6897:
6898: * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING,
6899: TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c,
6900: alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c,
6901: auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
6902: auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
6903: auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
6904: auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c,
6905: closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c,
6906: compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c,
6907: compat/getline.c, compat/getprogname.c, compat/glob.c,
6908: compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
6909: compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
6910: compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
6911: compat/strlcpy.c, compat/strsignal.c, compat/timespec.h,
6912: compat/utime.h, compat/utimes.c, def_data.c, def_data.h,
6913: def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE,
6914: doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod,
6915: doc/license.pod, doc/sample.pam, doc/sample.sudoers,
6916: doc/sample.syslog.conf, doc/schema.ActiveDirectory,
6917: doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat,
6918: doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat,
6919: doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
6920: doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod,
6921: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
6922: doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h,
6923: emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c,
6924: error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c,
6925: getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c,
6926: gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod,
6927: include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
6928: include/list.h, include/missing.h, ins_2001.h, ins_classic.h,
6929: ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c,
6930: interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod,
6931: list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h,
6932: mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c,
6933: nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in,
6934: plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp,
6935: plugins/sudoers/alias.c, plugins/sudoers/auth/API,
6936: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
6937: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
6938: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
6939: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
6940: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
6941: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
6942: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
6943: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
6944: plugins/sudoers/boottime.c, plugins/sudoers/check.c,
6945: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
6946: plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
6947: plugins/sudoers/defaults.h, plugins/sudoers/env.c,
6948: plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
6949: plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
6950: plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c,
6951: plugins/sudoers/gram.c, plugins/sudoers/gram.h,
6952: plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h,
6953: plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
6954: plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh,
6955: plugins/sudoers/insults.h, plugins/sudoers/interfaces.c,
6956: plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
6957: plugins/sudoers/logging.c, plugins/sudoers/logging.h,
6958: plugins/sudoers/match.c, plugins/sudoers/mkdefaults,
6959: plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h,
6960: plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
6961: plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
6962: plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
6963: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
6964: plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers,
6965: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6966: plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c,
6967: plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
6968: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
6969: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c,
6970: plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h,
6971: sample.pam, sample.sudoers, sample.syslog.conf,
6972: schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c,
6973: selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c,
6974: src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h,
6975: src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c,
6976: src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c,
6977: src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c,
6978: strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
6979: sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c,
6980: sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat,
6981: sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
6982: sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif,
6983: sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod,
6984: term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
6985: tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat,
6986: visudo.man.in, visudo.pod, zero_bytes.c:
6987: Rework source layout in preparation for modular sudo.
6988: [7fc1978c6ad5]
6989:
6990: 2010-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
6991:
6992: * Avoid a duplicate fclose() of the sudoers file.
6993: [5dba851088c1]
6994:
6995: * Fix size arg when realloc()ing include stack. From Daniel Kopecek
6996: [0a2935061e33]
6997:
6998: * Use setrlimit64(), if available, instead of setrlimit() when setting
6999: AIX resource limits since rlim_t is 32bits.
7000: [353db89bac61]
7001:
7002: * Fix use after free when sending error messages. From Timo Juhani
7003: Lindfors
7004: [e50dbd902382]
7005:
7006: * ChangeLog, Makefile.in:
7007: Generate the ChangeLog as part of "make dist" instead of having it
7008: in the repo.
7009: [251b70964673]
7010:
7011: 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
7012:
7013: * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
7014: auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
7015: auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
7016: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
7017: auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
7018: closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
7019: emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
7020: fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
7021: gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
7022: ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
7023: isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
7024: logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
7025: mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
7026: pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
7027: sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
7028: sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
7029: strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
7030: sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
7031: sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
7032: sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
7033: term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
7034: utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
7035: Remove CVS $Sudo$ tags.
7036: [de683a8b31f5]
7037:
7038: 2010-01-18 convert-repo <convert-repo>
7039:
7040: * .hgtags:
7041: update tags
7042: [9b7aa44ae436]
7043:
7044: 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
7045:
7046: * sudo_usage.h.in:
7047: make this match sudoers SYNOPSIS
7048: [c74ba66944c2]
7049:
7050: * lbuf.c, parse.c:
7051: Print a newline between Runas and Command-specific defaults in sudo
7052: -l.
7053: [b5bdfcc9ce4b]
7054:
7055: * term.c:
7056: Use SET and CLR macros in term_raw
7057: [50ca42609d6c]
7058:
7059: * sudoreplay.c:
7060: Set stdin to non-blocking mode early instead of in check_input. Use
7061: term_raw instead of term_cbreak since the data we get has already
7062: been expanded via OPOST.
7063: [51c47e803d62]
7064:
7065: 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
7066:
7067: * script.c, term.c:
7068: Enable/disable all postprocessing instead of just nl->crnl
7069: processing since things like tab expansion matter too. However, if
7070: stdout is a tty leave postprocessing on in the pty since we run into
7071: problems doing it only on the real stdout with .e.g nvi.
7072: [62666e309673]
7073:
7074: 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
7075:
7076: * check.c:
7077: If tty_tickets is enabled and there is no tty, prompt for a
7078: password. Do not lecture user for "sudo -k command" if user has a
7079: timestamp.
7080: [5880200c5f6b]
7081:
7082: * INSTALL:
7083: Document missing options: --with-efence and --with-bsm-audit
7084: [d83afcdf9ff3]
7085:
7086: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
7087: sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
7088: sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
7089: visudo.man.in, visudo.pod:
7090: username -> user name groupname -> group name hostname -> host name
7091: [10c85646f45d]
7092:
7093: * INSTALL, README.LDAP, sudoers.pod:
7094: filename -> file name like the rest of the docs
7095: [1ef8ab5a9018]
7096:
7097: 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
7098:
7099: * parse.c:
7100: Fix printing of entries with multiple host entries on a single line.
7101: [226ceaf91d8d]
7102:
7103: 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
7104:
7105: * sudoers.pod:
7106: Mention that targetpw affects the timestamp file name.
7107: [a26e22e4f72e]
7108:
7109: * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
7110: sudoers.pod:
7111: Add compress_transcript option.
7112: [6e94f8cb9dfb]
7113:
7114: 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
7115:
7116: * configure, configure.in:
7117: bump to 1.7.3b2
7118: [906d7e347d15]
7119:
7120: * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
7121: Better split of membership vs. traditional group check in
7122: user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
7123: [6ebc55d4716b]
7124:
7125: 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
7126:
7127: * pwutil.c:
7128: Fix pasto and add default return value.
7129: [7973b5e4599c]
7130:
7131: * check.c, match.c, pwutil.c, sudo.h:
7132: refactor group member checking into user_in_group()
7133: [48ca8c2eddf8]
7134:
7135: * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
7136: sudo.h:
7137: Add support for mbr_check_membership() as present in darwin.
7138: [5501aed02b9f]
7139:
7140: 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
7141:
7142: * match.c:
7143: Rename label to be accurate
7144: [3af17dd960f7]
7145:
7146: * Makefile.in, boottime.c, check.c, config.h.in, configure,
7147: configure.in, sudo.h:
7148: Treat timestamp files from before we booted as old. Idea from and
7149: Apple patch.
7150: [5c96e484c05a]
7151:
7152: 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
7153:
7154: * sudo.c, sudo.pod, sudo_usage.h.in:
7155: Allow the -u flag to be used in conjunction with the -v flag as per
7156: older versions of sudo.
7157: [591e9fc13c1a]
7158:
7159: * logging.c:
7160: fix typo in last commit
7161: [4fd0c692dcf0]
7162:
7163: 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
7164:
7165: * logging.c:
7166: Convert fmt_first and fmt_confd into macros.
7167: [32e870158b29]
7168:
7169: * sudoers.pod:
7170: timeouts can be floats now
7171: [89de639a9679]
7172:
7173: * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
7174: defaults.h, mkdefaults:
7175: Add support for floating point timeout values (e.g. 2.5 minutes).
7176: [210ffa291733]
7177:
7178: 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
7179:
7180: * sudo.pod:
7181: The -L flag will be removed in sudo 1.7.4
7182: [ffd026084333]
7183:
7184: 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
7185:
7186: * sudoreplay.c:
7187: Fix a bug due to order of operators.
7188: [938d34464283]
7189:
7190: 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
7191:
7192: * match.c:
7193: cmnd_matches() already deals with negation so _cmndlist_matches()
7194: does not need to do so itself. Fixes a bug with negated entries in
7195: a Cmnd_List.
7196: [71c845f6ce73]
7197:
7198: 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
7199:
7200: * sudo.c:
7201: Don't exit() from open_sudoers, just return NULL for all errors.
7202: [8cfa832f972a]
7203:
7204: * script.c:
7205: Can't rely on the shell sending us SIGCONT when transitioning from
7206: backgroup to foreground process.
7207: [3c6c5b6cb4b3]
7208:
7209: * toke.c, toke.l:
7210: Add missing extern def for parse_error
7211: [45b7b59d03b7]
7212:
7213: 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
7214:
7215: * toke.c, toke.l:
7216: Avoid a parse error when #includedir doesn't find any files. Closes
7217: bug #375
7218: [1ce1b850e9e6]
7219:
7220: * Makefile.in:
7221: Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
7222: [6a22e32da108]
7223:
7224: 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
7225:
7226: * script.c:
7227: Start command out in foreground mode if stdout is a tty. Works
7228: around issues with some curses-based programs that don't handle
7229: tcsetattr getting interrupted by a signal. Still allows us to avoid
7230: hogging the tty if the command is part of a pipeline.
7231: [1c32f2b94769]
7232:
7233: * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
7234: Use a socketpair to pass signals from parent to child. Child will
7235: now pass command status change info back via the socketpair. This
7236: allows the parent to distinguish between signals it has been sent
7237: directly and signals the command has received. It also means the
7238: parent can once again print the signal notifications to the tty so
7239: all writes to the pty master occur in the parent. The command is
7240: now always started in background mode with tty signals handled by
7241: the parent.
7242: [c6790b82986d]
7243:
7244: 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
7245:
7246: * configure, configure.in:
7247: Fix a few typos in the descriptions; from Jeff Makey Only do the
7248: check for krb5_get_init_creds_opt_free() taking two arguments if we
7249: find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
7250: positive when using our own krb5_get_init_creds_opt_free which takes
7251: only a single argument.
7252: [845a9ff6f93d]
7253:
7254: 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
7255:
7256: * configure, configure.in:
7257: Remove a spurious comma in the kerb5 bits.
7258: [3433eab083db]
7259:
7260: * auth/kerb5.c:
7261: Call krb5_get_init_creds_opt_init() in our emulated
7262: krb5_get_init_creds_opt_alloc() for MIT kerberos.
7263: [7ffb40bf43e9]
7264:
7265: 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
7266:
7267: * config.h.in:
7268: Add HAVE_ZLIB
7269: [9297bde61ecc]
7270:
7271: * script.c:
7272: Need to ignore SIGTT{IN,OU} in child when running the command in the
7273: background. Also some minor cleanup.
7274: [dc208d982319]
7275:
7276: 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
7277:
7278: * script.c:
7279: Instead of calling sigsuspend when waiting for SIGUSR[12] from
7280: parent, install the signal handlers w/o SA_RESTART and let them
7281: interrupt waitpid().
7282: [759c7d18203b]
7283:
7284: * script.c:
7285: Pass along SIGHUP and SIGTERM from parent to child.
7286: [035b0e254568]
7287:
7288: * script.c:
7289: Close unused bits of script_fds in processes that don't need them.
7290: Restore default SIGCONT handler in child.
7291: [e037378ab0c1]
7292:
7293: * script.c:
7294: Update foreground/background status in SIGCONT handler in parent
7295: process.
7296: [3f7f91333264]
7297:
7298: 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
7299:
7300: * script.c:
7301: Defer setting terminal into raw mode until just before we fork() and
7302: only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
7303: and sudo is already in the foreground be sure to set raw mode before
7304: continuing the child.
7305: [1102ef40832c]
7306:
7307: 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
7308:
7309: * script.c:
7310: Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
7311: give the command the controlling tty if the main sudo process is the
7312: foreground process.
7313: [cf3a91cb5682]
7314:
7315: * script.c:
7316: Don't bother with sudo_waitpid() here for now.
7317: [9086de480c2d]
7318:
7319: * script.c:
7320: fix non-zlib case
7321: [a258bff0f9a6]
7322:
7323: 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
7324:
7325: * script.c:
7326: Remove non-wroking code that crept into rev 1.55
7327: [2802dd55cff5]
7328:
7329: 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
7330:
7331: * INSTALL, configure, configure.in, script.c, sudoreplay.c:
7332: First pass at zlib support for transcript data files
7333: [5d10260807da]
7334:
7335: * Makefile.in:
7336: remove vestiges of ZLDFLAGS
7337: [1fa0caf1c0fb]
7338:
7339: * script.c:
7340: Add missing variable declaration for when TIOCSCTTY is not defined.
7341: Need to include sys/termio.h for TIOCSCTTY on some systems.
7342: [ee7f41ac2709]
7343:
7344: * script.c:
7345: when resuming command, send SIGCONT to its pgrp not just pid
7346: [5cd63c1d565b]
7347:
7348: * selinux.c:
7349: remove unused variable
7350: [df67df4be228]
7351:
7352: * script.c:
7353: include selinux.h for is_selinux_enabled() proto
7354: [85ebaa880cc1]
7355:
7356: * script.c:
7357: Don't use log_error() in the child process.
7358: [def65fe2a433]
7359:
7360: * script.c:
7361: Do I/O in parent instead of child since the parent can have both
7362: /dev/tty as well as the pty fds open. The child just sets things up
7363: and waits for its grandchild and writes the signal description to
7364: the pty master if the command was killed by a signal.
7365: [95e473208982]
7366:
7367: 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
7368:
7369: * missing.h, sudo.h:
7370: Move two struct forward declarations from sudo.h to missing.h
7371: [90ad28294a8c]
7372:
7373: * script.c:
7374: Make comment at the top of script_exec() match reality.
7375: [c5042d27dbe0]
7376:
7377: * sudo.c:
7378: if neither stdin nor stdout is a tty, check stderr
7379: [c532ff20c8d8]
7380:
7381: * Makefile.in:
7382: Add back dependecy of gram.h on gram.y
7383: [c58382b7fcca]
7384:
7385: * script.c:
7386: Make transcript mode work as long as we can figure out our tty, even
7387: if it is not stdin. We'd like to use /dev/tty but that won't be
7388: valid after the setsid().
7389: [7b8bba8d99e7]
7390:
7391: 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
7392:
7393: * config.h.in, configure, configure.in, pty.c:
7394: Add support for IRIX-style dynamic ptys
7395: [bedc9bac44c1]
7396:
7397: * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
7398: Move alloc.c protos into alloc.h
7399: [b6a90649617d]
7400:
7401: * missing.h:
7402: Move prototypes for missing libc functions to missing.h
7403: [dda9ae1ccaf8]
7404:
7405: * Makefile.in, sudo.h, sudoreplay.c:
7406: Move prototypes for missing libc functions to missing.h
7407: [7483166b577b]
7408:
7409: 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
7410:
7411: * config.h.in, configure, configure.in:
7412: Disable transcript support if no tcsetpgrp until we support older
7413: BSD-style job control.
7414: [27ac1d8163df]
7415:
7416: * configure, configure.in, pty.c, script.c:
7417: Break out pty code into pty.c
7418: [e85509b25d41]
7419:
7420: * compat.h, config.h.in, configure, configure.in:
7421: add killpg macro if no killpg function
7422: [3a125f4a51f0]
7423:
7424: * config.h.in, configure, configure.in, script.c:
7425: Push ptem and ldterm for STERAMS-based systems when allocating a
7426: pty.
7427: [36bb39b30ff2]
7428:
7429: 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
7430:
7431: * script.c:
7432: Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
7433: [d94bd5c9bf4e]
7434:
7435: * script.c:
7436: Call tcgetpgrp() in the parent, not the child and have the child
7437: spin until it is granted. Fixes a race on darwin.
7438: [6e8d435339ce]
7439:
7440: * script.c:
7441: Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
7442: reopen slave.
7443: [0bdc63c019ca]
7444:
7445: 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
7446:
7447: * script.c:
7448: In script mode, if the command is killed by a signal, print the
7449: signal description as well as a core dump notification like the
7450: shell does.
7451: [9df61738df07]
7452:
7453: * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
7454: sudo.h:
7455: Add check for strsignal() and a simple implementation if it is not
7456: there but sys_siglist is
7457: [61421a188ef4]
7458:
7459: * script.c:
7460: Add missing WUNTRACED and store the signal that stopped the
7461: grandchild in suspended, not signo.
7462: [df65042b200e]
7463:
7464: * script.c:
7465: g/c unused code
7466: [40d8cb5c9203]
7467:
7468: * script.c:
7469: Associate the grandchild's pgrp with the tty instead of the child's
7470: and just get suspend notifications via SIGCHLD instead of directly.
7471: This fixes a hang with programs that try to set terminal attributes
7472: and is more consistent with how the shell handles things.
7473: [6865abff7e94]
7474:
7475: 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
7476:
7477: * script.c:
7478: Move setpgid() of child into the parent side of the fork() where it
7479: belongs.
7480: [3defa782777c]
7481:
7482: 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
7483:
7484: * script.c:
7485: fix typo
7486: [b6a612b3622c]
7487:
7488: * script.c:
7489: Run command in its own pgrp (like the shell does) for easier
7490: signalling. No need to relay SIGINT or SIGQUIT to parent, just send
7491: to grandchild. Don't want grandchild stopped events in the child
7492: (only termination). Flush output after suspending grandchild before
7493: signalling parent.
7494: [db556bf2176f]
7495:
7496: * script.c:
7497: Back out revision 1.34; the problem lies elsewhere.
7498: [85f590a03275]
7499:
7500: * script.c:
7501: Don't set stdout to blocking mode when flushing remaining output.
7502: It can cause us to hang when trying to exit. Need to investigate
7503: why.
7504: [6f803a3e33ca]
7505:
7506: * script.c:
7507: Handle SIGTTOU and remove some debugging.
7508: [52d17279053e]
7509:
7510: * term.c:
7511: Back out revision 1.10 as the signal that interrupts us may be
7512: SIGTTOU or SIGTTIN which the caller must handle.
7513: [7e2fa9107975]
7514:
7515: * script.c:
7516: Apparently we need to send SIGSTOP to the command as well as ourself
7517: when we get SIGTSTP, the kernel doesn't automatically stop the
7518: process for us.
7519: [1a936e9309c4]
7520:
7521: * script.c:
7522: Use an extra process to act as the glue bewteen the sessions
7523: associated with the user's controlling tty (what the shell uses) and
7524: the tty that sudo is using to do its logging. Basically, this means
7525: that if we get, e.g. SIGTSTP from the process sudo is running, we
7526: relay the signal to the parent so it's shell can do the job control.
7527: [6dd296988060]
7528:
7529: * term.c:
7530: Handle getting/setting terminal attributes when the fd is in non-
7531: blocking mode.
7532: [ae5ae535ea7b]
7533:
7534: 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
7535:
7536: * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
7537: Add support for pausing and changing the speed in interactive mode.
7538: [72a2063780a7]
7539:
7540: * script.c:
7541: Already define O_NOCTTY in compat.h, don't need it here
7542: [b5d80ed3e5ce]
7543:
7544: 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
7545:
7546: * sudoreplay.c:
7547: Add missing protos
7548: [c4cb4e7f4d8a]
7549:
7550: 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
7551:
7552: * sudo_edit.c:
7553: Always update the stashed mtime of the temp file instead of using
7554: what we have for the original because the time resolution of the
7555: filesystem the temporary is on may not match that of the filesystem
7556: that holds the original. Should fix bz #371 found by Philippe Levan.
7557: [c86ca4bec60c]
7558:
7559: * sudoreplay.c:
7560: Use cbreak mode instead of raw mode and add signal handlers to
7561: restore the tty on interrupt.
7562: [84dd283da41c]
7563:
7564: * script.c, sudo.h, term.c:
7565: Retain NL to NLCR conversion on the real tty and skip it on the pty
7566: we allocate. That way, if stdout is not a pty there are no extra
7567: carriage returns.
7568: [32e4f570414e]
7569:
7570: * script.c:
7571: Fix log_output(); just pass in a string and a length.
7572: [ca980cc0a3fb]
7573:
7574: 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
7575:
7576: * script.c:
7577: do not use errno when complaining out lack of a tty
7578: [8f9b8c55ab8e]
7579:
7580: 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
7581:
7582: * Makefile.in, sudoreplay.c, term.c:
7583: Instead of messing with line endings, just set terminal to raw mode
7584: in sudoreplay.
7585: [90943fa87acb]
7586:
7587: * term.c:
7588: When copying the terminal attributes to the pty, be sure not to set
7589: ONLCR. This prevents extra carriage returns from ending up in the
7590: script output file.
7591: [e6b5475ac2aa]
7592:
7593: * script.c:
7594: Convert a do {} while into a while
7595: [e461310d2c77]
7596:
7597: * Makefile.in:
7598: Use if then instead of test && when installing binaries that may not
7599: exist.
7600: [ad4f9490d971]
7601:
7602: * script.c:
7603: Add O_NOCTTY when opening a tty device. Explicitly disconnect from
7604: old tty before associatng with new one.
7605: [0e0ca634b80c]
7606:
7607: * script.c, selinux.c, sudo.c, sudo.h:
7608: First cut at refactoring some of the selinux code so it can be used
7609: in conjunction with sudo's transcript support.
7610: [779b0d8f9d29]
7611:
7612: 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
7613:
7614: * aclocal.m4, configure, configure.in:
7615: Fix default case of transcript_enabled being unset.
7616: [f8aa96186e6b]
7617:
7618: * script.c, sudoreplay.c:
7619: Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
7620: [2844a7a851fa]
7621:
7622: * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
7623: Hook up --disable-transcript and --enable-transcript=DIR
7624: [b3fa7e6b2480]
7625:
7626: 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
7627:
7628: * aclocal.m4, configure, configure.in, pathnames.h.in:
7629: _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
7630: transcript=DIR option to specify the directory
7631: [b0bb76d43cda]
7632:
7633: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
7634: regen
7635: [c7a8a0a9027c]
7636:
7637: * configure, configure.in, sudoers.man.pl, sudoers.pod:
7638: Substitute in default value for secure_path
7639: [c8f9ac6dbf93]
7640:
7641: * sudo.pod:
7642: Mention that the password must be followed by a newline with the -S
7643: option.
7644: [2fc589a3ee7e]
7645:
7646: 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
7647:
7648: * script.c:
7649: Go back to dropping out of the select() loop when the process dies;
7650: Linux ptys apparently don't behave the same as BSD in regards to
7651: select(). No need to flush remaining output to the transcript, only
7652: to stdout. Add back code to check the master pty for additional data
7653: when we exit the main select loop.
7654: [abed9a9cbc6b]
7655:
7656: 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
7657:
7658: * Makefile.in:
7659: Add getline.o to COMMON_OBJS
7660: [04ef7643cbc2]
7661:
7662: * Makefile.in:
7663: sudoreplay depends on libsudo.a
7664: [142bd0472631]
7665:
7666: * Makefile.in:
7667: More pwutil.o into COMMON_OBJS
7668: [4a016b933629]
7669:
7670: * pwutil.c, testsudoers.c, tsgetgrpw.c:
7671: Remove my_* redirection in pwutil.c for testsudoers and just use the
7672: normal libc get{pw,gr}* names.
7673: [9b76d637d86b]
7674:
7675: * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
7676: More time and date examples
7677: [c6ee0175ec56]
7678:
7679: * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
7680: Move nanosleep() emulation into its own file Check librt.a for
7681: nanosleep if we don't find it in libc
7682: [4da0cc26aad7]
7683:
7684: * Makefile.in, configure, configure.in:
7685: Build libsudo with the common bits and link things against that.
7686: [2b53bc0b081a]
7687:
7688: * script.c:
7689: Fix final flush.
7690: [6da287d833da]
7691:
7692: * script.c:
7693: Keep reading from the pty master -> log file until read returns <=
7694: 0. Do our best to write everything to stdout when flushing any
7695: remaining bits.
7696: [2a45d4ae280c]
7697:
7698: * sudoreplay.c:
7699: Use unbuffered I/O when writing to stdout and make sure we write the
7700: entire buffer.
7701: [f39ef9844a47]
7702:
7703: 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
7704:
7705: * sudoreplay.c:
7706: Only use max_wait if it is non-zero
7707: [f6c10604d2e8]
7708:
7709: * getdate.c, getdate.y, getline.c:
7710: Need compat.h here
7711: [5d6722e225a0]
7712:
7713: * sudoreplay.c:
7714: Fix nanosleep emulation
7715: [34e5e5d72a76]
7716:
7717: * script.c:
7718: Fix comment after #endif
7719: [bd1347718b25]
7720:
7721: * sudoreplay.c:
7722: Add protos for missing libc bits
7723: [644f496427a2]
7724:
7725: * configure, configure.in:
7726: add missing line continuation char
7727: [db13c0d402cd]
7728:
7729: * config.h.in, configure, configure.in, getline.c:
7730: Implement getline() in terms of fgetln() if we have it.
7731: [3ab786eaadc5]
7732:
7733: * sudoreplay.c:
7734: Print year when formatting log line
7735: [90be669e3443]
7736:
7737: * sudoreplay.pod:
7738: Document cwd, attempt to document time/date formats.
7739: [6290fb9b65c6]
7740:
7741: * sudoreplay.c:
7742: Fix getline return value check.
7743: [d696d6657261]
7744:
7745: * Makefile.in, config.h.in, configure, configure.in, getline.c,
7746: sudoreplay.c:
7747: Use getline() if the system has it, else use provide our own for
7748: sudoreplay.
7749: [afca1d6fbe5e]
7750:
7751: * script.c:
7752: Refactor code to update output and timing files.
7753: [361491332b1a]
7754:
7755: 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
7756:
7757: * sudoreplay.c:
7758: Make sudo_getln() behave more like glibc getline.
7759: [40c9f2ea29e6]
7760:
7761: * script.c:
7762: When flushing remaining output, also update timing file.
7763: [5a9a5a627549]
7764:
7765: * sudoreplay.c:
7766: Use get_timestr() and make the -l output look like the regular sudo
7767: log.
7768: [452ba9d436c9]
7769:
7770: * logging.c, sudo.h, timestr.c:
7771: Make get_timestr() take a time_t so we can use it properly in
7772: sudoreplay.
7773: [82e67cc53c9c]
7774:
7775: * script.c:
7776: Create session dir earlier now that we update the seq number early.
7777: [797fe8d6dc61]
7778:
7779: 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
7780:
7781: * sudoreplay.c:
7782: Use fromdate and todate as the keywords instead of from and to; the
7783: short forms will still be accepted.
7784: [d14d9b116df4]
7785:
7786: * sudoreplay.c:
7787: Fix reading long liensin sudo_getln()
7788: [58dadd74118c]
7789:
7790: * script.c, sudoreplay.c:
7791: Log the cwd in the script log file. Add sudo_getln() to read
7792: arbitrarily long lines.
7793: [faceb802ab8f]
7794:
7795: * Makefile.in, logging.c, sudo.h, timestr.c:
7796: Move get_timestr() into its own source file so sudoreplay can use
7797: it.
7798: [99b054bfa20a]
7799:
7800: 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
7801:
7802: * sudoreplay.c:
7803: Add to and from perdicates (date ranges); needs documentation
7804: [1d629174dcf4]
7805:
7806: 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
7807:
7808: * Makefile.in, getdate.c, getdate.y:
7809: Fix warning and add generated getdate.c
7810: [b877a86b5a03]
7811:
7812: * Makefile.in, getdate.y:
7813: Add getdate.y to be used for sudoreplay date parsing.
7814: [b8e26fbb7a40]
7815:
7816: 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
7817:
7818: * sudoreplay.c:
7819: Check more than just the first character of a predicate
7820: [4fe53728adb1]
7821:
7822: * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
7823: Add examples, sort predicates
7824: [70f8075cbccc]
7825:
7826: * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
7827: sudoreplay.pod:
7828: Implement search expressions in sudoreplay similar in concept to
7829: what find or tcpdump uses. TODO: date ranges
7830: [f7ce4fb4cf3a]
7831:
7832: 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
7833:
7834: * script.c:
7835: Remove vhangup as it was hanging up the wrong tty. Should really
7836: vhangup in the child after it as set its tty.
7837: [2eed9df73010]
7838:
7839: * sudoers.pod:
7840: Fix cut at documenting transcript support.
7841: [e6c533a5568a]
7842:
7843: * logging.c:
7844: ID= -> TSID= for transcript ID
7845: [1bf755a35333]
7846:
7847: 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
7848:
7849: * sudoers.pod:
7850: Move fast_glob description to where it belongs in sorted order
7851: [5901cfb0d25f]
7852:
7853: * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
7854: parse.c, parse.h, sudo.c:
7855: Rename script -> transcript
7856: [e06cf823122c]
7857:
7858: 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
7859:
7860: * compat.h:
7861: Add timeradd and timersub for those without them
7862: [929f8aa06c2b]
7863:
7864: * script.c:
7865: Sanity check sessid before using it.
7866: [aa8ca5211d43]
7867:
7868: * sudo.c:
7869: Only set the session id if we are running a command or editing a
7870: file.
7871: [7205d717c098]
7872:
7873: * script.c:
7874: Actually. qsort is fine since most versions fal back to a cheaper
7875: sort when the number of elements to sort is small (like in our
7876: case).
7877: [d11c7cd352fe]
7878:
7879: * config.h.in, configure, configure.in, script.c:
7880: Check for dup2 and use dup instead if we don't have it.
7881: [98bd89830f8a]
7882:
7883: * script.c, sudo.c, sudo.h:
7884: Move the code to dup2 the script fds to low numbered descriptors
7885: into script_duplow() and fix the fd sorting.
7886: [9453fdc5fba6]
7887:
7888: * script.c, sudo.c, sudo.h:
7889: Move script_setup() back to immediately before we drop privs and
7890: call the new script_nextid() in its place, which will set
7891: sudo_user.sessid for the logging functions.
7892: [8434d0c8ff08]
7893:
7894: 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
7895:
7896: * Makefile.in:
7897: Install sudoreplay
7898: [6acf2cdb4d3f]
7899:
7900: * sudoreplay.c:
7901: remove unused variable
7902: [2316360bb992]
7903:
7904: 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
7905:
7906: * logging.c, script.c, sudo.c, sudo.h:
7907: Log the session ID, if there is one. Currently logs ID=XXXXXX,
7908: perhaps should be SESSIONID or SESSID.
7909: [53976905b0a6]
7910:
7911: * Makefile.in, configure, configure.in, sudoreplay.cat,
7912: sudoreplay.man.in, sudoreplay.pod:
7913: Add sudoreplay docs
7914: [da4f14f0e64c]
7915:
7916: * sudoreplay.c:
7917: add -V (version) flag
7918: [b5e743639ee3]
7919:
7920: * sudoreplay.c:
7921: Hook up max_wait.
7922: [2ec5697a92ba]
7923:
7924: * script.c, sudoreplay.c:
7925: Use base36 number for the ID and store script files with paths like
7926: /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
7927: (2,176,782,336) unique IDs.
7928: [6aab019d07aa]
7929:
7930: 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
7931:
7932: * config.h.in, configure.in:
7933: Add check for regcomp
7934: [44c3ebd7ff34]
7935:
7936: * sudoreplay.c:
7937: Add support for selecting by pattern and tty when listing.
7938: [66189f840c52]
7939:
7940: 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
7941:
7942: * sudoreplay.c:
7943: The beginnings of a list mode.
7944: [8d0150b4a52c]
7945:
7946: 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
7947:
7948: * Makefile.in:
7949: fix pasto
7950: [616b4640b8a8]
7951:
7952: * Makefile.in, config.h.in, configure.in:
7953: Add scaffolding for building sudoreplay
7954: [a32958505dbe]
7955:
7956: * sudoreplay.c:
7957: include error.h first arg to nanotime is const
7958: [fe5a7bb31bc5]
7959:
7960: * sudoreplay.c:
7961: Initial cut at sudoreplay; replay a sudo session.
7962: [f149fba372bd]
7963:
7964: 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
7965:
7966: * script.c:
7967: Fix wait() usage and use correct wait status.
7968: [f4745ed7ad05]
7969:
7970: * sudo.c, sudo.h, tgetpass.c:
7971: Add protos for term_* to sudo.h
7972: [14fe1abd7e7b]
7973:
7974: * script.c:
7975: Fix detection of the child process exiting. Since the child is in
7976: its own session we should only ever get SIGCHLD for that process but
7977: better safe than sorry.
7978: [7edfdadd8505]
7979:
7980: * config.h.in:
7981: Add UNIX98 pty support.
7982: [82f4b53a0e8f]
7983:
7984: * configure, configure.in, script.c:
7985: Add UNIX98 pty support.
7986: [795b8bb0a3a1]
7987:
7988: 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
7989:
7990: * term.c:
7991: For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
7992: if it is defined.
7993: [40f8b83baf69]
7994:
7995: * auth/pam.c:
7996: Set PAM_RUSER and PAM_RHOST early so they can be used during
7997: authentication. Based on a patch from Jamie Beverly.
7998: [3d567b453a6a]
7999:
8000: * match.c:
8001: Close dir before returning if strlcpy() reports overflow. From
8002: Martynas Venckus.
8003: [6a82f96473e5]
8004:
8005: * config.h.in, configure, configure.in, script.c:
8006: On Linux, the openpty proto libes in pty.h
8007: [98643a018d1c]
8008:
8009: * script.c:
8010: Call vhangup on exit if the system has it Use setpgrp() if no
8011: setsid()
8012: [3a9e13149829]
8013:
8014: 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
8015:
8016: * config.h.in, configure, configure.in:
8017: Add checks for revoke and vhangup if we don't have openpty
8018: [fcb04572e994]
8019:
8020: * script.c:
8021: Session logging guts that got forgotten in the previous commit.
8022: [c2af08a63ea9]
8023:
8024: * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
8025: configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
8026: gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
8027: tgetpass.c:
8028: First cut at session logging for sudo. Still need to write
8029: get_pty() for Unix 98 and old-style BSD ptys. Also needs
8030: documentation and general cleanup.
8031: [77e3f5e25738]
8032:
8033: 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
8034:
8035: * sudo.c, sudo_edit.c:
8036: Fix a bug introduced with def_closefrom. The value of def_closefrom
8037: already includes the +1.
8038: [7291c136300d]
8039:
8040: 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
8041:
8042: * Makefile.in:
8043: Generate sudo distributions with pax in ustar mode. No longer need
8044: to use a temp file or have the source dir name match the version.
8045: [9778177a8272]
8046:
8047: 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
8048:
8049: * toke.c, toke.l:
8050: Fix expansion of %h in #include names. Fixes bugzilla 363
8051: [6e346879ba24]
8052:
8053: 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
8054:
8055: * mkdefaults:
8056: If no arg assume def_data.in
8057: [c1dd28c0e675]
8058:
8059: * README, WHATSNEW:
8060: Update for 1.7.2
8061: [f5ad45f69f05] [SUDO_1_7_2]
8062:
8063: * ChangeLog:
8064: sync
8065: [6283549396ff]
8066:
8067: 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
8068:
8069: * sudoers.cat, sudoers.man.in, sudoers.pod:
8070: Add missing single quotes around a colon in Runas_Spec definition.
8071: From Elias Benali.
8072: [ccc6ee4fca83]
8073:
8074: 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
8075:
8076: * sudo.man.in, sudoers.man.in:
8077: regen
8078: [546e75304ebf]
8079:
8080: * redblack.c:
8081: In rbrepair, re-color the root or the first non-block node we find
8082: to be black. Re-coloring the root is probably not needed but won't
8083: hurt.
8084: [34d01ebe241b]
8085:
8086: * sudo.cat, sudoers.cat:
8087: regen
8088: [bebf5a39f54f]
8089:
8090: 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
8091:
8092: * redblack.c:
8093: When repairing the tree, don't touch the root node.
8094: [9841f0d5d789]
8095:
8096: 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
8097:
8098: * set_perms.c:
8099: Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
8100: Reported by Josef Schmid.
8101: [ed044b1eb879]
8102:
8103: 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
8104:
8105: * sudoers.pod:
8106: Document that we accept env_pam-style environment files
8107: [e3b545456352]
8108:
8109: * env.c:
8110: Adapt to accept pam_env-style /etc/environment which allows shell-
8111: style lines such as: export EDITOR="/usr/bin/vi"
8112: [752eb75bf007]
8113:
8114: * sudoers.pod:
8115: Make it clear that env_delete only works when !env_reset. From Lo??c
8116: Minier
8117: [3bd3f8e351ba]
8118:
8119: 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
8120:
8121: * sudo.pod, sudoers.pod:
8122: Add non-unix group bits, adapted from Quest
8123: [8ce427de8dea]
8124:
8125: * Makefile.in:
8126: build the .cat page in the current working dir, not the src dir
8127: [00e87a307674]
8128:
8129: * env.c:
8130: Return EINVAL in setenv() if var is NULL or the empty string to
8131: match glibc behavior.
8132: [23fd7c247142]
8133:
8134: 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
8135:
8136: * configure, configure.in:
8137: Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
8138: [fedd4a3e2a85]
8139:
8140: 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
8141:
8142: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
8143: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
8144: regen
8145: [7b9f461a40b3]
8146:
8147: 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
8148:
8149: * INSTALL:
8150: Document --with-libvas and --with-libvas-rpath
8151: [a071e6d96c89]
8152:
8153: 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
8154:
8155: * ldap.c, sudoers.ldap.pod:
8156: For netscape-derived LDAP SDKs the cert and key paths may be a
8157: directory or a file. However, version 5.0 of the SDK only seems to
8158: support using a directory. If ldapssl_clientauth_init fails and the
8159: cert or key paths look like they could be files, strip off the last
8160: path element and try again.
8161: [ac4e49d83043]
8162:
8163: * Makefile.in:
8164: Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
8165: [4547cc1a335f]
8166:
8167: 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
8168:
8169: * configure, configure.in, match.c, sudo.c, vasgroups.c:
8170: Update non-Unix group support from Quest, as reworked by me.
8171: [1abafce29dc6]
8172:
8173: * toke.c:
8174: regen
8175: [01bfca9148b7]
8176:
8177: * toke.l:
8178: Add support for escaped hex chars in names, e.g. \x20 for space.
8179: [3c7be8e58a39]
8180:
8181: 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
8182:
8183: * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
8184: auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
8185: fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
8186: logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
8187: set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
8188: sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
8189: tgetpass.c, toke.l, visudo.c:
8190: Update copyright years.
8191: [e615f676c764]
8192:
8193: 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
8194:
8195: * interfaces.c, lbuf.c:
8196: Minor fixes for Minix-3
8197: [898c510d23f9]
8198:
8199: 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
8200:
8201: * set_perms.c:
8202: Handle getgroups() returning 0. Also add missing check for
8203: HAVE_GETGROUPS.
8204: [d73b958f9ffd]
8205:
8206: 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
8207:
8208: * Makefile.in, config.h.in, configure, configure.in, sudo.c,
8209: version.h, visudo.c:
8210: Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
8211: [5050579a264d]
8212:
8213: 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
8214:
8215: * set_perms.c:
8216: Remove group setting code in setusercontext case, we will do it
8217: ourselves later on in runas_setup. Set the gid after
8218: initgroups/setgroups is called, since on Mac OS X it seems to change
8219: the egid.
8220: [09dc21d8b42d]
8221:
8222: 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
8223:
8224: * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
8225: vasgroups.c:
8226: Initial bits of non-unix group support using Quest Authentication
8227: Services
8228: [1eecab0ff27e]
8229:
8230: * toke.c, toke.l:
8231: Accept %:foo as a non-Unix group
8232: [4c4b5dd899a6]
8233:
8234: * toke.c, toke.l:
8235: Allow user/group to be double quoted in the case of non-Unix groups
8236: which contain spaces.
8237: [47a3d568b7e8]
8238:
8239: 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
8240:
8241: * match.c:
8242: Don't allow the user to specify the default runas user if their
8243: sudoers entry only allows them to run as a group.
8244: [4d726177227c]
8245:
8246: 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
8247:
8248: * sudo.c:
8249: Must call audit_success before we change uids.
8250: [04a9e6ce6e55]
8251:
8252: * logging.c, set_perms.c, sudo.h, testsudoers.c:
8253: Add option for set_perm to not exit on failure and use this in the
8254: logging routines.
8255: [833dce7b7f42]
8256:
8257: * parse.c:
8258: In -l mode, if the user is only allowed to run as a group, display
8259: the user's name, not root's before the allowed group.
8260: [ef92ff99d265]
8261:
8262: * sudo.c:
8263: Fix -g mode, broken by rev 1.503 which had the side effect of
8264: setting the runas user to root unilaterally.
8265: [50a2f7df4385]
8266:
8267: 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
8268:
8269: * fileops.c:
8270: When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
8271: [30fbe832dcf3]
8272:
8273: * pwutil.c:
8274: Only cache by the method we fetched for pwd and grp lookups.
8275: Previously we cached both by namd and id but this can cause problems
8276: for entries that share the same id. Also add more info in the error
8277: message in case the insert fails (which should now be impossible).
8278: [ef95a4f0bab5]
8279:
8280: 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
8281:
8282: * sudoers.pod:
8283: Add a clarification from Nick Sieger
8284: [1eadad329561]
8285:
8286: 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
8287:
8288: * env.c:
8289: Inline the setting of the environment string.
8290: [9515d11c6295]
8291:
8292: 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
8293:
8294: * env.c:
8295: setenv(3) in Linux treats a NUL value as the empty string setenv(3)
8296: in BSD doesn't return an error if the name has '=' in it, it just
8297: treats the '=' as end of string.
8298: [941260bf94d2]
8299:
8300: 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
8301:
8302: * toke.c, toke.l:
8303: Not all systems have d_namlen
8304: [e377b18d8e2d]
8305:
8306: 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
8307:
8308: * sudoers.pod:
8309: Fix up some pod2html issues.
8310: [823a1f10ab60]
8311:
8312: 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
8313:
8314: * interfaces.c:
8315: Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
8316: Quest Software.
8317: [73de36653131]
8318:
8319: * sudoers.pod:
8320: Ignore files ending in '~' in sudo.d (emacs backup files)
8321: [7871fad702db]
8322:
8323: * toke.c, toke.l:
8324: Ignore files ending in '~' in sudo.d (emacs backup files)
8325: [53fded2a469f]
8326:
8327: 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
8328:
8329: * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
8330: For #includedir, ignore any file containing a dot
8331: [a7daa1bce6c2]
8332:
8333: * Makefile.in, version.h:
8334: Bump version
8335: [ef60f14ffc44]
8336:
8337: * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
8338: sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
8339: visudo.c:
8340: Implement #includedir directive. Files in an includedir are not
8341: edited by visudo unless they contain a syntax error.
8342: [3923d85a6c79]
8343:
8344: * ChangeLog:
8345: sync
8346: [8741ed61a78b] [SUDO_1_7_1]
8347:
8348: * WHATSNEW:
8349: Forgot umask_override
8350: [7c86a21a5504]
8351:
8352: * ChangeLog, TODO:
8353: sync
8354: [57339ca6bccf]
8355:
8356: 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
8357:
8358: * visudo.c:
8359: Rewind stream if we fdopen sudoers since it may not be at the
8360: beginning. Set the keepopen flag on already-open files too so the
8361: lexer doesn't close them out from under us.
8362: [61292d819aff]
8363:
8364: * visudo.c:
8365: Print the proper file name when there is a parse error in an include
8366: file.
8367: [b0e85d4aedde]
8368:
8369: 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
8370:
8371: * WHATSNEW:
8372: Sync
8373: [997e5d485ea3]
8374:
8375: 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
8376:
8377: * configure, configure.in:
8378: Fix a warning when --without-ldap is specified.
8379: [d91fd9481b30]
8380:
8381: 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
8382:
8383: * alias.c, parse.h, visudo.c:
8384: Store aliases that we remove during check_aliases in a freelist and
8385: free them at the end so we don't leak memory.
8386: [805e2272f6a3]
8387:
8388: 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
8389:
8390: * visudo.c:
8391: Check aliases in -c mode too.
8392: [9199e188d9f2]
8393:
8394: * alias.c, parse.h, visudo.c:
8395: Make alias_remove return the alias struct instead of freeing it
8396: directly. Fixes a use after free in alias_remove_recursive, the only
8397: consumer.
8398: [a04b61804800]
8399:
8400: * alias.c, match.c, parse.c, parse.h, visudo.c:
8401: Rename find_alias -> alias_find for consistency.
8402: [48b0a82924f3]
8403:
8404: 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
8405:
8406: * visudo.c:
8407: When checking for unused aliases, recurse if the alias points to
8408: another alias.
8409: [2d4d1a7f3a41]
8410:
8411: 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
8412:
8413: * ldap.c:
8414: Back out rev 1.105 for now. Real ldapux_client.conf support will be
8415: done later after some refactoring.
8416: [8ad72e69b277]
8417:
8418: 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
8419:
8420: * ldap.c:
8421: Treat ldap_hostport the same as "host" for ldapux.
8422: [3281dcc66da8]
8423:
8424: * configure, configure.in:
8425: Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
8426: Fixes compilation with ldapux.
8427: [ca1ed585ef0e]
8428:
8429: 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
8430:
8431: * fileops.c:
8432: fix char subscript
8433: [41e51f080d00]
8434:
8435: 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
8436:
8437: * Makefile.in:
8438: remove errant carriage returns
8439: [e9e258a31c7b]
8440:
8441: * audit.c, env.c:
8442: fix K&R compilation
8443: [d182e8920f13]
8444:
8445: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
8446: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
8447: regen
8448: [791a5cbf04e5]
8449:
8450: 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
8451:
8452: * config.h.in:
8453: Add missing HAVE_BSM_AUDIT
8454: [49ad1bb96f04]
8455:
8456: * WHATSNEW:
8457: Add 1.7.1 features
8458: [f107f1604c61]
8459:
8460: * INSTALL:
8461: Mention --with-netsvc
8462: [d1e90d147795]
8463:
8464: * sudoers.ldap.pod:
8465: Document netsvc.conf support
8466: [e78f8abce6af]
8467:
8468: * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
8469: sudo_nss.h:
8470: Add support for AIX netsvc.conf (like nsswitch.conf).
8471: [1df56a84dee5]
8472:
8473: 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
8474:
8475: * config.h.in, configure, configure.in, env.c:
8476: Add --enable-env-debug flag to enable environment sanity checks.
8477: [128cdd8832e7]
8478:
8479: * sudoers.ldap.pod, sudoers.pod:
8480: Work around some pod2html issue.
8481: [e733b9609bd2]
8482:
8483: 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
8484:
8485: * env.c:
8486: Only sync environ for putenv, setenv, and unsetenv. We need to make
8487: sure that sudo_putenv and sudo_setenv only modify env.envp, not
8488: environ.
8489: [be3ac732243c]
8490:
8491: 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
8492:
8493: * env.c:
8494: Really fix UNSETENV_VOID
8495: [08ab7e882507]
8496:
8497: * env.c:
8498: Fix unsetenv when UNSETENV_VOID
8499: [d3038b3f2f15]
8500:
8501: * aclocal.m4, configure:
8502: Fix SUDO_FUNC_PUTENV_CONST
8503: [de35569c572b]
8504:
8505: * ldap.c:
8506: tivoli-based ldap does not have ldapssl_err2string
8507: [c63fd90d5e99]
8508:
8509: * configure:
8510: regen
8511: [f38f1ee828ad]
8512:
8513: 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
8514:
8515: * config.h.in, configure, configure.in, ldap.c:
8516: Add support for Tivoli-based LDAP start TLS as seen in AIX.
8517: Untested.
8518: [8f8771829f85]
8519:
8520: * env.c:
8521: Add sanity checks for setenv/unsetenv
8522: [adbd1d95856b]
8523:
8524: * Makefile.in:
8525: Include bsm_audit.h in the tarball
8526: [4a4aa02b2c32]
8527:
8528: * Makefile.in, version.h:
8529: bump version for sudo 1.7.1
8530: [362c71d21595]
8531:
8532: * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
8533: env.c, ldap.c, sudo.h:
8534: Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
8535: provide our own setenv/unsetenv/putenv that operates on own env
8536: pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
8537: [276edcd23032]
8538:
8539: 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
8540:
8541: * sudo.c:
8542: Make "sudoedit -h" work as expected
8543: [2bcbbb45d389]
8544:
8545: * auth/pam.c:
8546: Make sure def_prompt is always defined. This is a workaround for
8547: pam configs that prompt for a password in the session but don't have
8548: an auth line. A better fix is to expand the sudo prompt earlier and
8549: set def_prompt to that when initializing.
8550: [ee073c04aec3]
8551:
8552: * sudo.pod:
8553: Mention that the helper for -A may be graphical.
8554: [b64a940c4082]
8555:
8556: * TROUBLESHOOTING:
8557: Document what happens if there is no tty.
8558: [313d58a856a5]
8559:
8560: * sudo.c:
8561: cosmetic changes
8562: [894f5e3b0c3e]
8563:
8564: * term.c:
8565: Fix term_restore
8566: [6c6315ff14bc]
8567:
8568: * sudo.c:
8569: Fix "sudo -k" with no other args
8570: [59e94dc419c6]
8571:
8572: 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
8573:
8574: * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
8575: Allow the -k flag to be specified in conjunction with a command or
8576: another option that may require authentication.
8577: [5960ff20355d]
8578:
8579: 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
8580:
8581: * configure, configure.in:
8582: Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
8583: [e86ab69c4a57]
8584:
8585: * Makefile.in:
8586: Parallel make fix. From Diego E. 'Flameeyes'
8587: [1289d7ee27db]
8588:
8589: 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
8590:
8591: * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
8592: Implement umask_override
8593: [8b87a3f7c5aa]
8594:
8595: * toke.c:
8596: regen
8597: [79d7ca9ac873]
8598:
8599: * sudoers.pod, toke.l, visudo.c:
8600: Implement %h escape in sudoers include filenames.
8601: [a7f288dd64f0]
8602:
8603: * audit.c:
8604: Need to include compat.h
8605: [c0dc07ce2f70]
8606:
8607: * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
8608: Make audit_success and audit_failure generic functions in
8609: preparation for integrating linux audit support.
8610: [7df020a8fd6f]
8611:
8612: * term.c:
8613: remove duplicate include
8614: [1dfcd01a7e46]
8615:
8616: 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
8617:
8618: * bsm_audit.c:
8619: Add missing include
8620: [fb56e08c37ee]
8621:
8622: * sudo.c:
8623: May need to update the runas user after parsing command-based
8624: defaults.
8625: [246f130d7802]
8626:
8627: 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
8628:
8629: * glob.c:
8630: Add missing pair of braces introduced with character class support.
8631: [0e2afa2e03e9]
8632:
8633: 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
8634:
8635: * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
8636: Rename pwstars to pwfeedback
8637: [a9f85a57ebac]
8638:
8639: 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
8640:
8641: * bsm_audit.c, bsm_audit.h:
8642: Add const to make MacOS happy.
8643: [4274432d6627]
8644:
8645: * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
8646: configure.in, sudo.c:
8647: Add bsm audit support from Christian S.J. Peron
8648: [bef61cd8693d]
8649:
8650: * term.c:
8651: This is new code, no DARPA notice.
8652: [ec6ad09b9c23]
8653:
8654: 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
8655:
8656: * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
8657: Rename simple_glob -> fast_glob
8658: [68d9ed803cc1]
8659:
8660: * match.c:
8661: g/c unused var
8662: [693fa0464eb6]
8663:
8664: * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
8665: Add simple_glob option to use fnmatch() instead of glob(). This is
8666: useful when you need to specify patterns that reference network file
8667: systems.
8668: [77ba634f6949]
8669:
8670: * tgetpass.c:
8671: add term_* proto
8672: [520f5149d073]
8673:
8674: * sudoers.pod:
8675: mention glob()
8676: [ddaab8e03c52]
8677:
8678: 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
8679:
8680: * tgetpass.c:
8681: Delete any pwstars we wrote after the user hits return. That way
8682: there is no record on screen as to the user's password length.
8683: [fae25cda762b]
8684:
8685: 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
8686:
8687: * term.c:
8688: Move terminal setting bits from tgetpass.c to term.c
8689: [03d43325ee99]
8690:
8691: * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
8692: tgetpass.c:
8693: Add pwstars sudoers option that causes sudo to print a star every
8694: time the user presses a key.
8695: [7aab417e184d]
8696:
8697: 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
8698:
8699: * Makefile.in:
8700: Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
8701: [64f70e879816]
8702:
8703: 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
8704:
8705: * ldap.c:
8706: For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
8707: indicate no limit. From Mark Janssen.
8708: [e2c5732d54f5]
8709:
8710: 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
8711:
8712: * toke.c, toke.l:
8713: Comments that begin with #- should not be parsed as uids.
8714: [a72a50f12f41]
8715:
8716: 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
8717:
8718: * sudo.c:
8719: Do not try to set the close on exec flag if we didn't actually open
8720: sudoers.
8721: [ece3ca256904]
8722:
8723: 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
8724:
8725: * ChangeLog:
8726: regen
8727: [e11f0e4c1bdd] [SUDO_1_7_0]
8728:
8729: 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
8730:
8731: * TODO:
8732: sync
8733: [5b8954462bb3]
8734:
8735: 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
8736:
8737: * auth/pam.c:
8738: Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
8739: password prompt.
8740: [8563601cb3de]
8741:
8742: * configure, configure.in:
8743: Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
8744: as it cannot generate shared objects.
8745: [6d4262ef9669]
8746:
8747: * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
8748: K&R compilation fixes
8749: [77921678d17c]
8750:
8751: * parse.c:
8752: Use tq_foreach_fwd when checking pseudo-commands to make it clear
8753: that we are not short-circuiting on last match. When pwcheck is
8754: 'all', initialize nopass to TRUE and override it with the first non-
8755: TRUE entry.
8756: [96b209f4778f]
8757:
8758: 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
8759:
8760: * parse.c:
8761: Do not short circuit pseudo commands when we get a match since,
8762: depending on the settings, we may need to examine all commands for
8763: tags.
8764: [fdbaf89d6f35]
8765:
8766: 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
8767:
8768: * sudoers.cat, sudoers.man.in:
8769: regen
8770: [1ecce7c1b841]
8771:
8772: * sudoers.pod:
8773: hostnames may also contain wildcards
8774: [82b76695601c]
8775:
8776: * Makefile.in:
8777: remove stamp-* files and linux core files in clean target
8778: [22003f091467]
8779:
8780: 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
8781:
8782: * auth/sudo_auth.h, config.h.in, configure, configure.in:
8783: Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
8784: [6905bede8410]
8785:
8786: 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
8787:
8788: * configure, configure.in:
8789: correctly enable SIA on Digital UNIX
8790: [a51881d13995]
8791:
8792: * TODO:
8793: checkpoint
8794: [af0fe8d94d42]
8795:
8796: * ChangeLog:
8797: sync
8798: [831f623cf99c]
8799:
8800: 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
8801:
8802: * check.c, sudo.h, tgetpass.c:
8803: Even if neither stdin nor stdout are ttys we may still have /dev/tty
8804: available to us.
8805: [20f306ba883b]
8806:
8807: 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
8808:
8809: * sudoers.cat, sudoers.man.in:
8810: regen
8811: [76d97c4c318f]
8812:
8813: * sudoers.pod:
8814: fix typos; Markus Lude
8815: [bff8bc1e2066]
8816:
8817: * ChangeLog:
8818: sync
8819: [f108552531cd]
8820:
8821: * toke.c:
8822: regen
8823: [de828413c67e]
8824:
8825: * toke.l:
8826: Fix matching of a line that only consists of a comment char
8827: [09c953d8d5ca]
8828:
8829: 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
8830:
8831: * auth/pam.c:
8832: MacOS pam will retry conversation function if it fails so just treat
8833: ^C as an empty password.
8834: [d056058930bc]
8835:
8836: * visudo.c:
8837: When checking for alias use, also check defaults bindings.
8838: [2647f82c7dbd]
8839:
8840: * redblack.c:
8841: unused var
8842: [b7ff71c17c18]
8843:
8844: * redblack.c:
8845: Replace my rbdelete with Emin's version (which actually works ;-)
8846: [21b133dd0c72]
8847:
8848: 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
8849:
8850: * testsudoers.c:
8851: malloc debugging
8852: [0fb446fa3279]
8853:
8854: * visudo.c:
8855: malloc options in devel mode for visudo too
8856: [98d06c6afeef]
8857:
8858: 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
8859:
8860: * sudo.c:
8861: fix compilation on non-C99; from Theo
8862: [7c304e16c536]
8863:
8864: * visudo.c:
8865: fix check_aliases
8866: [83f30a3b1765]
8867:
8868: * alias.c:
8869: when destroying an alias, free the correct data pointer
8870: [6e1a8bd86c01]
8871:
8872: * auth/sudo_auth.h:
8873: add proto for aixauth_cleanup; from Dale King
8874: [eba94ffc8f63]
8875:
8876: 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
8877:
8878: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
8879: visudo.man.in:
8880: regen
8881: [409fa57fff83]
8882:
8883: * sudo.pod, sudoers.pod, visudo.pod:
8884: standardize on the term 'option' for command line options (not flag)
8885: [228caefc2e36]
8886:
8887: 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
8888:
8889: * INSTALL:
8890: Add note on configuring HP-UX pam
8891: [f7674a581baf]
8892:
8893: 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
8894:
8895: * check.c, sudo.c:
8896: Move tty checks into check_user() so we only do them if we actually
8897: need a password.
8898: [7d997d7106d6]
8899:
8900: * sudo.c:
8901: Don't error out if no tty or askpass unless we actually need to
8902: authenticate.
8903: [9f23b83ed66c]
8904:
8905: 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
8906:
8907: * ChangeLog:
8908: regen
8909: [23f9aef32da6]
8910:
8911: * pathnames.h.in, sudo.c:
8912: s/overriden/overridden/; from Tobias Stoeckmann
8913: [9f7459a8fac5]
8914:
8915: 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
8916:
8917: * WHATSNEW, visudo.c:
8918: check sudoers owner and mode in strict mode
8919: [a3468c5ac1c4]
8920:
8921: * gram.c, toke.c:
8922: regen
8923: [7d6b515a5443]
8924:
8925: * sudo.man.in, sudoers.man.in, visudo.man.in:
8926: Update copyright years.
8927: [52d340cb8cba]
8928:
8929: * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
8930: auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
8931: auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
8932: closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
8933: gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
8934: interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
8935: parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
8936: sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
8937: testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
8938: visudo.pod, zero_bytes.c:
8939: Update copyright years.
8940: [b4e6bf2beafa]
8941:
8942: * emul/charclass.h, fnmatch.c, glob.c:
8943: add my copyright
8944: [28681385014a]
8945:
8946: 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
8947:
8948: * toke.c, toke.l:
8949: The loop in fill_cmnd() was going one byte too far past the end,
8950: resulting in a NUL being written immediately after the buffer end.
8951: [a5a49d603cd7]
8952:
8953: * UPGRADE, WHATSNEW:
8954: add sections on tgetpass changes
8955: [2e6929b6a102]
8956:
8957: * tgetpass.c:
8958: Treat EOF w/o newline as an error.
8959: [aa02b1db9240]
8960:
8961: 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
8962:
8963: * parse.c:
8964: Fix "sudo -v" when NOPASSWD is set.
8965: [f4914711ea80]
8966:
8967: * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
8968: auth/sudo_auth.h:
8969: No longer treat an empty password at the prompt as special. To quit
8970: out of sudo you now need to hit ^C at the password prompt.
8971: [980f760ad419]
8972:
8973: * sudoers.cat, sudoers.man.in:
8974: regen
8975: [6ca21a2cd869]
8976:
8977: * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
8978: Sudo will now refuse to run if no tty is present unless the new
8979: visiblepw sudoers flag is set.
8980: [0cc56943252e]
8981:
8982: 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
8983:
8984: * aix.c:
8985: just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
8986: defined
8987: [24fc6f712d5c]
8988:
8989: * aix.c:
8990: fix fallback value for RLIM_SAVED_MAX
8991: [e09e04e1af89]
8992:
8993: * auth/aix_auth.c, auth/sudo_auth.h:
8994: Move clearing of AUTHSTATE into aixauth_cleanup.
8995: [e14ae7bd259c]
8996:
8997: * auth/aix_auth.c, env.c:
8998: Unset AUTHSTATE after calling authenticate() as it may not be
8999: correct for the user we are running the command as.
9000: [d14f68f1b0ab]
9001:
9002: * isblank.c:
9003: Add isblank() function for systems without it. Needed for POSIX
9004: character class matching in fnmatch.c and glob.c.
9005: [16cba30b283f]
9006:
9007: 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
9008:
9009: * TROUBLESHOOTING:
9010: expound on sudo and cd
9011: [8e0fa9033637]
9012:
9013: 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
9014:
9015: * ChangeLog:
9016: regen
9017: [40cf320a10fc]
9018:
9019: * sudoers.cat, sudoers.man.in:
9020: regen
9021: [7cac761ae2c6]
9022:
9023: * sudoers.pod:
9024: mention defauts parse order
9025: [4e2ce86d1394]
9026:
9027: 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
9028:
9029: * Makefile.in, aclocal.m4, compat.h, configure:
9030: Add isblank() function for systems without it. Needed for POSIX
9031: character class matching in fnmatch.c and glob.c.
9032: [a1ab55da8424]
9033:
9034: * Makefile.in:
9035: add emul/charclass.h to HDRS
9036: [7e8a019dcaa4]
9037:
9038: 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
9039:
9040: * TODO:
9041: checkpoint
9042: [afeb9bc1baed]
9043:
9044: * defaults.c, parse.c, testsudoers.c, visudo.c:
9045: Move update_defaults into defaults.c and call it properly from
9046: visudo and testsudoers.
9047: [f4dbb369461f]
9048:
9049: * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
9050: tsgetgrpw.c:
9051: use zero_bytes() instead of memset() for consistency
9052: [4cee0465f4a8]
9053:
9054: * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
9055: visudo.c:
9056: Zero out sigaction_t before use in case it has non-standard entries.
9057: [120092225459]
9058:
9059: * match.c:
9060: quiet gcc
9061: [098a1df49b23]
9062:
9063: * match.c:
9064: Short circuit glob() checks if basename(pattern) !=
9065: basename(command). Refactor code that checks for a command in a
9066: directory and use it in the glob case if the resolved pattern ends
9067: in a '/'.
9068: [3c46fd317acb]
9069:
9070: 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
9071:
9072: * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
9073: Defer setting runas defaults until after runaspw/gr is setup.
9074: [12e75ee49c0c]
9075:
9076: 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
9077:
9078: * match.c, sudo.c, testsudoers.c:
9079: Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
9080: systems do not include space for the NUL in the size. Also manually
9081: NUL-terminate buffer from gethostname() since POSIX is wishy-washy
9082: on this.
9083: [7266ab3296a3]
9084:
9085: 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
9086:
9087: * sudo.c, sudoers.pod:
9088: When setting the umask, use the union of the user's umask and the
9089: default value set in sudoers so that we never lower the user's umask
9090: when running a command.
9091: [4e804b004e38]
9092:
9093: * sudo.c:
9094: Don't try to read from a zero-length sudoers file. Remove the bogus
9095: Solaris work-around for EAGAIN. Since we now use fgetc() it should
9096: not be a problem.
9097: [bb8e5f68d944]
9098:
9099: 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
9100:
9101: * parse.c:
9102: In update_defaults() check the return value of user*_matches against
9103: ALLOW so we don't inadvertantly match on UNSPEC.
9104: [4e422fa1527e]
9105:
9106: 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
9107:
9108: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9109: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
9110: regen man pages; no more hyphenation
9111: [15de4fe2fe01]
9112:
9113: * sudo.c:
9114: Don't error out on a zero-length sudoers file. With the advent of
9115: #include the user could create a situation where sudo is unusable.
9116: [6eb461319fa5]
9117:
9118: 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
9119:
9120: * auth/kerb5.c, config.h.in, configure, configure.in:
9121: Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
9122: krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
9123: all. Add configure tests to handle all the cases.
9124: [4b554a98470d]
9125:
9126: 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
9127:
9128: * sudo.pod:
9129: resort ENVIRONMENT
9130: [f4f20f40653e]
9131:
9132: * sudoers.pod:
9133: document sudoers_locale
9134: [0bffd2dbe806]
9135:
9136: * sudo.pod, sudo_edit.c:
9137: add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
9138: or EDITOR
9139: [0ef8cb248cee]
9140:
9141: * toke.c, toke.l:
9142: In fill_cmnd(), collapse any escaped sudo-specific characters.
9143: Allows character classes to be used in pathnames.
9144: [5685244c8e44]
9145:
9146: 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
9147:
9148: * lbuf.c:
9149: fix typo in non-C89 function declaration
9150: [99a7113b3a05]
9151:
9152: * sudoers.pod:
9153: Mention POSIX characters classes now that out fnmatch() and glob()
9154: support them.
9155: [9c916f1230c3]
9156:
9157: * sample.sudoers, sudoers.pod:
9158: Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
9159: locale agnostic.
9160: [a60a62bec244]
9161:
9162: * parse.h:
9163: use __signed char if we are going to assign a negative value since
9164: on Power, char is unsigned by default
9165: [2877b319df17]
9166:
9167: * config.h.in, configure, configure.in:
9168: Add tests for __signed char and signed char.
9169: [5eb874fdf1d4]
9170:
9171: * aix.c:
9172: Fix AIX limit setting. getuserattr() returns values in disk blocks
9173: rather than bytes. The default hard stack size in newer AIX is
9174: RLIM_SAVED_MAX. From Dale King.
9175: [3db67415ecc3]
9176:
9177: 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
9178:
9179: * emul/charclass.h, fnmatch.c, glob.c:
9180: Add character class support to included glob(3) and fnmatch(3).
9181: [6b5b4ad77899]
9182:
9183: 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
9184:
9185: * emul/fnmatch.h:
9186: Remove UCB advertising clause and some compatibility defines.
9187: [2ade7bee74e1]
9188:
9189: 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
9190:
9191: * sudo_edit.c:
9192: Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
9193: or sudo. This allows one to set EDITOR to sudoedit without getting
9194: into an infinite loop of sudoedit running itself until the path gets
9195: too big.
9196: [aa49ab68f82d]
9197:
9198: * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
9199: Add sudoers_locale Defaults option to override the default sudoers
9200: locale of "C".
9201: [0639886a35bf]
9202:
9203: 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
9204:
9205: * sudo.c:
9206: Set locale to system default except for during sudoers parse.
9207: [016dd2736728]
9208:
9209: 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
9210:
9211: * match.c:
9212: Redo change in 1.34 to use pointer arithmetic.
9213: [f9e7b63bb450]
9214:
9215: 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
9216:
9217: * match.c:
9218: Fix a dereference (read) of a freed pointer. Reported by Patrick
9219: Williams.
9220: [69877b633753]
9221:
9222: 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
9223:
9224: * sudo.c:
9225: Set locale to "C" to avoid interpretation issues with character
9226: ranges in sudoers. May want to make the locale a sudoers option in
9227: the future.
9228: [098a95de1746]
9229:
9230: 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
9231:
9232: * config.h.in:
9233: we no longer use setproctitle
9234: [c7f20fb747ea]
9235:
9236: * sudo.h:
9237: remove #if 1
9238: [a368ee6816c6]
9239:
9240: * LICENSE, mkstemp.c:
9241: Use my replacement mkstemp() from the mktemp package.
9242: [d07c2beb0f9e]
9243:
9244: 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
9245:
9246: * gram.c:
9247: regen with yacc skeleton bug fixed
9248: [24784571cbb8]
9249:
9250: * sudoers.pod:
9251: Remove duplicate "as root". From Martin Toft.
9252: [97241acfee5e]
9253:
9254: 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
9255:
9256: * pwutil.c, sudo.c, sudo.h, testsudoers.c:
9257: Flesh out the fake passwd entry used for running commands as a uid
9258: not listed in the passwd database. Fixes an issue with some PAM
9259: modules.
9260: [a6648227f3f2]
9261:
9262: 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
9263:
9264: * sudo.c:
9265: Error out in -i mode if the user has no shell. This can happen when
9266: running commands as a uid with no password entry.
9267: [0c174bef36ff]
9268:
9269: 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
9270:
9271: * toke.c, toke.l:
9272: Better fix for line continuation inside double quotes. Now accepts
9273: whitespace between the backslash and the newline like the main
9274: lexer.
9275: [64efcdf86d31]
9276:
9277: 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
9278:
9279: * toke.c, toke.l:
9280: Fix line continuation in strings. It was only being honored if
9281: preceded by whitespace.
9282: [96c21271a3e4]
9283:
9284: 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
9285:
9286: * config.h.in, configure, configure.in, logging.c:
9287: Replace the double fork with a fork + daemonize.
9288: [328505441e67]
9289:
9290: 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
9291:
9292: * env.c, sudo.c:
9293: The -i flag should imply env_reset. This got broken in sudo 1.6.9.
9294: [3caedfeaec87]
9295:
9296: * logging.c, sudo.c, sudo_edit.c, visudo.c:
9297: Change how the mailer is waited for. Instead of having a SIGCHLD
9298: handler, use the double fork trick to orphan the child that opens
9299: the pipe to sendmail. Fixes a problem running su on some Linux
9300: distros.
9301: [b59ce60a393d]
9302:
9303: 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
9304:
9305: * configure, configure.in:
9306: Fix configure test for dirfd() on Linux where DIR is opaque.
9307: [b8f729cdfecc]
9308:
9309: 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
9310:
9311: * tgetpass.c:
9312: Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
9313: this problem we'll need to revisit this again.
9314: [c17fee8ad530]
9315:
9316: 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
9317:
9318: * logging.c:
9319: Ignore SIGPIPE instead of blocking it when piping to the mailer. If
9320: we only block the signal it may be delivered later when we unblock.
9321: Also, there is no need to block SIGCHLD since we no longer do the
9322: double fork. The normal SIGCHLD handler is sufficient.
9323: [e94a49e992e5]
9324:
9325: 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
9326:
9327: * configure, configure.in:
9328: Add description for NO_PAM_SESSION, from a redhat patch.
9329: [b9e4c939ec09]
9330:
9331: 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
9332:
9333: * sudo.cat, sudo.man.in, sudo.pod:
9334: Fix typos in -i usage
9335: [2d7ce5de0235]
9336:
9337: 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
9338:
9339: * configure, configure.in:
9340: Redo the test for dgettext() in a way that hopefully will work
9341: around the libintl_dgettext() undefined problem.
9342: [d27beb0cf85e]
9343:
9344: 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
9345:
9346: * schema.ActiveDirectory:
9347: change filename in comment
9348: [733da4ee9ac5]
9349:
9350: 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
9351:
9352: * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
9353: sudoers.ldap.pod:
9354: Reference schema.ActiveDirectory
9355: [d6aec537800e]
9356:
9357: 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
9358:
9359: * schema.OpenLDAP, schema.iPlanet:
9360: Mark sudoRunAs as deprecated.
9361: [00c50df807af]
9362:
9363: * schema.ActiveDirectory:
9364: add sudoRunAsUser and sudoRunAsGroup
9365: [19bcce6f72fb]
9366:
9367: * schema.ActiveDirectory:
9368: Active Directory schema by Chantal Paradis and Eric Paquet
9369: [06a09c92c6a5]
9370:
9371: 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
9372:
9373: * parse.c:
9374: remove an XXX that was fixed
9375: [b88038062fa2]
9376:
9377: * ChangeLog:
9378: sync
9379: [8fc27c17270e]
9380:
9381: * parse.c:
9382: Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
9383: fixes a problem where the tag value printed was influenced by
9384: defaults set in the first pass through the parser.
9385: [588ccd630367]
9386:
9387: 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
9388:
9389: * Makefile.in, sudo.psf:
9390: No point in packaging the TODO file
9391: [9590248fffe1]
9392:
9393: * ChangeLog:
9394: sync
9395: [152acf4c6813]
9396:
9397: 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
9398:
9399: * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
9400: sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
9401: Add env_file Defaults option that is similar to /etc/environment on
9402: some systems.
9403: [1daf53d51e18]
9404:
9405: 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
9406:
9407: * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
9408: sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
9409: version.h, visudo.cat, visudo.man.in:
9410: change version to 1.7.0
9411: [d41d126b9bd8]
9412:
9413: * UPGRADE:
9414: initial valgrind pass done
9415: [c59c3876d8ca]
9416:
9417: 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
9418:
9419: * ldap.c:
9420: Fix typo/think in sudo_ldap_read_secret() when storing the secret.
9421: [830d246c09b0]
9422:
9423: 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
9424:
9425: * ldap.c:
9426: define LDAPS_PORT if the system headers do not
9427: [247b12325701]
9428:
9429: 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
9430:
9431: * gram.c, gram.y:
9432: Fix another memory leak in init_parser().
9433: [7bba47deba11]
9434:
9435: * configure, configure.in:
9436: There was a missing space before the ldap libs in SUDO_LIBS for some
9437: configurations.
9438: [7524cfc93759]
9439:
9440: * alias.c, gram.c, gram.y, toke.c, toke.l:
9441: Clean up some memory leaks pointed out by valgrind.
9442: [a965866ece1a]
9443:
9444: 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
9445:
9446: * sudo.c:
9447: fix "sudo -s" broken by mode/flags breakout
9448: [acffe984d408]
9449:
9450: * configure, configure.in:
9451: remove duplicate check for dgettext
9452: [58145529133c]
9453:
9454: 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
9455:
9456: * aix.c:
9457: Fall back to default stanza if no user-specific limit is found.
9458: [7b8cb29123ee]
9459:
9460: 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
9461:
9462: * snprintf.c:
9463: include stdint.h if present
9464: [f0ec38529306]
9465:
9466: * snprintf.c:
9467: Use LLONG_MAX, not the old QUAD_MAX
9468: [01041ce508fb]
9469:
9470: 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
9471:
9472: * sudoers.ldap.pod:
9473: fix cut and pasto
9474: [34240fdef5ab]
9475:
9476: 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
9477:
9478: * pwutil.c:
9479: Add #ifdef PURITY
9480: [ce1b571ad526]
9481:
9482: 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
9483:
9484: * auth/bsdauth.c:
9485: remove useless cast
9486: [494f8a862e1d]
9487:
9488: 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
9489:
9490: * ChangeLog:
9491: sync
9492: [f5c97ffaabcc]
9493:
9494: * TODO:
9495: sync
9496: [96ff1c44c182]
9497:
9498: * sudo.h:
9499: Split MODE_* defines into primary and flags.
9500: [c02ee3027cb9]
9501:
9502: 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
9503:
9504: * aix.c:
9505: It turns out the logic for getting AIX limits is more convoluted
9506: than I realized and differs depending on whether the soft and/or
9507: hard limits are defined.
9508: [cf8d3f85d395]
9509:
9510: 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
9511:
9512: * Makefile.in, configure, configure.in:
9513: Back out AIX-specific change to set the sudo_noexec path to the .a
9514: file, we do really want to use the .so file. Since libtool doesn't
9515: do that correctly, just install the .so file ourselves in the
9516: Makefile.
9517: [05c6f33177d9]
9518:
9519: * install-sh:
9520: If the file given to install is a path, only use the basename of the
9521: file when building the destination path.
9522: [695ba4e429ce]
9523:
9524: 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
9525:
9526: * sudo.c:
9527: parse_args() cleanup: Sort command line options in the getopt()
9528: switch The -U option requires a parameter Normalize a few ISSET
9529: calls Split mode into mode and flags and retire the now-obsolete
9530: excl variable
9531: [0d156835f861]
9532:
9533: * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
9534: sudo_usage.h.in:
9535: Add -n (non-interactive) flag.
9536: [e3e50400d32d]
9537:
9538: * sudo.c:
9539: Move version printing, etc. into a separate function.
9540: [18c91b476e2c]
9541:
9542: * sudo.c:
9543: Don't try to cleanup nsswitch if it has not been initialized.
9544: [aeb1ca1b399d]
9545:
9546: 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
9547:
9548: * logging.c:
9549: Block SIGPIPE in send_mail() so sudo is not killed by a problem
9550: executing the mailer.
9551: [f130e7924cca]
9552:
9553: 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
9554:
9555: * configure, configure.in:
9556: AIX shared libs end in .a, not .so.
9557: [a5deb07020d8]
9558:
9559: 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
9560:
9561: * env.c:
9562: Preserve HOME by default too. Matches documentation and previous
9563: behavior.
9564: [c16f17f1047c]
9565:
9566: 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
9567:
9568: * sudo.c:
9569: Use getopt() to parse the command line. We need to be able to
9570: intersperse env variables and options yet still honor "--"" which
9571: complicates things slightly.
9572: [60f271ce5c16]
9573:
9574: 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
9575:
9576: * ChangeLog:
9577: sync
9578: [685e67964eda]
9579:
9580: * acsite.m4, configure, ltmain.sh:
9581: update to libtool-1.5.26
9582: [4c9a8c3d3b40]
9583:
9584: * config.guess, config.sub:
9585: update from libtool-1.5.26 distribution
9586: [c6641aef2527]
9587:
9588: * aix.c, sudo.h:
9589: attempt to fix compilation errors on AIX
9590: [edb13e5b2184]
9591:
9592: * Makefile.in:
9593: fix typo in last commit
9594: [25ba7f7ceae4]
9595:
9596: * Makefile.in:
9597: Add WHATSNEW file to the distribution
9598: [213f4115de8f]
9599:
9600: * visudo.c:
9601: use warningx instead of fprintf(stderr, ...)
9602: [a3494b8ccb19]
9603:
9604: * list.c:
9605: add DEBUG to list2tq
9606: [115d24a3000c]
9607:
9608: * ChangeLog, TODO:
9609: sync
9610: [60e6f4d1fac0]
9611:
9612: * WHATSNEW:
9613: mention mailfrom
9614: [e2498f9e18d6]
9615:
9616: * Makefile.in, aix.c, config.h.in, configure, configure.in,
9617: set_perms.c, sudo.h:
9618: Add aix_setlimits() to set resource limits on AIX using a
9619: combination of getuserattr() and setrlimit(). Currently untested.
9620: [9b1441fd89ca]
9621:
9622: 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
9623:
9624: * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
9625: sudoers.man.in, sudoers.pod:
9626: Add mailfrom Defaults option that sets the value of the From: field
9627: in the warning/error mail. If unset the login name of the invoking
9628: user is used.
9629: [029b9f05d3d9]
9630:
9631: * defaults.c:
9632: store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
9633: [a90e407d5e00]
9634:
9635: * gram.c, gram.y:
9636: When adding a default, only call list2tq() once to do the list to tq
9637: conversion. It is not legal to call list2tq multiple times on the
9638: same list since list2tq consumes and modifies the list argument.
9639: [fbc25d245c4a]
9640:
9641: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
9642: comment out XXXs for now
9643: [595a1d43309d]
9644:
9645: * WHATSNEW:
9646: mention askpass
9647: [b993e0837c22]
9648:
9649: 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
9650:
9651: * sudo.c:
9652: Error out if both -A and -S are specified Error out if -A is
9653: specified but no askpass is configured
9654: [24f1df2638f6]
9655:
9656: * configure, configure.in:
9657: we are not going to ship a sudo-specific askpass
9658: [61949e7a3943]
9659:
9660: 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
9661:
9662: * sudo.h:
9663: fix definition of TGP_ASKPASS
9664: [0447c57ba4c3]
9665:
9666: * def_data.c, def_data.in:
9667: make askpass boolean-capable
9668: [e0885893a325]
9669:
9670: * INSTALL:
9671: document --with-askpass
9672: [c76e15ba97cf]
9673:
9674: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9675: sudoers.man.in, visudo.cat:
9676: regen
9677: [8d16242980b7]
9678:
9679: 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
9680:
9681: * sudo.pod, sudo_usage.h.in, sudoers.pod:
9682: document -A and askpass
9683: [02c07505a78c]
9684:
9685: * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
9686: def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
9687: sudo_usage.h.in, tgetpass.c:
9688: Add support for running a helper program to read the password when
9689: no tty is present (or when specified with the -A flag). TODO: docs.
9690: [05780f5f71fd]
9691:
9692: * def_data.c, def_data.in:
9693: add missing printf format to SELinux role and type strings
9694: [2b32774715e7]
9695:
9696: 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
9697:
9698: * INSTALL, configure, configure.in:
9699: Disable use of gss_krb5_ccache_name() by default and add
9700: --enable-gss-krb5-ccache-name configure option to enable it. It
9701: seems that gss_krb5_ccache_name() doesn't work properly with some
9702: combinations of Heimdal and OpenLDAP.
9703: [f61ebd3b19bd]
9704:
9705: 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
9706:
9707: * selinux.c:
9708: Ignore setexeccon() failing in permissive mode. Also add a call to
9709: setkeycreatecon() (though this is probably insufficient). From Dan
9710: Walsh.
9711: [52564fc1c069]
9712:
9713: * auth/pam.c:
9714: Only set std_prompt for the PAM_PROMPT_* cases. The conversation
9715: function may be called for non-password reading purposes so we must
9716: be careful not to use def_prompt in cases where it may not be set.
9717: [29d88ca575ba]
9718:
9719: 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
9720:
9721: * selinux.c:
9722: Don't free the new tty context, we need to keep it around when we
9723: restore the tty context after the command completes
9724: [5b4bd39b6ea8]
9725:
9726: 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
9727:
9728: * selinux.c:
9729: s/newrole/sudo/
9730: [21b8a96ff8df]
9731:
9732: * sudo.man.pl, sudo.pod:
9733: Only put login_cap(3) in SEE ALSO section if we have login.conf
9734: support
9735: [05250ddff2c0]
9736:
9737: 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
9738:
9739: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9740: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
9741: regen
9742: [301e5c5ccdbe]
9743:
9744: * sudoers.pod:
9745: Substitute in comment characters for lines partaining to login.conf,
9746: BSD auth and SELinux and only enable them if pertinent.
9747: [c1c98fa163ce]
9748:
9749: * sudoers.man.pl:
9750: Substitute in comment characters for lines partaining to login.conf,
9751: BSD auth and SELinux and only enable them if pertinent.
9752: [6c88f30b878a]
9753:
9754: * sudo.pod:
9755: Substitute in comment characters for lines partaining to login.conf,
9756: BSD auth and SELinux and only enable them if pertinent.
9757: [acdbdfd24e1d]
9758:
9759: * sudo.man.pl:
9760: Substitute in comment characters for lines partaining to login.conf,
9761: BSD auth and SELinux and only enable them if pertinent.
9762: [0c56d4750ac3]
9763:
9764: * Makefile.in, configure, configure.in:
9765: Substitute in comment characters for lines partaining to login.conf,
9766: BSD auth and SELinux and only enable them if pertinent.
9767: [9a02bd6a6658]
9768:
9769: * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
9770: Remove the =cut on the first line (above the copyright notice) to
9771: quiet pod2man. Also remove the hackery in the FILES section and
9772: just deal with the fact that there will a newline between each
9773: pathname.
9774: [2ac1ab191835]
9775:
9776: 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
9777:
9778: * Makefile.in:
9779: run sudo.man.pl when generating sudo.man.in
9780: [859727369168]
9781:
9782: * configure, configure.in, sudo.man.pl:
9783: comment out SELinux manual bits unless --with-selinux was specified
9784: [97ff4212b649]
9785:
9786: * sudoers.pod:
9787: document role and type defaults for SELinux
9788: [870f303366b3]
9789:
9790: * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
9791: Document "sudo -ll" and make "sudo -l -l" be equivalent.
9792: [3ce6dc429ea3]
9793:
9794: 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
9795:
9796: * configure, configure.in:
9797: Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
9798: Debian GNU/kFreeBSD.
9799: [c4efa567a328]
9800:
9801: 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
9802:
9803: * auth/kerb5.c:
9804: Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
9805: verify_krb_v5_tgt()
9806: [f80538e5a6fa]
9807:
9808: * logging.c, logging.h, sudo.c:
9809: Remove dependence on VALIDATE_NOT_OK in logging functions. Split
9810: log_auth() into log_allowed() and log_denial() Replace mail_auth()
9811: with should_mail() and a call to send_mail()
9812: [58aac9997557]
9813:
9814: 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
9815:
9816: * ldap.c:
9817: Add debugging so we can tell if the krb5 ccache is accessible
9818: [c679322527bb]
9819:
9820: * INSTALL:
9821: mention --with-selinux
9822: [9efbe0b52194]
9823:
9824: 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
9825:
9826: * configure:
9827: regen
9828: [467a834f867c]
9829:
9830: * selinux.c:
9831: add Sudo tag
9832: [d004ee669bed]
9833:
9834: * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
9835: sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
9836: testsudoers.c, toke.c, toke.l:
9837: Add support for SELinux RBAC. Sudoers entries may specify a role
9838: and type. There are also role and type defaults that may be used.
9839: To make sure a transition occurs, when using RBAC commands are
9840: executed via the new sesh binary. Based on initial changes from Dan
9841: Walsh.
9842: [1d4abfe2c004]
9843:
9844: * sesh.c:
9845: Add support for SELinux RBAC. Sudoers entries may specify a role
9846: and type. There are also role and type defaults that may be used.
9847: To make sure a transition occurs, when using RBAC commands are
9848: executed via the new sesh binary. Based on initial changes from Dan
9849: Walsh.
9850: [1e3b395ce049]
9851:
9852: * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
9853: def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
9854: pathnames.h.in, selinux.c:
9855: Add support for SELinux RBAC. Sudoers entries may specify a role
9856: and type. There are also role and type defaults that may be used.
9857: To make sure a transition occurs, when using RBAC commands are
9858: executed via the new sesh binary. Based on initial changes from Dan
9859: Walsh.
9860: [6b421948286e]
9861:
9862: 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
9863:
9864: * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
9865: Add long list (sudo -ll) support for printing verbose LDAP and
9866: sudoers file entries. Still need to update manual.
9867: [2875be37935c]
9868:
9869: 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
9870:
9871: * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
9872: Unify the -l output for file and ldap based sudoers and use lbufs
9873: for both. The ldap output does not currently include options that
9874: cannot be represented as tags. This will be remedied in a long list
9875: output mode to come.
9876: [b2e429456596]
9877:
9878: 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
9879:
9880: * set_perms.c:
9881: Use a specific error message for errno == EAGAIN when setuid() et al
9882: fails. On Linux systems setuid() will fail with errno set to EAGAIN
9883: if changing to the new uid would result in a resource limit
9884: violation.
9885: [08d0aecd9f03]
9886:
9887: * sudo.c:
9888: Unlimit nproc on Linux systems where calling the setuid() family of
9889: syscalls causes the nroc resource limit to be checked. The limits
9890: will be reset by pam_limits.so when PAM is used. In the non-PAM
9891: case the nproc limit will remain unlimited but there doesn't seem to
9892: be a way around that other than having sudo parse
9893: /etc/security/limits.conf directly.
9894: [df024b415a8d]
9895:
9896: * env.c, sudo.c, sudo.pod:
9897: Only read /etc/environment on Linux and AIX
9898: [90669e2aefdb]
9899:
9900: 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
9901:
9902: * configure, configure.in:
9903: Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
9904: ldap.conf and ldap.secret paths from going into config.h. Avoid
9905: single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
9906: since in some versions of bash they will end up literally in the
9907: resulting define.
9908: [25390f3ef10a]
9909:
9910: 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
9911:
9912: * README.LDAP:
9913: mention --with-nsswitch=no
9914: [c509df927263]
9915:
9916: * configure, configure.in:
9917: ldap_ssl.h depends on ldap.h being included first
9918: [d96d90e9b21f]
9919:
9920: * config.h.in, configure, configure.in, ldap.c:
9921: Include ldap_ssl.h if we can find it. Needed for the
9922: ldapssl_set_strength defines on HP-UX at least.
9923: [9e530470948a]
9924:
9925: * sudoers.ldap.pod:
9926: sync
9927: [b9d101f4673a]
9928:
9929: * TODO:
9930: sync
9931: [2ce951b2ecd0]
9932:
9933: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
9934: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
9935: regen
9936: [b61d793987e0]
9937:
9938: * Makefile.in:
9939: Use 78n line length when formatting cat pages.
9940: [761bee9d5759]
9941:
9942: * README.LDAP:
9943: Remove redundant info that is now in sudoers.ldap.pod
9944: [01828dcce59e]
9945:
9946: 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
9947:
9948: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
9949: Reorganize the first section a bit. Substitute the proper path for
9950: /etc/sudoers.
9951: [11ae165e065d]
9952:
9953: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
9954: Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
9955: schema into EXAMPLES
9956: [ab6509d1dde7]
9957:
9958: * configure, configure.in:
9959: Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
9960: sudoers.ldap.man.
9961: [6e689972f465]
9962:
9963: * configure, configure.in:
9964: substitute for sudoers.ldap.man
9965: [5a4a25766dee]
9966:
9967: * Makefile.in:
9968: Fix cut & pasto introduced when adding sudoers.ldap man page.
9969: [a7b069af8894]
9970:
9971: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
9972: Fill in some of the missing pieces. Still needs some reorganization
9973: and editing.
9974: [5e7331722166]
9975:
9976: 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
9977:
9978: * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
9979: sudoers.ldap.pod:
9980: Beginnings of a sudoers.ldap man page. Currently, much of the
9981: information is adapted from README.LDAP.
9982: [aad28c8a922d]
9983:
9984: 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
9985:
9986: * pwutil.c:
9987: When copying gr_mem we must guarantee that the storage space for
9988: gr_mem is properly aligned. The simplest way to do this is to
9989: simply store gr_mem directly after struct group. This is not a
9990: problem for gr_passwd or gr_name as they are simple strings.
9991: [af58fc76f1ed]
9992:
9993: * ldap.c:
9994: Fix a typo/thinko in one of the calls to
9995: sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
9996: [70b2eb8097f5]
9997:
9998: 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
9999:
10000: * config.h.in, configure, configure.in, ldap.c:
10001: include <mps/ldap_ssl.h> in ldap.c if available
10002: [34346206ef16]
10003:
10004: 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
10005:
10006: * gram.c, gram.y:
10007: Make sure we define SIZE_MAX for yacc's skeleton.c
10008: [d8a45c7a3c42]
10009:
10010: * tgetpass.c:
10011: Use TCSAFLUSH when restoring terminal settings (and echo) to
10012: guarantee that any pending output is discarded
10013: [549a184479e5]
10014:
10015: 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
10016:
10017: * sudoers:
10018: no longer need to specify SETENV when user has sudo ALL
10019: [3051b41f8032]
10020:
10021: * testsudoers.c:
10022: sync user_args size calculation with sudo.c Add -g group option,
10023: renaming old -g to -G Add set_runasgr() and set_runaspw() and use
10024: them
10025: [0850325180f0]
10026:
10027: * sudo.c, sudo.h:
10028: Make set_runaspw static void
10029: [5d44d7a340ce]
10030:
10031: * testsudoers.c, visudo.c:
10032: g/c set_runaspw stub
10033: [79ebb5e2cc38]
10034:
10035: * configure, configure.in:
10036: Don't add -llber twice.
10037: [4356d302eef4]
10038:
10039: 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
10040:
10041: * ldap.c:
10042: fix typo
10043: [249cecc557e9]
10044:
10045: 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
10046:
10047: * gram.c:
10048: regen
10049: [2f94ea375b67]
10050:
10051: * configure, configure.in:
10052: Fix check that determines whether -llber is required.
10053: [6afa99523379]
10054:
10055: * README.LDAP, config.h.in, configure, configure.in, ldap.c:
10056: For netscape-based LDAP, use ldapssl_set_strength() to implement the
10057: checkpeer ldap.conf option.
10058: [16ae24d73795]
10059:
10060: * auth/kerb5.c:
10061: Delay krb5_cc_initialize() until we actually need to use the cred
10062: cache, which is what krb5_verify_user() does. Better cleanup on
10063: failure.
10064: [d12e5f1695b8]
10065:
10066: 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
10067:
10068: * auth/kerb5.c:
10069: Rewrite verify_krb_v5_tgt() based on what heimdal's
10070: krb5_verify_user() does.
10071: [05b5815f86c9]
10072:
10073: 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
10074:
10075: * gram.c:
10076: The U suffix on constants is an ANSI feature
10077: [c6dfce3167f1]
10078:
10079: * configure, configure.in:
10080: Add check for ber_set_option() in -llber
10081: [43d0c0566074]
10082:
10083: 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
10084:
10085: * README.LDAP:
10086: default if no nsswitch.conf is files only
10087: [c13001d9c998]
10088:
10089: 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
10090:
10091: * README.LDAP:
10092: don't tell people to mail aaron about LDAP stuff
10093: [8165ec1ef0c6]
10094:
10095: * README.LDAP:
10096: timelimit and bind_timelimit
10097: [44f74cbed167]
10098:
10099: * ChangeLog:
10100: sync
10101: [aba1a0ab02bd]
10102:
10103: * ldap.c:
10104: Move ldap.secret reading into a separate function.
10105: [1948acc9f7a4]
10106:
10107: * check.c:
10108: user_runas -> runas_pw
10109: [334490fc2bae]
10110:
10111: 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
10112:
10113: * TODO:
10114: sync
10115: [c7b165cc47c6]
10116:
10117: * check.c, sudo.pod, sudoers.pod:
10118: Add and document the %p escape in the password prompt. Based on a
10119: patch from Patrick Schoenfeld.
10120: [3972d4f31ffa]
10121:
10122: * ldap.c:
10123: Check strlcpy() return values.
10124: [9b42f3ae8ff1]
10125:
10126: * ldap.c:
10127: refactor ldap binding code into sudo_ldap_bind_s()
10128: [cb0c66a4d955]
10129:
10130: * README.LDAP:
10131: Make it clear that host and uri can take multiple parameters. URI is
10132: now supported for more than just openldap nsswitch.conf does't
10133: accept "compat"
10134: [f610dea656d6]
10135:
10136: * sudo.c:
10137: comment cleanup and update (c) year
10138: [6cd69c810ca5]
10139:
10140: * parse.c, sudo_nss.c:
10141: Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
10142: This should make it possible to build an LDAP-only sudo binary.
10143: [61c3f27066a0]
10144:
10145: * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
10146: Improve chaining of multiple sudoers sources by passing in the
10147: previous return value to the next in the chain
10148: [2c0b722b1b2d]
10149:
10150: * gram.y:
10151: Free up parser data structures in sudo_file_close().
10152: [2251531d4519]
10153:
10154: * gram.c, parse.c:
10155: Free up parser data structures in sudo_file_close().
10156: [8371f130f401]
10157:
10158: * ldap.c:
10159: Parse uri ourself if no ldap_initialize() is present Use
10160: ldap_create() instead of deprecated ldap_init() Use
10161: ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
10162: [85d3825b1953]
10163:
10164: * config.h.in, configure, configure.in:
10165: Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
10166: CFLAGS
10167: [240524512bc5]
10168:
10169: 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
10170:
10171: * config.h.in, configure, configure.in:
10172: add check for ldap_create
10173: [3089badd73b8]
10174:
10175: 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
10176:
10177: * config.h.in, configure, configure.in, ldap.c:
10178: Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
10179: dn using the mechanism appropriate for the LDAP SDK in use. Use
10180: ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
10181: ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
10182: [6deeca3d00cc]
10183:
10184: * lbuf.c:
10185: include unistd.h
10186: [8419ed0bae7f]
10187:
10188: * config.h.in, configure.in:
10189: fix typo in mtim_getnsec
10190: [2d5f21230a60]
10191:
10192: 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
10193:
10194: * config.h.in, configure, configure.in:
10195: add check for st__tim in struct stat as used by SCO
10196: [587060ea2a89]
10197:
10198: * ldap.c:
10199: use ldap_search_ext_s instead of deprecated ldap_search_s
10200: [5fc44fe3b44c]
10201:
10202: * Makefile.in, TODO, sudo.cat, sudo.man.in:
10203: add sudo_nss.h to HDRS
10204: [86f01a70ff29]
10205:
10206: * ldap.c:
10207: Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
10208: ldap_rdn2str().
10209: [aa217002cfae]
10210:
10211: 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
10212:
10213: * ldap.c:
10214: Use ldap_get_values_len()/ldap_value_free_len() instead of the
10215: deprecated ldap_get_values()/ldap_value_free().
10216: [e22dceb85e57]
10217:
10218: * ChangeLog:
10219: sync
10220: [adad27b36107]
10221:
10222: * TODO:
10223: sync
10224: [c449eb47e0ef]
10225:
10226: * gettime.c, sudo.c:
10227: Remove some already fixed XXXs
10228: [532788d0e6da]
10229:
10230: * ldap.c:
10231: Same return value as non-existent sudoers if LDAP was unable to
10232: connect.
10233: [5819810e8e4e]
10234:
10235: * sudo.pod:
10236: mention /etc/environment
10237: [ea8e6102f853]
10238:
10239: * README.LDAP, UPGRADE, WHATSNEW:
10240: Update to reflect recent developments.
10241: [ed1fb026fe77]
10242:
10243: * sudo.c:
10244: Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
10245: [55b68a58260d]
10246:
10247: * ldap.c:
10248: When building up a query don't list groups in the aux group vector
10249: that are the same as the passwd file group. On most systems the
10250: first gid in the group vector is the same as the passwd entry gid.
10251: [4bb51e297e0d]
10252:
10253: * env.c, ldap.c:
10254: Define LDAPNOINIT before calling ldap_init(), etc. to disable user
10255: ldaprc and system defaults that could affect how LDAP works.
10256: [ce5036440db2]
10257:
10258: * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
10259: sudo_nss.c, sudo_nss.h:
10260: Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
10261: to specify nsswitch.conf path or disable it. If --with-nsswitch=no
10262: but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
10263: file and --with-ldap-secret-file
10264: [ea5d7704381f]
10265:
10266: * parse.c:
10267: Honor def_ignore_local_sudoers
10268: [f38e1121fae1]
10269:
10270: 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
10271:
10272: * ldap.c:
10273: no longer need to check def_ignore_local_sudoers here
10274: [fce2a72f96fb]
10275:
10276: * parse.c:
10277: Refactor group vector resetting into a function and also call it
10278: from display_cmnd. Stop after the first sucessful match in
10279: display_cmnd. Print a newline between each display_privs method.
10280: [981b37b5adff]
10281:
10282: * parse.c:
10283: fix double free introduced in rev 1.218
10284: [c574b02d8747]
10285:
10286: * ldap.c:
10287: belt and suspenders; zero out result after freeing it
10288: [7732988d4620]
10289:
10290: * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
10291: Refactor line reading into a separate function, sudo_parseln(),
10292: which removes comments, leading/trailing whitespace and newlines.
10293: May want to rethink the use of sudo_parseln() for /etc/ldap.secret
10294: [61d9068f0645]
10295:
10296: * parse.c, sudo.c:
10297: Make the inability to read the sudoers file a non-fatal error if
10298: there are other sudoers sources available. sudoers_file_lookup now
10299: returns "not OK" if sudoers was not present
10300: [643babf597a8]
10301:
10302: * ldap.c:
10303: make it clear that the global options are from LDAP
10304: [9ff950349463]
10305:
10306: * logging.c:
10307: allocate proper amount of space for error string
10308: [8bebb7d46d19]
10309:
10310: * sudo_nss.c, sudo_nss.h:
10311: actual sudo nss code
10312: [5bd7d52d7738]
10313:
10314: * ldap.c, parse.c, sudo.c, sudo.h:
10315: nss-ify display_privs and display_cmnd.
10316: [cccfdd3253f2]
10317:
10318: * defaults.c, parse.c, testsudoers.c, visudo.c:
10319: move update_defaults() to parse.c
10320: [ace144b958a9]
10321:
10322: * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
10323: Use nsswitch to hide some sudoers vs. ldap implementation details
10324: and reduce the number of #ifdef LDAP TODO: fix display routines and
10325: error handling
10326: [6225edde89a6]
10327:
10328: 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
10329:
10330: * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
10331: First cut at nsswitch.conf support. Further reorganizaton and
10332: related changes are forthcoming.
10333: [717f59d0790b]
10334:
10335: 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
10336:
10337: * env.c, pathnames.h.in, sudo.c, sudo.h:
10338: Add support for reading and /etc/environment file. Still needs to
10339: be documented and should probably only applies to OSes that have it
10340: (AIX and Linux, maybe others).
10341: [15d3edae27e4]
10342:
10343: * ldap.c:
10344: include limits.h
10345: [e19875ef0f82]
10346:
10347: 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
10348:
10349: * WHATSNEW:
10350: reword LDAP SASL
10351: [7ec3c4ec31b5]
10352:
10353: 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
10354:
10355: * TODO:
10356: sync
10357: [87c5a7aea7bf]
10358:
10359: * README.LDAP:
10360: Add an example sudoRole, clarify netscape vs. openldap a bit more
10361: [6f96c0ca8107]
10362:
10363: * README.LDAP:
10364: Be clear on what is OpenLDAP vs. Netscape-derived
10365: [a33c8314dec5]
10366:
10367: * config.h.in, configure, configure.in, ldap.c:
10368: Use ldapssl_init() for ldaps support instead of trying to do it
10369: manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
10370: and tls_key for cert7.db and key3.db respectively. Don't print
10371: debugging info for options that are not set. Add warning if
10372: start_tls specified when not supported.
10373: [abb62dc7e4a3]
10374:
10375: * ldap.c:
10376: fix compilation on solaris
10377: [03d449684e80]
10378:
10379: * Makefile.in:
10380: add missing .h and .c files for missing lib objs
10381: [8b37825bdfc7]
10382:
10383: 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
10384:
10385: * ldap.c:
10386: fix LDAP_OPT_NETWORK_TIMEOUT setting
10387: [226eba89c0ad]
10388:
10389: * ldap.c:
10390: fix compilation on Solaris
10391: [917d47639eb6]
10392:
10393: 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
10394:
10395: * configure, configure.in:
10396: fix typo
10397: [009d5c81b225]
10398:
10399: * README.LDAP:
10400: try to clear up which variables are for OpenLDAP and which are for
10401: netscape-derived SDKs
10402: [f8d9823ee73c]
10403:
10404: * config.h.in, configure, configure.in, ldap.c:
10405: Add support for "ssl on" in both netscape and openldap flavors. Only
10406: the OpenLDAP flavor has been tested.
10407: [952745829ec5]
10408:
10409: * logging.c, sudo.c, sudo.h:
10410: Call cleanup() before exit in log_error() instead of calling
10411: sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
10412: [da02d1b67a2c]
10413:
10414: * sudo.c:
10415: ld -> ldap_conn
10416: [01afa6d927cc]
10417:
10418: 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
10419:
10420: * logging.c, sudo.c, sudo.h:
10421: Better ldap cleanup.
10422: [25b9abe2d617]
10423:
10424: * ldap.c:
10425: Distinguish between LDAP conf settings that are connection-specific
10426: (which take an ld pointer) and those that are default settings
10427: (which do not).
10428: [d48dc6c9c3b4]
10429:
10430: 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
10431:
10432: * ldap.c:
10433: Improved warnings on error.
10434: [c8dce7b4feb4]
10435:
10436: * ldap.c:
10437: Make ldap config table driven and set the config *after* we open the
10438: connection.
10439: [d9698b5a2681]
10440:
10441: 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
10442:
10443: * ldap.c:
10444: fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
10445: [598c6df06660]
10446:
10447: * configure, configure.in:
10448: some operating systems need to link with -lkrb5support when using
10449: krb5
10450: [8896365dde9e]
10451:
10452: 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
10453:
10454: * WHATSNEW:
10455: minor update
10456: [acfeeb7f4886]
10457:
10458: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
10459: regen
10460: [a3c6699674f9]
10461:
10462: 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
10463:
10464: * ChangeLog, TODO:
10465: sync
10466: [138e99b925ee]
10467:
10468: * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
10469: add -g support for LDAP
10470: [8fc27dbe9287]
10471:
10472: 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
10473:
10474: * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
10475: The -i and -s flags can now take an optional command.
10476: [6afec104ee77]
10477:
10478: 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
10479:
10480: * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
10481: sudoers.pod:
10482: Add passprompt_override flag to sudoers that will cause the prompt
10483: to be overridden in all cases. This flag is also set when the user
10484: specifies the -p flag.
10485: [e4c5402131a6]
10486:
10487: * sudo.c:
10488: Move setting of login class until after sudoers has been parsed. Set
10489: NewArgv[0] for -i after runas_pw has been set.
10490: [62a48c8c56fa]
10491:
10492: * configure, configure.in:
10493: Move the dgettext check.
10494: [5fd8a4712d1c]
10495:
10496: 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
10497:
10498: * auth/pam.c, config.h.in, configure, configure.in:
10499: Add basic support for looking up the string "Password: " in the PAM
10500: localized text db. This allows us to determine whether the PAM
10501: prompt is the default "Password: " one even if it has been
10502: localized.
10503:
10504: TODO: concatenate non-std PAM prompts and user-specified sudo
10505: prompts.
10506: [81c25a415d41]
10507:
10508: 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
10509:
10510: * Makefile.in, config.h.in, configure, configure.in, parse.c,
10511: set_perms.c, sudo.c, sudo.h:
10512: Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
10513: insufficient.
10514: [1cce6ec1a91e]
10515:
10516: * acsite.m4, configure, interfaces.c, memrchr.c:
10517: Fix typos; Martynas Venckus
10518: [be1233cca11a]
10519:
10520: 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
10521:
10522: * set_perms.c:
10523: Don't assume runas_pw is set; it may not be in the -g case.
10524: [aa11bd2193ac]
10525:
10526: 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
10527:
10528: * logging.c, set_perms.c:
10529: Set aux group vector for PERM_RUNAS and restore group vector for
10530: PERM_ROOT if we previously changed it. Stash the runas group vector
10531: so we don't have to call initgroups more than once. Also add no-op
10532: check to check_perms.
10533: [53837fc755f7]
10534:
10535: 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
10536:
10537: * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
10538: ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
10539: pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
10540: sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
10541: testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
10542: Add support for runas groups. This allows the user to run a command
10543: with a different effective group. If the -g option is specified
10544: without -u the command will be run as the current user (only the
10545: group will change). the -g and -u options may be used together.
10546: TODO: implement runas group for ldap improve runas group
10547: documentation add testsudoers support
10548: [9019309df6d0]
10549:
10550: * configure, configure.in:
10551: fix setting of mandir
10552: [2c60f269399f]
10553:
10554: * sudo.pod, sudoers.pod:
10555: document that ALL implies SETENV
10556: [bcc8e5b703b9]
10557:
10558: * ldap.c:
10559: s/setenv_ok/setenv_implied/g
10560: [f005df2c2eea]
10561:
10562: * ldap.c:
10563: hostname_matches() returns TRUE on match in sudo 1.7.
10564: [c3d4377b6e8b]
10565:
10566: * ldap.c:
10567: use strcmp, not strcasecmp when comparing ALL
10568: [e486024574a1]
10569:
10570: * ldap.c:
10571: Make sudo ALL imply setenv. Note that unlike with file-based
10572: sudoers this does affect all the commands in the sudoRole.
10573: [bc12f54321d1]
10574:
10575: * gram.c, gram.y, parse.c, parse.h:
10576: sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
10577: it is not passed on to other commands in the list.
10578: [026e2cb40680]
10579:
10580: * visudo.c:
10581: Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
10582: sudo_getpwuid() instead of getpwuid().
10583: [86f30a8fbd49]
10584:
10585: 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
10586:
10587: * sudoers:
10588: Expand on the dangers of not using visudo to edit sudoers.
10589: [e434e8057d02]
10590:
10591: 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
10592:
10593: * parse.c:
10594: Don't quote *?[]! on output since the lexer does not strip off the
10595: backslash when reading those in.
10596: [561da4a13afa]
10597:
10598: 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
10599:
10600: * glob.c:
10601: expand "u_foo" types to "unsigned foo" to avoid compatibility
10602: issues.
10603: [b0d7c64d78c3]
10604:
10605: 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
10606:
10607: * logging.c:
10608: Refactor log line generation in to new_logline().
10609: [6a9b9730615d]
10610:
10611: 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
10612:
10613: * TROUBLESHOOTING:
10614: fix typo
10615: [9e19d4f86e47]
10616:
10617: 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
10618:
10619: * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
10620: match.c:
10621: Add configure check for struct in6_addr instead of relying on
10622: AF_INET6 since some systems define AF_INET6 but do not include IPv6
10623: support.
10624: [e24082c416bd]
10625:
10626: 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
10627:
10628: * configure, configure.in:
10629: Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
10630: use.
10631: [76a9df4a63be]
10632:
10633: 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
10634:
10635: * configure, configure.in:
10636: POSIX states that struct timespec be declared in time.h so check
10637: there regardless of the value of TIME_WITH_SYS_TIME.
10638: [e42c55ec9daf]
10639:
10640: 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
10641:
10642: * tgetpass.c:
10643: Instead of defining a macro to call the appropriate method for
10644: turning on/off echo, just define tc[gs]etattr() and the related
10645: defines that use the correct terminal ioctls if needed. Also go back
10646: to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
10647: [5dfb2379d995]
10648:
10649: 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
10650:
10651: * Makefile.in:
10652: g/c @ALLOCA@
10653: [e6946c2e3820]
10654:
10655: * configure:
10656: regen
10657: [9bac7159a138]
10658:
10659: * INSTALL, auth/pam.c, config.h.in, configure.in:
10660: Add --disable-pam-session configure option to disable calling
10661: pam_{open,close}_session. May work around bugs in some PAM
10662: implementations.
10663: [273d0fdb4a9d]
10664:
10665: 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
10666:
10667: * tgetpass.c:
10668: quiet gcc warnings
10669: [325565c5a579]
10670:
10671: * tgetpass.c:
10672: Avoid printing the prompt if we are already backgrounded. E.g. if
10673: the user runs "sudo foo &" from the shell. In this case, the call
10674: to tcsetattr() will cause SIGTTOU to be delivered.
10675: [db2139a8d8b8]
10676:
10677: 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
10678:
10679: * def_data.c, def_data.h, def_data.in:
10680: Reorder things such that the definition of env_reset come right
10681: before the env variable lists.
10682: [e0d8e22a581a]
10683:
10684: * parse.h:
10685: Shrink type and seqno in struct alias from int to u_short
10686: [9425263dd565]
10687:
10688: * alias.c, match.c, parse.c, parse.h:
10689: Add a sequence number in the aliases for loop detection. If we find
10690: an alias with the seqno already set to the current (global) value we
10691: know we've visited it before so ignore it.
10692: [301a0548ffff]
10693:
10694: 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
10695:
10696: * TODO, auth/pam.c, sudo.c, sudo.h:
10697: PAM wants the full tty path so add user_ttypath which holds the full
10698: path to the tty or is NULL if no tty was present.
10699: [c7c1dd4b36c8]
10700:
10701: * auth/pam.c:
10702: Set PAM_RHOST to work around a bug in Solaris 7 and lower that
10703: results in a segv.
10704: [3a8865b3a357]
10705:
10706: 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
10707:
10708: * gram.c:
10709: regen
10710: [5647be127950]
10711:
10712: * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
10713: parse.h, testsudoers.c, visudo.c:
10714: rename lh_ -> tq_
10715: [8f500c542c4a]
10716:
10717: 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
10718:
10719: * alloc.c:
10720: remove some useless casts
10721: [409a448b23f5]
10722:
10723: * alloc.c:
10724: pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
10725: predates the final C99 spec and the standard specifies that it shall
10726: include stdint.h anyway
10727: [ae478fdef61a]
10728:
10729: 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
10730:
10731: * Makefile.in, alloca.c, configure.in:
10732: Since we ship with a pre-generated parser there is no need to ship a
10733: bogus alloca implementation.
10734: [3f611a7cc0e5]
10735:
10736: * configure:
10737: regen
10738: [771eccf5269c]
10739:
10740: * configure.in:
10741: remove initial setting of CHECKSIA, we require that it be unset if
10742: not used
10743: [a2e91adc5aa2]
10744:
10745: * Makefile.in:
10746: add list.c to SRCS
10747: [7db0e56cf5b9]
10748:
10749: * configure:
10750: regen
10751: [3716ec30172e]
10752:
10753: * configure.in:
10754: only do SIA checks on Digital Unix
10755: [6a96e1af2597]
10756:
10757: 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
10758:
10759: * sudoers.cat, sudoers.man.in:
10760: regen
10761: [ac1dc29de72b]
10762:
10763: * ChangeLog, TODO:
10764: sync
10765: [781effce0a2d]
10766:
10767: * auth/kerb5.c:
10768: Remove call to krb5_cc_register() as it is not needed for modern
10769: kerb5.
10770: [351b8b764f16]
10771:
10772: * configure:
10773: regen
10774: [ac21dbcc9c2c]
10775:
10776: * aclocal.m4, configure.in:
10777: New method for setting the default authentication type and avoiding
10778: conflicts in auth types.
10779: [5fb15be11f78]
10780:
10781: * match.c, parse.c, testsudoers.c:
10782: Each entry in a cmndlist now has an associated runaslist so no need
10783: to keep track of the most recent non-NULL one.
10784: [582e015786b0]
10785:
10786: 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
10787:
10788: * ldap.c:
10789: back out partial ldaps support mistakenly committed
10790: [357703e94b2d]
10791:
10792: * ldap.c:
10793: Add support for unix groups and netgroups in sudoRunas
10794: [2f04eb91c6d0]
10795:
10796: 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
10797:
10798: * sudo_edit.c:
10799: Fix sudoedit of a non-existent file. From Tilo Stritzky.
10800: [a5488a03bddd]
10801:
10802: 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
10803:
10804: * configure:
10805: regen
10806: [541177376ee1]
10807:
10808: * INSTALL:
10809: update --passprompt escape info
10810: [6d57db4cd538]
10811:
10812: * configure.in:
10813: remove now-bogus comment and update copyright date
10814: [6a4af45fa331]
10815:
10816: * configure.in:
10817: Fix up use of with_passwd
10818: [7c79d8640f77]
10819:
10820: * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
10821: Update to autoconf-2.61 andf libtool-1.5.24
10822: [045259b0b439]
10823:
10824: * Makefile.in:
10825: "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
10826: [f5b6a7afb817]
10827:
10828: 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
10829:
10830: * gram.c:
10831: regen
10832: [b5b78e71d2cb]
10833:
10834: * gram.y:
10835: move tags and runaslist propagation to be earlier
10836: [94f7805f4489]
10837:
10838: * visudo.c:
10839: If -f flag given use the permissions of the original file as a
10840: template
10841: [9303d22bddb0]
10842:
10843: * gram.y:
10844: prevent a double free() when re-initing the parser
10845: [5b3907c4de5a]
10846:
10847: 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
10848:
10849: * configure:
10850: regen
10851: [49a90b19a17d]
10852:
10853: * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
10854: auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
10855: auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
10856: configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
10857: parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
10858: sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
10859: Remove support for compilers that don't support void *
10860: [35e1d01ae197]
10861:
10862: * gram.c:
10863: regen
10864: [70ce412a458a]
10865:
10866: * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
10867: parse.c, parse.h, testsudoers.c, visudo.c:
10868: Move list manipulation macros to list.h and create C versions of the
10869: more complex ones in list.c. The names have been down-cased so they
10870: appear more like normal functions.
10871: [9cea0e281148]
10872:
10873: * Makefile.in:
10874: Fix cmp command when regenerating parser. Make gram.o the first
10875: dependency for all programs so gram.h will be generated before
10876: anything that needs it.
10877: [429ea065abf1]
10878:
10879: * gram.y, parse.h:
10880: Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
10881: [2f3433833589]
10882:
10883: * match.c, parse.c, testsudoers.c:
10884: Use LH_FOREACH_REV when checking permission and short-circuit on the
10885: first non-UNSPEC hit we get for the command. This means that
10886: instead of cycling through the all the parsed sudoers entries we
10887: start at the end and work backwards and quit after the first
10888: positive or negative match.
10889: [881474532f3e]
10890:
10891: * gram.c:
10892: regen
10893: [9152a19d4188]
10894:
10895: * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
10896: Change list head macros to take a pointer, not a struct.
10897: [054f1dcce4cc]
10898:
10899: * gram.c:
10900: regen
10901: [be154aae6235]
10902:
10903: * gram.y:
10904: Propagate the runasspec from one command to the next in a cmndspec.
10905: [4957b1cb03a3]
10906:
10907: 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
10908:
10909: * match.c:
10910: Replace has_meta() with a macro that calls strpbrk().
10911: [a2e58846a542]
10912:
10913: * regen
10914: [5a932a5c9451]
10915:
10916: * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
10917: testsudoers.c, visudo.c:
10918: Use a list head struct when storing the semi-circular lists and
10919: convert to tail queues in the process. This will allow us to
10920: reverse foreach loops more easily and it makes it clearer which
10921: functions expect a list as opposed to a single member.
10922:
10923: Add macros for manipulating lists. Some of these should become
10924: functions.
10925:
10926: When freeing up a list, just pop off the last item in the queue
10927: instead of going from head to tail. This is simpler since we don't
10928: have to stash a pointer to the next member, we always just use the
10929: last one in the queue until the queue is empty.
10930:
10931: Rename match functions that take a list to have list in the name.
10932: Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
10933: [7c37b271607a]
10934:
10935: * parse.c:
10936: Fix pasto, append "!" not negated (which is an int) for sudo -l
10937: output.
10938: [93a444c3997f]
10939:
10940: * Makefile.in:
10941: Remove the dependency of gram .h on gram.y, the .c dependency is
10942: enough. Only move y.tab.h to gram.h if it is different; avoids
10943: needless rebuilding.
10944: [67bf4ea2a2e5]
10945:
10946: 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
10947:
10948: * sudoers.pod:
10949: Defaults lines may be associated with lists of users, hosts,
10950: commands and runas users, not just single entries.
10951: [795effacb6be]
10952:
10953: 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
10954:
10955: * Makefile.in:
10956: Revert the "cmp" portion of the last diff, it doesn't make sense.
10957: [26f34bf4e2e3]
10958:
10959: * Makefile.in:
10960: Remove *.lo for clean: When generating the parser, only move the
10961: generated files into place if they differ from the existing ones.
10962: [84673fea371b]
10963:
10964: 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
10965:
10966: * toke.c, toke.l:
10967: Replace IPV6 regexp with a much simpler (readable) one and add an
10968: extra check when it matches to make sure we have a valid address.
10969: [592e9f690556]
10970:
10971: * match.c:
10972: Fix thinko introduced when merging IPV6 support.
10973: [da38cd5eb8c7]
10974:
10975: 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
10976:
10977: * HISTORY, LICENSE:
10978: regen
10979: [0d7b27b90634]
10980:
10981: * license.pod:
10982: add 2007
10983: [510e5048ae1a]
10984:
10985: * UPGRADE:
10986: mention #uid vs. comment pitfall
10987: [4d2861898bcc]
10988:
10989: * acsite.m4:
10990: Merge in a patch from the libtool cvs that fixes a problem with the
10991: latest autoconf. From Stepan Kasal.
10992: [0c279ae7df3e]
10993:
10994: * parse.h:
10995: Back out he XOR swap trick, it is slower than a temp variable on
10996: modern CPUs.
10997: [91c4b024e317]
10998:
10999: * gram.c:
11000: regen
11001: [cb6d4106fb74]
11002:
11003: * gram.y, parse.h:
11004: Convert the tail queue to a semi-circle queue and use the XOR swap
11005: trick to swap the prev pointers during append.
11006: [8bf4d9fbee58]
11007:
11008: 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
11009:
11010: * parse.h:
11011: remove useless statement
11012: [421ec1dd73e6]
11013:
11014: * toke.c, toke.l:
11015: Refactor #include parsing into a separate function and return
11016: unparsed chars (such as newline or comment) back to the lexer.
11017: [64166917aa3d]
11018:
11019: 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
11020:
11021: * WHATSNEW:
11022: mention better uid support
11023: [56f510e7f2ec]
11024:
11025: * sudoers.pod:
11026: Users may now consist of a uid.
11027: [5fd31b2c55ed]
11028:
11029: * gram.c, gram.h, toke.c:
11030: regen
11031: [599e58af6dc1]
11032:
11033: * parse.c:
11034: Use lbuf_append_quoted() for sudo -l output to quote characters that
11035: would require quoting in sudoers.
11036: [3132d05c990a]
11037:
11038: * lbuf.c, lbuf.h:
11039: Add lbuf_append_quoted() which takes a set of characters which
11040: should be quoted with a backslash when displayed.
11041: [ab09bebb1d65]
11042:
11043: * toke.l:
11044: Require that the first character after a comment not be a digit or a
11045: dash. This allows us to remove the GOTRUNAS state and treat
11046: uid/gids similar to other words. It also means that we can now
11047: specify uids in User_Lists and a User_Spec may now contain a uid.
11048: [461fe01f8392]
11049:
11050: * gram.y, toke.l:
11051: Replace RUNAS token with '(' and ')' tokens to make the runas
11052: portion of the grammar more natural.
11053: [e0c383b4684d]
11054:
11055: * BUGS:
11056: The BUGS file is history
11057: [4d9a809585c7]
11058:
11059: * Makefile.in, README:
11060: The BUGS file is history
11061: [d9500e261172]
11062:
11063: 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
11064:
11065: * toke.c, toke.l:
11066: Allow comments after a RunasAlias as long as the character after the
11067: pound sign isn't a digit or a dash.
11068: [d7f3bd94eeda]
11069:
11070: * WHATSNEW:
11071: Glob support was back-ported to 1.6.9
11072: [d1d5cfd46228]
11073:
11074: 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
11075:
11076: * Makefile.in:
11077: remove sudo_usage.h in distclean
11078: [df05ce9c4127]
11079:
11080: * parse.c:
11081: If a Defaults value contains a blank, double-quote the string.
11082: [9057a910daad]
11083:
11084: * toke.c, toke.l:
11085: Properly deal with Defaults double-quoted strings that span multiple
11086: lines using the line continuation char. Previously, the entire
11087: thing, including the continuation char, newline, and spaces was
11088: stored as-is.
11089: [4a4e8eacefe6]
11090:
11091: * sudo.c:
11092: Be consistent when using single quotes and backticks.
11093: [d010b83a0fa1]
11094:
11095: 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
11096:
11097: * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
11098: sudo.c, sudo_usage.h.in:
11099: Add new linebuf code to do appends of dynamically allocated strings
11100: and word-wrapped output. Currently used for sudo's usage() and sudo
11101: -l output. Sudo usage strings are now in sudo_usage.h which is
11102: generated at configure time.
11103: [4dfd0ee8d961]
11104:
11105: 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
11106:
11107: * parse.c, sudo.c, sudo.h:
11108: Fix line wrapping in usage() and use the actual tty width instead of
11109: assuming 80.
11110: [700eab37c5a6]
11111:
11112: 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
11113:
11114: * history.pod:
11115: some more info
11116: [8140112a8ae1]
11117:
11118: * history.pod:
11119: Mentioned Chris Jepeway's parser and also the new one that is in
11120: sudo 1.7.
11121: [2132d00f0597]
11122:
11123: 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
11124:
11125: * sudo.pod, visudo.pod:
11126: For the options list, add flag args where appropriate and increase
11127: the indent level so there is room for them.
11128: [2b60fb572e12]
11129:
11130: 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
11131:
11132: * parse.c:
11133: Fix some spacing in "sudo -l" and add a comment about some bogosity
11134: in the line wrapping.
11135: [b59b056f5ee2]
11136:
11137: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
11138: visudo.man.in:
11139: regen
11140: [5fb719f18ebc]
11141:
11142: * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
11143: def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
11144: parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
11145: testsudoers.c, toke.c, toke.l:
11146: Remove monitor support until there is a versino of systrace that
11147: uses a lookaside buffer (or we have a better mechanism to use).
11148: [61ff76878e4a]
11149:
11150: * config.h.in, configure, configure.in, sudo.c:
11151: use getaddrinfo() instead of gethostbyname() if it is available
11152: [cc33c136aa6a]
11153:
11154: 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
11155:
11156: * parse.c, sudo.c:
11157: Deal with OSes where sizeof(gid_t) < sizeof(int).
11158: [130a89cbdfba]
11159:
11160: * interfaces.c:
11161: repair non-getifaddrs() code after ipv6 integration
11162: [7ae7a89e2236]
11163:
11164: * sudo.c:
11165: If we can open sudoers but fail to read the first byte, close the
11166: file stream before trying again.
11167: [6f31272fae7b]
11168:
11169: 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
11170:
11171: * toke.c:
11172: regen
11173: [4d7afe0aa6fa]
11174:
11175: * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
11176: Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
11177: [4e6ff2965a42]
11178:
11179: * sudo.pod, sudoers.pod, visudo.pod:
11180: Add some missing markup Update copyright
11181: [7e6d3c686b5e]
11182:
11183: 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
11184:
11185: * configure, configure.in:
11186: fix sudo_noexec extension which got broken in the libtool update
11187: [3a5b447df861]
11188:
11189: 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
11190:
11191: * Makefile.in:
11192: explicitly specify -Tascii to nroff
11193: [45c8da4cbefe]
11194:
11195: 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
11196:
11197: * logging.c:
11198: remove an ANSI-ism that crept in
11199: [29086f87b2ca]
11200:
11201: 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
11202:
11203: * sudo.pod:
11204: Adjust list indents Prevent -- from being turned into an em dash Use
11205: a list for the environment instead of a literal paragraph
11206: [c3abcd8f76f4]
11207:
11208: * visudo.pod:
11209: Use a list for the environment instead of an indented literal
11210: paragraph.
11211: [0ffcfcb7349f]
11212:
11213: * sudoers.pod:
11214: Adjust list indentation
11215: [615c89e3123a]
11216:
11217: * license.pod:
11218: add =head3
11219: [8b2e0d38c0bd]
11220:
11221: 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
11222:
11223: * sudo.pod:
11224: mention that when specifying a uid for the -u option the shell may
11225: require that the # be escaped
11226: [3e3a17bff150]
11227:
11228: 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
11229:
11230: * match.c:
11231: Fix off by one in group matching.
11232: [b529602b7fba]
11233:
11234: 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
11235:
11236: * env.c:
11237: Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
11238: [ffbf8907c6e7]
11239:
11240: 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
11241:
11242: * configure, configure.in:
11243: Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
11244: -lgssapi_krb5 case.
11245: [2b85a89c2252]
11246:
11247: * aclocal.m4, configure, configure.in:
11248: Fix link tests such that new gcc doesn't optimize away the test.
11249: [83484ec95cba]
11250:
11251: 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
11252:
11253: * sudo.pod, sudoers.pod, visudo.pod:
11254: add missing over/back
11255: [251a12c89b91]
11256:
11257: * sudo.pod, sudoers.pod, visudo.pod:
11258: Change FILES section to use =item
11259: [60b9efc3a0b2]
11260:
11261: * env.c:
11262: Add back allocation of the env struct in rebuild_env but save a copy
11263: of the old pointer and free it before returning.
11264: [1100cd4fa997]
11265:
11266: * env.c:
11267: Don't init the private environment in rebuild_env() since it may
11268: have already been done implicitly sudo_setenv/sudo_unsetenv.
11269:
11270: Multiply length by sizeof(char *) in memcpy/memmove when copying the
11271: environment so we copy the full thing.
11272:
11273: Add missing set of parens so we deref the right pointer in
11274: sudo_unsetenv when searching for a matching variable.
11275: [9086a8f756b1]
11276:
11277: 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
11278:
11279: * sudo.pod, sudoers.pod, visudo.pod:
11280: Use file markup for paths in the FILES section
11281: [940d99f731f2]
11282:
11283: * sudo.pod, sudoers.pod, visudo.pod:
11284: Don't capitalize sudo/visudo
11285: [f067a455d44b]
11286:
11287: * sudoers.pod:
11288: Sort sudoers options; based on a diff from Igor Sobrado.
11289: [a9b9befe85ac]
11290:
11291: 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
11292:
11293: * sudo.pod, sudoers.pod, visudo.pod:
11294: Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
11295: latter confuses pod2man. The Makefile rules for the .man.in file
11296: will add @mansectsu@ and @mansectform@ back in after pod2man is done
11297: anyway.
11298: [b50ea0db727c]
11299:
11300: 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
11301:
11302: * LICENSE, Makefile.in, license.pod:
11303: Move license info to pod format
11304: [25bdd82e592b]
11305:
11306: * configure, configure.in, sudoers.pod:
11307: Substitute value of path_info into sudoers man page.
11308: [9ba661a82798]
11309:
11310: * WHATSNEW:
11311: remove features that were back-ported to 1.6.9
11312: [e76d756cbe65]
11313:
11314: * sudo.c, sudo.pod, visudo.c, visudo.pod:
11315: Sort SYNOPSIS and sync usage. From Igor Sobrado.
11316: [4970386c9e54]
11317:
11318: * env.c:
11319: Only need sudo_setenv/sudo_unsetenv if we are going to use
11320: ldap_sasl_interactive_bind_s() but don't have
11321: gss_krb5_ccache_name().
11322: [f1a73d8b35c5]
11323:
11324: * ChangeLog:
11325: rebuild without branch info
11326: [5d5a33494677]
11327:
11328: * Makefile.in:
11329: Add ChangeLog target
11330: [a702034fdd89]
11331:
11332: * auth/pam.c:
11333: Run cleanup code if the user hits ^C at the password prompt.
11334: [9cf87768e921]
11335:
11336: * auth/pam.c:
11337: Some versions of pam_lastlog have a bug that will cause a crash if
11338: PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
11339: string.
11340: [5b63f6c88866]
11341:
11342: 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
11343:
11344: * Makefile.in:
11345: ChageLog not Changelog
11346: [1243d8473ceb]
11347:
11348: * ChangeLog:
11349: sync
11350: [d887df98c6b0]
11351:
11352: * Makefile.in:
11353: CHANGE -> Changelog
11354: [917738df30dd]
11355:
11356: * TODO:
11357: sync
11358: [cd382f7d1948]
11359:
11360: 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
11361:
11362: * config.h.in, configure, configure.in, ldap.c:
11363: Add configure hooks for gss_krb5_ccache_name() and the gssapi
11364: headers.
11365: [139606209991]
11366:
11367: 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
11368:
11369: * env.c, sudo.c:
11370: rebuild_env() and insert_env_vars() no longer return environment
11371: pointer, they set environ directly.
11372:
11373: No longer need to pass around an envp pointer since we just operate
11374: on environ now.
11375:
11376: Add dosync argument to insert_env() that indicates whether it should
11377: reset environ when realloc()ing env.envp.
11378:
11379: Use an initial size of 128 for the environment.
11380: [4735fd5fddb8]
11381:
11382: * env.c:
11383: Split sudo_setenv() into an external version and a version only for
11384: use by rebuild_env().
11385: [fda7d655adb1]
11386:
11387: 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
11388:
11389: * ldap.c:
11390: Add support for using gss_krb5_ccache_name() instead of setting
11391: KRB5CCNAME. Also use sudo_unsetenv() in the non-
11392: gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
11393: original environment. TODO: configure setup for
11394: gss_krb5_ccache_name()
11395: [fcafa5a49caf]
11396:
11397: * README.LDAP:
11398: add krb5_ccname
11399: [fceb8f883886]
11400:
11401: * README.LDAP, ldap.c:
11402: Add support for sasl_secprops in ldap.conf
11403: [1f06f4bf7347]
11404:
11405: * env.c, sudo.h:
11406: Add sudo_unsetenv() and refactor private env syncing code into
11407: sync_env().
11408: [045ecb3fd22b]
11409:
11410: * README.LDAP, ldap.c:
11411: The ldap.conf variable is sasl_auth_id not sasl_authid.
11412: [a5f98491311b]
11413:
11414: 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
11415:
11416: * ldap.c, sudo.c, sudo.h:
11417: Add support for krb5_ccname in ldap.conf. If specified, it will
11418: override the default value of KRB5CCNAME in the environment for the
11419: duration of the call to ldap_sasl_interactive_bind_s().
11420: [b08a10c3045b]
11421:
11422: * env.c, sudo.h:
11423: Remove format_env() Add sudo_setenv() to replace most format_env() +
11424: insert_env() combinations. insert_env() no longer takes a struct
11425: environment *
11426: [131da52f43f3]
11427:
11428: * ldap.c:
11429: Fix use_sasl vs. rootuse_sasl logic.
11430: [0c0417b6918c]
11431:
11432: * README.LDAP, config.h.in, configure, configure.in, ldap.c:
11433: Add support for SASL auth when connecting to an LDAP server. Adapted
11434: from a diff by Tom McLaughlin.
11435: [a6285f1356ea]
11436:
11437: 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
11438:
11439: * configure, configure.in:
11440: Only enable AIX or BSD auth if no other exclusive auth method has
11441: been chosen. Allows people to e.g., use PAM on AIX without adding
11442: --without-aixauth. A better solution is needed to deal with default
11443: authentication since if a non-exclusive method is chosen we will
11444: still get an error.
11445: [83f7afdc0ec3]
11446:
11447: 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
11448:
11449: * HISTORY, Makefile.in, history.pod:
11450: Generate HISTORY from history.pod (which is also used for web pages)
11451: [60bcd5164931]
11452:
11453: 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
11454:
11455: * sudo.man.in, sudoers.man.in:
11456: regen
11457: [63956a366191]
11458:
11459: * sudo.pod:
11460: Better explanation of environment handling in the sudo man page.
11461: [6c247742f7ee]
11462:
11463: * env.c, sudo.c:
11464: Defer setting user-specified env vars until after authentication.
11465: [4750b79323ee]
11466:
11467: * env.c:
11468: honor def_default_path for PATH set on the command line
11469: [6db31d9b6d65]
11470:
11471: * env.c, sudo.c, sudo.pod, sudoers.pod:
11472: Allow user to set environment variables on the command line as long
11473: as they are allowed by env_keep and env_check. Ie: apply the same
11474: restrictions as normal environment variables. TODO: deal with
11475: secure_path
11476: [26c0da3840cf]
11477:
11478: 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
11479:
11480: * sudo.c, sudo_edit.c:
11481: Call rebuild_env() in call cases. Pass original envp to sudo_edit().
11482: Don't allow -E or env var setting in sudoedit mode. More accurate
11483: usage() when called as sudoedit.
11484: [a4af20658361]
11485:
11486: * ldap.c:
11487: warn -> warning
11488: [d87d1192b048]
11489:
11490: * sudo.pod:
11491: add -c option to sudoedit synopsis
11492: [15b596a7e2db]
11493:
11494: * TODO:
11495: udpate to reality
11496: [e2f8fde89db1]
11497:
11498: * parse.c:
11499: Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
11500: value from {user,host,runas,cmnd}_matches(). Rename *matches
11501: variables -> *match. Purely cosmetic.
11502: [e54a44c00a88]
11503:
11504: * parse.c:
11505: Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
11506: in behavior.
11507: [c6272b4f2127]
11508:
11509: * sudoers:
11510: add SETENV tag
11511: [3a3066bb6788]
11512:
11513: 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
11514:
11515: * parse.c:
11516: Make pwcheck local to the pwflag block. Use pwcheck even if user
11517: didn't match since Defaults options may still apply.
11518: [45da9efbbafd]
11519:
11520: * check.c, sudo.c:
11521: Do not update timestamp if user not validated by sudoers.
11522: [a4a9d4364827]
11523:
11524: * set_perms.c:
11525: for PERM_RUNAS, set the egid to the runas user's gid and restore to
11526: the user's original in PERM_ROOT
11527: [1514bfb32847]
11528:
11529: * logging.c, mon_systrace.c, set_perms.c, sudo.h:
11530: PERM_FULL_ROOT is now no different than PERM_ROOT so remove
11531: PERM_FULL_ROOT
11532: [b9d047a3178c]
11533:
11534: * check.c:
11535: don't check timestamp mtime if we are just going to remove it
11536: [5d2470bc6cbd]
11537:
11538: * sudoers.pod:
11539: Move sudoers defaults parameters into their own section.
11540: [54701fbc0ff3]
11541:
11542: * testsudoers.c:
11543: Reduce a level of indent by a few placed continue statements.
11544: [5d5a9838c8ef]
11545:
11546: * parse.c:
11547: Make matching but negated commands/hosts/runas entries override a
11548: previous match as expected. Also reduce some levels of indent by a
11549: few placed continue statements.
11550: [dd59fa4b91a1]
11551:
11552: 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
11553:
11554: * parse.c:
11555: Print default runas in "sudo -l" if sudoers don't specify one.
11556: [07d408c400bd]
11557:
11558: * match.c:
11559: Less hacky way of testing whether the domain was set.
11560: [a537059776e5]
11561:
11562: 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
11563:
11564: * INSTALL:
11565: Mention pam-devel and openldap-devel for Linux
11566: [9e708c54ecc3]
11567:
11568: 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
11569:
11570: * README.LDAP:
11571: or vs. are
11572: [abe8c0f3a410]
11573:
11574: 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
11575:
11576: * sudo.c:
11577: fix typo in Solaris project support
11578: [2ffeb2d80959]
11579:
11580: * HISTORY:
11581: update
11582: [df162b36f120]
11583:
11584: * sudo.c:
11585: Make -- on the command line match the manual page. The implied shell
11586: case has been simplified as a result.
11587: [cd217a1f6694]
11588:
11589: 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
11590:
11591: * sudoers2ldif:
11592: add simplistic support for sudoRunas; note that if a sudoers entry
11593: contains multiple Runas users, all will apply to the sudoRole
11594: [65b11421f5c8]
11595:
11596: * sudoers2ldif:
11597: honor SETENV and NOSETENV tags
11598: [2c0d5ba7a09b]
11599:
11600: 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
11601:
11602: * mon_systrace.c:
11603: Redo setting of user_args. We now build up a private copy of argv
11604: first and then replace the NULs?with spaces.
11605: [ccbba72ea112]
11606:
11607: * mon_systrace.c:
11608: getcwd() returns NULL on failure, not 0 on success
11609: [88cd9e66e530]
11610:
11611: * mon_systrace.c:
11612: allow chunksiz to reach 1 before erroring out
11613: [619d68f14964]
11614:
11615: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
11616: visudo.man.in:
11617: regen
11618: [8db512d3caf0]
11619:
11620: 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
11621:
11622: * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
11623: logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
11624: toke.c, toke.l:
11625: Add support for setting environment variables on the command line.
11626: This is only allowed if the setenv sudoers options is enabled or if
11627: the command is prefixed with the SETENV tag.
11628: [5744caebd969]
11629:
11630: * README.LDAP:
11631: replace Aaron's email address with the sudo-workers list
11632: [2ffce5f9afc0]
11633:
11634: * configure:
11635: regen
11636: [8013dff82c0c]
11637:
11638: 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
11639:
11640: * schema.OpenLDAP, schema.iPlanet:
11641: Break schema out into separate files.
11642: [15e598e4c60b]
11643:
11644: * Makefile.in, README.LDAP:
11645: Break schema out into separate files.
11646: [1a53966ca1fa]
11647:
11648: 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
11649:
11650: * auth/aix_auth.c:
11651: free message if set by authenticate()
11652: [849c220c1236]
11653:
11654: * match.c:
11655: deal with NULL gr_mem
11656: [49e4d74f0bbe]
11657:
11658: 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
11659:
11660: * config.h.in:
11661: regen
11662: [fead999ad3e9]
11663:
11664: * configure.in:
11665: add template for HAVE_PROJECT_H
11666: [e6c42c2eaad1]
11667:
11668: * closefrom.c:
11669: include fcntl.h
11670: [54d98b382f03]
11671:
11672: 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
11673:
11674: * INSTALL:
11675: mention --with-project
11676: [d3ea3baad7c5]
11677:
11678: * config.h.in, configure.in, sudo.c:
11679: Add Solaris 10 "project" support. From Michael Brantley.
11680: [f14f3c8c6554]
11681:
11682: * sudoers.pod:
11683: fix typo
11684: [50db81a19787]
11685:
11686: * configure:
11687: regen
11688: [ea71afd3e564]
11689:
11690: * configure.in:
11691: Fix preservation of LDFLAGS in the LDAP case.
11692: [40a3a47e8059]
11693:
11694: * memrchr.c:
11695: Remove dependecy on NULL
11696: [c957ae5e1733]
11697:
11698: * configure:
11699: regen
11700: [4955ce0c6912]
11701:
11702: * aclocal.m4, configure.in:
11703: Can't use the regular autoconf fnmatch() check since we need
11704: FNM_CASEFOLD so go back to our custom one.
11705: [f10d76237486]
11706:
11707: * env.c:
11708: Fix preserving of variables in env_keep.
11709: [d040049d6b84]
11710:
11711: * env.c:
11712: add XAUTHORIZATION
11713: [0d589a5fe015]
11714:
11715: * UPGRADE:
11716: expand upon env resetting and mention that it began in 1.6.9 not
11717: 1.7.
11718: [dba251655c76]
11719:
11720: * sudoers.pod:
11721: Update descriptions of env_keep and env_check to match current
11722: reality.
11723: [dba77357954b]
11724:
11725: 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
11726:
11727: * env.c:
11728: Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
11729: LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
11730: [eec4632bd190]
11731:
11732: * env.c, logging.c:
11733: Treat USERNAME environemnt variable like LOGNAME/USER
11734: [09f52dcfd70c]
11735:
11736: * env.c:
11737: Don't need to populate keepenv table with the contents of the
11738: checkenv table.
11739: [527a14afd973]
11740:
11741: * sudo.c:
11742: Don't force sudo into the C locale.
11743: [8a5bd301ef96]
11744:
11745: * env.c:
11746: Make env_check apply when env_reset it true. Environment variables
11747: are passed through unless they contain '/' or '%'. There is no need
11748: to have a variable in both env_check and env_keep.
11749: [840c802721e4]
11750:
11751: 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
11752:
11753: * visudo.c:
11754: Remove an duplicate lock_file() call and add a comment.
11755: [5af9dcdf0eb6]
11756:
11757: * UPGRADE:
11758: Add sudo 1.6.9 upgrade note.
11759: [1585149f2914]
11760:
11761: 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
11762:
11763: * interfaces.c:
11764: Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
11765: small. From Klaus Wagner.
11766: [d6899fc44f77]
11767:
11768: * logging.c, sudo.h:
11769: Redo the long syslog line splitting based on a patch from Eygene
11770: Ryabinkin. Include memrchr() for systems without it.
11771: [66a50e8d553a]
11772:
11773: * memrchr.c:
11774: Redo the long syslog line splitting based on a patch from Eygene
11775: Ryabinkin. Include memrchr() for systems without it.
11776: [2f6702b7d41b]
11777:
11778: * Makefile.in, config.h.in, configure, configure.in:
11779: Redo the long syslog line splitting based on a patch from Eygene
11780: Ryabinkin. Include memrchr() for systems without it.
11781: [407a46190921]
11782:
11783: * configure.in:
11784: Since we need to be able to convert timespec to timeval for utimes()
11785: the last 3 digits in the tv_nsec are not significant. This makes the
11786: sudoedit file date comparison work again.
11787: [9d0258849fa9]
11788:
11789: 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
11790:
11791: * aclocal.m4, configure, configure.in:
11792: Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
11793: This deals with exclusive authentication methods in a simple way.
11794: [7d70072c0f35]
11795:
11796: 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
11797:
11798: * LICENSE:
11799: mkstemp.c is BSD code too.
11800: [29e236d98162]
11801:
11802: * sudo.pod, sudoers.pod, visudo.pod:
11803: No commercial support for now.
11804: [7c76b3e192dd]
11805:
11806: 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
11807:
11808: * sudo.c:
11809: cleanenv() is no more.
11810: [518080514408]
11811:
11812: 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
11813:
11814: * ChangeLog:
11815: Display branch info in Changelog
11816: [44e3b27427c7]
11817:
11818: * utimes.c:
11819: Include config.h early so we have it for TIME_WITH_SYS_TIME
11820: [4bf1a00d0703]
11821:
11822: * ChangeLog:
11823: Fix Changelog generation and update.
11824: [6e960dbcbece]
11825:
11826: 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
11827:
11828: * closefrom.c:
11829: Use /proc/self/fd instead of /proc/$$/fd
11830:
11831: Move old-style fd closing into closefrom_fallback() and call that if
11832: /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
11833: [faa7e4810758]
11834:
11835: * auth/kerb5.c, config.h.in, configure.in:
11836: o use krb5_verify_user() if available instead of doing it by hand o
11837: use krb5_init_secure_context() if we have it o pass an encryption
11838: type of 0 to krb5_kt_read_service_key() instead of
11839: ENCTYPE_DES_CBC_MD5 to let kerberos choose.
11840: [df7acf72bd7c]
11841:
11842: * env.c:
11843: Check TERM and COLORTERM for '%' and '/' characters. From Debian.
11844: [f92d05197e40]
11845:
11846: * configure.in:
11847: Fix closefrom() substitution in the Makefile
11848: [b642b13fcc5c]
11849:
11850: * TROUBLESHOOTING:
11851: Mention alternate sudo pronunciation.
11852: [7c71dc73409f]
11853:
11854: 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
11855:
11856: * env.c:
11857: Remove KRB5_KTNAME from environment. Allow COLORTERM.
11858: [70f35a79f780]
11859:
11860: * auth/kerb5.c:
11861: If we cannot get a valid service key using the default keytab it is
11862: a fatal error. Fixes a bug where sudo could be tricked into
11863: allowing access when it should not by a fake KDC. From Thor Lancelot
11864: Simon.
11865: [a3ae6a47cb23]
11866:
11867: 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
11868:
11869: * aclocal.m4, configure, configure.in:
11870: Update long long checks to use AC_CHECK_TYPES and to cache values.
11871: [047318eaaeb2]
11872:
11873: * aclocal.m4, configure.in:
11874: Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
11875: use AC_REPLACE_FNMATCH since that assumes replacing with GNU
11876: fnmatch.
11877: [80513a1003ea]
11878:
11879: 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
11880:
11881: * configure, configure.in:
11882: Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
11883: need it for visudo now too.
11884: [50837c7c2b5e]
11885:
11886: 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
11887:
11888: * sudoers.pod:
11889: Attempt to clarify the bit talking about network numbers w/o
11890: netmasks.
11891: [211e68c1d034]
11892:
11893: * sudo.pod:
11894: Clarify timestamp dir ownership sentence.
11895: [9178f132c7f7]
11896:
11897: 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
11898:
11899: * auth/pam.c:
11900: Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
11901: Dmitry V. Levin.
11902: [81fce91667bc]
11903:
11904: 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
11905:
11906: * sudo.c:
11907: -i is also one of the mutually exclusive options to list it in the
11908: warning message. Noted by Chris Pepper.
11909: [7da73fb248e9]
11910:
11911: 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
11912:
11913: * visudo.pod:
11914: The sudoers variable is env_editor, not enveditor. From Jean-
11915: Francois Saucier.
11916: [2a86ec09a6db]
11917:
11918: 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
11919:
11920: * redblack.c:
11921: I tracked down the original author so credit him and include his
11922: license info.
11923: [3733553a1bba]
11924:
11925: 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
11926:
11927: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
11928: sudoers.pod:
11929: Fix typos; from Jason McIntyre.
11930: [1ee4ce2512f2]
11931:
11932: * logging.c:
11933: Restore signal mask before calling reapchild(). Fixes a possible
11934: race condition that could prevent sudo from properly waiting for the
11935: child.
11936: [9ee4192385dc]
11937:
11938: 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
11939:
11940: * pwutil.c:
11941: Don't declare pw_free() if we are not going to use it.
11942: [adb79a4289ca]
11943:
11944: * env.c:
11945: Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
11946: LDR_PRELOAD64. The 64-bit version is not currently supported.
11947: Remove zero_env() prototype as it no longer exists.
11948: [b4fe65027fb6]
11949:
11950: 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
11951:
11952: * logging.c:
11953: Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
11954: [78002ad90f7b]
11955:
11956: 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
11957:
11958: * auth/pam.c:
11959: If the user enters ^C at the password prompt, abort instead of
11960: trying to authenticate with an empty password (which causes an
11961: annoying delay).
11962: [da3f27b747c7]
11963:
11964: 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
11965:
11966: * closefrom.c, config.h.in, configure, configure.in:
11967: Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
11968: Darren Tucker.
11969: [0331b7780759]
11970:
11971: * pwutil.c:
11972: pw_free() is only used by sudo_freepwcache() so ifdef it out too.
11973: [0014c0d9eeba]
11974:
11975: 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
11976:
11977: * config.guess, config.sub:
11978: Update to latest versions from cvs.savannah.gnu.org
11979: [aa0143101c20]
11980:
11981: 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
11982:
11983: * pwutil.c, sudo_edit.c:
11984: Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
11985: we can close the passwd/group files early.
11986: [559074bd7eb7]
11987:
11988: * config.h.in, configure, configure.in, set_perms.c:
11989: Add seteuid() flavor of set_perms() for systems without setreuid()
11990: or setresuid() that have a working seteuid(). Tested on Darwin.
11991: [508d8da99189]
11992:
11993: 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
11994:
11995: * mon_systrace.c:
11996: systrace_read() returns ssize_t
11997: [9f97d1d1a59d]
11998:
11999: * configure, configure.in:
12000: Fix typo, -lldap vs. -ldap; from Tim Knox.
12001: [a8cc43c3bb2a]
12002:
12003: 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
12004:
12005: * HISTORY:
12006: Fix typo; Matt Ackeret
12007: [86964ee3dfbd]
12008:
12009: 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
12010:
12011: * sudo.c:
12012: Print sudoers path in -V mode for root.
12013: [dc43f2d75bd9]
12014:
12015: 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
12016:
12017: * ldap.c:
12018: Do a sub tree search instead of a base search (one level in the tree
12019: only) for sudo right objects. This allows system administrators to
12020: categorize the rights in a tree to make them easier to manage.
12021: [6d2d9abf996e]
12022:
12023: 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
12024:
12025: * sudo.pod:
12026: fix typo
12027: [1473413bcbda]
12028:
12029: 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
12030:
12031: * ldap.c:
12032: Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
12033: bind_timelimit support; adapted from gentoo.
12034: [afc816093026]
12035:
12036: 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
12037:
12038: * ldap.c:
12039: Support comments that start in the middle of a line
12040: [c25df6ee3db8]
12041:
12042: * configure, configure.in:
12043: Define LDAP_DEPRECATED until we start using ldap_get_values_len()
12044: [ee249bfe230a]
12045:
12046: 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
12047:
12048: * closefrom.c:
12049: Silence gcc -Wsign-compare; djm@openbsd.org
12050: [28769ce6418d]
12051:
12052: * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
12053: cleanup() now takes an int as an arg so it can be used as a signal
12054: handler too.
12055: [2bb0df34d09c]
12056:
12057: * sudo.c:
12058: Make a copy of the shell field in the passwd struct for NewArgv to
12059: avoid a use after free situation after sudo_endpwent() is called.
12060: [5dcc9ffd362e]
12061:
12062: 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
12063:
12064: * config.h.in, configure, configure.in:
12065: Add mkstemp() for those poor souls without it.
12066: [5fdd02e863e0]
12067:
12068: * mkstemp.c:
12069: Add mkstemp() for those poor souls without it.
12070: [c99401207860]
12071:
12072: * Makefile.in:
12073: Add mkstemp() for those poor souls without it.
12074: [9c1cf2678f24]
12075:
12076: 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
12077:
12078: * env.c:
12079: Add PERL5DB to list of environment variables to remove.
12080: [7375c27ecf75]
12081:
12082: 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
12083:
12084: * mon_systrace.c, mon_systrace.h:
12085: Instead of calling the check function twice with a state cookie use
12086: separate check/log functions.
12087:
12088: Check more ioctl() calls for failure.
12089:
12090: systrace_{read,write} now return the number of bytes read/written or
12091: -1 on error.
12092: [3dc8946d90e9]
12093:
12094: * env.c:
12095: Add more environment variables to remove; from gentoo linux Add some
12096: comments about what bad env variables go to what (more to do)
12097: [6918110a6b82]
12098:
12099: 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
12100:
12101: * sudo.c, sudo_edit.c:
12102: Move sudo_end{gr,pw}ent() until just before the exec since they free
12103: up our cached copy of the passwd structs, including sudo_user and
12104: sudo_runas. Fixes a use-after-free bug.
12105: [54de3778bad0]
12106:
12107: * visudo.c:
12108: Close all fd's before executing editor.
12109: [4fcc05e1bec8]
12110:
12111: * sudo.c:
12112: Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
12113: [ef0e8ffa5c9f]
12114:
12115: * check.c:
12116: Fix fd leak when lecture file option is enabled. From Jerry Brown
12117: [ce97f9207cd8]
12118:
12119: 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
12120:
12121: * env.c:
12122: Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
12123: environment variables to remove. From Charles Morris
12124: [c96e1367d1c1]
12125:
12126: 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
12127:
12128: * env.c:
12129: add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
12130: [72a6a1571226]
12131:
12132: 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
12133:
12134: * env.c:
12135: add PS4 and SHELLOPTS to initial_badenv_table for bash
12136: [89dfb3f318f3]
12137:
12138: 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
12139:
12140: * sudoers.pod:
12141: Fix typo; Toby Peterson
12142: [b7a3222b23f4]
12143:
12144: 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
12145:
12146: * tsgetgrpw.c:
12147: Make return buffers static so they don't get clobbered
12148: [13323a39b9f5]
12149:
12150: 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
12151:
12152: * auth/securid5.c:
12153: Fix securid5 authentication, was not checking for ACM_OK. Also add
12154: default cases for the two switch()es. Problem noted by ccon at
12155: worldbank
12156: [14091e418333]
12157:
12158: 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
12159:
12160: * ldap.c:
12161: Remove ncat() in favor of just counting bytes and pre-allocating
12162: what is needed.
12163: [25b8712adb61]
12164:
12165: 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
12166:
12167: * ldap.c:
12168: Fix up some comments Add missing fclose() for the rootbinddn case
12169: [ae95c8a89711]
12170:
12171: * ldap.c:
12172: align struct ldap_config
12173: [35d0d64c76f8]
12174:
12175: * ldap.c:
12176: use LINE_MAX for max conf file line size
12177: [da116cb8853d]
12178:
12179: * pathnames.h.in:
12180: add _PATH_LDAP_SECRET
12181: [128b04ecfab7]
12182:
12183: * README.LDAP:
12184: Mention rootbinddn Give example ou=SUDOers container
12185: [852edc69bd1c]
12186:
12187: 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
12188:
12189: * INSTALL, configure, configure.in, ldap.c:
12190: Support rootbinddn in ldap.conf
12191: [1615c91522a1]
12192:
12193: * env.c, sudo.pod, sudoers.pod:
12194: Preserve DISPLAY environment variable by default.
12195: [05f503d5f438]
12196:
12197: * acsite.m4, configure:
12198: set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
12199: [18a04dea8d05]
12200:
12201: * acsite.m4, configure:
12202: set need_version=no for all cases; this is safe for LD_PRELOAD
12203: [b542560e1a73]
12204:
12205: * aclocal.m4:
12206: typo
12207: [c040df0fcd5a]
12208:
12209: * configure, configure.in:
12210: Add dragonfly
12211: [f13794618636]
12212:
12213: * auth/pam.c:
12214: Fix call to pam_end() when pam_open_session() fails.
12215: [0be47cdfdef1]
12216:
12217: * configure:
12218: regen
12219: [7f5c13b4b800]
12220:
12221: * acsite.m4:
12222: rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
12223: ltsugar.m4 ltversion.m4
12224: [a7ba9fd1a2ab]
12225:
12226: * config.guess, config.sub, ltmain.sh:
12227: merge in local changes: config.guess: o better openbsd support
12228: config.sub: o hiuxmpp support ltmain.sh o remove requirement that
12229: libs must begin with "lib" o don't print a bunch of crap about
12230: library installs o don't run ldconfig
12231: [f4149f2c720f]
12232:
12233: * config.guess, config.sub, ltmain.sh:
12234: libtool 1.9f
12235: [82a534e7121f]
12236:
12237: * configure.in:
12238: Update with autoupdate and make minor changes for libtool 1.9f
12239: [11b5ae5c1428]
12240:
12241: 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
12242:
12243: * parse.c:
12244: don't call sudo_ldap_display_cmnd if ldap not setup
12245: [8bcf6c094ffe]
12246:
12247: * sudo_edit.c, visudo.c:
12248: Move declatation of struct timespec to its own include files for
12249: systems without it since it needs time_t defined.
12250: [b95c333299a0]
12251:
12252: * gettime.c:
12253: Move declatation of struct timespec to its own include files for
12254: systems without it since it needs time_t defined.
12255: [021b4569cc0c]
12256:
12257: * fileops.c:
12258: Move declatation of struct timespec to its own include files for
12259: systems without it since it needs time_t defined.
12260: [dd8573b2ee7d]
12261:
12262: * emul/timespec.h:
12263: Move declatation of struct timespec to its own include files for
12264: systems without it since it needs time_t defined.
12265: [f95137771564]
12266:
12267: * check.c, compat.h:
12268: Move declatation of struct timespec to its own include files for
12269: systems without it since it needs time_t defined.
12270: [2ef2ace8fe85]
12271:
12272: * ldap.c:
12273: Don't set safe_cmnd for the "sudo ALL" case.
12274: [ad7fa9e07da0]
12275:
12276: 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
12277:
12278: * auth/pam.c:
12279: Call pam_open_session() and pam_close_session() to give pam_limits a
12280: chance to run. Idea from Karel Zak.
12281: [fed46d471350]
12282:
12283: 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
12284:
12285: * check.c, sudo.c:
12286: Add explicit cast from mode_t -> u_int in printf to silence warnings
12287: on Solaris
12288: [17bb961fe22d]
12289:
12290: * parse.c:
12291: include grp.h to silence a warning on Solaris
12292: [14386fbab640]
12293:
12294: 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
12295:
12296: * parse.c:
12297: Fix printing of += and -= defaults.
12298: [a667604c56cd]
12299:
12300: 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
12301:
12302: * mon_systrace.c:
12303: Sanity check number of syscall args with argsize. Not really needed
12304: but a little paranoia never hurts.
12305: [6bb455a2c2d6]
12306:
12307: * mon_systrace.c, mon_systrace.h:
12308: Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
12309: for systrace lengths (since it uses int)
12310: [3cafccffcffd]
12311:
12312: 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
12313:
12314: * mon_systrace.c:
12315: Add some memsets for paranoia Fix namespace collsion w/ error Check
12316: rval of decode_args() and update_env() Remove improper setting of
12317: validated variable
12318: [3d385158354d]
12319:
12320: 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
12321:
12322: * parse.c, sudo.c, sudo.h:
12323: In -l mode, only check local sudoers file if def_ignore_sudoers is
12324: not set and call LDAP versions from display_privs() and
12325: display_cmnd() instead of directly from main(). Because of this we
12326: need to defer closing the ldap connection until after -l processing
12327: has ocurred and we must pass in the ldap pointer to display_privs()
12328: and display_cmnd().
12329: [1dfc2e8c9f2b]
12330:
12331: * ldap.c:
12332: Reorganize LDAP code to better match normal sudoers parsing.
12333: Instead of storing strings for later printing in -l mode we do
12334: another query since the authenticating user and the user being
12335: listed may not be the same (the new -U flag). Also add support for
12336: "sudo -l command".
12337:
12338: There is still a fair bit if duplicated code that can probably be
12339: refactored.
12340: [e9568f19bde5]
12341:
12342: 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
12343:
12344: * ldap.c:
12345: Replace pass variable with do_netgr for better readability.
12346: [1bba841b6e79]
12347:
12348: * ldap.c:
12349: use DPRINTF macro
12350: [02b159b66bb5]
12351:
12352: * ldap.c:
12353: estrdup, not strdup
12354: [22cdee7973c1]
12355:
12356: 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
12357:
12358: * parse.c:
12359: Add macro to test if the tag changed to improve readability.
12360: [4e11b4819556]
12361:
12362: * parse.c:
12363: Avoid printing defaults header if there are no defaults to print...
12364: [41a28627df03]
12365:
12366: * glob.c:
12367: Fix a warning on systems without strlcpy().
12368: [6814e0f0e4f4]
12369:
12370: * pwutil.c:
12371: Use macros where possible for sudo_grdup() like sudo_pwdup().
12372: [30f201ff35cd]
12373:
12374: 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
12375:
12376: * utimes.c:
12377: It is possible for tv_usec to hold >= 1000000 usecs so add in
12378: tv_usec / 1000000.
12379: [794ac4d53a65]
12380:
12381: 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
12382:
12383: * auth/kerb5.c:
12384: The component in krb5_principal_get_comp_string() should be 1, not 0
12385: for Heimdal. From Alex Plotnick.
12386: [fefa351c5044]
12387:
12388: 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
12389:
12390: * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
12391: interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
12392: redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
12393: Add efree() for consistency with emalloc() et al. Allows us to rely
12394: on C89 behavior (free(NULL) is valid) even on K&R.
12395: [7876bb80d87c]
12396:
12397: * parse.c, sudo.c:
12398: Move initgroups() for -U option into display_privs() so group
12399: matching in sudoers works correctly.
12400: [b074428ad2ca]
12401:
12402: 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
12403:
12404: * ldap.c:
12405: Removed duplicate call to ldap_unbind_s introduced along with
12406: sudo_ldap_close.
12407: [19acc1c20f7c]
12408:
12409: * parse.c:
12410: Add missing space in Defaults printing
12411: [95d2935bf6d4]
12412:
12413: 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
12414:
12415: * pwutil.c:
12416: Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
12417: and string copies.
12418: [6b6b241495e5]
12419:
12420: 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
12421:
12422: * pwutil.c:
12423: Zero old pw_passwd before replacing with version from shadow file.
12424: [3251b349dfe1]
12425:
12426: * configure, configure.in:
12427: Only attempt shadow password detection if PAM is not being used Add
12428: shadow_* variables to make shadow password detection more generic.
12429: [d498a3423ac9]
12430:
12431: * configure.in:
12432: Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
12433: [04d55bbd5e35]
12434:
12435: 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
12436:
12437: * sudoers.pod:
12438: use a non-breaking space to avoid a double space after e.g.
12439: [11cdb54bdf7b]
12440:
12441: * sudo.pod:
12442: commna, not colon after e.g.
12443: [8d5875ff72e0]
12444:
12445: 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
12446:
12447: * sudo_noexec.c:
12448: Add __ variants of the exec functions. GNU libc at least uses
12449: __execve() internally.
12450: [d1880473d790]
12451:
12452: * indent.pro:
12453: Match reality a bit more.
12454: [633e3fa875a7]
12455:
12456: * pwutil.c:
12457: Missed piece from rev. 1.6, fix sudo_getpwnam() too.
12458: [128f7b21c2ee]
12459:
12460: * pwutil.c:
12461: Store shadow password after making a local copy of struct passwd in
12462: case normal and shadow routines use the same internal buffer in
12463: libc.
12464: [f806052a6ffc]
12465:
12466: 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
12467:
12468: * alloc.c, logging.c:
12469: Make varargs usage consistent with the rest of the code.
12470: [3d45affc9851]
12471:
12472: 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
12473:
12474: * sudo_noexec.c:
12475: Wrap more of the exec family since on Linux the others do not appear
12476: to go through the normal execve() path.
12477: [8167769b4e19]
12478:
12479: * visudo.c:
12480: make print_unused static like proto says
12481: [ecf10e1bae55]
12482:
12483: * glob.c:
12484: silence a warning on K&R systems
12485: [2e00425f1a5c]
12486:
12487: * alias.c, error.c:
12488: make this build in K&R land
12489: [156f65f8525a]
12490:
12491: * parse.c:
12492: make this build in K&R land
12493: [6fc9276889cb]
12494:
12495: 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
12496:
12497: * toke.c:
12498: regen
12499: [3b349748cd21]
12500:
12501: 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
12502:
12503: * ldap.c:
12504: return(foo) not return foo optimize _atobool() slightly
12505: [11d09d154ed5]
12506:
12507: * ldap.c:
12508: Use TRUE/FALSE
12509: [53999320d98f]
12510:
12511: * ldap.c:
12512: Reformat to match the rest of sudo's code.
12513: [1bd0f2afa0e7]
12514:
12515: * sudo.pod:
12516: I am the primary author
12517: [5d311ecd85c6]
12518:
12519: 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
12520:
12521: * Makefile.in, README, RUNSON:
12522: The RUNSON file is toast--it confused too many people and really
12523: isn't needed in a configure-oriented world.
12524: [96a6ef7bbc08]
12525:
12526: * INSTALL:
12527: alternate -> alternative
12528: [b65015c5d0a2]
12529:
12530: * tgetpass.c:
12531: Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
12532: TCSAFLUSH.
12533: [c66b4763ffdc]
12534:
12535: * toke.l:
12536: Allow leading blanks before Defaults and Foo_Alias definitions
12537: [2add513d9277]
12538:
12539: * Makefile.in:
12540: fix rules to build toke.o and gram.o in devel mode
12541: [96cbb414ebd3]
12542:
12543: 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
12544:
12545: * sudoers.pod:
12546: env_keep overrides set_logname
12547: [401877193a15]
12548:
12549: * env.c:
12550: Fix disabling set_logname and make env_keep override set_logname.
12551: [0906e7a5ed93]
12552:
12553: * compat.h, config.h.in, configure, configure.in:
12554: No longer need memmove()
12555: [43bdb6efe3f2]
12556:
12557: * env.c, sudo.c:
12558: Just clean the environment once. This assumes that any further
12559: setenv/putenv will be able to handle the fact that we replaced
12560: environ with our own malloc'd copy but all the implementations I've
12561: checked do.
12562: [11658fe92ba2]
12563:
12564: 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
12565:
12566: * env.c, sudo.c:
12567: In -i mode, base the value of insert_env()'s dupcheck flag on
12568: DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
12569: [8365b0bd0c71]
12570:
12571: 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
12572:
12573: * env.c, sudo.c:
12574: Move setting of user_path, user_shell, user_prompt and prev_user
12575: into init_vars() since user_shell at least is needed there.
12576: [37e22dce66e9]
12577:
12578: 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
12579:
12580: * Makefile.in:
12581: fix devel builds
12582: [9fbb15ef164c]
12583:
12584: * sudo.c:
12585: Fix some printf format mismatches on error.
12586: [ffc1c3f11740]
12587:
12588: * check.c:
12589: Fix some printf format mismatches on error.
12590: [7b3b508adf50]
12591:
12592: * configure, gram.c, toke.c:
12593: regen
12594: [aa76f9d8b02a]
12595:
12596: * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
12597: auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
12598: auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
12599: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
12600: auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
12601: closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
12602: emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
12603: getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
12604: interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
12605: parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
12606: snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
12607: sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
12608: testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
12609: visudo.pod, zero_bytes.c:
12610: Update copyright years.
12611: [0610c3654739]
12612:
12613: * Makefile.binary.in:
12614: Update copyright years.
12615: [d78ffc9f2e2b]
12616:
12617: * LICENSE:
12618: Update copyright years.
12619: [f60473bca4b1]
12620:
12621: * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
12622: version 1.7
12623: [aa977a544ca1]
12624:
12625: * WHATSNEW:
12626: What's new in sudo 1.7, based on the 1.7 CHANGES entries.
12627: [ecfcf7269c14]
12628:
12629: 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
12630:
12631: * compat.h, logging.h, sudo.h:
12632: Add __printflike and use it with gcc to warn about printf-like
12633: format mismatches
12634: [b192ad4a0548]
12635:
12636: 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
12637:
12638: * CHANGES, ChangeLog:
12639: Replaced CHANGES file with ChangeLog generated from cvs logs
12640: [d9ace9dab98f]
12641:
12642: * set_perms.c:
12643: Use warning/error instead of perror/fatal.
12644: [e33259df7738]
12645:
12646: * config.guess:
12647: Update OpenBSD section
12648: [9d2c23de6801]
12649:
12650: * UPGRADE:
12651: Add upgrading noted for 1.7
12652: [1fb6b6d6df07]
12653:
12654: * env.c, sudo.c, sudoers.pod:
12655: Instead of zeroing out the environment, just prune out entries based
12656: on the env_delete and env_check lists. Base building up the new
12657: environment on the current environment and the variables we removed
12658: initially.
12659: [fc192df8fd15]
12660:
12661: * config.h.in, configure, configure.in, sudo.c:
12662: Set locale to "C" if locales are supported, just to be safe.
12663: [91fbaa98f02e]
12664:
12665: * toke.c, toke.l:
12666: Cast?argument to ctype functions to unsigned char.
12667: [e096b4d65796]
12668:
12669: 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
12670:
12671: * env.c:
12672: correct value for DID_USER
12673: [b5b05d36ec15]
12674:
12675: * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
12676: #include <compat.h> not "compat.h"
12677: [7a0ad9a0ccd7]
12678:
12679: * defaults.c:
12680: Reset the environment by default.
12681: [4ecc6423e0f0]
12682:
12683: * sudo.c:
12684: Alloc an extra slot in NewArgv. Removes the need to malloc an new
12685: vector if execve() fails.
12686: [83dfb6f584a7]
12687:
12688: 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
12689:
12690: * INSTALL, config.h.in, configure, configure.in, sudo.c:
12691: Use execve(2) and wrap the command in sh if we get ENOEXEC.
12692: [c0c6af4e2a21]
12693:
12694: 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
12695:
12696: * sudo_noexec.c:
12697: Only include time.h on systems that lack struct timespec which gets
12698: defind in compat.h (using time_t).
12699: [e373e518b4cb]
12700:
12701: * sudo_noexec.c:
12702: Include time.h for time_t in compat.h for systems w/o struct
12703: timespec.
12704: [a34b5637e458]
12705:
12706: * compat.h, config.h.in, configure, configure.in:
12707: use bcopy on systems w/o memmove
12708: [f835eafd78c6]
12709:
12710: * compat.h:
12711: __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
12712: use to gcc >= 2.8.
12713: [1cb9a4e58566]
12714:
12715: * Makefile.in:
12716: Add explicit rule to build sudo_noexec.lo
12717: [df1dfcf8dd77]
12718:
12719: 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
12720:
12721: * INSTALL.configure, Makefile.in:
12722: No longer depend on VPATH; pointed out a bunch of missed
12723: dependencies.
12724: [601a45d4af6b]
12725:
12726: * TROUBLESHOOTING:
12727: Help for PAM when account section is missing
12728: [9b8221256756]
12729:
12730: * auth/pam.c:
12731: Give user a clue when there is a missing "account" section in the
12732: PAM config.
12733: [2529625c0495]
12734:
12735: * auth/pam.c:
12736: Better error handling.
12737: [518c9bda23d8]
12738:
12739: * config.h.in, configure, configure.in:
12740: Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
12741: possible. Silences a warning about isblank() on linux.
12742: [19c94d7ecdc8]
12743:
12744: * auth/pam.c:
12745: Fix typo (missing comma) that caused an incorrect number of args to
12746: be passed to log_error().
12747: [0099dfec560f]
12748:
12749: 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
12750:
12751: * pwutil.c:
12752: Don't try to destroy a tree we didn't create.
12753: [d43c4fe03aa4]
12754:
12755: 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
12756:
12757: * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
12758: auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
12759: auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
12760: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
12761: compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
12762: fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
12763: goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
12764: match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
12765: sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
12766: strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
12767: tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
12768: Add __unused to rcsids
12769: [ad6b4ac45705]
12770:
12771: 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
12772:
12773: * configure, configure.in:
12774: Fix error message when mixing invalid auth types
12775: [68069b3ff5bc]
12776:
12777: * INSTALL:
12778: PAM, AIX auth, BSD auth and login_cap are now on by default if the
12779: OS supports them.
12780: [4e44e9098cf0]
12781:
12782: * auth/sudo_auth.h, config.h.in:
12783: s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
12784: [2d569b43b23e]
12785:
12786: * configure.in:
12787: Better checking for conflicting authentication methods Display the
12788: authentication methods used at the end of configure Rename --with-
12789: authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
12790: --with-pam, --with-logincap by default on systems that support them
12791: unless disabled. Add OSMAJOR variable that replaces old OSREV; now
12792: OSREV has full version number
12793: [a21115b6fe9f]
12794:
12795: 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
12796:
12797: * def_data.c, def_data.in, sudo.c, sudoers.pod:
12798: s/-O/-C/
12799: [ee73f1b81923]
12800:
12801: 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
12802:
12803: * configure.in:
12804: Replace: test -n "$FOO" || FOO="bar"
12805:
12806: With: : ${FOO='bar'}
12807: [37552d9054fc]
12808:
12809: 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
12810:
12811: * pwutil.c, testsudoers.c, tsgetgrpw.c:
12812: Use function pointers to only call private passwd/group routines
12813: when using a nonstandard passwd/group file.
12814: [215908681dfb]
12815:
12816: 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
12817:
12818: * CHANGES:
12819: sync
12820: [2e55c03f5790]
12821:
12822: * tsgetgrpw.c:
12823: Can't use strtok() since it doesn't handle empty fields so add
12824: getpwent()/getgrent() functions and call those.
12825: [bdaa5b0db70e]
12826:
12827: 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
12828:
12829: * Makefile.in:
12830: Fix dummied out toke.c and gram.c dependencies.
12831: [4b909c8b2ebe]
12832:
12833: * Makefile.in:
12834: Rename PARSESRCS -> GENERATED since it is only used in the clean
12835: target Add devdir variable and use it to specify the path to parser
12836: sources
12837: [f27b3f41ca23]
12838:
12839: * configure:
12840: regen
12841: [22c6435dbd46]
12842:
12843: * configure.in:
12844: Add a devdir variables that defaults to $(srcdir) and is set to . if
12845: --devel was specified. Allows for proper dependecies building the
12846: parser.
12847: [a36d694c6d21]
12848:
12849: * testsudoers.c:
12850: Add support for custom passwd/group files.
12851: [296549ff4b87]
12852:
12853: * Makefile.in:
12854: Build private copy of pwutil.o for testsudoers with MYPW defined so
12855: it uses our own passwd/group routines.
12856: [bafa54ec78ca]
12857:
12858: * visudo.c:
12859: Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
12860: stubs instead. We can now just use the caching sudo_*{pw,gr}*
12861: functions in pwutil.c Add comment about wanting to call
12862: sudo_endpwent/sudo_endgrent in cleanup()
12863: [7e59d6b5510d]
12864:
12865: * tsgetgrpw.c:
12866: Remove caching; we will just use what is in pwutil.c Use global
12867: buffers for passwd/group structs Rename functions from sudo_* to
12868: my_*
12869: [8c1e068f574c]
12870:
12871: * logging.c, sudo.c:
12872: g/c pwcache_init/pwcache_destroy
12873: [60a24909b947]
12874:
12875: * sudo.h:
12876: Undo last commit and add sudo_setspent and sudo_endspent instead.
12877: [bac80db08296]
12878:
12879: * getspwuid.c, pwutil.c:
12880: Move all but the shadow stuff from getspwuid.c to pwutil.c and
12881: pwcache_get and pwcache_put as they are no longer needed. Also add
12882: preprocessor magic to use private versions of the passwd and group
12883: routines if MYPW is defined (for use by testsudoers).
12884: [a16b8678a426]
12885:
12886: * tsgetgrpw.c:
12887: zero out struct passwd/group before filling it in so if there are
12888: fields we don't handle they end up as 0.
12889: [274cb6a93301]
12890:
12891: * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
12892: Adapt to pwutil.c
12893: [43ebd04c8b82]
12894:
12895: * Makefile.in:
12896: Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
12897: readability.
12898: [7f88c6061e2d]
12899:
12900: * tsgetgrpw.c:
12901: Passwd and group lookup routines for testsudoers that support
12902: alternate passwd and group files.
12903: [d7803101d34e]
12904:
12905: * getspwuid.c, pwutil.c:
12906: Split off pw/gr cache and dup code into its own file. This allows
12907: visudo and testsudoers to use the pw/gr cache too.
12908: [ef333d3ffedf]
12909:
12910: 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
12911:
12912: * parse.c:
12913: Print Defaults info in "sudo -l" output and wrap lines based on the
12914: terminal width.
12915: [e559eae4250e]
12916:
12917: 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
12918:
12919: * match.c, testsudoers.c, visudo.c:
12920: Only check group vector in usergr_matches() if we are matching the
12921: invoking or list user. Always check the group members, even if
12922: there was a group vector.
12923: [d0c7ceb2a041]
12924:
12925: 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
12926:
12927: * LICENSE, Makefile.in, fnmatch.3:
12928: No longer bundle fnmatch.3
12929: [72db4a4ff4e1]
12930:
12931: * CHANGES, TODO:
12932: checkpoint
12933: [e92781bfd99c]
12934:
12935: 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
12936:
12937: * sudo.c:
12938: sort usage
12939: [15e3b876ec2c]
12940:
12941: * sudo.pod:
12942: Sort command line options
12943: [c1fa56584bc4]
12944:
12945: * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
12946: sudo.pod, sudoers.pod:
12947: Add closefrom sudoers option to start closing at a point other than
12948: 3. Add closefrom_override sudoers option and -C sudo flag to allow
12949: the user to specify a different closefrom starting point.
12950: [370652b099d1]
12951:
12952: * pathnames.h.in:
12953: Add _PATH_DEVNULL for those without it.
12954: [0c4c3e0ceb8b]
12955:
12956: * LICENSE:
12957: no more UCB strcasecmp
12958: [397a6298e07f]
12959:
12960: * strcasecmp.c:
12961: replace BSD licensed one with version derived from pdksh
12962: [d7cfda8c57a2]
12963:
12964: 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
12965:
12966: * sudo.c:
12967: Fix last commit.
12968: [7afb9a180532]
12969:
12970: * sudo.c:
12971: Make sure stdin, stdout and stderr are open and dup them to
12972: /dev/null if not.
12973: [590f387068bd]
12974:
12975: 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
12976:
12977: * ldap.c, mon_systrace.c, sudo.c, sudo.h:
12978: add sudo_ldap_close
12979: [4273a36765a7]
12980:
12981: * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
12982: Use TIME_WITH_SYS_TIME
12983: [c32b59bf15fb]
12984:
12985: * config.h.in, configure, configure.in:
12986: Add TIME_WITH_SYS_TIME_H
12987: [57cb146f451d]
12988:
12989: 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
12990:
12991: * env.c:
12992: Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
12993: unconditionally on darwin. From Toby Peterson.
12994: [d69959681c87]
12995:
12996: * getspwuid.c:
12997: Check rbinsert() return value. In the case of faked up entries
12998: there is usually a negative response cached that we need to
12999: overwrite.
13000:
13001: In pwfree() don't try to zero out a NULL pw_passwd pointer.
13002: [00b32d1a48c1]
13003:
13004: * mon_systrace.c:
13005: Use the double fork trick to avoid the monitor process being waited
13006: for by the main program run through sudo.
13007: [e0ce556712ff]
13008:
13009: 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
13010:
13011: * sudo.c:
13012: Call initgroups() in -U mode so group matches work normally.
13013: [2235bea15283]
13014:
13015: * def_data.h, mkdefaults:
13016: Don't print a trailing comma for the last entry in enum def_tupple
13017: [c43a96bb31df]
13018:
13019: 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
13020:
13021: * sudoers.cat, sudoers.man.in, sudoers.pod:
13022: Mention values when lecture, listpw and verifypw are used in boolean
13023: context.
13024: [a0b5c0abaccf]
13025:
13026: * def_data.c, def_data.in:
13027: verifypw when used in a boolean TRUE context should be "all", not
13028: "any".
13029: [2eb076ddd5e2]
13030:
13031: 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
13032:
13033: * def_data.in, defaults.c:
13034: Allow tuples that can be used as booleans to be used as boolean
13035: TRUE. In this case the 2nd possible value of the tuple is used for
13036: TRUE.
13037: [bd99aa77e88b]
13038:
13039: 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
13040:
13041: * configure, configure.in:
13042: Correct the test for 2-parameter timespecsub
13043: [d41c9cb26b97]
13044:
13045: * sudo.h:
13046: Add strub struct definitions for passwd, timeval and timespec
13047: [c4ce5c43d8c5]
13048:
13049: * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
13050: Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
13051: and fix a typo in the gettimeofday check.
13052: [8ac9893057ce]
13053:
13054: 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
13055:
13056: * match.c, testsudoers.c:
13057: Deal with user_stat being NULL as it is for visudo and testsudoers.
13058: [3605a6ff64d0]
13059:
13060: * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
13061: Add -U option to use in conjunction with -l instead of -u. Add
13062: support for "sudo -l command" to test a specific command.
13063: [99638789d415]
13064:
13065: * gram.c, gram.y, sudo.c:
13066: Set safe_cmnd after sudoers_lookup() if it has not been set.
13067: Previously it was set by sudo "ALL" in the parser but at that point
13068: the fully-qualified pathname has not yet been found.
13069: [ac30d98f8225]
13070:
13071: 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
13072:
13073: * parse.c, testsudoers.c:
13074: Correctly handle multiple privileges per userspec and runas
13075: inheritence.
13076: [a98a965181af]
13077:
13078: 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
13079:
13080: * defaults.c:
13081: Zero out sd_un for each entry in sudo_defs_table in init_defaults.
13082: [031d3cd4a848]
13083:
13084: 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
13085:
13086: * toke.c, toke.l:
13087: make per-command defaults work with sudoedit
13088: [e56fe33db916]
13089:
13090: * ldap.c, parse.c, sudo.c, sudo.h:
13091: Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
13092: Instead, we just set the approriate defaults variable.
13093: [756eeecc1d86]
13094:
13095: * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
13096: Document per-command Defaults.
13097: [92a0f84b91c1]
13098:
13099: * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
13100: sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
13101: Add support for command-specific Defaults entries. E.g.
13102: Defaults!/usr/bin/vi noexec
13103: [be3d52bf01cf]
13104:
13105: * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
13106: Change an occurence of user_matches() -> runas_matches() missed
13107: previously runas_matches(), host_matches() and cmnd_matches() only
13108: really need to pass in a list of members. user_matches() still
13109: needs to pass in a passwd struct because of "sudo -l"
13110: [833b22fc6fa0]
13111:
13112: * parse.c:
13113: Check def_authenticate, def_noexec and def_monitor when setting
13114: return flags. XXX May be better to just set the defaults directly
13115: and get rid of those flags.
13116: [b6db22b59d69]
13117:
13118: * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
13119: auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
13120: auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
13121: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
13122: defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
13123: getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
13124: gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
13125: mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
13126: strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
13127: sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
13128: visudo.c, zero_bytes.c:
13129: Use: #include <config.h> Not: #include "config.h" That way we get
13130: the correct config.h when build dir != src dir
13131: [97e5670a442b]
13132:
13133: * Makefile.in:
13134: Back out part of rev 1.263; fix -I order
13135: [197ea01cad5d]
13136:
13137: * toke.c, toke.l:
13138: More robust parsing if #include; could be much better still.
13139: [31bc3cd8f045]
13140:
13141: * sudo_edit.c, visudo.c:
13142: Make arg splitting in visudo and sudoedit consistent.
13143: [7bc74485f246]
13144:
13145: * Makefile.in, alias.c, gram.c, gram.y, parse.h:
13146: Split alias routines out into their own file.
13147: [d90f633cf9ae]
13148:
13149: * error.h:
13150: __attribute__ is already defined in compat.h
13151: [676ed3fe9203]
13152:
13153: * visudo.c:
13154: quit() should not be __noreturn__ as it is non-void on some
13155: platforms.
13156: [e528c2b6ba10]
13157:
13158: * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
13159: Add local error/warning functions like err/warn but that call an
13160: additional cleanup routine in the error case. This means we no
13161: longer need to compile a special version of alloc.o for visudo.
13162: [e78e8aae882e]
13163:
13164: * parse.h:
13165: Clarify comments about the data structures
13166: [ae894e266701]
13167:
13168: 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
13169:
13170: * visudo.c:
13171: Add support for VISUAL and EDITOR containing command line args. If
13172: env_editor is not set any args in VISUAL and EDITOR are ignored.
13173: Arguments are also now supported in def_editor.
13174: [ff7303b8e298]
13175:
13176: 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
13177:
13178: * parse.h:
13179: alias_matches() is no more
13180: [b59825e28084]
13181:
13182: * CHANGES, TODO:
13183: sync
13184: [2b8f5f63c1de]
13185:
13186: * Makefile.in:
13187: When regenerating the parser, don't replace gram.h unless it has
13188: changed.
13189: [819949668018]
13190:
13191: * Makefile.in:
13192: remove Makefile.binary for distclean
13193: [351eec8d00b2]
13194:
13195: * env.c:
13196: Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
13197: sure we can't overflow new_env.
13198: [3284d17b9c6d]
13199:
13200: * sudo_edit.c:
13201: paranoia when stripping trailing slashes from tempdir.
13202: [012f1aa2b81f]
13203:
13204: * sudo.c:
13205: Set user_ngroups to 0 if getgroups() returns an error.
13206: [c46d43e9449a]
13207:
13208: 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
13209:
13210: * config.h.in, configure, configure.in, sudo.c:
13211: Add configure check for getgroups()
13212: [5d8a214e2cef]
13213:
13214: * ldap.c:
13215: Use supplementary group vector in struct sudo_user.
13216: [3d0c463c034d]
13217:
13218: * match.c:
13219: Only do string comparisons on the group members if there is no
13220: supplemental group list.
13221: [be1c8362f7ef]
13222:
13223: * CHANGES, TODO:
13224: sync
13225: [db188bc5b975]
13226:
13227: * sudo_edit.c:
13228: On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
13229: chop off any trailing slashes we see and add an explicit one.
13230: [e1b477dafee1]
13231:
13232: * match.c:
13233: remove bogus XXX comment
13234: [8aecb8a28d40]
13235:
13236: * match.c:
13237: Get rid of alias_matches and correctly fall through to the non-alias
13238: cases when there is no alias with the specified name.
13239: [2cd555246f09]
13240:
13241: * getspwuid.c:
13242: Cache non-existent passwd/group entries too.
13243: [8de9a467d271]
13244:
13245: * gram.c:
13246: regen
13247: [9ece18c58f36]
13248:
13249: * getspwuid.c:
13250: fix typo
13251: [9a7ae371eac1]
13252:
13253: * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
13254: mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
13255: Implement group caching and use the passwd and group caches
13256: throughout.
13257: [f1d8c5015169]
13258:
13259: 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
13260:
13261: * match.c:
13262: Properly negate the return value of alias_matches() when
13263: appropriate.
13264: [ce59c4ce77ad]
13265:
13266: * match.c:
13267: Make hostname_matches() return TRUE for a match, else FALSE like the
13268: caller expects.
13269: [1dc03902d3a2]
13270:
13271: * Makefile.in:
13272: Add missing dependencies on gram.h
13273: [4f94bbb1d50c]
13274:
13275: * match.c:
13276: Use runas_matches in alias_matches() now that we have it.
13277: [284d22e91178]
13278:
13279: * parse.c, parse.h:
13280: Expand aliases in "sudo -l" mode
13281: [f67a38b79c44]
13282:
13283: * gram.y, match.c:
13284: Use ALIAS for the member type when storing an alias instead of
13285: HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
13286: more generic type. Expand runas_matches instead of calling
13287: user_matches() inside of it since user_matches() looks up
13288: USERALIASes, not RUNASALIASes.
13289: [52004d75232b]
13290:
13291: * CHANGES, getspwuid.c:
13292: Paranoia; zero out pw_passwd before freeing passwd entry.
13293: [bd1b22638f00]
13294:
13295: * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
13296: configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
13297: error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
13298: sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
13299: Add local error/warning functions like err/warn but that call an
13300: additional cleanup routine in the error case. This means we no
13301: longer need to compile a special version of alloc.o for visudo.
13302: [25000b676cfe]
13303:
13304: * match.c:
13305: Use userpw_matches() to compare usernames, not strcmp(), since the
13306: latter checks for "#uid".
13307: [fcbe4b859f66]
13308:
13309: * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
13310: Cache passwd db entries in 2 reb-black trees; one indexed by uid,
13311: the other by user name. The data returned from the cache should be
13312: considered read-only and is destroyed by sudo_endpwent().
13313: [ee2418ff3f86]
13314:
13315: * match.c:
13316: add cast to uid_t
13317: [eb6415302d84]
13318:
13319: * gram.y:
13320: missing free in alias_destroy
13321: [572ecb680ad8]
13322:
13323: * redblack.c:
13324: Can't use rbapply() for rbdestroy since the destructor is passed a
13325: data pointer, not a node pointer.
13326: [11ce713830c0]
13327:
13328: * getspwuid.c, logging.c, sudo.c, sudo.h:
13329: Create and use private versions of setpwent() and endpwent() that
13330: set/end the shadow password file too.
13331: [616bc76d23bf]
13332:
13333: * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
13334: Store aliases in a red-black tree.
13335: [ce017d540416]
13336:
13337: * Makefile.in, redblack.c, redblack.h:
13338: red-black tree implementation
13339: [cd5586e8f48b]
13340:
13341: * visudo.c:
13342: Edit all sudoers file if there were unused or undefined aliases and
13343: we are in strict mode.
13344: [b6d5f5bb7262]
13345:
13346: 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
13347:
13348: * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
13349: find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
13350: Bring back the "secure_path" Defaults option now that Defaults take
13351: effect before the path is searched.
13352: [2e52c0e27606]
13353:
13354: 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
13355:
13356: * logging.c, parse.c:
13357: A user can always list their own entries, even with -u. Better error
13358: message when failing to list another user's entries.
13359: [e2e24deb0071]
13360:
13361: * parse.c, sudo.c, sudo.h:
13362: The syntax to list another user's entries is now "-u otheruser -l".
13363: Only root or users with sudo "ALL" may list other user's entries.
13364: [3c0657e8f5fe]
13365:
13366: * sudo.cat, sudo.man.in, sudo.pod:
13367: Update env variable info in SECURITY NOTES
13368: [299716071024]
13369:
13370: * env.c:
13371: strip CDPATH too
13372: [9b97643b26f9]
13373:
13374: * env.c:
13375: strip exported bash functions from the environment.
13376: [9e5090c8284f]
13377:
13378: 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
13379:
13380: * sudo.c:
13381: Only reset sudo_user.pw based on SUDO_USER environment variables for
13382: real commands and sudoedit. This avoids a confusing message when a
13383: user tries "sudo -l" or "sudo -v" and is denied.
13384: [3ea6d0053274]
13385:
13386: * gram.c, gram.y, parse.h:
13387: Extend LIST_APPEND to deal with appending lists too
13388: [d963e42f622f]
13389:
13390: 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
13391:
13392: * logging.c:
13393: Convert some bitwise AND to ISSET
13394: [130dc40d268e]
13395:
13396: * lex.yy.c, toke.c:
13397: toke.c replaces lex.yy.c
13398: [048858df79e7]
13399:
13400: * CHANGES, TODO:
13401: sync
13402: [d19e7abf251c]
13403:
13404: * BUGS:
13405: new parser fixes most of the outstanding bugs
13406: [0891f66e3758]
13407:
13408: * configure:
13409: regen
13410: [1a3358cc7283]
13411:
13412: * visudo.c:
13413: Rework for the new parser. Now checks for unused aliases in sudoers.
13414: [ad462ede3094]
13415:
13416: * testsudoers.c:
13417: Rewrite for the new parser. Now supports a -d flag (dump) and adds
13418: a -h flag (host). It now defaults to the local hostname unless
13419: otherwise specified.
13420: [1b69685cc601]
13421:
13422: * sudo.h:
13423: Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
13424: [2e4fb3abfef0]
13425:
13426: * sudo.c:
13427: Update for new parse. We now call find_path() *after* we have
13428: updated the global defaults based on sudoers. Also adds support for
13429: listing other user's privs if you are root.
13430: [cf3db9fc3024]
13431:
13432: * mon_systrace.c:
13433: Working LDAP support; also remove a now-unneeded rewind().
13434: [649ecf1baf6b]
13435:
13436: * logging.c, logging.h:
13437: Add NO_STDERR flag.
13438: [6cb935af94e0]
13439:
13440: * ldap.c:
13441: Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
13442: udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
13443: connecto to LDAP, apply the default options, find the command in the
13444: user's path, and then check whether the user is allowed to run it.
13445: The important thing here is that the default runas user may be
13446: specified as a default option and that needs to be set before we
13447: search for the command.
13448: [fc0426abc6f1]
13449:
13450: * ldap.c:
13451: Add casts to unsigned char for isspace() to quiet a gcc warning.
13452: [e5358e3df439]
13453:
13454: * defaults.h:
13455: Add prototype for update_defaults()
13456: [564dac3db74e]
13457:
13458: * defaults.c:
13459: Don't warn about line numbers now that we operate on a set of data
13460: structures (or LDAP) and not a file.
13461: [bcd9ffb9b67c]
13462:
13463: * config.h.in:
13464: No long use lsearch()
13465: [9d048c587319]
13466:
13467: * Makefile.in:
13468: Update for new and changed file names.
13469: [6f424a7c4515]
13470:
13471: * LICENSE:
13472: no more BSD lsearch.c
13473: [463a96d89026]
13474:
13475: * match.c:
13476: foo_matches() routines now live in match.c Added user_matches(),
13477: runas_matches(), host_matches(), cmnd_matches() and alias_matches()
13478: that operate on the parsed sudoers file.
13479: [b14da8a0567e]
13480:
13481: * parse.lex, toke.l:
13482: Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
13483: WORD no longer needs to exclude '@' kill yywrap()
13484: [a922294eb7b7]
13485:
13486: * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
13487: sudo.tab.h:
13488: Rewritten parser that converts sudoers into a set of data
13489: structures. This eliminates ordering issues and makes it possible to
13490: apply sudoers Defaults entries before searching for the command.
13491: [30d2ec4d203c]
13492:
13493: * configure.in, emul/search.h, lsearch.c:
13494: We won't be using lsearch() any longer.
13495: [29c4d54bfac0]
13496:
13497: * ldap.c:
13498: sudo should not send mail if someone who runs 'sudo -l' has no
13499: entry.
13500: [6fc27a69fd9c]
13501:
13502: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13503: visudo.man.in:
13504: regen
13505: [8166347917f3]
13506:
13507: * visudo.pod:
13508: Update warnings to match new visudo
13509: [004c0766798f]
13510:
13511: * sudoers.pod:
13512: The new parser doesn't have the old ordering constraints.
13513: [ffd43bd08661]
13514:
13515: * sudo.pod:
13516: Document that -l now takes an optional username argument
13517: [278f9557de8b]
13518:
13519: 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
13520:
13521: * RUNSON:
13522: AIX 5.2.0.0 works
13523: [523acd29d858]
13524:
13525: * ldap.c:
13526: If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
13527: a compilation problem with Solaris 9's native LDAP.
13528:
13529: Set FLAG_MONITOR when needed.
13530: [35824ade672d]
13531:
13532: 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
13533:
13534: * mon_systrace.c:
13535: Call sudo_goodpath() *after* changing the cwd to match the traced
13536: process. Fixes relative paths.
13537: [12ee111d0ad7]
13538:
13539: 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
13540:
13541: * testsudoers.c:
13542: Kill set_perms() stub--it is no longer needed.
13543: [116ed702935d]
13544:
13545: 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
13546:
13547: * sudoers.cat, sudoers.man.in, sudoers.pod:
13548: stay_setuid now requires set_reuid() or setresuid()
13549: [8511f67e25d5]
13550:
13551: * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
13552: configure.in, set_perms.c, sudo.c, sudo.h:
13553: Kill use of POSIX saved uids; they aren't worth bothering with.
13554: [b3b1f19f18c1]
13555:
13556: 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
13557:
13558: * glob.c:
13559: remove call to issetugid()
13560: [63f2e492c08f]
13561:
13562: * sudoers.cat, sudoers.man.in, sudoers.pod:
13563: Remove warning about wildcards. Now that we use glob() the bug is
13564: fixed.
13565: [b15729d32266]
13566:
13567: * parse.c:
13568: Use glob(3) instead of fnmatch(3) for matching pathnames and stat
13569: each result that matches the basename of the user's command. This
13570: makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
13571: /usr/bin/blah. Fixes bug #143.
13572: [e31eb6310340]
13573:
13574: * config.h.in, configure, configure.in:
13575: Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
13576: GLOB_BRACE)
13577: [677ed6661e17]
13578:
13579: * config.h.in, configure, configure.in:
13580: Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
13581: [aaa2329dd266]
13582:
13583: * LICENSE:
13584: reference glob
13585: [bedc9a923423]
13586:
13587: * glob.c:
13588: 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
13589: removed.
13590: [81799451473c]
13591:
13592: * emul/glob.h:
13593: 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
13594: removed.
13595: [0335cf31fb1e]
13596:
13597: 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
13598:
13599: * mon_systrace.c:
13600: Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
13601: means we are out of space in the stack gap...
13602: [5b02b702021e]
13603:
13604: * CHANGES:
13605: sync
13606: [be3826273e56]
13607:
13608: * mon_systrace.c:
13609: Take a stab at ldap sudoers support here.
13610: [9d023695b0de]
13611:
13612: * mon_systrace.c, mon_systrace.h:
13613: Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
13614: doesn't cause reboot to inadvertanly kill itself.
13615: [d4aab2365610]
13616:
13617: * mon_systrace.c:
13618: put "monitor" in the proctitle, not "systrace"
13619: [9a9025767d86]
13620:
13621: * mon_systrace.c:
13622: When modifying the environment, don't replace envp when we can get
13623: away with just rewriting pointers in the traced process.
13624: [c03622f7a2e2]
13625:
13626: * mon_systrace.c, mon_systrace.h:
13627: Add environment updating via STRIOCINJECT (if available).
13628: [037291016870]
13629:
13630: * sudoers.cat, sudoers.man.in:
13631: regen
13632: [869acc511046]
13633:
13634: 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
13635:
13636: * lex.yy.c:
13637: regen
13638: [4e61a9bd3c97]
13639:
13640: * parse.lex:
13641: Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
13642: [b70d7bd6e147]
13643:
13644: * mon_systrace.c:
13645: Include file is now mon_systrace.h
13646: [ead4e36d92ae]
13647:
13648: * Makefile.in, configure, configure.in, def_data.c, def_data.h,
13649: def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
13650: sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
13651: No longer call it tracing, it is now "monitoring" which should be
13652: more a obvious name to non-hackers.
13653: [aa811ded0789]
13654:
13655: 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
13656:
13657: * mon_systrace.c, mon_systrace.h:
13658: Fix some XXX
13659: [a271072dacc6]
13660:
13661: * mon_systrace.c, mon_systrace.h:
13662: No need to include syscall.h, use 1024 as the max # of entries (the
13663: max that systrace(4) allows).
13664:
13665: Only need to use SYSTR_POLICY_ASSIGN once
13666:
13667: Change check_syscall() -> find_handler() and have it return the
13668: handler instead of just running it. We need this since handler now
13669: have two parts: one part that generates and answer and another that
13670: gets called after the answer is accepted (to do logging).
13671:
13672: Add some missing check_exec for emul execv
13673: [a89d243f0525]
13674:
13675: * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
13676: Add $Sudo$ tags.
13677: [6f3fedb0daba]
13678:
13679: * config.h.in:
13680: Add missing HAVE_LINUX_SYSTRACE_H
13681: [ff75ab7bfc53]
13682:
13683: * Makefile.in:
13684: add trace_systrace.o dependency
13685: [88a408668ab2]
13686:
13687: 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
13688:
13689: * configure, configure.in:
13690: Also look for systrace.h in /usr/include/linux
13691: [98b98b436cf3]
13692:
13693: * mon_systrace.c, mon_systrace.h:
13694: Move all struct defs and prototypes into trace_systrace.h and mark
13695: all but systace_attach() static.
13696: [85511253b570]
13697:
13698: * mon_systrace.c, mon_systrace.h:
13699: Add support for tracing emulations. At the moment, all emulations
13700: are compiled in. It might make sense to #ifdef them in the future,
13701: though this impeeds readability.
13702: [87bb50abf277]
13703:
13704: * Makefile.in, configure, configure.in:
13705: rename systrace.c -> trace_systrace.c
13706: [31cfa4407d93]
13707:
13708: * parse.yacc, sudo.tab.c:
13709: Allow this to build with a K&R compiler again
13710: [32876af5bb98]
13711:
13712: * TODO:
13713: sync
13714: [46865bd70f7c]
13715:
13716: * compat.h, sudo.c, visudo.c:
13717: Use __attribute__((__noreturn__))
13718: [65bbad71fe89]
13719:
13720: * visudo.c:
13721: Exit() takes a negative value to indicate it was not called via
13722: signal.
13723: [b93032ed7b60]
13724:
13725: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13726: visudo.man.in:
13727: regen
13728: [45bcf4661558]
13729:
13730: * Makefile.in, visudo.c:
13731: Define Err() and Errx() that are like err() and errx() but call
13732: Exit() instead of exit(). Build private copy of alloc.o for visudo
13733: that calls Err() and Errx().
13734: [c6d02bf42edd]
13735:
13736: 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
13737:
13738: * lex.yy.c, sudo.tab.c:
13739: regen
13740: [39de7e7c59da]
13741:
13742: * CHANGES:
13743: sync
13744: [ba481d9ed1aa]
13745:
13746: * visudo.c:
13747: Overhaul visudo for editing multiple files: o visudo has been
13748: broken out into functions (more work needed here) o each file is
13749: now edited before sudoers is re-parsed o if a #include line is
13750: added that file will be edited too
13751:
13752: TODO: o cleanup temp files when exiting via err() or errx() o
13753: continue breaking things out into separate functions
13754: [80c35cf534eb]
13755:
13756: * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
13757: Add keepopen arg to open_sudoers that open_sudoers can use to
13758: indicate to the caller that the fd should not be closed when it is
13759: done with it. To be used by visudo to keep locked fds from being
13760: closed prematurely (and thus losing the lock).
13761: [f330fe632470]
13762:
13763: * parse.yacc, sudo.c:
13764: Add errorfile global that contains the name of the file that caused
13765: the error.
13766: [98079c7a37ed]
13767:
13768: * parse.lex:
13769: return COMMENT to yacc grammar for a #include line
13770: [2024a8de4fa8]
13771:
13772: * parse.lex:
13773: Remove us of unput() in favor of yyless() which is cheaper.
13774: [c61291902beb]
13775:
13776: * parse.yacc:
13777: Allow an empty sudoers file.
13778: [62fb111db2e7]
13779:
13780: 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
13781:
13782: * mon_systrace.c:
13783: Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
13784: [9e15869ef597]
13785:
13786: * lex.yy.c, sudo.tab.c:
13787: regen
13788: [c29bdd43bfad]
13789:
13790: * visudo.c:
13791: Do signal setup before calling edit_sudoers(). Don't shadow the
13792: "quiet" global.
13793: [74252efd09ff]
13794:
13795: * visudo.c:
13796: If a sudoers file includes other files, edit those too. Does not yes
13797: deal with creating the new includes files itself.
13798: [06af7b9c173f]
13799:
13800: * testsudoers.c:
13801: init_parser now takes a path
13802: [b5ee186eb192]
13803:
13804: * parse.c, parse.h, parse.lex, parse.yacc:
13805: More scaffolding for dealing with multiple sudoers files: o
13806: init_parser() now takes a path used to populate the sudoers global
13807: o the sudoers global is used to print the correct file in yyerror()
13808: o when switching to a new sudoers file, perserve old file name and
13809: line number
13810: [d9be4970b8bd]
13811:
13812: * Makefile.in, pathnames.h.in:
13813: Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
13814: multiple sudoers files.
13815: [6ccc4e921c43]
13816:
13817: * parse.c, sudo.c:
13818: Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
13819: we start at the right file position when reading include files.
13820: [91fcb961e7a4]
13821:
13822: * sudoers.pod:
13823: document #include
13824: [fbb92a25a726]
13825:
13826: * lex.yy.c:
13827: regen
13828: [50cd7a4c9dff]
13829:
13830: * parse.lex:
13831: Add max depth of 128 for the include stack to avoid loops.
13832:
13833: Since yyerror() doesn't stop parsing, pass return values back to
13834: yylex and call yyterminate() on error.
13835: [e79dbffb729d]
13836:
13837: 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
13838:
13839: * sudoers.pod:
13840: document tracing
13841: [165a467eadd8]
13842:
13843: * sudo.pod:
13844: Mention PREVENTING SHELL ESCAPES section of sudoers man page
13845: [3217ccecd834]
13846:
13847: * lex.yy.c, sudo.tab.c:
13848: regen
13849: [fbd58d1d3a76]
13850:
13851: * parse.lex:
13852: Add support for #include in sudoers (visudo support TBD)
13853: [a78015ca81af]
13854:
13855: * parse.yacc:
13856: make yyerror()'s argument const
13857: [7d8e168c019a]
13858:
13859: * testsudoers.c, visudo.c:
13860: Add open_sudoers() stubs.
13861: [087466787198]
13862:
13863: * sudo.c, sudo.h:
13864: Rename check_sudoers() open_sudoers() and make it return a FILE *
13865: [142fc511fc65]
13866:
13867: 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
13868:
13869: * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
13870: version.h:
13871: Crank version
13872: [1adc3f839480]
13873:
13874: * Makefile.in, sudo.psf:
13875: Better HP-UX depot construction
13876: [2d952b000e63]
13877:
13878: 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
13879:
13880: * mon_systrace.c:
13881: o Made children global so check_exec() can lookup a child. o
13882: Replaced uid in struct childinfo with struct passwd * (for runas) o
13883: new_child() now takes a parent pid so the runas info can be
13884: inherited o Added find_child() to lookup a child by its pid o
13885: update_child() now fills in a struct passwd o Converted the big
13886: if/else mess in set_policy to a switch o Syscalls that change uid
13887: are now "ask" so we get SYSTR_MSG_UGID events
13888: [29b9ea3f09a3]
13889:
13890: * getspwuid.c:
13891: Add flag to sudo_pwdup that indicates whether or not to lookup the
13892: shadow password. Will be used to a struct passwd that has the
13893: shadow password already filled in.
13894: [e19d43dd7238]
13895:
13896: * mon_systrace.c:
13897: add missing increment of addr in read_string()
13898: [f9eb0f060cb6]
13899:
13900: * mon_systrace.c:
13901: Remove bogus call to update_child() and some cosmetic fixes
13902: [701ab0b97fef]
13903:
13904: * mon_systrace.c:
13905: Don't leak /dev/systrace fd to tracee Make initialized global for
13906: simplicity If STRIOCATTACH returns EBUSY we are already being traced
13907: Check for user_args == NULL in setproctitle() call Add missing calls
13908: to STRIOCANSWER
13909: [1956edf9bc3a]
13910:
13911: * sudo.c:
13912: g/c sudo_pwdup proto
13913: [b7c4d6249ecb]
13914:
13915: * Makefile.in, sudo.psf:
13916: Add target for building a depot file
13917: [357019efd99b]
13918:
13919: * mon_systrace.c:
13920: trim includes
13921: [501534428471]
13922:
13923: 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
13924:
13925: * lex.yy.c, sudo.tab.c, sudo.tab.h:
13926: regen
13927: [52fd250c6986]
13928:
13929: * INSTALL:
13930: document --with-systrace
13931: [79623927c94e]
13932:
13933: * config.h.in, configure, configure.in:
13934: Add check for setproctitle
13935: [1730cf1c26ed]
13936:
13937: * mon_systrace.c:
13938: pass struct str_msg_ask in to syscall checker so it can set the
13939: error code
13940: [1703fd2fdef6]
13941:
13942: * mon_systrace.c:
13943: systrace(4) support for sudo. On systems with the systrace(4)
13944: kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
13945: intercept exec calls and check the exec args against the sudoers
13946: file. In other words, sudo can now control subcommands and shell
13947: escapes.
13948: [928c9217c386]
13949:
13950: * sudo.c, sudo.h:
13951: Call systrace_attach() if FLAG_TRACE is set.
13952: [014ba9402fa5]
13953:
13954: * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
13955: Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
13956: [a99904db5e56]
13957:
13958: * parse.c, sudo.c:
13959: Don't close sudoers_fp, keep it open and set close on exec flag
13960: instead.
13961: [43a9fec60bee]
13962:
13963: * def_data.c, def_data.h, def_data.in:
13964: Add trace option
13965: [5b643b86730a]
13966:
13967: * Makefile.in:
13968: Add systrace
13969: [47a0519c427c]
13970:
13971: * INSTALL:
13972: SunOS /bin/sh blows up with configure
13973: [005a23cc5615]
13974:
13975: * configure, configure.in:
13976: Include sys/param.h before systrace.h
13977: [9345bc8efecf]
13978:
13979: * configure:
13980: regen
13981: [a8f53fcbb254]
13982:
13983: * pathnames.h.in:
13984: _PATH_DEV_SYSTRACE
13985: [d2ad1e492a00]
13986:
13987: * configure.in:
13988: line up options in --help
13989: [fa51f2821d09]
13990:
13991: * config.h.in, configure.in:
13992: Add --with-systrace
13993: [a264d54bc413]
13994:
13995: 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
13996:
13997: * configure:
13998: regen
13999: [a4dad0bcc523]
14000:
14001: * aclocal.m4, configure.in:
14002: make this work with autoconf-2.59
14003: [c4a92b6a684a]
14004:
14005: 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
14006:
14007: * sudo_edit.c:
14008: Simplify logic around open & stat of files and do sanity on edited
14009: file even if we lack fstat (still racable but worth doing).
14010: [adda65ade70c]
14011:
14012: 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
14013:
14014: * HISTORY:
14015: Add support url
14016: [bf6590fbde9f]
14017:
14018: * Makefile.in:
14019: versino 1.6.8p1
14020: [b84ebfaf1552] [SUDO_1_6_8p1]
14021:
14022: * CHANGES:
14023: more changes for 1.6.8p1
14024: [e23a9c0393b6]
14025:
14026: * version.h:
14027: 1.6.8p1
14028: [872f14504b5f]
14029:
14030: * CHANGES, sudo_edit.c:
14031: Add sanity check so we don't try to edit something other than a
14032: regular file.
14033: [350134ec6d4e]
14034:
14035: 2004-09-15 Aaron Spangler <aaron777@gmail.com>
14036:
14037: * CHANGES:
14038: sync
14039: [3091ca9eae00]
14040:
14041: * INSTALL:
14042: document --with-ldap-conf-file
14043: [0e2cd6b896f1]
14044:
14045: 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
14046:
14047: * CHANGES, ins_csops.h:
14048: political correctness strikes again
14049: [428e8bc77f55]
14050:
14051: * RUNSON:
14052: sync
14053: [27f44bd423dc]
14054:
14055: 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
14056:
14057: * Makefile.binary.in, Makefile.in:
14058: Install sudoedit man link
14059: [19a55234fc1f]
14060:
14061: * INSTALL:
14062: Update PAM note and mention where HP-UX users can download gcc
14063: binaries.
14064: [d37cdbbabfd4]
14065:
14066: * Makefile.in:
14067: libtool wants to install stuff from .libs so fake one up for binary
14068: installations.
14069: [a681bc6fcfba]
14070:
14071: * Makefile.binary.in:
14072: rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
14073: [3e0c4b3372cc]
14074:
14075: * Makefile.in:
14076: Deal with "uname -m" having slashes in it rm -f old sudoedit link
14077: instead of using ln -f
14078: [cff33fb97e5b]
14079:
14080: * Makefile.binary, Makefile.binary.in:
14081: Makefile.binary -> Makefile.binary.in for config.status substitution
14082: Add support for installing noexec bits
14083: [37d8bb3483c6]
14084:
14085: * Makefile.in:
14086: Copy noexec bits into binary dists too No longer use my old arch
14087: script for making binary dists
14088: [e7058bab9e33]
14089:
14090: * Makefile.binary:
14091: Install sudoedit link.
14092: [417d1e101711]
14093:
14094: 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
14095:
14096: * emul/utime.h:
14097: avoid __P so there is no need for compat.h to be included
14098: [6d8d1f1abf7d]
14099:
14100: * utimes.c:
14101: Don't use HAVE_UTIME_H before including config.h.
14102: [013b7bb61181]
14103:
14104: 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
14105:
14106: * compat.h:
14107: Fix Solatis futimes macro
14108: [d4eda2ca0d29]
14109:
14110: 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
14111:
14112: * sudo_edit.c:
14113: Rename ots -> omtim for improved readability.
14114: [127ca5bb297c]
14115:
14116: 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
14117:
14118: * sudo_edit.c:
14119: Redo changes in revision 1.7. Don't really need to keep the temp
14120: file open; re-opening it with the invoking user's euid is
14121: sufficient.
14122: [55a883165a95]
14123:
14124: * CHANGES:
14125: sync
14126: [9015b291170d]
14127:
14128: * sudo.cat, sudo.man.in:
14129: regen
14130: [c0313f6ed783]
14131:
14132: * sudo.pod:
14133: back out revision 1.70; it is no long applicable
14134: [b641d503aff6]
14135:
14136: * env.c:
14137: Let the loader initialize nep
14138: [bec192139b02]
14139:
14140: * config.h.in, configure, configure.in:
14141: Removed unneed check for fchown Add check for gettimeofday Move
14142: autoheader template stuff into separate AH_TEMPLATE lines
14143: [bfc0edbd43f2]
14144:
14145: * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
14146: Use timespec throughout.
14147: [1a178a23b69b]
14148:
14149: * Makefile.in:
14150: gettime.[co]
14151: [6aeb48a7ab7f]
14152:
14153: * gettime.c:
14154: function to return the current time in a struct timespec
14155: [bf8eb12cb63f]
14156:
14157: * utimes.c:
14158: Not a darpa-sponsored file.
14159: [121ce5e2036c]
14160:
14161: 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
14162:
14163: * compat.h, config.h.in, configure, configure.in:
14164: Add a check for struct timespec and provide it for those without.
14165: [42124055030d]
14166:
14167: * config.h.in, configure, configure.in, sudo_edit.c:
14168: Add checks for st_mtim and st_mtimespec and add macros for pulling
14169: the mtime sec and nsec out of struct stat. These are used in
14170: sudo_edit() to better tell whether or not the file has changed.
14171: [23debfbb3fab]
14172:
14173: * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
14174: Add an extra param to touch() for nsec
14175: [56f7a4ba8ddb]
14176:
14177: * sudo_edit.c:
14178: Call mkstemp() as the in invoking user so we don't have to chown the
14179: file later. Only touch() the temp file if we can do it via the file
14180: descriptor. Don't check for modification of the temp file if we lack
14181: fstat(). Catch errors read()ing the temp file.
14182: [665f52c70836]
14183:
14184: * fileops.c:
14185: If path is NULL and fd == -1 return -1.
14186: [757a518a824c]
14187:
14188: * sudo_edit.c:
14189: closefrom() is overkill, the only extra fds are the ones we opened
14190: so just close those in the child.
14191: [f361c9d2a1f4]
14192:
14193: * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
14194: configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
14195: visudo.c:
14196: Use utimes() and futimes() instead of utime() in touch(), emulating
14197: as needed. Not all systems are able to support setting the times of
14198: an fd so touch() takes both an fd and a file name as arguments.
14199: [3d9276f29717]
14200:
14201: 2004-09-07 Aaron Spangler <aaron777@gmail.com>
14202:
14203: * env.c:
14204: Rare SEGV
14205: [8995f828782d]
14206:
14207: 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
14208:
14209: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
14210: visudo.man.in:
14211: regen
14212: [b8e9406711c5]
14213:
14214: * sudo.pod, sudoers.pod, visudo.pod:
14215: Add SUPPORT section and re-order some of the sections to match the
14216: order we use in OpenBSD.
14217: [fa37bd917e2c]
14218:
14219: 2004-09-06 Aaron Spangler <aaron777@gmail.com>
14220:
14221: * env.c:
14222: Openldap ~/.ldaprc fix
14223: [1a37afe6850f]
14224:
14225: 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
14226:
14227: * sudo.pod:
14228: Talk about how the editor must write its changes to the original
14229: file and not just use rename(2).
14230: [c55ed91c5ee9]
14231:
14232: * CHANGES:
14233: sync
14234: [62af26bd37a2]
14235:
14236: * sudo_edit.c:
14237: Keep the temp file open instead of re-opening after the editor has
14238: exited.
14239: [de41eeb6dcf2]
14240:
14241: * sample.pam:
14242: Update for current redhat/fedora core.
14243: [8cf083077333]
14244:
14245: 2004-09-03 Aaron Spangler <aaron777@gmail.com>
14246:
14247: * README.LDAP:
14248: tls_ examples
14249: [ba783d88a034]
14250:
14251: 2004-09-02 Aaron Spangler <aaron777@gmail.com>
14252:
14253: * ldap.c:
14254: config tls_* options
14255: [0b0e0797b3b9]
14256:
14257: 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
14258:
14259: * configure, configure.in:
14260: No need for -lcrypt when using pam.
14261: [41fff3a53e68]
14262:
14263: 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
14264:
14265: * configure:
14266: regen
14267: [75820aecce2c]
14268:
14269: 2004-08-27 Aaron Spangler <aaron777@gmail.com>
14270:
14271: * configure.in, ldap.c, pathnames.h.in:
14272: Allow --with-ldap-conf-file option to override LDAP_CONF
14273: [c9909bc484a5]
14274:
14275: * ldap.c:
14276: cleanup debug message
14277: [1f6ca4824d8d]
14278:
14279: 2004-08-26 Aaron Spangler <aaron777@gmail.com>
14280:
14281: * README.LDAP:
14282: more config info
14283: [f2e7147fd507]
14284:
14285: 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
14286:
14287: * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
14288: Add cmnd_base to struct sudo_user and set it in init_vars(). Add
14289: cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
14290: longer use gross statics in command_matches(). Also rename some
14291: variables for improved clarity.
14292: [7169a6c7bea4]
14293:
14294: 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
14295:
14296: * INSTALL:
14297: document HP's crippled compiler deficiency.
14298: [c405ea5a8d4c]
14299:
14300: * INSTALL:
14301: Fix some thinkos in --with-editor and --with-env-editor
14302: descriptions. Noticed by Norihiko Murase.
14303: [dd781de1c985]
14304:
14305: * configure, configure.in:
14306: --with-noexec takes an optional PATH argument.
14307: [8f6ab77f22cc]
14308:
14309: * INSTALL:
14310: document --with-noexec
14311: [50cb1fc627ce]
14312:
14313: 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
14314:
14315: * RUNSON, TODO:
14316: sync
14317: [f2503bd13373] [SUDO_1_6_8]
14318:
14319: * sudo_edit.c:
14320: Better warning message when sudoedit is unable to write to the
14321: destination file.
14322: [f78c18f2ffa8]
14323:
14324: * sudo.cat, sudo.man.in:
14325: regen
14326: [7e2bf63d6d9a]
14327:
14328: * sudo.pod:
14329: Don't italicize the string "sudoedit"
14330: [c691643bd269]
14331:
14332: 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
14333:
14334: * HISTORY:
14335: Mention GratiSoft.
14336: [dc53de581b2d]
14337:
14338: 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
14339:
14340: * sudo.tab.c:
14341: regen
14342: [8ae0484dfc38]
14343:
14344: * parse.yacc:
14345: Reset used_runas to FALSE when re-intializing the parser.
14346: [b7403f353a02]
14347:
14348: 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
14349:
14350: * config.guess:
14351: Correct OpenBSD mips support
14352: [314fc7afc165]
14353:
14354: * config.guess:
14355: Add OpenBSD/mips
14356: [ac87d0a773ef]
14357:
14358: 2004-08-07 Aaron Spangler <aaron777@gmail.com>
14359:
14360: * README.LDAP:
14361: More behavior notes
14362: [13be1d212b47]
14363:
14364: * README.LDAP:
14365: Updates on current behavior
14366: [d498a8866d6f]
14367:
14368: 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
14369:
14370: * sudoers.pod:
14371: =back does not take an indentlevel (makes no difference to formatted
14372: files).
14373: [9c8523bb382a]
14374:
14375: * sudo.pod:
14376: =back does not take an indentlevel (makes no difference to formatted
14377: files).
14378: [e5f479e24fa8]
14379:
14380: * CHANGES:
14381: new
14382: [2dbd9aba8b33]
14383:
14384: * sudo.c:
14385: Consistency. Use same error for bad -u #uid when targetpw is set as
14386: we do when a bad -u username is specified.
14387: [922961c4a9d6]
14388:
14389: * TODO:
14390: Add checksum idea from Steve Mancini
14391: [e6ece1b766ba]
14392:
14393: * sudoers.cat, sudoers.man.in:
14394: regen
14395: [370d2317829f]
14396:
14397: * sudo.cat, sudo.man.in:
14398: regen
14399: [f93d41fc38b1]
14400:
14401: * sudo.pod, sudoers.pod:
14402: Document the restriction on uids specified via -u when targetpw is
14403: set.
14404: [878fedb455db]
14405:
14406: * sudo.c:
14407: Error out when targetpw is enabled and sudo is run with -u #uid but
14408: #uid does not exist in the passwd database. We can't do target
14409: authentication when the target is not in passwd!
14410: [27c5888c86eb]
14411:
14412: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
14413: regen
14414: [ceb65711050c]
14415:
14416: * TODO:
14417: Some more todo for the next release.
14418: [7b7417be7601]
14419:
14420: * INSTALL:
14421: Make it clear that PAM should be used for DCE support when possible.
14422: [7502029fd385]
14423:
14424: * sudoers.pod:
14425: o Document problems with wildcards and relative paths. o Make the
14426: order requirements more prominent. o Change a "set" to "reset" for
14427: clarity.
14428: [bacdd181b33f]
14429:
14430: 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
14431:
14432: * sudo.pod:
14433: Mention --with-secure-path, not SECURE_PATH.
14434: [41283ddde5e1]
14435:
14436: 2004-08-03 Aaron Spangler <aaron777@gmail.com>
14437:
14438: * ldap.c:
14439: reflect changes to parse.c
14440: [8880fe9b724d]
14441:
14442: 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
14443:
14444: * sudo.tab.c:
14445: regen
14446: [a57658ca9177]
14447:
14448: * parse.c, parse.h, testsudoers.c, visudo.c:
14449: Don't pass user_cmnd and user_args to command_matches(), just use
14450: the globals there. Since we keep state with statics anyway it is
14451: misleading to pretend that passing in different cmnd and cmnd_args
14452: will work.
14453: [0a2544991fd6]
14454:
14455: * parse.yacc:
14456: Don't pass user_cmnd and user_args to command_matches(), just use
14457: the globals there. Since we keep state with statics anyway it is
14458: misleading to pretend that passing in different cmnd and cmnd_args
14459: will work.
14460: [a4910bf6032b]
14461:
14462: * parse.c:
14463: Fix a bug introduced in rev. 1.149. When checking for pseudo-
14464: commands check for a '/' anywhere in cmnd, not just the first
14465: character.
14466: [ce98142f03ca]
14467:
14468: 2004-07-31 Aaron Spangler <aaron777@gmail.com>
14469:
14470: * sudo.man.in, sudo.pod:
14471: Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
14472: [a91800e094b1]
14473:
14474: * sudoers.man.in, sudoers.pod:
14475: Add ignore_local_sudoers
14476: [741ddcbf7083]
14477:
14478: * README.LDAP:
14479: Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
14480: janth@moldung.no
14481: [742c02e07cd9]
14482:
14483: 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
14484:
14485: * CHANGES:
14486: typo
14487: [e7cdefbd7a9a]
14488:
14489: 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
14490:
14491: * CHANGES:
14492: sync
14493: [734dafc4a85e]
14494:
14495: * parse.c:
14496: Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
14497: PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
14498: [151b7f593568]
14499:
14500: 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
14501:
14502: * CHANGES:
14503: PAM change
14504: [d8fb6d6a22d0]
14505:
14506: 2004-07-08 Aaron Spangler <aaron777@gmail.com>
14507:
14508: * ldap.c:
14509: Better debugging of ALL command
14510: [9db3e84029dc]
14511:
14512: 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
14513:
14514: * parse.c:
14515: When matching for "sudoedit" in sudoers check both the command the
14516: user typed *and* the command that is listed in the sudoers entry.
14517: [f36ca1f94095]
14518:
14519: 2004-07-04 Aaron Spangler <aaron777@gmail.com>
14520:
14521: * ldap.c:
14522: Added !command feature
14523: [ed539574611b]
14524:
14525: 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
14526:
14527: * auth/pam.c:
14528: Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
14529: [2be8e0e8813a]
14530:
14531: 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
14532:
14533: * LICENSE:
14534: License is ISC-style, not BSD-style
14535: [ac0589e1dd5d]
14536:
14537: * CHANGES:
14538: sync
14539: [16058a30f404]
14540:
14541: 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
14542:
14543: * sudo.cat, sudo.man.in:
14544: regen
14545: [8820eb9c809b]
14546:
14547: * sudo.pod:
14548: o Update some out of date bits to reality o Change the shell promt
14549: in examples to bourne-shell style o Clarify some details o Add a
14550: CAVEAT about "sudo cd /foo"
14551: [b0af373214b6]
14552:
14553: * check.c:
14554: Don't ask for a password if invoking user == target user.
14555: [dd5c96141132]
14556:
14557: * sudo.c:
14558: typo in comment
14559: [278d20f9b249]
14560:
14561: 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
14562:
14563: * sudoers.cat, sudoers.man.in:
14564: regen
14565: [9036c6f39eff]
14566:
14567: * sudoers.pod:
14568: Expand on NOEXEC a little.
14569: [9a13756aebe4]
14570:
14571: * TODO:
14572: sync
14573: [8d2c1af48de8]
14574:
14575: * visudo.cat, visudo.man.in:
14576: regen
14577: [3921f01607c8]
14578:
14579: * sudo.tab.c:
14580: regen
14581: [9338c3d68250]
14582:
14583: * visudo.pod:
14584: Add a check in visudo for runas_default being set after it has
14585: already been used.
14586: [6700358d7ad8]
14587:
14588: * CHANGES, parse.yacc, visudo.c:
14589: Add a check in visudo for runas_default being set after it has
14590: already been used.
14591: [803560986a8a]
14592:
14593: * sudo.tab.c:
14594: regen
14595: [b60636e2cf63]
14596:
14597: * parse.yacc:
14598: Add a MATCHED macro for testing whether foo_matches has been set to
14599: TRUE or FALSE. This is more readable than checking for >=0 or < 0.
14600: Doesn't change the actual code generated.
14601: [f376da8ccdc8]
14602:
14603: 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
14604:
14605: * sudoers.cat:
14606: regen
14607: [6cceb6d6c9bd]
14608:
14609: * sudoers.man.in:
14610: regen
14611: [5acd12b730b3]
14612:
14613: * sudoers.pod:
14614: Correct description of where Defaults specs should go.
14615: [6b11ff53d7ad]
14616:
14617: * sudoers:
14618: Correct description of where Defaults specs should go.
14619: [868db857630d]
14620:
14621: * testsudoers.c, visudo.c:
14622: update (c) year
14623: [272c8a53604c]
14624:
14625: * logging.h:
14626: update (c) year
14627: [3cec76d400ce]
14628:
14629: * ldap.c:
14630: update (c) year
14631: [f264632488a0]
14632:
14633: * find_path.c:
14634: update (c) year
14635: [40c227af9227]
14636:
14637: * auth/pam.c:
14638: update (c) year
14639: [87149e0eed50]
14640:
14641: * auth/bsdauth.c, auth/kerb5.c:
14642: update (c) year
14643: [d72eb434c068]
14644:
14645: 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
14646:
14647: * sudo.tab.c:
14648: regen
14649: [83408d9e9d2e]
14650:
14651: * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
14652: Remove trailing spaces, no actual code changes.
14653: [4c3bf2819293]
14654:
14655: * tgetpass.c:
14656: Remove trailing spaces, no actual code changes.
14657: [96f6e0a24c26]
14658:
14659: * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
14660: Remove trailing spaces, no actual code changes.
14661: [c7075d1cbed5]
14662:
14663: * getcwd.c:
14664: Remove trailing spaces, no actual code changes.
14665: [776cc0374547]
14666:
14667: * find_path.c:
14668: Remove trailing spaces, no actual code changes.
14669: [7ed7099f3c71]
14670:
14671: * compat.h, defaults.c, env.c:
14672: Remove trailing spaces, no actual code changes.
14673: [893e83c33795]
14674:
14675: * check.c:
14676: Remove trailing spaces, no actual code changes.
14677: [f77750f8803b]
14678:
14679: * sudo.tab.c:
14680: regen
14681: [62e0ed883b31]
14682:
14683: * parse.yacc:
14684: Fix a >=0 that should be <0 that was improperly converted when
14685: UNSPEC was added.
14686: [ad1531a55a49]
14687:
14688: * parse.yacc:
14689: Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
14690: NOMATCH when resetting it.
14691: [ae017a12870a]
14692:
14693: * parse.yacc:
14694: Fix pastos introduced in SETNMATCH addition.
14695: [6ea1c9d80681]
14696:
14697: 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
14698:
14699: * README.LDAP:
14700: Update for configure changes
14701: [637a635da287]
14702:
14703: * sudo.tab.c:
14704: regen
14705: [4753c2788713]
14706:
14707: * sudo.h:
14708: Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
14709: these in parse.yacc. Also in parse.yacc initialize the *_matches
14710: vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
14711: when setting *_matches to a value that may be
14712: NOMATCH/UNSPEC/TRUE/FALSE.
14713: [2ba622e15a4d]
14714:
14715: * parse.yacc:
14716: Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
14717: these in parse.yacc. Also in parse.yacc initialize the *_matches
14718: vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
14719: when setting *_matches to a value that may be
14720: NOMATCH/UNSPEC/TRUE/FALSE.
14721: [746b519e41a6]
14722:
14723: * parse.yacc:
14724: Initialize runas to -2, not -1 since we need to be able to
14725: distinguish between the initialized value and the value of a non-
14726: match when passing along the runas value to multiple commands.
14727:
14728: The result of this is that an unmatched runas is now set to -1, not
14729: 0. This is required now that parse.c treats a FALSE value for runas
14730: as being explicitly denied.
14731: [7791ed3621f6]
14732:
14733: 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
14734:
14735: * sudo.c, visudo.c:
14736: Error out if argc < 1.
14737: [ce6b2a9eda3c]
14738:
14739: * getprogname.c:
14740: Error out if argc < 1.
14741: [c566cce8dc78]
14742:
14743: * configure, configure.in:
14744: Add tests for what libs we need to link with for ldap and for
14745: whether or not lber.h needs to be explicitly included.
14746: [b2e9729cc4e7]
14747:
14748: 2004-06-03 Aaron Spangler <aaron777@gmail.com>
14749:
14750: * ldap.c:
14751: Solaris native LDAP build fix
14752: [39929e40eb11]
14753:
14754: 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
14755:
14756: * ldap.c:
14757: Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
14758: unset variable.
14759: [6a4c20a66f98]
14760:
14761: * sudo.h:
14762: Add prototype for sudo_ldap_list_matches
14763: [443b007a8dab]
14764:
14765: * configure, configure.in:
14766: Better check for dirfd macro--we now set HAVE_DIRFD for the macro
14767: version too. Added check for dd_fd in `DIR' if no dirfd is found;
14768: this is now used to confitionally define the dirfd macro in
14769: compat.h.
14770: [567656978f7e]
14771:
14772: * config.h.in:
14773: Better check for dirfd macro--we now set HAVE_DIRFD for the macro
14774: version too. Added check for dd_fd in `DIR' if no dirfd is found;
14775: this is now used to confitionally define the dirfd macro in
14776: compat.h.
14777: [34eace4faec8]
14778:
14779: * compat.h:
14780: Better check for dirfd macro--we now set HAVE_DIRFD for the macro
14781: version too. Added check for dd_fd in `DIR' if no dirfd is found;
14782: this is now used to confitionally define the dirfd macro in
14783: compat.h.
14784: [8d50ff1bbf2a]
14785:
14786: * closefrom.c:
14787: Only check /proc/$$/fd if we have the dirfd function/macro.
14788: [15e3ccce7553]
14789:
14790: * compat.h, config.h.in, configure, configure.in:
14791: Add a check for a dirfd() function (like Linux) and add a dirfd
14792: macro in compat.h if there is no dirfd() function or macro.
14793: [1e95756edb50]
14794:
14795: * closefrom.c, getcwd.c:
14796: dirfd() is now defined in compat.h as needed.
14797: [bb1d79271188]
14798:
14799: * CHANGES:
14800: Clarify closefrom() note.
14801: [f4e4a5508dda]
14802:
14803: * parse.c:
14804: When checking for a command in the directory, only copy the base dir
14805: once.
14806: [7a3276808b87]
14807:
14808: * closefrom.c:
14809: If there is a /proc/$$/fd directory, behave like the Solaris
14810: closefrom() and only close the descriptors listed therein.
14811: [19de23779e84]
14812:
14813: * alloc.c:
14814: compat.h guarantees INT_MAX is defined.
14815: [1bf0c79d4606]
14816:
14817: * compat.h:
14818: Add definitions of OPEN_MAX and INT_MAX for those without it and
14819: remove definition of RLIM_INFINITY (now unused).
14820: [f827d1ebf96e]
14821:
14822: * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
14823: sudo.c, sudo.h, visudo.c:
14824: Use PATH_MAX, not MAXPATHLEN since the former is standardized.
14825: [59788f211c24]
14826:
14827: 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
14828:
14829: * CHANGES:
14830: sync
14831: [d32fa124f1ad]
14832:
14833: * RUNSON:
14834: Add some entries that were mailed in a while ago
14835: [ff8d5bfec54e]
14836:
14837: * closefrom.c:
14838: o sysconf returns a long, not an int. o check for negative return
14839: value from sysconf/getdtablesize and use OPEN_MAX in this case. o
14840: define OPEN_MAX to 256 for those without it (a fair guess...)
14841: [ccf81ae6deb2]
14842:
14843: 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
14844:
14845: * UPGRADE:
14846: Mention change in parse order for RunAs entries.
14847: [dc73b0bca617]
14848:
14849: * configure:
14850: regen
14851: [07cce8e0534e]
14852:
14853: 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
14854:
14855: * INSTALL, README.LDAP, config.h.in, configure.in:
14856: o --with-ldap now takes an optional dir as a parameter o added
14857: check for ldap_initialize() and start_tls_s()
14858: [2b846c7974c6]
14859:
14860: * README.LDAP:
14861: Fix some typos, word choice and formatting issues.
14862: [00dc8ca84b10]
14863:
14864: 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
14865:
14866: * tgetpass.c:
14867: Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
14868: read/write as it is simpler.
14869: [30f5446ee8b0]
14870:
14871: * configure, configure.in:
14872: Remove hack overriding cross-compiler check. It should no longer be
14873: needed.
14874: [22a6cbd88608]
14875:
14876: * compat.h:
14877: Remove select() compat bits since we no longer use select().
14878: [d7bbf7cd36f5]
14879:
14880: * CHANGES, tgetpass.c:
14881: Use alarm() instead of select() for the timeout for systems that
14882: don't fully/properly implement select().
14883: [d7cc60f15800]
14884:
14885: 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
14886:
14887: * CHANGES:
14888: synbc
14889: [132a39788e07]
14890:
14891: * RUNSON:
14892: update
14893: [61ef508380c6]
14894:
14895: * set_perms.c:
14896: Deal with systems that have no way of setting the effective uid such
14897: as nsr-tandem-nsk.
14898: [306e00e9b5a4]
14899:
14900: * configure, configure.in:
14901: Define NO_SAVED_IDS if we don't find seteuid()
14902: [8588f18345cf]
14903:
14904: * config.h.in, configure, configure.in:
14905: Add back check for setreuid() since NSK doesn't have it.
14906: [43127bd703d1]
14907:
14908: * sudoers.cat, sudoers.man.in:
14909: regen
14910: [af4f4b20e422]
14911:
14912: * CHANGES:
14913: sync
14914: [29ca3b699c24]
14915:
14916: * BUGS:
14917: sync
14918: [3593f17f72ed]
14919:
14920: * parse.c:
14921: In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
14922: explicitly denied and the command matched. This fixes a long-
14923: standing bug and makes: foo machine = (ALL) /usr/bin/blah
14924: foo machine = (!bar) /usr/bin/blah
14925:
14926: equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
14927: [2f5ee244985a]
14928:
14929: * sudoers.pod:
14930: Clarify mail_noperm
14931: [3238b2d41989]
14932:
14933: 2004-05-20 Aaron Spangler <aaron777@gmail.com>
14934:
14935: * Makefile.in:
14936: Missing DESTDIR in make install for sudo_noexec.la
14937: [91431e821525]
14938:
14939: 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
14940:
14941: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
14942: visudo.man.in:
14943: regen
14944: [cdfde0dcb556]
14945:
14946: * TODO:
14947: sync
14948: [4799b7d8b62c]
14949:
14950: * sudoers.pod:
14951: Remove fastboot/fasthalt (who still remembers these?) and add a
14952: minimal sudoedit example.
14953: [19d299f233cd]
14954:
14955: * sample.sudoers:
14956: Remove fastboot/fasthalt (who still remembers these?) and add a
14957: minimal sudoedit example.
14958: [b1bca73d6250]
14959:
14960: * UPGRADE, sudo.c, visudo.c:
14961: filesystem -> file system
14962: [1e1afaf30469]
14963:
14964: * TROUBLESHOOTING:
14965: filesystem -> file system
14966: [39fb594e9338]
14967:
14968: * CHANGES, INSTALL:
14969: filesystem -> file system
14970: [85948b608ffe]
14971:
14972: * sudo.pod, sudoers.pod:
14973: Fix some minor typos and formatting goofs
14974: [e94d243a0b90]
14975:
14976: * lex.yy.c:
14977: regen
14978: [2eed0ab1f4c4]
14979:
14980: * visudo.pod:
14981: remove my email addr
14982: [b63262c0389b]
14983:
14984: * sudo.pod, sudoers.pod, visudo.pod:
14985: Use @mansectform@ and @mansectsu@ everywhere Make man page
14986: references links with L<>
14987: [f459f4b9ddb9]
14988:
14989: * parse.lex:
14990: Accept quoted globbing characters and pass them verbatim for
14991: fnmatch()
14992: [8248b86e9380]
14993:
14994: * UPGRADE:
14995: Document that /tmp/.odus is gone.
14996: [3667b66af5bb]
14997:
14998: * pathnames.h.in:
14999: No longer use /tmp/.odus as a possible timestamp dir unless
15000: specifically configured to do so. Instead, if no /var/run exists,
15001: use /var/adm/sudo or /usr/adm/sudo.
15002: [48d94c9f9ad4]
15003:
15004: * configure:
15005: No longer use /tmp/.odus as a possible timestamp dir unless
15006: specifically configured to do so. Instead, if no /var/run exists,
15007: use /var/adm/sudo or /usr/adm/sudo.
15008: [058d7b8cf07b]
15009:
15010: * aclocal.m4:
15011: No longer use /tmp/.odus as a possible timestamp dir unless
15012: specifically configured to do so. Instead, if no /var/run exists,
15013: use /var/adm/sudo or /usr/adm/sudo.
15014: [cf52c4c2803f]
15015:
15016: * CHANGES:
15017: No longer use /tmp/.odus as a possible timestamp dir unless
15018: specifically configured to do so. Instead, if no /var/run exists,
15019: use /var/adm/sudo or /usr/adm/sudo.
15020: [6058c4cefcec]
15021:
15022: * set_perms.c, sudo.c, tgetpass.c, visudo.c:
15023: Preliminary changes to support nsr-tandem-nsk. Based on patches
15024: from Tom Bates.
15025: [2e5f81834383]
15026:
15027: * logging.c:
15028: Preliminary changes to support nsr-tandem-nsk. Based on patches
15029: from Tom Bates.
15030: [934bbe6872b6]
15031:
15032: * check.c, compat.h:
15033: Preliminary changes to support nsr-tandem-nsk. Based on patches
15034: from Tom Bates.
15035: [390b698b5924]
15036:
15037: 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
15038:
15039: * CHANGES:
15040: There was no 1.6.7p6.
15041: [8013d2e6b062]
15042:
15043: * BUGS, CHANGES:
15044: sync
15045: [c38b41f32857]
15046:
15047: * Makefile.in:
15048: add missing files to DISTFILES
15049: [e6a80ad03039]
15050:
15051: * sudo.cat, sudoers.cat, visudo.cat:
15052: regen
15053: [027bc9746dd5]
15054:
15055: * sudoers.man.in:
15056: regen
15057: [f5e85ef686cf]
15058:
15059: * Makefile.in:
15060: Fix some line wrap and update (c) year
15061: [bad1f46aa1ca]
15062:
15063: 2004-04-28 Aaron Spangler <aaron777@gmail.com>
15064:
15065: * README.LDAP:
15066: Build Note
15067: [7a061248249b]
15068:
15069: 2004-04-07 Aaron Spangler <aaron777@gmail.com>
15070:
15071: * Makefile.in:
15072: Fix install-dirs
15073: [be0726dd92e7]
15074:
15075: 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
15076:
15077: * sudo.tab.c:
15078: regen
15079: [3f4f0d1ab8b9]
15080:
15081: * visudo.c:
15082: In Exit() when used as a signal handler, emsg is a pointer so
15083: sizeof() is wrong so make it a #define instead. Also avoid using a
15084: negative exit value. Found by Aaron Campbell
15085: [78716a3a3fdc]
15086:
15087: 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
15088:
15089: * sudoers.pod:
15090: Remove bogus sentence about uids in a User_List. Document usernames
15091: vs. uid parsing in a Runas_List.
15092: [7ca510b5031c]
15093:
15094: * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
15095: If the user specified a uid with the -u flag and the uid exists in
15096: the passwd file, set runas_user to the name, not the uid.
15097:
15098: When comparing usernames in sudoers, if a name is really a uid
15099: (starts with '#') compare it numerically to pw_uid.
15100: [8d6935d04673]
15101:
15102: 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
15103:
15104: * auth/kerb5.c:
15105: krb5_mcc_ops should be const; Johnny C. Lam
15106: [aa8c753e426e]
15107:
15108: 2004-02-28 Aaron Spangler <aaron777@gmail.com>
15109:
15110: * CHANGES, config.h.in, ldap.c:
15111: Added start_tls support
15112: [7ef864c15b69]
15113:
15114: 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
15115:
15116: * Makefile.in:
15117: Clean up libtool stuff for 'make distclean' and add def_data.c,
15118: def_data.h to PARSESRCS.
15119: [bf9bb6bb06ab]
15120:
15121: 2004-02-14 Aaron Spangler <aaron777@gmail.com>
15122:
15123: * strlcat.c, strlcpy.c:
15124: Un-Fix last license munge
15125: [42654b77ac71]
15126:
15127: 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
15128:
15129: * configure:
15130: regen
15131: [e4de6b23a4dc]
15132:
15133: * CHANGES, RUNSON, TODO:
15134: checkpoint
15135: [94e1ace84d5c]
15136:
15137: * lex.yy.c, sudo.tab.c:
15138: regen
15139: [8ce784505643]
15140:
15141: * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
15142: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
15143: emul/search.h, emul/utime.h:
15144: More to a less restrictive, ISC-style license.
15145: [a31b20e48003]
15146:
15147: * auth/kerb5.c, auth/pam.c:
15148: More to a less restrictive, ISC-style license.
15149: [e41f92b41216]
15150:
15151: * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
15152: More to a less restrictive, ISC-style license.
15153: [87534c164a52]
15154:
15155: * auth/bsdauth.c:
15156: More to a less restrictive, ISC-style license.
15157: [e21be6594b58]
15158:
15159: * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
15160: More to a less restrictive, ISC-style license.
15161: [6d234be91c5e]
15162:
15163: * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
15164: visudo.man.in, visudo.pod:
15165: More to a less restrictive, ISC-style license.
15166: [b02aea324fd6]
15167:
15168: * sudo_noexec.c:
15169: More to a less restrictive, ISC-style license.
15170: [a6da7631e0b2]
15171:
15172: * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
15173: sudo_edit.c:
15174: More to a less restrictive, ISC-style license.
15175: [71cdcc241e94]
15176:
15177: * sigaction.c, strerror.c:
15178: More to a less restrictive, ISC-style license.
15179: [4bccdedca58a]
15180:
15181: * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
15182: set_perms.c:
15183: More to a less restrictive, ISC-style license.
15184: [64d772d70ab3]
15185:
15186: * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
15187: ins_goons.h, insults.h, interfaces.c, interfaces.h:
15188: More to a less restrictive, ISC-style license.
15189: [520381c60a54]
15190:
15191: * find_path.c, getprogname.c:
15192: More to a less restrictive, ISC-style license.
15193: [f605d5eab6f1]
15194:
15195: * fileops.c:
15196: More to a less restrictive, ISC-style license.
15197: [4129a8b38a67]
15198:
15199: * env.c:
15200: More to a less restrictive, ISC-style license.
15201: [d5bd859757de]
15202:
15203: * defaults.h:
15204: More to a less restrictive, ISC-style license.
15205: [008f5d5743f5]
15206:
15207: * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
15208: defaults.c:
15209: More to a less restrictive, ISC-style license.
15210: [d8d7bfc8a18b]
15211:
15212: * utime.c, version.h:
15213: More to a less restrictive, ISC-style license.
15214: [e2e038ad8209]
15215:
15216: * parse.lex, parse.yacc:
15217: More to a less restrictive, ISC-style license.
15218: [2f5942e847a1]
15219:
15220: * Makefile.binary:
15221: More to a less restrictive, ISC-style license.
15222: [1ed561734535]
15223:
15224: 2004-02-13 Aaron Spangler <aaron777@gmail.com>
15225:
15226: * sudoers2ldif:
15227: Merged in LDAP Support
15228: [3994c4d05947]
15229:
15230: * ldap.c, sudo.c, sudo.h:
15231: Merged in LDAP Support
15232: [547eaa346fcc]
15233:
15234: * def_data.c, def_data.h, def_data.in:
15235: Merged in LDAP Support
15236: [8fb255280e42]
15237:
15238: * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
15239: Merged in LDAP Support
15240: [1038092a161e]
15241:
15242: 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
15243:
15244: * sudo.h, sudo_noexec.c:
15245: Only do "extern int errno" if errno is not a macro.
15246: [b2e02a08be8b]
15247:
15248: 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
15249:
15250: * set_perms.c:
15251: setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
15252: euid first, then just call setuid(0) to set the real uid too.
15253: [f08546e2e0ee]
15254:
15255: * set_perms.c:
15256: Use setresuid() and setreuid() for PERM_RUNAS when appropriate
15257: instead of seteuid() which may not exist.
15258: [ba508581befb]
15259:
15260: 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
15261:
15262: * LICENSE:
15263: 2004
15264: [37425513a342]
15265:
15266: * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
15267: Add --with-pc-insults configure option
15268: [7daa5294c17b]
15269:
15270: * visudo.man.in:
15271: Prefer VISUAL over EDITOR like old vipw did.
15272: [996252a4ab65]
15273:
15274: 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
15275:
15276: * sudo.man.in, sudoers.man.in:
15277: regen
15278: [a247f1c52eb9]
15279:
15280: * sudoers.pod:
15281: Add a note that noexec is not a cure-all.
15282: [9e7fc535367d]
15283:
15284: * sudoers.pod:
15285: Mention that disabling "root_sudo" is pretty pointless.
15286: [f38a415afba0]
15287:
15288: * configure, configure.in:
15289: Substitute for root_sudo in sudoers.pod
15290: [ce483cfc86be]
15291:
15292: * sudo.pod:
15293: Add sudoedit to the NAME section
15294: [51bc453ec2f6]
15295:
15296: * sudoers.pod:
15297: Document that fact that setting ignore_dot in sudoers has no effect
15298: due to the fact that find_path() is called *before* sudoers is read.
15299: [6808df7e417c]
15300:
15301: 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
15302:
15303: * sudo_edit.c:
15304: Do not require _PATH_USRTMP to be set.
15305: [546f3270dd10]
15306:
15307: * BUGS, CHANGES, TODO:
15308: sync
15309: [4205ddeab781]
15310:
15311: * sudo.man.in:
15312: regen
15313: [e2143690a88a]
15314:
15315: * sudo.pod:
15316: Clarify that when sudo is run by root with the SUDO_USER variable
15317: set, the sudoers lookup happens for root and not the SUDO_USER user.
15318: [47207bec1bdf]
15319:
15320: 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
15321:
15322: * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
15323: set_perms.c, sigaction.c, sudo.c, tgetpass.c:
15324: Use the SET, CLR and ISSET macros.
15325: [a8b0d7f1e8fd]
15326:
15327: * fnmatch.c:
15328: Use the SET, CLR and ISSET macros.
15329: [1afbcba22ba6]
15330:
15331: * defaults.c, env.c:
15332: Use the SET, CLR and ISSET macros.
15333: [2f39431e0a49]
15334:
15335: * interfaces.h:
15336: MAIN was replaced with _SUDO_MAIN some time ago.
15337: [ea1b38f2ac9d]
15338:
15339: * sudo.c:
15340: Don't look at prev_user until after we've parsed sudoers and done
15341: the password check. That way, if sudo/sudoedit is run from a root
15342: process that was invoked by sudo, we check sudoers for root, not the
15343: previous user. This makes sudoedit much more useful and means that
15344: for the sudo case, we get correct logging on who actually ran the
15345: command.
15346: [431dfbf20552]
15347:
15348: 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
15349:
15350: * sudo_edit.c:
15351: Add a comment describing why we need to be notified about our child
15352: stopping.
15353: [0bec3ce4b49d]
15354:
15355: 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
15356:
15357: * def_data.c, def_data.in:
15358: Update the noexec variable descriptions
15359: [9cb7f1aa0e57]
15360:
15361: * sudoers.man.in, sudoers.pod:
15362: noexec now replaces more than just execve()
15363: [23cbdc0ee95c]
15364:
15365: * sudo_noexec.c:
15366: Alas, all the world does not go through execve(2). Many systems
15367: still have an execv(2) system call, Linux 2.6 provides fexecve(2)
15368: and it is not uncommon for libc to have underscore ('_') versions of
15369: the functions to be used internally by the library. Instead of
15370: stubbing all these out by hand, define a macro and let it do the
15371: work. Extra exec functions pointed out by Reznic Valery.
15372: [9fa0cd871b0c]
15373:
15374: * sudo.c, sudo_edit.c:
15375: Fix suspending the editor in -e mode. Because we do a fork() first
15376: we need to be notified when the child has been stopped and then send
15377: that same signal to ourself so the shell can do its job control
15378: thing.
15379: [773165eb6057]
15380:
15381: * visudo.c:
15382: Use WIFEXITED and WEXITSTATUS macros. If there are systems out
15383: there that want to run sudo that still don't support these we can
15384: try to deal with that later.
15385: [6af68e4aff60]
15386:
15387: * lex.yy.c:
15388: regen
15389: [403435317d5d]
15390:
15391: * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
15392: Document sudo -e / sudoedit
15393: [a80f6ea910af]
15394:
15395: * configure, configure.in:
15396: fix typo
15397: [5020fcdc27f4]
15398:
15399: * config.h.in, configure.in:
15400: Add SET/CLR/ISSET
15401: [03ff57286e7e]
15402:
15403: 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
15404:
15405: * sudo.c:
15406: Allow non-exclusive flags when invoked as sudoedit. Pretty print the
15407: long usage() line to not wrap (assumes 80 char display)
15408: [3941fa4004bb]
15409:
15410: * Makefile.in, sudo.c:
15411: If sudo is invoked as "sudoedit" the -e flag is implied and no other
15412: flags are permitted.
15413: [929670b01293]
15414:
15415: * sudo.h:
15416: Add a new flag, -e, that makes it possible to give users the ability
15417: to edit files with the editor of their choice as the invoking user,
15418: not the runas user. Temporary files are used for the actual edit
15419: and the temp file is copied over the original after the editor is
15420: done.
15421: [c4051414c1f4]
15422:
15423: * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
15424: Add a new flag, -e, that makes it possible to give users the ability
15425: to edit files with the editor of their choice as the invoking user,
15426: not the runas user. Temporary files are used for the actual edit
15427: and the temp file is copied over the original after the editor is
15428: done.
15429: [37ac05c8ac3c]
15430:
15431: * env.c, sudo.c:
15432: If real uid == 0 and the SUDO_USER environment variables is set, use
15433: that to determine the invoking user's true identity. That way the
15434: proper info gets logged by someone who has done "sudo su" but still
15435: uses sudo to as root. We can't do this for non-root users since
15436: that would open up a security hole, though perhaps it would be
15437: acceptable to use getlogin(2) on OSes where this a system call (and
15438: doesn't just look in the utmp file).
15439: [c2f9198708a1]
15440:
15441: * pathnames.h.in:
15442: Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
15443: [7d9e5768df93]
15444:
15445: * config.h.in, configure, configure.in:
15446: Add check for fchown(2)
15447: [a85df18798ed]
15448:
15449: 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
15450:
15451: * sudo.c:
15452: Back out portions of the -i commit that set NewArgv[0] in
15453: set_runaspw. It is far to late to set NewArgv[0] there and will have
15454: no effect anyway as cmnd and safe_cmnd have already been set.
15455: [c2d343430c1c]
15456:
15457: * visudo.c, visudo.pod:
15458: Prefer VISUAL over EDITOR like old vipw did.
15459: [ae32f477cea3]
15460:
15461: 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
15462:
15463: * env.c, sudo.c:
15464: In -i mode always set new environment based on the runas user's
15465: passwd entry.
15466: [fa653b7887a8]
15467:
15468: 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
15469:
15470: * sudo.man.in, sudo.pod:
15471: Document the new -i flag and sync SYNOPSIS section with usage() in
15472: sudo.c. Also sort the flags in the OPTIONS section.
15473: [6aabc0ffc47e]
15474:
15475: * sudo.c, sudo.h:
15476: o Add -i that acts similar to "su -", based on patches from David J.
15477: MacKenzie o Sort the flags in the usage message
15478: [c0fe7d6beffd]
15479:
15480: * sudoers.man.in, sudoers.pod:
15481: Add a missing @runas_default@ substitution.
15482: [60516fe2d090]
15483:
15484: 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
15485:
15486: * sudo.c:
15487: Change euid to runas user before calling find_path().
15488: Unfortunately, though runas_user can be modified in sudoers we
15489: haven't parsed sudoers yet.
15490: [f469fdf2e313]
15491:
15492: * sudoers.man.in, sudoers.pod:
15493: Add missing defintion of Parameter_List and use single pipes in the
15494: Defaults EBNF definition.
15495: [f7bed6e909bf]
15496:
15497: * sudo.c:
15498: Fix a bug when set_runaspw() is used as a callback. We don't want
15499: to reset the contents of runas_pw if the user specified a user via
15500: the -u flag.
15501:
15502: Avoid unnecessary passwd lookups in set_authpw(). In most cases we
15503: already have the info in runas_pw.
15504: [efc35623ba09]
15505:
15506: 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
15507:
15508: * check.c:
15509: Add Stan Lee / Uncle Ben quote to the lecture from RedHat
15510: [ebd5a76ccd7e]
15511:
15512: * sudo.h:
15513: Update sudo_getepw() proto and add one for set_runaspw()
15514: [6ed65795c17f]
15515:
15516: * parse.c:
15517: If we can't stat the command as root, try as the runas user instead.
15518: [ae713fca0e15]
15519:
15520: * testsudoers.c, visudo.c:
15521: Add stub set_runaspw() function
15522: [42aa37050053]
15523:
15524: * sudo.c:
15525: Add set_runaspw() function to fill in runas_pw. This will be used
15526: as a callback to update runas_pw when the runas user changes.
15527: [e570aa0088d0]
15528:
15529: * env.c, sudo.c:
15530: PERM_RUNAS -> PERM_FULL_RUNAS
15531: [51eec6f9e89a]
15532:
15533: * set_perms.c, sudo.h:
15534: Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
15535: changes the euid.
15536: [877c6fe4d12c]
15537:
15538: * getspwuid.c:
15539: Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
15540: one chunk for easy free()ing. Also change it from static to extern.
15541: [ab503260a7ec]
15542:
15543: * defaults.c, defaults.h:
15544: Add callback support
15545: [a61c4ca983fb]
15546:
15547: * mkdefaults:
15548: Add a callback field and use it for runas_default
15549: [96b69c27df5e]
15550:
15551: * def_data.c, def_data.in:
15552: Add a callback field and use it for runas_default
15553: [d3e9f06872b8]
15554:
15555: 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
15556:
15557: * auth/fwtk.c:
15558: Add support for chalnecho and display server responses used by fwtk
15559: >= 2.0
15560: [b1870f7aaf0d]
15561:
15562: 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
15563:
15564: * sudoers.man.in, sudoers.pod:
15565: ld.so is ld.so.1 on solaris
15566: [2bf9a123fa4c]
15567:
15568: * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
15569: Use closefrom() instead of doing the equivalent inline.
15570: [7e3ef6072884]
15571:
15572: * closefrom.c:
15573: closefrom(3) for systems w/o it
15574: [35caf58bb636]
15575:
15576: 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
15577:
15578: * sudoers.man.in:
15579: Update from .pod file.
15580: [d4c94fc0e0c9]
15581:
15582: * configure, configure.in:
15583: Substitute noexec_file for the sudoers man page
15584: [203d3376a551]
15585:
15586: * sudo.man.in, sudo.pod:
15587: Mention noexec
15588: [014375ddbb06]
15589:
15590: * sudoers.man.in, sudoers.pod:
15591: Document noexec
15592: [49a65d06201f]
15593:
15594: * auth/pam.c, config.h.in, configure.in:
15595: Move PAM_CONST macro definition from config.h to pam.c where it
15596: belongs. We can't have this in config.h since that gets included too
15597: early.
15598: [e64748071637]
15599:
15600: * auth/pam.c, config.h.in, configure, configure.in:
15601: Some PAM implementations put their headers in /usr/include/pam
15602: instead of /usr/include/security.
15603: [8cc749e9575c]
15604:
15605: * configure.in:
15606: I missed changing the EXEC macro -> EXECV here when I changed this
15607: in config.h.in and sudo.c a while ago.
15608: [6f5afac7789f]
15609:
15610: * acsite.m4:
15611: OpenBSD vax/m88k/hppa don't do shared libs
15612: [e4901d958bb7]
15613:
15614: * configure, configure.in:
15615: o merge the hpux case entries into a single entry w/ its own sub-
15616: case statement. o HP-UX >= 11 support getspnam(), use it in
15617: preference to getprpwuid()
15618: [0caad428894e]
15619:
15620: * configure, configure.in:
15621: eval $shrext so that it expands nicely on MacOS X
15622: [40419343eef8]
15623:
15624: * Makefile.in:
15625: Don't lie about making a module, it does the wrong thing on mach
15626: [7629b28f5688]
15627:
15628: * ltmain.sh:
15629: Remove requirement that libs must begin with "lib". They don't when
15630: we point directly at the lib using LD_PRELOAD or its equivalent.
15631: [d66f3de6ec85]
15632:
15633: * acsite.m4:
15634: Disable support for c++, f77 and java. We don't need it, it takes a
15635: lot of time, and it hosed our check for shared lib support.
15636: [4f5749c52ce4]
15637:
15638: * configure:
15639: regen
15640: [160865e9d15f]
15641:
15642: * configure.in:
15643: Call AC_ENABLE_SHARED and check the status of enable_shared to know
15644: when shared libs are available.
15645: [42504c1668fc]
15646:
15647: * acsite.m4:
15648: Duh, OpenBSD suports shared libs too
15649: [8e3cd9417475]
15650:
15651: * config.h.in, configure.in:
15652: Only OpenPAM and Linux PAM use const qualifiers.
15653: [b2f76476e866]
15654:
15655: * configure, configure.in:
15656: o No need to check for sed, libtool config does that for us o move
15657: check for --with-noexec until after libtool magic is run so we can
15658: use $can_build_shared and $shrext
15659: [668c656e89cc]
15660:
15661: * ltmain.sh:
15662: Don't print a bunch of crap about library installs since we are not
15663: really installing a library.
15664: [83fbcad29fe4]
15665:
15666: * env.c:
15667: Make format_env() varargs Add noexec support for Darwin, MacOS X,
15668: Irix, and Tru64
15669: [468885d75d10]
15670:
15671: * acsite.m4, ltconfig, ltmain.sh:
15672: Update to libtool 1.5 with local changes: o no ldconfig in the
15673: finish step o assume no libprefix or version is needed
15674: [4961cffc3797]
15675:
15676: * sudo_noexec.c:
15677: Fix compilation under K&R
15678: [8b309bf0b1b2]
15679:
15680: 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
15681:
15682: * CHANGES:
15683: checkpoint
15684: [3c368badab32]
15685:
15686: * sudo_noexec.c:
15687: stub execve() that just returns EACCES; used for noexec
15688: functionality
15689: [1297acae283a]
15690:
15691: * sudo.tab.h:
15692: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
15693: generated code.
15694: [dcab78c49273]
15695:
15696: * sudo.tab.c:
15697: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
15698: generated code.
15699: [0a61c735eabe]
15700:
15701: 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
15702:
15703: * def_data.c, def_data.h, def_data.in:
15704: Move the environment defaults to the end and shorten a few of the
15705: descriptions.
15706: [66787b9c612c]
15707:
15708: * configure, configure.in:
15709: no shared libs on ultris or convexos
15710: [2c5f3c456e32]
15711:
15712: * Makefile.in, configure, configure.in:
15713: Build sudo_noexec shared object using libtool; could use some
15714: cleanup.
15715: [373f483555dd]
15716:
15717: * acsite.m4, ltconfig, ltmain.sh:
15718: libtool scaffolding
15719: [c903a42e3d90]
15720:
15721: * parse.yacc, sudo.tab.c:
15722: Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
15723: important.
15724: [c6e8a34639a4]
15725:
15726: * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
15727: parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
15728: update copyright year
15729: [a16372ae1711]
15730:
15731: * configure, configure.in, defaults.c, env.c, pathnames.h.in:
15732: Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
15733: option. The default value of noexec_file is set to this.
15734: [7d88e1d3c494]
15735:
15736: * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
15737: parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
15738: sudo.tab.h:
15739: Add support for preloading a shared object containing a dummy
15740: execve() function that just sets error and returns -1. This adds a
15741: "noexec_file" option to load the filename as well as a "noexec" flag
15742: to enable it unconditionally. There is also a NOEXEC tag that can
15743: be attached to specific commands and an EXEC tag to disable it.
15744: [c8b6712feb91]
15745:
15746: * mkdefaults:
15747: add missing newline to usage statement
15748: [e84746618362]
15749:
15750: * config.h.in, sudo.c:
15751: Rename EXEC macro -> EXECV
15752: [ddaa0c027299]
15753:
15754: * logging.c:
15755: Don't truncate usernames to 8 characters in the log message.
15756: [f62a20f27075]
15757:
15758: * check.c, sudoers.man.in, sudoers.pod:
15759: Update copyright year
15760: [ca9964054085]
15761:
15762: * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
15763: sudoers.pod:
15764: Add a new option, lecture_file, that can be used to point to a
15765: custom sudo lecture.
15766: [940133231216]
15767:
15768: 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
15769:
15770: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
15771: auth/sudo_auth.c:
15772: Add a zero_bytes() function to do the equivalent of bzero in such a
15773: way that will heopfully not be optimized away by sneaky compilers.
15774: [161b6d74bfb4]
15775:
15776: * zero_bytes.c:
15777: Add a zero_bytes() function to do the equivalent of bzero in such a
15778: way that will heopfully not be optimized away by sneaky compilers.
15779: [d035abf0af94]
15780:
15781: * Makefile.in, sudo.h:
15782: Add a zero_bytes() function to do the equivalent of bzero in such a
15783: way that will heopfully not be optimized away by sneaky compilers.
15784: [ff136de3e255]
15785:
15786: * err.c:
15787: Use #ifdef __STDC__, not #if __STDC__.
15788: [6889dd6bc51a]
15789:
15790: 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
15791:
15792: * mkdefaults:
15793: Always put at least one space between the def_* macro name and its
15794: definition.
15795: [6b3ad0e6619a]
15796:
15797: * configure, configure.in:
15798: Adjust code for --without-lecture to match new values.
15799: [062aa788a6b9]
15800:
15801: * visudo.man.in:
15802: regen after pasto fix
15803: [3deec16906c0]
15804:
15805: * sudoers.man.in, sudoers.pod:
15806: Document that "lecture" has changed from a flag to a tuple.
15807: [e2c03062b533]
15808:
15809: * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
15810: defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
15811: Add support for tuples in def_data.in; these are implemented as an
15812: enum type. Currently there is only a single tuple enum but in the
15813: future we may have one tuple enum per T_TUPLE entry in def_data.in.
15814: Currently listpw, verifypw and lecture are tuples. This avoids the
15815: need to have two entries (one ival, one str) for pwflags and syslog
15816: values.
15817:
15818: lecture is now a tuple with the following values: never, once,
15819: always
15820:
15821: We no longer use both an int and string entry for syslog facilities
15822: and priorities. Instead, there are logfac2str() and logpri2str()
15823: functions that get used when we need to print the string values.
15824: [5293f946c836]
15825:
15826: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
15827: auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
15828: check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
15829: logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
15830: sudo.tab.c, visudo.c:
15831: Create def_* macros for each defaults value so we no longer need the
15832: def_{flag,ival,str,list,mode} macros (which have been removed). This
15833: is a step toward more flexible data types in def_data.in.
15834: [009c02934106]
15835:
15836: * TODO:
15837: checkpoint
15838: [0a99a4bb5d15]
15839:
15840: 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
15841:
15842: * sudo.c:
15843: If we are in -k/-K mode, just spew to stderr. It is not unusual for
15844: users to place "sudo -k" in a .logout file which can cause sudo to
15845: be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
15846: Previously, this would result in useless mail and logging.
15847: [d282e7ed63af]
15848:
15849: 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
15850:
15851: * visudo.pod:
15852: fix pasto in VISUAL description
15853: [1c6a6148b5f9]
15854:
15855: 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
15856:
15857: * configure:
15858: regen
15859: [f44312c63799]
15860:
15861: * CHANGES:
15862: checkpoint
15863: [0c42e38f78d5]
15864:
15865: * TROUBLESHOOTING:
15866: Some OSes (like Solaris) allow export w/ nosuid too
15867: [973ce85ffa12]
15868:
15869: 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
15870:
15871: * compat.h:
15872: We don't use FD_ZERO anymore so just define FD_SET (if not already
15873: there).
15874: [d1c8c11905cd]
15875:
15876: 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
15877:
15878: * auth/pam.c:
15879: Fix a core dump on Solaris by preserving the pam_handle_t we used
15880: during authentication for pam_prep_user(). If we didn't
15881: authenticate (ie: ticket still valid), we call pam_init() from
15882: pam_prep_user(). This is something of a hack; it may be better to
15883: change the auth API and add an auth_final() function that acts like
15884: pam_prep_user().
15885: [f787de49b175]
15886:
15887: 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
15888:
15889: * set_perms.c:
15890: Add explicit declaration of printerr variable in function header
15891: (was defaulting to int which is OK but oh so K&R :-). From Theo.
15892: [492c2358783f]
15893:
15894: 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
15895:
15896: * config.h.in, configure.in:
15897: s/HAVE_STOW/USE_STOW/
15898: [4b99e1824ece]
15899:
15900: * logging.c:
15901: Also exit waitpid() loop when pid == 0. Fixes a problem where the
15902: sudo process would spin eating up CPU until sendmail finished when
15903: it has to send mail.
15904: [ec3d5792b9b4]
15905:
15906: 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
15907:
15908: * fnmatch.c:
15909: Remove advertising clause, UCB has disavowed it
15910: [43a26bbd6628]
15911:
15912: * fnmatch.3:
15913: Remove advertising clause, UCB has disavowed it
15914: [3ff24291bcfa]
15915:
15916: 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
15917:
15918: * parse.c:
15919: Don't assume that getgrnam() calls don't modify contents of struct
15920: passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
15921: Based on a patch from Kirk Webb.
15922: [5574c68f60f3]
15923:
15924: 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
15925:
15926: * configure.in:
15927: missing ;;
15928: [22378f2a9d31]
15929:
15930: * configure.in:
15931: darwin has a broken setreuid() in at least some versions
15932: [d572aed930d2]
15933:
15934: * env.c:
15935: Fix an off by one error when reallocating the environment; Kevin Pye
15936: [3d98e7cf097a]
15937:
15938: 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
15939:
15940: * sudoers.pod:
15941: Fix User_Spec definition; SEKINE Tatsuo
15942: [49b0da65e090]
15943:
15944: 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
15945:
15946: * HISTORY:
15947: More info on the early days from Coggs.
15948: [9381ca10b06b]
15949:
15950: 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
15951:
15952: * auth/kerb5.c:
15953: remove errant semicolon that prevented compilation under heimdal
15954: [d2f2bb73a598]
15955:
15956: 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
15957:
15958: * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
15959: add DARPA credit on affected files
15960: [7020785ee50d]
15961:
15962: * sudoers.pod:
15963: add DARPA credit on affected files
15964: [83b46318750b]
15965:
15966: * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
15967: sudoers.man.in:
15968: add DARPA credit on affected files
15969: [d8adf1c2ba22]
15970:
15971: * set_perms.c:
15972: add DARPA credit on affected files
15973: [3d79fdabb582]
15974:
15975: * pathnames.h.in:
15976: add DARPA credit on affected files
15977: [e334cdda422f]
15978:
15979: * logging.c, parse.c:
15980: add DARPA credit on affected files
15981: [8f75f822755b]
15982:
15983: * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
15984: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
15985: find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
15986: interfaces.h:
15987: add DARPA credit on affected files
15988: [da66e28fb3f5]
15989:
15990: * auth/kerb5.c, auth/pam.c:
15991: add DARPA credit on affected files
15992: [15da3021b49c]
15993:
15994: * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
15995: auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
15996: version.h:
15997: add DARPA credit on affected files
15998: [868d54cbddea]
15999:
16000: * env.c:
16001: add DARPA credit on affected files
16002: [90239f51ef0a]
16003:
16004: * defaults.c, defaults.h:
16005: add DARPA credit on affected files
16006: [6a64205fd1eb]
16007:
16008: * compat.h:
16009: add DARPA credit on affected files
16010: [316a735783c4]
16011:
16012: * Makefile.in, alloc.c, check.c:
16013: add DARPA credit on affected files
16014: [cd939e05c810]
16015:
16016: * LICENSE:
16017: slightly different wording for the darpa credit
16018: [e468909c4a21]
16019:
16020: 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
16021:
16022: * LICENSE:
16023: Add DARPA credit
16024: [8eb20e2cd63e]
16025:
16026: 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
16027:
16028: * auth/kerb5.c:
16029: Use krb5_princ_component() instead of krb5_princ_realm() for MIT
16030: Kerberos like we did before I messed things up ;-)
16031:
16032: Use krb5_principal_get_comp_string() to do the same thing w/
16033: Heimdal. I'm not sure if the component should be 0 or 1 in this
16034: case.
16035:
16036: #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
16037: older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
16038: should be a configure check for this I guess.
16039: [74919a3933fe]
16040:
16041: 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
16042:
16043: * sample.sudoers:
16044: builtin -> built-in; Jason McIntyre
16045: [027f2187923e]
16046:
16047: * TROUBLESHOOTING, config.h.in, configure, configure.in:
16048: builtin -> built-in; Jason McIntyre
16049: [70b81ac48943]
16050:
16051: * sudoers.pod:
16052: built in -> built-in; Jason McIntyre
16053: [da658ef5138d]
16054:
16055: 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
16056:
16057: * CHANGES:
16058: checkpoint for 1.6.7p3
16059: [da85f989fadf]
16060:
16061: * HISTORY:
16062: Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
16063: Amazingly, sudo source from 1985 is available via groups.google.com
16064: [39e0fc85b89f]
16065:
16066: * sudo.c:
16067: Don't change rl.rlim_max for RLIMIT_CORE. We need only set
16068: rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
16069: RLIMIT_CORE restoration on some OSes.
16070: [7e2c1a7adfd8]
16071:
16072: 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
16073:
16074: * auth/kerb5.c:
16075: Make this compile on Heimdal and MIT Kerberos 5
16076: [44c07d615868]
16077:
16078: * config.h.in, configure, configure.in:
16079: Check for heimdal even if we found krb5-config and define
16080: HAVE_HEIMDAL.
16081: [aba0126f0059]
16082:
16083: * auth/kerb5.c:
16084: Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
16085: no longer defined by MIT kerb5 (though it used to be and indeed
16086: remains so in Heimdal).
16087: [e5a6c64d7cd5]
16088:
16089: 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
16090:
16091: * mkinstalldirs:
16092: Remove newer stuff that passes multiple (possibly duplicate)
16093: directories to "mkdir -p" since that seems to break on Tru64 Unix at
16094: least. This basically brings back what shipped with sudo 1.6.6.
16095: [f2a1abd872b3]
16096:
16097: 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
16098:
16099: * auth/kerb5.c:
16100: Correct number of args to krb5_principal_get_realm() and fix an
16101: unclosed comment that hid the bug.
16102: [0b37f8ce7824]
16103:
16104: * configure:
16105: regen
16106: [1876cb840fe0]
16107:
16108: * configure.in:
16109: ++version
16110: [480aff7c048e]
16111:
16112: * README:
16113: ++version
16114: [488e0bbff613]
16115:
16116: * Makefile.in:
16117: ++version
16118: [97ef63cedc38]
16119:
16120: * INSTALL.binary:
16121: ++version
16122: [a506204e77d0]
16123:
16124: * INSTALL:
16125: ++version
16126: [555aeba5c2bf]
16127:
16128: * CHANGES, version.h:
16129: ++version
16130: [f66985a64063]
16131:
16132: * BUGS:
16133: ++version
16134: [ea3573432412]
16135:
16136: * configure.in:
16137: use krb5-config to determine Kerberos V details if it exists
16138: [7b46bbdaf774]
16139:
16140: * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
16141: auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
16142: find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
16143: testsudoers.c, visudo.c:
16144: Use warn/err and getprogname() throughout. The main exception is
16145: openlog(). Since the admin may be filtering logs based on the
16146: program name in the log files, hard code this to "sudo".
16147: [9f180d015cfa]
16148:
16149: * Makefile.in:
16150: Add getprogname.c and err.c
16151: [d411c54a07dc]
16152:
16153: * configure:
16154: regen
16155: [6d585d391acc]
16156:
16157: * config.h.in, configure.in:
16158: Add checks for getprognam(), __progname and err.h
16159: [bcbccf61d34a]
16160:
16161: * emul/err.h:
16162: For systems withour err/warn functions.
16163: [1b33118884d9]
16164:
16165: * err.c:
16166: For systems withour err/warn functions.
16167: [26721f6b041f]
16168:
16169: * getprogname.c:
16170: For systems neither getprogname() nor __progname; uses Argv[0].
16171: [841cf42af1eb]
16172:
16173: 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
16174:
16175: * CHANGES:
16176: checkpoint for 1.6.7p1
16177: [5bfdaf441dce]
16178:
16179: * sudo.c, testsudoers.c:
16180: fix strlcpy() rval check (innocuous)
16181: [e05ac7e0d1f3]
16182:
16183: * check.c:
16184: oflow detection in expand_prompt() was faulty (false positives). The
16185: count was based on strlcat() return value which includes the length
16186: of the entire string.
16187: [086c5a0acb25]
16188:
16189: 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
16190:
16191: * RUNSON, TODO:
16192: checkpoint for the sudo 1.6.7 release
16193: [096bab4da29a] [SUDO_1_6_7]
16194:
16195: * CHANGES:
16196: checkpoint for the sudo 1.6.7 release
16197: [87322187ed78]
16198:
16199: 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
16200:
16201: * logging.c:
16202: g/c unused variable
16203: [c57cd4a17765]
16204:
16205: * configure:
16206: regen
16207: [e7c1f581dfac]
16208:
16209: * configure.in:
16210: use man sections 8 and 5 for csops
16211: [87de581bda88]
16212:
16213: 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
16214:
16215: * configure:
16216: regen
16217: [cb1433a9c7a1]
16218:
16219: * configure.in:
16220: Add -lskey or -lopie directly to SUDO_LIBS instead of having
16221: AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
16222: [ac5667978939]
16223:
16224: * configure:
16225: regen
16226: [638459118a2a]
16227:
16228: * configure.in:
16229: Add --with-blibpath for AIX. An alternate libpath may be specified
16230: or
16231: -blibpath support can be disabled. Also change conifgure such that
16232: -blibpath is not specified if no -L libpaths were added to
16233: SUDO_LDFLAGS.
16234: [c7d17b480cad]
16235:
16236: * aclocal.m4:
16237: Add --with-blibpath for AIX. An alternate libpath may be specified
16238: or
16239: -blibpath support can be disabled. Also change conifgure such that
16240: -blibpath is not specified if no -L libpaths were added to
16241: SUDO_LDFLAGS.
16242: [37022e991575]
16243:
16244: * INSTALL:
16245: Add --with-blibpath for AIX. An alternate libpath may be specified
16246: or
16247: -blibpath support can be disabled. Also change conifgure such that
16248: -blibpath is not specified if no -L libpaths were added to
16249: SUDO_LDFLAGS.
16250: [4b4bbe5bbe1b]
16251:
16252: * configure.in:
16253: add AIX blibpath support
16254: [16ba788bf086]
16255:
16256: * INSTALL, configure.in:
16257: --with-skey and --with-opie now take an option directory argument
16258: This obsoletes a --with-csops hack (/tools/cs/skey)
16259:
16260: Also remove the remaining direct uses of "echo"
16261: [5b4986a90c03]
16262:
16263: 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
16264:
16265: * configure.in:
16266: Detect KTH Kerberos IV and deal with it. Also make -lroken optional
16267: for KTH Kerberos IV and V.
16268: [119f97b48e18]
16269:
16270: * aclocal.m4:
16271: Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
16272: -R/path/to/dir if $with_rpath) to the specified variable.
16273: [e55e49d076ce]
16274:
16275: * INSTALL, configure.in:
16276: Add -R/path/to/libs for Solaris and SVR4. There is a new configure
16277: option, --with-rpath to control this behavior.
16278: [d4730c5399ab]
16279:
16280: * configure.in:
16281: for kerb4 put libdes after libkrb on the link line
16282: [5c566100eab6]
16283:
16284: * auth/kerb4.c:
16285: typo
16286: [6541b72b64a3]
16287:
16288: * configure.in:
16289: fix kerberos lib check when a path is specified
16290: [ae833a914c6f]
16291:
16292: * logging.c:
16293: Fix boolean thinko in SIGCHLD reaper and call reapchild after
16294: sending mail instead of doing a conditional sudo_waitpid.
16295: [86fa9a35df5a]
16296:
16297: 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
16298:
16299: * configure:
16300: regen
16301: [e6275cf528ba]
16302:
16303: * configure.in:
16304: replace =DIR with [=DIR] where sensible
16305: [c39a59173b38]
16306:
16307: * configure.in:
16308: o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
16309: detection based on openssh's configure.in
16310: [5b7a340912df]
16311:
16312: * INSTALL:
16313: --with-kerb4 and --with-kerb5 now take an optional argument.
16314: [71ed87fc9c64]
16315:
16316: 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
16317:
16318: * auth/securid.c:
16319: Kill remaining strcpy(), the programmer's guide says username is 32
16320: bytes.
16321: [bdba70fcd08d]
16322:
16323: * auth/kerb4.c:
16324: trat uid_t as unsigned long for printf and use snprintf, not sprintf
16325: [8072f5f8966d]
16326:
16327: * auth/rfc1938.c:
16328: use snprintf
16329: [fc0c70c665fe]
16330:
16331: 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
16332:
16333: * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
16334: auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
16335: auth/rfc1938.c, auth/sudo_auth.c:
16336: update copyright year
16337: [b0a10ccb1d0e]
16338:
16339: * sudo.man.in, sudoers.man.in, visudo.man.in:
16340: update copyright year
16341: [8fce0034eb51]
16342:
16343: * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
16344: configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
16345: parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
16346: sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
16347: update copyright year
16348: [d541e75fe520]
16349:
16350: * check.c, env.c, sudo.c:
16351: Cast [ug]ids to unsigned long and printf with %lu
16352: [2ede64d3592b]
16353:
16354: * configure:
16355: regen
16356: [c7c3245bdf3e]
16357:
16358: * configure.in:
16359: correct error messages for --with-sudoers-{mode,uid,gid}
16360: [77fc15b1c9db]
16361:
16362: * alloc.c:
16363: make the malloc(0) error specific to each function to aid tracking
16364: down bugs.
16365: [a58c34374b4b]
16366:
16367: * alloc.c:
16368: deal with platforms where size_t is signed and there is no SIZE_MAX
16369: or SIZE_T_MAX
16370: [7192abb4ab4e]
16371:
16372: * auth/kerb5.c:
16373: Make this compile w/ Heimdal and fix some gcc warnings.
16374: [f52f026f31c2]
16375:
16376: * sudo.c:
16377: Use stat_sudoers macro so --with-stow can work
16378: [c3674735c139]
16379:
16380: * INSTALL, config.h.in, configure, configure.in:
16381: Add support for --with-stow based on patches from Robert Uhl
16382: [b274cc1dd52c]
16383:
16384: * env.c:
16385: fix indentation
16386: [110d9f1721b1]
16387:
16388: * configure.in:
16389: back out rev 1.352
16390: [1eee91c83f11]
16391:
16392: * lex.yy.c:
16393: regen
16394: [72fba1c9590b]
16395:
16396: * parse.lex:
16397: use strlcpy, not strncpy
16398: [4faccbaeccef]
16399:
16400: * set_perms.c:
16401: Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
16402: [33bf0d18fdc1]
16403:
16404: * logging.c:
16405: use pid_t
16406: [3e0536993d2c]
16407:
16408: 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
16409:
16410: * strlcat.c, strlcpy.c:
16411: Make gcc shutup about unused rcsid
16412: [1669a0c74e9e]
16413:
16414: * interfaces.c:
16415: Move the n == 0 check for the non-getifaddrs cas
16416: [2460be061b2a]
16417:
16418: * auth/rfc1938.c:
16419: skeychallenge() on NetBSD take a size parameter
16420: [05acc2012801]
16421:
16422: * configure:
16423: regen
16424: [24bccf4749e8]
16425:
16426: * configure.in:
16427: put -ldl after -lpam, not before; fixes static linking on Linux
16428: [7f06b7b2b4d8]
16429:
16430: * interfaces.c:
16431: Avoid malloc(0) and fix the loop invariant for the getifaddrs()
16432: case.
16433: [239a55068646]
16434:
16435: * sudo.cat, sudoers.cat, visudo.cat:
16436: regen
16437: [4a2eed3981ca]
16438:
16439: * sudo.man.in, sudoers.man.in, visudo.man.in:
16440: regen
16441: [2c96ea2cf930]
16442:
16443: * Makefile.in:
16444: Preserve copyright notice from .pod file in .man.in file
16445: [519fbd09aebc]
16446:
16447: * visudo.pod:
16448: Add sudoers(5) to SEE ALSO
16449: [77ecfe3aedf1]
16450:
16451: 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
16452:
16453: * lex.yy.c:
16454: regen
16455: [6f5751ce0b74]
16456:
16457: * parse.lex:
16458: Don't assume libc can realloc() a NULL string. If malloc/realloc
16459: fails, make sure we just return; yyerror() is not terminal.
16460: [1b8618623708]
16461:
16462: * lex.yy.c:
16463: regen
16464: [5d31b46191c6]
16465:
16466: * parse.lex:
16467: simplify fill_args a little and use strlcpy for paranoia
16468: [0ea35a55542b]
16469:
16470: * sudo.tab.c:
16471: regen
16472: [5a8d508d708b]
16473:
16474: * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
16475: testsudoers.c:
16476: Use strlc{at,py} for paranoia's sake and exit on overflow. In all
16477: cases the strings were either pre-allocated to the correct size of
16478: length checks were done before the copy but a little paranoia can go
16479: a long way.
16480: [e73d28f1d14e]
16481:
16482: * sudo.h:
16483: Add strlc{at,py} protos
16484: [748ffc7fc7f4]
16485:
16486: * env.c, interfaces.c:
16487: Use erealloc3()
16488: [47f2cb46aba8]
16489:
16490: * configure:
16491: regen
16492: [e7e2fb79f935]
16493:
16494: * alloc.c:
16495: Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
16496: memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
16497: [7e0fa4d6fc1d]
16498:
16499: * sudo.c:
16500: snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
16501: configure.
16502: [09ea4d3959e9]
16503:
16504: * aclocal.m4:
16505: In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
16506: [31b4fdfdb8bf]
16507:
16508: 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
16509:
16510: * sudo.c:
16511: Use snprintf() for paranoia
16512: [a2659ceb46de]
16513:
16514: * parse.yacc:
16515: Use emalloc2 and erealloc3
16516: [90a069842401]
16517:
16518: * Makefile.in:
16519: strlc{at,py} for those w/o it
16520: [bac82dc916ee]
16521:
16522: * strlcat.c, strlcpy.c:
16523: stlc{at,py} for those w/o it.
16524: [ce7254f5db09]
16525:
16526: * config.h.in, configure, configure.in:
16527: Add stlc{at,py} for those w/o it.
16528: [00f08219657a]
16529:
16530: * alloc.c, sudo.h:
16531: Add erealloc3(), a realloc() version of emalloc2().
16532: [c96eaf08bbed]
16533:
16534: * interfaces.c, sudo.c:
16535: Use emalloc2() to allocate N things of a certain size.
16536: [1e0aba365555]
16537:
16538: * alloc.c, sudo.h:
16539: Add emalloc2() -- like calloc() but w/o the bzero and with
16540: error/oflow checking.
16541: [292150bc4153]
16542:
16543: * alloc.c:
16544: Error out on malloc(0); suggested by theo
16545: [995279e81326]
16546:
16547: 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
16548:
16549: * configure, configure.in:
16550: fix a typo; David Krause
16551: [f161213a17ab]
16552:
16553: 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
16554:
16555: * sudo.pod:
16556: fix typo
16557: [3ae5ad9a351a]
16558:
16559: 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
16560:
16561: * env.c:
16562: Remove DYLD_ from the environment for MacOS X; from bbraun
16563: [38caad5a3935]
16564:
16565: 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
16566:
16567: * config.h.in, configure.in:
16568: not not; Anil Madhavapeddy
16569: [d4f4f0bfc66b]
16570:
16571: 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
16572:
16573: * sudo.pod, sudoers.pod, visudo.pod:
16574: typos; jmc@openbsd.org
16575: [868c0f09bf9e]
16576:
16577: 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
16578:
16579: * parse.yacc:
16580: Add some missing ';' rule terminators that bison warns about.
16581: [535b0b8dcce5]
16582:
16583: * config.sub:
16584: fix typo I introduced in last merge
16585: [81db4e4f43fe]
16586:
16587: * configure:
16588: regenerate with autoconf 2.57
16589: [ca0c1e9564f8]
16590:
16591: * config.h.in:
16592: Add missing "$HOME"
16593: [209186197ad1]
16594:
16595: * configure.in:
16596: Add some more square backets to make autoconf 2.57 happy
16597: [b5639c14faf7]
16598:
16599: * config.sub, mkinstalldirs:
16600: Updates from autoconf-2.57
16601: [36be35eb331b]
16602:
16603: * config.guess:
16604: Updates from autoconf-2.57
16605: [ea0f8ca622af]
16606:
16607: 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
16608:
16609: * sudo.tab.h:
16610: regen
16611: [13a65a421567]
16612:
16613: * lex.yy.c, sudo.tab.c:
16614: regen
16615: [0b529db7cb6d]
16616:
16617: * parse.lex, parse.yacc, sudoers.pod:
16618: Add support for Defaults>RunasUser
16619: [20d726373175]
16620:
16621: 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
16622:
16623: * visudo.c:
16624: fclose() yyin after each yyparse() is done and use fopen() instead
16625: of using freopen().
16626: [587f8a2df857]
16627:
16628: * parse.lex:
16629: Better fix for sudoers files w/o a newline before EOF. It looks
16630: like the issue is that yyrestart() does not reset the start
16631: condition to INITIAL which is an issue since we parse sudoers
16632: multiple times.
16633: [920f8326968a]
16634:
16635: 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
16636:
16637: * parse.lex:
16638: Work around what appears to be a flex bug when dealing with files
16639: that lack a final newline before EOF. This adds a rule to match EOF
16640: in the non-initial states which resets the state to INITIAL and
16641: throws an error.
16642: [b94943bb1f81]
16643:
16644: * visudo.c:
16645: o The parser needs sudoers to end with a newline but some editors
16646: (emacs) may not add one. Check for a missing newline at EOF and
16647: add one if needed. o Set quiet flag during initial sudoers parse (to
16648: get options) o Move yyrestart() call and always use freopen() to
16649: open yyin after initial sudoers parse.
16650: [12d12f9b07aa]
16651:
16652: 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
16653:
16654: * set_perms.c:
16655: Fix pasto/thinko in setresgid()/setregid() usage. Want to set
16656: effective gid, not real gid, when reading sudoers.
16657: [c7d18b810fcd]
16658:
16659: * set_perms.c:
16660: don't compile set_perms_posix if we have setreuid or setresuid
16661: [b9cea7a81a29]
16662:
16663: 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
16664:
16665: * sudo.pod, sudoers.pod:
16666: document new prompt escapes
16667: [2f088076b640]
16668:
16669: * check.c:
16670: Add %U and %H escapes and redo prompt rewriting. "%%" now gets
16671: collapsed to "%" as was originally intended. This also gets rid of
16672: lastchar (does lookahead instead of lookback) which should simplify
16673: the logic slightly.
16674: [4b707b77b3c7]
16675:
16676: 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
16677:
16678: * tgetpass.c:
16679: Write the prompt *after* turning off echo to avoid some password
16680: characters being echoed on heavily-loaded machines with fast
16681: typists.
16682: [d38c57775915]
16683:
16684: * config.sub:
16685: Add support for mipseb; wiz@danbala.tuwien.ac.at
16686: [cfdac87ed5c8]
16687:
16688: * configure.in:
16689: Fix IRIX fallout from name changes in man dir/sect Makefile
16690: variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
16691: [9a7618755c23]
16692:
16693: * auth/pam.c:
16694: Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
16695: the global copy. Problem noted by Peter Pentchev.
16696: [d0a3e189cb06]
16697:
16698: 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
16699:
16700: * sudo.tab.c:
16701: regen
16702: [23b931359087]
16703:
16704: * parse.yacc:
16705: Add missing yyerror() calls; YYERROR does not seem to call this for
16706: us.
16707: [0be7aeb3ac57]
16708:
16709: 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
16710:
16711: * sudo.c:
16712: fix typo in comment; Pedro Bastos
16713: [d7406c460e99]
16714:
16715: 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
16716:
16717: * INSTALL:
16718: document --disable-setresuid
16719: [fbd03d03a027]
16720:
16721: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
16722: auth/sudo_auth.c:
16723: Sprinkle some volatile qualifiers to prevent over-enthusiastic
16724: optimizers from removing memset() calls.
16725: [5370ac0e6129]
16726:
16727: * logging.c, parse.yacc:
16728: minor sign fixes pointed out by gcc -Wsign-compare
16729: [db872438337f]
16730:
16731: * set_perms.c, sudo.c, sudo.h:
16732: Revamp set_perms. We now use a version based on setresuid() or
16733: setreuid() when possible since that allows us to support the
16734: stay_setuid option and we always know exactly what the semantics
16735: will be (various Linux kernels have broken POSIX saved uid support).
16736: [523bc212396c]
16737:
16738: * config.h.in, configure:
16739: regen from configure.in
16740: [351877ea2624]
16741:
16742: * configure.in:
16743: Add checks for setresuid() and a way to disable using it
16744: [a5b21653d169]
16745:
16746: * compat.h:
16747: No long need to emulate set*[ug]id() via setres[ug]id() or
16748: setre[ug]id(). The new set_perms stuff only uses things it knows are
16749: there.
16750: [47884bd5d1d9]
16751:
16752: * sudo.c:
16753: Before exec, restore state of signal handlers to be the same as when
16754: we were initialy invoked instead of just reseting to SIG_DFL. Fixes
16755: a problem when using sudo with nohup. Based on a patch from Paul
16756: Markham.
16757: [f8f5a1484faa]
16758:
16759: * sudo.c:
16760: o timestamp_uid should be uid_t, not int o clarify error message
16761: when sudo is run by root and no_root_sudo is set
16762: [19dda0734264]
16763:
16764: 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
16765:
16766: * README:
16767: update ftp link for bison
16768: [98bc191016e3]
16769:
16770: 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
16771:
16772: * set_perms.c:
16773: Error out if setusercontext() fails and the runas user is not root.
16774: [089f9ade4686]
16775:
16776: 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
16777:
16778: * auth/securid5.c:
16779: Fix rcsid
16780: [07e9e85dcc2f]
16781:
16782: * configure.in:
16783: Fix SecurID API test
16784: [5ec201f454a5]
16785:
16786: 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
16787:
16788: * env.c:
16789: typo in comment
16790: [9d385c9ac533]
16791:
16792: * configure.in:
16793: securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
16794: but I don't see a better way at the moment.
16795: [f89e55cbb313]
16796:
16797: * Makefile.in, auth/securid5.c:
16798: SecurID API version 5 support from Michael Stroucken
16799: [68500ac7e531]
16800:
16801: * configure.in:
16802: Add check for SecurID 5.0 API
16803: [1ee242e6de6b]
16804:
16805: 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
16806:
16807: * strerror.c:
16808: We actually do still need config.h to get the 'const' definition for
16809: K&R C.
16810: [d9c982032d85]
16811:
16812: 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
16813:
16814: * configure:
16815: regen with autoconf 2.5.3
16816: [c71fc086eef5]
16817:
16818: * configure.in:
16819: Don't set sysconfdir to '/etc' if the user has specified a --prefix.
16820: [d90da1efafd9]
16821:
16822: * configure.in:
16823: Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
16824: LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
16825: [dd67afefa90d]
16826:
16827: * env.c, sudo.c, sudo.h:
16828: No need for dump_badenv() now that dump_defaults() knows how to dump
16829: lists.
16830: [6bcda468501d]
16831:
16832: * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
16833: version.h:
16834: ++version
16835: [44e3b8f95f0b]
16836:
16837: * sudoers.pod:
16838: document timestampowner
16839: [37ebd69e9dd1]
16840:
16841: * check.c:
16842: Don't call set_perms() when doing timestamp stuff unless
16843: timestamp_uid != 0.
16844: [63a63d41d18c]
16845:
16846: * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
16847: sudo.h, testsudoers.c:
16848: g/c second arg to set_perms--it is no longer used
16849: [7ac4ce50c612]
16850:
16851: 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
16852:
16853: * check.c, set_perms.c, sudo.c, sudo.h:
16854: Add support for non-root timestamp dirs. This allows the timestamp
16855: dir to be shared via NFS (though this is not recommended).
16856: [faa83dd2b7fb]
16857:
16858: * def_data.c, def_data.h, def_data.in:
16859: Add timestampowner, "Owner of the authentication timestamp dir"
16860: [d47640d4c86a]
16861:
16862: 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
16863:
16864: * env.c:
16865: Don't try to pre-compute the size of the new envp, just allocate
16866: space up front and realloc as needed. Changes to the new env
16867: pointer must all be made through insert_env() which now keeps track
16868: of spaced used and allocates as needed.
16869: [39bc934a9f2c]
16870:
16871: 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
16872:
16873: * configure:
16874: regen
16875: [0e12c09bb790]
16876:
16877: * configure.in:
16878: Fix two typo/pastos; from jrj@purdue.edu
16879: [b718a4bf1181]
16880:
16881: 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
16882:
16883: * INSTALL.binary, README:
16884: ++version
16885: [a1e33027278c] [SUDO_1_6_6]
16886:
16887: * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
16888: visudo.cat, visudo.man.in:
16889: regen
16890: [19eb2be283ef]
16891:
16892: * CHANGES, RUNSON, TODO:
16893: Sync with 1.6.6
16894: [2ff9a9087f63]
16895:
16896: * check.c:
16897: The the loop used to expand %h and %u, the lastchar variable was not
16898: being initialized. This means that if the last char in the prompt
16899: is '%' and the first char is 'h' or 'u' a extra copy of the host or
16900: user name would be copied, for which space had not been allocated.
16901: [b2e27197857d]
16902:
16903: 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
16904:
16905: * BUGS, INSTALL, Makefile.in, configure.in, version.h:
16906: crank version to 1.6.6
16907: [cfd08689e597]
16908:
16909: * auth/afs.c:
16910: #undef VOID to get rid of an AFS warning
16911: [b40760564dc1]
16912:
16913: * env.c:
16914: Use easprintf instead of emalloc + sprintf for some things.
16915: [e7bfe2e69a03]
16916:
16917: 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
16918:
16919: * lex.yy.c, sudo.tab.c:
16920: regen
16921: [35327104383d]
16922:
16923: * parse.c, parse.lex, parse.yacc, testsudoers.c:
16924: Remove Chris Jepeway's email address so people don't bug him ;-)
16925: [c03410747a69]
16926:
16927: 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
16928:
16929: * sudo.c:
16930: Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
16931: endgrent() at the same time.
16932: [28b6097d5d1a]
16933:
16934: 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
16935:
16936: * INSTALL:
16937: Make it clear which configure options take arguments.
16938: [38529e7efad0]
16939:
16940: 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
16941:
16942: * compat.h:
16943: HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
16944: RLIM_INFINITY, just pretend it is -1. This works because we only
16945: check for RLIM_INFINITY and do not set anything to that value.
16946: [53173d34e6eb]
16947:
16948: 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
16949:
16950: * auth/pam.c:
16951: Zero and free allocated memory when there is a conversation error.
16952: [e342133db579]
16953:
16954: * auth/bsdauth.c:
16955: Use sigaction() not signal()
16956: [126c2790561f]
16957:
16958: * INSTALL:
16959: Mention that some linux kernels have broken POSIX saved ID support
16960: [571ef1a893d3]
16961:
16962: * CHANGES:
16963: checkpoint for 1.6.5p2
16964: [9e9e456f7f43]
16965:
16966: * configure:
16967: regen
16968: [d53703a46708]
16969:
16970: * configure.in:
16971: Add --disable-setreuid flag
16972: [3b9f2679cb55]
16973:
16974: * INSTALL:
16975: Document new --disable-setreuid option and change description for
16976: --disable-saved-ids to match new error message.
16977: [14fd3e5f60a5]
16978:
16979: * set_perms.c:
16980: fatal() now takes an argument that determines whether or not to call
16981: perror().
16982: [d826b25e62ff]
16983:
16984: * TROUBLESHOOTING:
16985: Update for new error messages from set_perms()
16986: [78007c3f76a9]
16987:
16988: * PORTING:
16989: Update for new error messages from set_perms()
16990: [60c545a6bcff]
16991:
16992: 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
16993:
16994: * auth/pam.c:
16995: Make this compile w/o warnings
16996: [b90843a29af5]
16997:
16998: * auth/pam.c:
16999: Mention that we can't use pam_acct_mgmt()
17000: [1dfc5a6e0479]
17001:
17002: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
17003: The user's password was not zeroed after use when AIX
17004: authentication, BSD authentication, FWTK or PAM was in use.
17005: [b18fff30b1e7]
17006:
17007: 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
17008:
17009: * auth/pam.c:
17010: Avoid giving PAM a NULL password response, use the empty string
17011: instead. This avoids a log warning when the user hits ^C at the
17012: password prompt when PAM is in use.
17013: [c3315805e4e4]
17014:
17015: * auth/pam.c:
17016: Don't check the return value of pam_setcred(). In Linux-PAM 0.75
17017: pam_setcred() returns the last saved return code, not the return
17018: code for the setcred module. Because we haven't called
17019: pam_authenticate(), this is not set and so pam_setcred() returns
17020: PAM_PERM_DENIED.
17021: [73db145fa179]
17022:
17023: * Makefile.in:
17024: Don't need a '/' between $(DESTDIR) and a directory.
17025: [0901ca618176]
17026:
17027: * Makefile.binary:
17028: Don't need a '/' between $(DESTDIR) and a directory.
17029: [cd7eb6098b87]
17030:
17031: 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
17032:
17033: * configure:
17034: regen
17035: [41b12c039282]
17036:
17037: * configure.in:
17038: o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
17039: setreuid() o new NetBSD has a real setreuid() o add check for
17040: freeifaddrs() if getifaddrs() exists.
17041: [a82ee3b01733]
17042:
17043: * config.h.in, interfaces.c:
17044: Older BSDi releases lack freeifaddrs() so add a test for that and if
17045: it is not present just use free().
17046: [6270671ea9d5]
17047:
17048: 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
17049:
17050: * CHANGES, RUNSON:
17051: Checkpoint for 1.6.5p1
17052: [26134ecf9b36]
17053:
17054: * auth/passwd.c:
17055: Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
17056: to normal passwords, not AUTH_FATAL (which just causes an exit).
17057: [785e0f4bc0e2]
17058:
17059: * visudo.c:
17060: Don't use memory after it has been freed.
17061: [c60492739fdb]
17062:
17063: * auth/passwd.c:
17064: skeyaccess() wants a struct passwd * not a char *; Patch from
17065: Phillip E. Lobbes
17066: [65a1d3806fcd] [SUDO_1_6_5]
17067:
17068: * BUGS:
17069: ++version
17070: [b2e1825e692e]
17071:
17072: * CHANGES, RUNSON, TODO:
17073: checkpoint for sudo 1.6.5
17074: [d730945622e7]
17075:
17076: 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
17077:
17078: * configure:
17079: regen
17080: [49744c403ac9]
17081:
17082: * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
17083: version 1.6.5
17084: [ec30a5f7fc45]
17085:
17086: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
17087: visudo.man.in:
17088: sudo version 1.6.5
17089: [458a3bed535d]
17090:
17091: * logging.c:
17092: o when invoking the mailer as root use a hard-coded environment that
17093: doesn't include any info from the user's environment. Basically
17094: paranoia.
17095:
17096: o Add support for the NO_ROOT_MAILER compile-time option and run the
17097: mailer as the user and not root if NO_ROOT_MAILER is defined.
17098: [4df351ec92ce]
17099:
17100: * set_perms.c, sudo.h:
17101: Bring back PERM_FULL_USER
17102: [edb6039bb284]
17103:
17104: * configure:
17105: regen
17106: [3eb2943afa03]
17107:
17108: * version.h:
17109: version 1.6.5
17110: [044fc9a0c72b]
17111:
17112: * INSTALL, config.h.in, configure.in:
17113: Add --disable-root-mailer option to run the mailer as the user and
17114: not root.
17115: [e9f805397963]
17116:
17117: * CHANGES:
17118: checkpoint for 1.6.4p2
17119: [b58aae5aa98a]
17120:
17121: * PORTING:
17122: Mention the "seteuid(0): Operation not permitted" problem here too
17123: just for good measure.
17124: [90135b37a691]
17125:
17126: 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
17127:
17128: * env.c, getspwuid.c, sudo.c:
17129: The SHELL environment variable was preserved from the user's
17130: environment instead of being reset based on the passwd database when
17131: the "env_reset" option was used. Now it is reset as it should be.
17132: [300066ef3c71]
17133:
17134: * configure:
17135: regen
17136: [a47d779e6552]
17137:
17138: * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
17139: sudo.c:
17140: Add a configure option to turn off use of POSIX saved IDs
17141: [fb18cc8e94d0]
17142:
17143: * configure:
17144: regen
17145: [d4f2f20025b6]
17146:
17147: * configure.in:
17148: add --with-efence option
17149: [45c4f33a8e88]
17150:
17151: * sudo.c:
17152: Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
17153: "sudo -l" would not work if always_set_home was set.
17154: [c3a6de6c4800]
17155:
17156: * lex.yy.c:
17157: regen
17158: [417424452998]
17159:
17160: * parse.lex:
17161: Quoted commas were not being treated correctly in command line
17162: arguments.
17163: [753415541b37]
17164:
17165: * sudo.c:
17166: o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
17167: Otherwise, the set_home option has no effect.
17168:
17169: o Fix use of freed memory when the "fqdn" flag is set. This was
17170: introduced by the fix for the "segv when gethostbynam() fails" bug.
17171: Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
17172: there is no need to check the "fqdn" flag in set_fqdn() itself.
17173: [4b6a4245c04e]
17174:
17175: * env.c:
17176: Add 'continue' statements to optimize the switch statement. From
17177: Solar.
17178: [a82c76975ae5]
17179:
17180: 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
17181:
17182: * sudoers.cat, sudoers.man.in:
17183: Regen from new sudoers.pod
17184: [6ecc07b3d0e1] [SUDO_1_6_4]
17185:
17186: * sudoers.pod:
17187: Add caveat about stay_setuid flag
17188: [9d228a7bea1b]
17189:
17190: * sudo.c:
17191: If set_perms == set_perms_posix and the stay_setuid flag is not set,
17192: set all uids to 0 and use set_perms_fallback().
17193: [c4e54d1ec86f]
17194:
17195: * set_perms.c, sudo.h:
17196: Remove PERM_FULL_USER (which is no longer used) and add
17197: PERM_FULL_ROOT (used when exec'ing the mailer).
17198: [15406c522ea2]
17199:
17200: * logging.c:
17201: Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
17202: never want to run the mailer setuid.
17203: [2294853e0666]
17204:
17205: 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
17206:
17207: * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
17208: visudo.pod:
17209: Use sudo.ws instead of courtesan.com in URLs
17210: [55204002a308]
17211:
17212: * Makefile.binary, Makefile.in:
17213: Fix mansect substitution
17214: [b7b5cbc3aa91]
17215:
17216: * Makefile.in:
17217: Substitute man sections in Makefile.binary
17218: [040deb785e56]
17219:
17220: * Makefile.binary:
17221: Sync install targets with Makefile.in and substitute in man
17222: sections.
17223: [77882a275281]
17224:
17225: * INSTALL, INSTALL.binary:
17226: version is 1.6.4
17227: [0f87aabbcb70]
17228:
17229: * Makefile.in:
17230: Repair bindist target
17231: [8d43bfe7e2d1]
17232:
17233: * CHANGES:
17234: sync for 1.6.4
17235: [13ca3d4a0a72]
17236:
17237: 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
17238:
17239: * install-sh:
17240: Fix case where neither whoami nor id are found
17241: [424dd270bc47]
17242:
17243: 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
17244:
17245: * install-sh:
17246: If neither whoami nor id exists, just assume we are root.
17247: [2d2644e42c53]
17248:
17249: * alloc.c:
17250: Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
17251: on AIX which for some reason isn't pulling in the malloc prototype.
17252: [231440d2ee3b]
17253:
17254: 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
17255:
17256: * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
17257: (c) 2002
17258: [700e3b41a68e]
17259:
17260: * CHANGES:
17261: checkpoint
17262: [33e604bd8d5b]
17263:
17264: * sudo.c:
17265: Defer assigning new environment until right before the exec.
17266: [f13c49e75c1c]
17267:
17268: * parse.c:
17269: kill extra blank line
17270: [12ef22e9dae3]
17271:
17272: 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
17273:
17274: * configure:
17275: regen
17276: [a6cd2d788f74]
17277:
17278: * configure.in:
17279: Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
17280: compiler doesn't recognise -O2.
17281: [5234aa543692]
17282:
17283: * HISTORY:
17284: Clarify origins of Root Group sudo a bit based on info from
17285: billp@rootgroup.com
17286: [4deef01c4208]
17287:
17288: 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
17289:
17290: * LICENSE:
17291: 2002
17292: [6c8e089dbd1a]
17293:
17294: * CHANGES:
17295: checkpoint for 1.6.4rc1
17296: [3349eb87a49f]
17297:
17298: 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
17299:
17300: * config.h.in:
17301: now generated via autoheader
17302: [84657d303cb9]
17303:
17304: * configure:
17305: regen
17306: [207bfa6a13f6]
17307:
17308: * compat.h:
17309: Move in some stuff that was previously in config.h.
17310: [e576d8b6480f]
17311:
17312: * aclocal.m4, configure.in:
17313: Add info for autoheader.
17314: [0549cd5da27c]
17315:
17316: 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
17317:
17318: * Makefile.in:
17319: o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
17320: -g to facilitate non-root installs
17321: [619216038f56]
17322:
17323: * install-sh:
17324: Add -M option (like -m but only for root) If we can't find "whoami",
17325: use "id" w/ some sed.
17326: [b39121c8b792]
17327:
17328: * configure:
17329: regen
17330: [b39b93ff9804]
17331:
17332: * configure.in:
17333: allow user to always override mansectsu and mansectform
17334: [0fca5e63bd90]
17335:
17336: 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
17337:
17338: * mkinstalldirs:
17339: update from autoconf 2.52
17340: [07bd75a508c3]
17341:
17342: * config.guess, config.sub:
17343: Update from autoconf 2.52
17344: [857b90fe31b7]
17345:
17346: * configure:
17347: regen with autoconf 2.52
17348: [08e7d1ea2aeb]
17349:
17350: * configure.in:
17351: o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
17352: mode o Remove compiler-specific checks for HP-UX now that we use
17353: AC_PROG_CC_STDC
17354: [d433a70b6208]
17355:
17356: * RUNSON:
17357: Checkpoint
17358: [babf6d2235d1]
17359:
17360: * auth/pam.c:
17361: o Add pam_prep_user function to call pam_setcred() for the target
17362: user; on Linux this often sets resource limits. o When calling
17363: pam_end(), try to convert the auth->result to a PAM_FOO value.
17364: This is a hack--we really need to stash the last PAM_FOO value
17365: received and use that instead.
17366: [6ad6f340dd2a]
17367:
17368: * set_perms.c, sudo.h:
17369: o Add pam_prep_user function to call pam_setcred() for the target
17370: user; on Linux this often sets resource limits.
17371: [67795421ac82]
17372:
17373: * env.c:
17374: Fix off by one error in number of bytes allocated via malloc (does
17375: not affected any released version of sudo).
17376: [5f5915360111]
17377:
17378: 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
17379:
17380: * lex.yy.c:
17381: regen
17382: [8208c0277775]
17383:
17384: * parse.lex:
17385: Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
17386: requiring that they be quoted.
17387: [ae59bc8f68dd]
17388:
17389: * sudoers.cat, sudoers.man.in, sudoers.pod:
17390: Mention that no double quotes are needed when
17391: adding/deleting/assigning a single value to a list.
17392: [25efc940a1f0]
17393:
17394: * Makefile.in:
17395: Don't rely on mkdefaults being executable, call perl explicitly.
17396: [6edc97ba5f1d]
17397:
17398: * sudo.tab.c:
17399: regen
17400: [49130b2e7e4d]
17401:
17402: * parse.yacc:
17403: Remove some XXX that are no longer relevant.
17404: [d460ac0d3767]
17405:
17406: * defaults.c:
17407: o Roll our own loop instead of using strpbrk() for better
17408: grokability o When adding to a list we must malloc() and use
17409: memcpy(), not strdup() since we must only copy len bytes from str.
17410: [649bef08e1f0]
17411:
17412: 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
17413:
17414: * sudo.tab.c:
17415: regen
17416: [f0bbf2c38c0e]
17417:
17418: * parse.yacc:
17419: typo in comment
17420: [2563711ff593]
17421:
17422: 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
17423:
17424: * CHANGES:
17425: checkpoint
17426: [a6d8a29fb30e]
17427:
17428: * configure:
17429: regen
17430: [bdfcaaf3bd13]
17431:
17432: * configure.in:
17433: avoid the -g flag unless --with-devel was specified
17434: [a976707bef30]
17435:
17436: * Makefile.in:
17437: mkdefaults, def_data.in and sigaction.c were missing from the
17438: tarball
17439: [6917ffbaa412]
17440:
17441: * Makefile.in:
17442: def_data.c was missing
17443: [87c78b11453d]
17444:
17445: 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
17446:
17447: * env.c:
17448: Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
17449: allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
17450: [fc8698e6a45e]
17451:
17452: * TODO:
17453: Another TODO item
17454: [6f251d6cd466]
17455:
17456: * sudoers:
17457: Add comment for Default section so folks know where it should go.
17458: [7edba626f392]
17459:
17460: 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
17461:
17462: * tgetpass.c:
17463: Use TCSETAF, not TCSETA to set terminal in termio case
17464: [fbd172f6c5d3]
17465:
17466: * sudoers.cat, sudoers.man.in:
17467: regen from sudoers.pod
17468: [64edd2de816e]
17469:
17470: * sudoers.pod:
17471: o Typo, Runas_User_List should be Runas_List o a User_List can not
17472: contain a uid o mention that the Defaults section should come after
17473: Alias definitions but before the user specifications
17474: [54070ba2092b]
17475:
17476: 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
17477:
17478: * sudoers.cat, sudoers.man.in:
17479: regen
17480: [e62d1d97693c]
17481:
17482: * sudoers.pod:
17483: Fix listpw and verifypw sections, they were not being formatted
17484: properly.
17485: [123868c2f3e9]
17486:
17487: * sudoers.cat, sudoers.man.in:
17488: regen
17489: [f94841f8b374]
17490:
17491: * sudoers.pod:
17492: fix typos
17493: [f278f1c1184e]
17494:
17495: * configure:
17496: regen
17497: [d2270049ba9f]
17498:
17499: * config.h.in, configure.in:
17500: use AC_SYS_POSIX_TERMIOS instead of rolling our own
17501: [c1a13f1354b9]
17502:
17503: * README:
17504: Reference sudo.ws not courtesan.com
17505: [ca13be67ebd7]
17506:
17507: * PORTING:
17508: Add notes on shadow passwords
17509: [aa13863f2314]
17510:
17511: * BUGS:
17512: In list mode (sudo -l), characters escaped with a backslash are
17513: shown verbatim with the backslash.
17514: [1a75a2858be2]
17515:
17516: * sudoers:
17517: Add simple examples from OpenBSD (Marc Espie)
17518: [3ae9a9ae4125]
17519:
17520: * tgetpass.c:
17521: Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
17522: [f8817699ee10]
17523:
17524: * CHANGES:
17525: minor prettyification
17526: [f523587929b9]
17527:
17528: * CHANGES:
17529: Updated change log
17530: [39d9010ee7a8]
17531:
17532: * testsudoers.c:
17533: Fix CIDR handling here too.
17534: [c91db8344c32]
17535:
17536: * auth/pam.c:
17537: Apparently a NULL response is OK
17538: [83bae61078d9]
17539:
17540: * TODO:
17541: Checkpoint for upcoming beta release
17542: [efb95c09df2a]
17543:
17544: * TROUBLESHOOTING:
17545: Many people believe that adding a runas spec should obviate the need
17546: for the -u flag. It does not.
17547: [c698bad85b0e]
17548:
17549: * RUNSON:
17550: checkpoint update for upcoming 1.6.4 beta
17551: [009e465a0a45]
17552:
17553: * config.h.in:
17554: o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
17555: if HAVE_STRING_H is defined -- this is safe now
17556: [d27c035f4e14]
17557:
17558: * PORTING:
17559: Add signals section
17560: [2d24c13cb3c8]
17561:
17562: * configure:
17563: regen
17564: [2b80a939e2ed]
17565:
17566: * configure.in:
17567: Fix check for sigaction_t
17568: [6fa41c89ab20]
17569:
17570: * sudo.c:
17571: XXX - should call find_path() as runas user, not root. Can't do
17572: that until the parser changes though.
17573: [f0b4f85651bd]
17574:
17575: * sudo.c:
17576: If find_path() fails as root, try again as the invoking user (useful
17577: for NFS). Idea from Chip Capelik.
17578: [e03fa7872692]
17579:
17580: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
17581: Regenerate after pod file changes
17582: [48e4bd75ec21]
17583:
17584: * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
17585: sudo.pod, sudoers.pod:
17586: Add new sudoers option "preserve_groups". Previously sudo would not
17587: call initgroups() if the target user was root. Now it always calls
17588: initgroups() unless the -P command line option or the
17589: "preserve_groups" sudoers option is set. Idea from TJ Saunders.
17590: [4f730359f101]
17591:
17592: 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
17593:
17594: * compat.h, config.h.in:
17595: Use new HAVE_SIGACTION_T define
17596: [dfb25f3cae5b]
17597:
17598: * logging.c:
17599: Fix compilation on K&C
17600: [7355e3275e34]
17601:
17602: * configure:
17603: regen
17604: [a710584f92f0]
17605:
17606: * configure.in:
17607: Add check for sigaction_t -- IRIX already defines this so don't
17608: redefine it.
17609: [df9c5737f6da]
17610:
17611: * snprintf.c:
17612: fix typo
17613: [3d782b8134c8]
17614:
17615: * interfaces.c:
17616: need stdlib.h here too
17617: [c789d8973ab2]
17618:
17619: * configure:
17620: regen
17621: [44822856bf46]
17622:
17623: * configure.in:
17624: Remove redundant checks for string.h, strings.h and unistd.h
17625: [933c94f8bbf4]
17626:
17627: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
17628: visudo.man.in:
17629: Regen from pod files
17630: [ad18c590f638]
17631:
17632: * BUGS:
17633: Update for 1.6.4
17634: [26bc88b69d22]
17635:
17636: * configure, lex.yy.c, sudo.tab.c:
17637: regen
17638: [bef89fd6fa2d]
17639:
17640: * strerror.c:
17641: Return EINVAL if errnum > sys_nerr
17642: [0512374e6661]
17643:
17644: * auth/sudo_auth.h:
17645: o Update copyright year
17646: [a877016db6e2]
17647:
17648: * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
17649: config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
17650: sudo.pod:
17651: o Update copyright year
17652: [e15a1b39039f]
17653:
17654: * configure.in:
17655: o Don't define STDC_HEADERS unconditionally for IRIX o Update
17656: copyright year
17657: [82a8cb819e07]
17658:
17659: * README:
17660: update version
17661: [d82e523a16b4]
17662:
17663: * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
17664: auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
17665: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
17666: auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
17667: set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
17668: visudo.c:
17669: o Reorder some headers and use STDC_HEADERS define properly o Update
17670: copyright year
17671: [fe39f76b3795]
17672:
17673: * lsearch.c:
17674: o Reorder some headers and use STDC_HEADERS define properly o Update
17675: copyright year
17676: [764ba3d4fa13]
17677:
17678: * getspwuid.c, goodpath.c, interfaces.c:
17679: o Reorder some headers and use STDC_HEADERS define properly o Update
17680: copyright year
17681: [fb46d46140d4]
17682:
17683: * getcwd.c:
17684: o Reorder some headers and use STDC_HEADERS define properly o Update
17685: copyright year
17686: [b199d70ac7ab]
17687:
17688: * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
17689: fnmatch.c:
17690: o Reorder some headers and use STDC_HEADERS define properly o Update
17691: copyright year
17692: [dab8f192a3ed]
17693:
17694: * configure:
17695: regen
17696: [156658f25cea]
17697:
17698: * tgetpass.c:
17699: flags set in signal handlers should be volatile sig_atomic_t
17700: [c22931a5535e]
17701:
17702: * config.h.in, configure.in:
17703: Add checks for volatile and sig_atomic_t
17704: [b03b3341381d]
17705:
17706: * configure, lex.yy.c:
17707: regen
17708: [ed9daba88217]
17709:
17710: * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
17711: sudo.c, sudoers.pod:
17712: Remove "secure_path" Defaults option since it cannot work with the
17713: existing parser.
17714: [c9e54a0f5971]
17715:
17716: * find_path.c, sudo.c:
17717: Unset "secure_path" if user_is_exempt()
17718: [fb7544565ae8]
17719:
17720: * env.c, pathnames.h.in:
17721: o Remove assumption that PATH and TERM are not listed in env_keep o
17722: If no PATH is in the environment use a default value o If TERM is
17723: not set in the non-reset case also give it a default value.
17724: [c987eb7df268]
17725:
17726: * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
17727: _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
17728: systems that define in paths.h
17729: [51865b0cdebf]
17730:
17731: * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
17732: Add support for skeyaccess(3) if it is present in libskey.
17733: [8add77c7d3e7]
17734:
17735: 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
17736:
17737: * sudo.c:
17738: Only need to do 'lc = login_getclass(NULL)' if lc == NULL
17739: [5a3d3cbf2c6d]
17740:
17741: * parse.lex:
17742: '\\' is a perfectly legal character to have in a command line
17743: argument.
17744: [c15a466ef00e]
17745:
17746: * sudo.c:
17747: o Defer call to set_fqdn() until it is safe to use log_error() o
17748: Don't print errno string value if gethostbyname fails, it is not
17749: relevant
17750: [c0c6bcf08bcb]
17751:
17752: * parse.c:
17753: Fix CIDR -> in_addr_t conversion.
17754: [2f307ebeb63f]
17755:
17756: 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
17757:
17758: * sudoers.pod:
17759: Remove an extra "User_List" in the User_Spec definition From
17760: ybertrand AT snoopymail.com
17761: [97bde59ea280]
17762:
17763: * parse.c:
17764: Make 'listpw=never' work for users who are not explicitly mentioned
17765: in sudoers.
17766: [258f0f30a428]
17767:
17768: * sudoers.pod:
17769: Remove gratuitous '=' in EBNF grammar; era AT iki.fi
17770: [4b0f03872ee1]
17771:
17772: * sudoers.pod:
17773: Document new list Defaults type and convert env_keep and env_delete
17774: to lists. Document new env_check option.
17775: [a07f1f079fe3]
17776:
17777: * lex.yy.c, sudo.tab.c, sudo.tab.h:
17778: regen parser
17779: [e39ac6c6581b]
17780:
17781: * parse.lex:
17782: Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
17783: to #[0-9-]+.
17784: [69c5388908f3]
17785:
17786: * configure:
17787: regen
17788: [0f1877b88cb3]
17789:
17790: * aclocal.m4:
17791: Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
17792: [6545503ae361]
17793:
17794: * config.h.in, configure.in:
17795: Add check for skeyaccess(3)
17796: [6caf69fe6359]
17797:
17798: * visudo.pod:
17799: Document new -c, -f, and -q options
17800: [13d0203c21d3]
17801:
17802: * visudo.c:
17803: o Add -f option (alternate sudoers file) o Convert to use getopt(3)
17804: [4c2b664d617d]
17805:
17806: * configure:
17807: regen
17808: [6d5bd932e7b5]
17809:
17810: * aclocal.m4, config.h.in, configure.in:
17811: Add check for isblank and a replacement macro if it doesn't exist.
17812: [b524f5e4f953]
17813:
17814: 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
17815:
17816: * visudo.c:
17817: In check-only mode, don't create sudoers if it does not already
17818: exist.
17819: [c748a2d5acad]
17820:
17821: * parse.yacc:
17822: o Add a new token, DEFVAR, to indicate a Defaults variable name o
17823: Add support for "+=" and "-=" list operators o replace some 1 and 0
17824: with TRUE and FALSE for greater legibility.
17825: [554cb174b37e]
17826:
17827: * parse.lex:
17828: o Use exclusive start conditions to remove some ambiguity in the
17829: lexer. Also reorder some things for clarity. o Add support for
17830: "+=" and "-=" list operators. o Use the new DEFVAR token to denote
17831: a Defaults variable name.
17832: [3a2cf8323e26]
17833:
17834: * sudo.h:
17835: Prototype init_envtables()
17836: [b74916469dab]
17837:
17838: * env.c:
17839: o Convert environment handling to use lists instead of strings.
17840: This greatly simplifies routines that need to do "foreach" type
17841: operations. o Add new init_envtables() function to set env_check
17842: and env_delete defaults based on initial_badenv_table and
17843: initial_checkenv_table (formerly sudo_badenv_table).
17844: [0a8b404658b6]
17845:
17846: * defaults.c, defaults.h:
17847: o Add a new LIST type and functions to manipulate it. o This is for
17848: use with environment handling variables. o Call new
17849: init_envtables() routine inside init_defaults() to initialize the
17850: environment lists.
17851: [ae73e64f0902]
17852:
17853: * def_data.c, def_data.h, def_data.in:
17854: Convert environment options to use the new LIST type and add a new
17855: one, env_check that only deletes if the sanity check fails.
17856: [3019503936de]
17857:
17858: * testsudoers.c:
17859: Add dummy version of init_envtables()
17860: [9d9e3ee609d9]
17861:
17862: * parse.yacc:
17863: honor quiet mode
17864: [8330fba6167c]
17865:
17866: * visudo.c:
17867: Add check-only mode
17868: [dab411bc8c35]
17869:
17870: * mkdefaults:
17871: Fix generation of entries with NULL descriptions.
17872: [ea75b9fed02e]
17873:
17874: 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
17875:
17876: * tgetpass.c:
17877: Use sigaction_t and quiet a gcc warning.
17878: [6f67d719c452]
17879:
17880: * sudo.c:
17881: Must reset signal handlers before we exec
17882: [300418120e1a]
17883:
17884: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
17885: auth/sudo_auth.c:
17886: Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
17887: version needs testing. Set SIGTSTP to SIG_DFL during password entry
17888: so user can suspend us.
17889: [00304aa58747]
17890:
17891: * tgetpass.c:
17892: Add support for interrupting/suspending tgetpass via keyboard input.
17893: If you suspend sudo from the password prompt and resume it will re-
17894: prompt you.
17895: [4af2b5101d32]
17896:
17897: * sudo.c:
17898: Don't block keyboard interrupt signals, just set them to SIG_IGN.
17899: [d46d7f67ef6b]
17900:
17901: 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
17902:
17903: * config.h.in:
17904: add back HAVE_SIGACTION
17905: [c9c7702c603e]
17906:
17907: * configure:
17908: regen
17909: [09fe669d337f]
17910:
17911: * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
17912: Kill POSIX_SIGNALS define and old signal support now that we emulate
17913: POSIX ones Also be sure to correctly initialize struct sigaction.
17914: [4bc2a6dbb2be]
17915:
17916: * strerror.c:
17917: Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
17918: [1ad64a19f328]
17919:
17920: * compat.h:
17921: Add scaffolding for POSIX signal emulation
17922: [945861d4c93b]
17923:
17924: * sigaction.c:
17925: o Add missing ';' so this compiles o Can't use NULL since we don't
17926: include stdio.h
17927: [04d0cac7438f]
17928:
17929: * sigaction.c:
17930: Emulate sigaction() using sigvec()
17931: [d0b54a989875]
17932:
17933: 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
17934:
17935: * sudoers.pod:
17936: Document new behavior of negative values of timestamp_timeout Fix a
17937: typo
17938: [4c0716570d01]
17939:
17940: * sudo.pod:
17941: Add security note about command not being logged after 'sudo su' and
17942: friends.
17943: [43294851a33c]
17944:
17945: * sudo.pod:
17946: Mention that -V prints default values when run as root, including
17947: the list of environment variables to clear.
17948: [d9e5e550a8c3]
17949:
17950: * Makefile.in:
17951: Run pod2man with --quotes=none to avoid stupid quoting of C<>
17952: entries.
17953: [997b23c35dbe]
17954:
17955: 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
17956:
17957: * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
17958: Add mail_badpass option Also modify mail_always behavior to also
17959: send mail when the password is wrong
17960: [838d40ccafce]
17961:
17962: * env.c, sudo.c, sudo.h:
17963: Dump default bad env table when 'sudo -V' is run by root.
17964: [f67f1b8048b0]
17965:
17966: * sudoers.pod:
17967: document env_delete
17968: [d74f893663a2]
17969:
17970: * env.c:
17971: Add support for '*' in env_keep when not resetting the environment
17972: (ie: the normal case).
17973: [fd4fb62ea8fd]
17974:
17975: * env.c:
17976: Add env_delete variable that lets the user replace/add to the
17977: bad_env_table. Allow '*' wildcard in env_keep entries.
17978: [aa728bc35e29]
17979:
17980: 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
17981:
17982: * mkinstalldirs:
17983: Force umask to 022 to guarantee sane directory permissions.
17984: [9ab3cfe70569]
17985:
17986: 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
17987:
17988: * Makefile.in:
17989: add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
17990: [671010465e6f]
17991:
17992: * mkdefaults:
17993: fix breakage in last commit
17994: [8318f8851e56]
17995:
17996: * Makefile.in:
17997: acsite.m4 -> aclocal.m4
17998: [30c146873a01]
17999:
18000: * check.c:
18001: fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
18002: [4dc8b39954da]
18003:
18004: * def_data.c:
18005: regenerated from def_data.in
18006: [915ea16ce1eb]
18007:
18008: * check.c, defaults.c, defaults.h:
18009: Add new T_UINT type that most things use instead of T_INT If
18010: timestamp_timeout is < 0 then treat the ticket as never expiring (to
18011: be expired manually by the user).
18012: [3a3a636a2a5d]
18013:
18014: * def_data.in:
18015: change most T_INT -> T_UINT
18016: [a2228d2457af]
18017:
18018: * mkdefaults:
18019: fix warning when no args
18020: [ca70a5394af5]
18021:
18022: * visudo.c:
18023: Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
18024: we are a signal handler. We no longer print the signal number but
18025: the user can just check the exit value for that.
18026: [dc424f631fef]
18027:
18028: 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
18029:
18030: * logging.c:
18031: when setting up pipes in child process check for case where stdin ==
18032: pipe fd 0
18033: [518112d76184]
18034:
18035: 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
18036:
18037: * visudo.c:
18038: Ignore editor exit value since XPG4 says vi's exit value is the
18039: count of editing errors made (failed searches, etc).
18040: [b9d952284865]
18041:
18042: 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
18043:
18044: * configure:
18045: regen
18046: [cb3aa586f03b]
18047:
18048: * configure.in:
18049: sco now is identified by config.guess as *-sco-*
18050: [46664bbdea61]
18051:
18052: * configure.in:
18053: Check for getspnam() in -lgen if not in -lc for UnixWare.
18054: [0f152ad1ba93]
18055:
18056: 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
18057:
18058: * sudoers.pod, visudo.pod:
18059: "upper case" -> "uppercase"
18060: [f9151f232326]
18061:
18062: * sudoers.pod:
18063: fix typos and grammar; pjanzen@foatdi.harvard.edu
18064: [2855d73d0237]
18065:
18066: 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
18067:
18068: * sudoers.pod:
18069: Missing word (specify); krapht@secureops.com
18070: [65523eb37a2c]
18071:
18072: 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
18073:
18074: * sudo.c:
18075: If we fail to lookup a login class, apply the default one.
18076: [d4869faa6816]
18077:
18078: * logging.c:
18079: In log_error() free message, not logline unconditionally, then free
18080: logline if it is not the same as message. No function change but
18081: this mirrors how they are allocated.
18082: [565e5f6cc643]
18083:
18084: 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
18085:
18086: * configure:
18087: regenerate
18088: [834a48f548a2]
18089:
18090: * configure.in:
18091: remove some backslash quotes that are unneeded
18092: [50d401d6e2ca]
18093:
18094: * configure.in:
18095: o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
18096: instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
18097: can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
18098: to AC_DEFINE things manually.
18099: [f502c5f15f92]
18100:
18101: * config.guess, config.sub:
18102: Updated from autoconf-2.50
18103: [6140205915ef]
18104:
18105: 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
18106:
18107: * README:
18108: Update mailing list section. We use mailman now, not majordomo.
18109: [b9a8ca45e6dc]
18110:
18111: 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
18112:
18113: * getspwuid.c, logging.c, sudo.c:
18114: Use setpwent()/endpwent() + all the shadow variants to make sure we
18115: don't inadvertantly leak an fd to the child. Apparently Linux's
18116: shadow routines leave the fd open even if you don't call setspent().
18117: Reported by mike@gistnet.com; different patch used.
18118: [d33792ef6c01]
18119:
18120: 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
18121:
18122: * sudoers.pod:
18123: s/eg./e.g./
18124: [bd32a0acaf93]
18125:
18126: * tgetpass.c:
18127: select() may return EAGAIN. If so, continue like we do for EINTR.
18128: [5f202c943818]
18129:
18130: * logging.c:
18131: Fix a non-exploitable buffer overflow in the word splitting code.
18132: This should really be rewritten.
18133: [4c724363863a]
18134:
18135: * Makefile.in:
18136: FAQ link goes away
18137: [1d26dd6c8972]
18138:
18139: * INSTALL:
18140: Tell people to look in sample.syslog.conf for examples, not FAQ
18141: [affcae3f43ca]
18142:
18143: * TROUBLESHOOTING:
18144: Update list of env vars that are cleared
18145: [234e56f1435a]
18146:
18147: * sudo.c:
18148: remove struct env_table decl since that stuff has all moved to env.c
18149: [5dd923148777]
18150:
18151: 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
18152:
18153: * fileops.c:
18154: Fix a pasto in flock-style unlocking and include <sys/file.h> for
18155: flock on older systems; twetzel@gwdg.de
18156: [d5420d9d2861]
18157:
18158: * configure:
18159: regen to get NeXT lockf/flock fix
18160: [d3ba6ed70e15]
18161:
18162: * configure.in:
18163: force NeXT to use flock since lockf is broken
18164: [bd5391dca1bb]
18165:
18166: 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
18167:
18168: * check.c:
18169: Use stashed user_gid when checking against exempt gid since sudo
18170: sets its gid to a a value that makes sudoers readable. Previously
18171: if you used gid 0 as the exempt group everyone would be exempt. From
18172: Paul Kranenburg <pk@cs.few.eur.nl>
18173: [0b140cc3a817]
18174:
18175: 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
18176:
18177: * configure:
18178: regen
18179: [cc455408f32b]
18180:
18181: * aclocal.m4:
18182: #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
18183: some types (such as ssize_t) therein.
18184: [b6aee85ca331]
18185:
18186: 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
18187:
18188: * defaults.c:
18189: Fix negation of paths in a boolean context. Problem found by
18190: apt@UH.EDU
18191: [8aee217a7cdf]
18192:
18193: 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
18194:
18195: * visudo.c:
18196: pasto
18197: [ad32b277bf68]
18198:
18199: 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
18200:
18201: * visudo.c:
18202: SA_RESETHAND means the opposite of what I was thinking--oops To
18203: block all signals in old-style signals use ~0, not 0xffffffff
18204: [6ecdd793590a]
18205:
18206: 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
18207:
18208: * defaults.c:
18209: coerce difference of pointers to int when used in a string length
18210: printf format; deraadt@openbsd.org
18211: [a9d10f07180d]
18212:
18213: 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
18214:
18215: * visudo.c:
18216: Block all signals in Exit() to avoid a signal race. There is still
18217: a tiny window but I'm not going to worry about it.
18218: [6661805c0458]
18219:
18220: 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
18221:
18222: * env.c:
18223: glibc uses the LANGUAGE env var so clear that too; Solar Designer
18224: [d4ba95628afb]
18225:
18226: * lex.yy.c:
18227: Regenerate with a fix to flex.skl that preserves errno from
18228: clobbering by isatty().
18229: [607eec736e19]
18230:
18231: 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
18232:
18233: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
18234: auth/sia.c, auth/sudo_auth.c:
18235: Some defaults I_ defines got renamed.
18236: [ec19b23caaf3]
18237:
18238: * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
18239: defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
18240: set_perms.c, sudo.c, sudo.tab.c:
18241: Move defaults info into its own files from which we generate .h and
18242: .c files. This makes adding or rearranging variables much simpler.
18243: [e91b880b5043]
18244:
18245: 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
18246:
18247: * configure, configure.in:
18248: fix typo in last commit
18249: [10a6ee2bae71]
18250:
18251: * compat.h, config.h.in, configure, configure.in:
18252: Add check + emulation for setegid (like seteuid).
18253: [29492092bd2f]
18254:
18255: * env.c:
18256: Make env_keep override badenv_table as documented Fix traversal of
18257: badenv_table (broken in last commit)
18258: [37c9f0d22673]
18259:
18260: * set_perms.c, sudo.c, sudo.h:
18261: Don't try and build saved uid version of set_perms on systems w/o
18262: them. Rename set_perms_saved_uid() -> set_perms_posix() Make
18263: set_perms_setreuid simply be set_perms_fallback() and simply include
18264: the appropriate function at compile time (setreuid() vs. setuid()).
18265: [3107333c062c]
18266:
18267: * sudoers.cat, sudoers.man.in, sudoers.pod:
18268: PATH is also preserved when env_reset is in effect
18269: [90e45c5711ff]
18270:
18271: * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
18272: configure.in, defaults.c, defaults.h, env.c, find_path.c,
18273: getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
18274: sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
18275: visudo.c, visudo.cat, visudo.man.in:
18276: New Defaults options: o stay_setuid - sudo will remain setuid if
18277: system has saved uids or setreuid(2) o env_reset - reset the
18278: environment to a sane default o env_keep - preserve environment
18279: variables that would otherwise be cleared
18280:
18281: No longer use getenv/putenv/setenv functions--do environment munging
18282: by hand. Potentially dangerous environment variables can be cleared
18283: only if they contain '/' pr '%' characters to protect buggy
18284: programs. Moved environment routines into env.c (new file)
18285: [c2f97651db4c]
18286:
18287: * INSTALL:
18288: Clear up --without-passwd description
18289: [2f336dab6733]
18290:
18291: * putenv.c, sudo_setenv.c:
18292: We now build up a new environment from scratch and assign it to
18293: "environ".
18294: [6ae6152f2238]
18295:
18296: 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
18297:
18298: * sudo.pod, visudo.pod:
18299: Grammatical fixes from Paul Janzen
18300: [e03ead2e56f8]
18301:
18302: 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
18303:
18304: * visudo.c:
18305: If there was a syntax error and the user just wants to quit, unlink
18306: sudoers if it is zero length.
18307: [74ba7921f520]
18308:
18309: * visudo.c:
18310: 'Q' means ignore parse error, not 'q'
18311: [e8d0e4491fe6]
18312:
18313: * visudo.c:
18314: Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
18315: <dim@xs4all.nl>
18316: [b24990a72491]
18317:
18318: 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
18319:
18320: * set_perms.c:
18321: Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
18322: [41a8db10e076]
18323:
18324: 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
18325:
18326: * config.guess, config.sub:
18327: Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
18328: [6052da895d2e]
18329:
18330: 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
18331:
18332: * sudo.c, visudo.c:
18333: Use exit(127), not exit(-1)
18334: [9ff0c3eada34]
18335:
18336: * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
18337: Move set_perms() to its own file and use POSIX saved uid or
18338: setreuid() if available.
18339:
18340: Added stay_setuid option for systems that have libraries that
18341: perform extra paranoia checks in system libraries for setuid
18342: programs (ie: anything with issetugid(2)).
18343: [28960f842698]
18344:
18345: * sudo.c:
18346: strip more bits from the environment and add a facility for
18347: stripping things only if they contain '/' or '%' to address printf
18348: format string vulnerabilities in other programs.
18349: [b98d6375f299]
18350:
18351: 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
18352:
18353: * configure:
18354: regen
18355: [7e74e5c91049]
18356:
18357: * configure.in:
18358: For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
18359: strcasecmp().
18360: [a418e9e70442]
18361:
18362: * configure:
18363: regen
18364: [bbff244a52bc]
18365:
18366: * configure.in:
18367: Check for strcasecmp(3) in -lc89 for NCR Unix
18368: [361c99576681]
18369:
18370: 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
18371:
18372: * config.h.in:
18373: Define HAVE_INNETGR #ifdef HAVE__INNETGR
18374: [473cdb92b6db]
18375:
18376: * configure:
18377: regen
18378: [4e6364a195e0]
18379:
18380: * compat.h, config.h.in, configure.in:
18381: Add check for _innetgr(3) since NCR systems have that instead of
18382: innetgr(3).
18383: [25e6852e7494]
18384:
18385: 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
18386:
18387: * auth/securid.c:
18388: check return value of creadcfg() call sd_close() after sd_auth()
18389: store username in sd->username so we don't rely on the USER env
18390: variable
18391: [d106b4f42722]
18392:
18393: 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
18394:
18395: * INSTALL:
18396: document --with-bsdauth
18397: [f1518ecc2ee9]
18398:
18399: * configure:
18400: regen
18401: [dceb35071ea8]
18402:
18403: * configure.in:
18404: --with-bsdauth assumes --with-logincap
18405: [4200778083fd]
18406:
18407: * auth/bsdauth.c, auth/fwtk.c:
18408: When prompting for a response to a challenge, if the user just hits
18409: return then reprompt with echo turned on.
18410: [a539b6474a97]
18411:
18412: 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
18413:
18414: * sudo.c:
18415: Remove debugging code that should not have been committed, oops.
18416: [9862607b77a7]
18417:
18418: * auth/bsdauth.c:
18419: Use lower-level routines and get the password ourselves. Checks for
18420: a challenge and if there is one echo is not turned off.
18421: [2d8fcd166baa]
18422:
18423: * auth/pam.c, auth/sudo_auth.h:
18424: minor housekeeping, no real code changes
18425: [d0074a277fb4]
18426:
18427: 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
18428:
18429: * sudo.c:
18430: Fix a coredump in the logging functions if gethostname(2) fails by
18431: deferring the call to log_error() until things are better setup.
18432:
18433: Fix return value of set_loginclass() in non-BSD-auth case.
18434:
18435: Hard-code 'sudo' in the usage message so we can fit more options on
18436: a line
18437: [d9d1b7579818]
18438:
18439: * logging.c:
18440: Fix errant ';' (typo) that broken MSG_ONLY
18441: [849b2276a470]
18442:
18443: 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
18444:
18445: * sudo.cat, sudo.man.in:
18446: regen
18447: [bb3c8c6704d1]
18448:
18449: * sudo.pod:
18450: Document -a flag
18451: [e18316cebaac]
18452:
18453: * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
18454: configure, configure.in, getspwuid.c, sudo.c:
18455: Add support for BSD authentication.
18456: [f374cfd9ca0d]
18457:
18458: 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
18459:
18460: * sudoers.pod:
18461: Fix typo; from sato@complex.eng.hokudai.ac.jp
18462: [3085fee9766e]
18463:
18464: 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
18465:
18466: * sudoers.pod:
18467: Mention negating umask
18468: [c9e410294dae]
18469:
18470: * defaults.c:
18471: Allow user to specify umask of 0777 (same as !umask)
18472: [bb771daa96fe]
18473:
18474: 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
18475:
18476: * sudo.pod, visudo.pod:
18477: Fix a typo and give a URL for the sudo history.
18478: [77f73199aedb]
18479:
18480: 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
18481:
18482: * defaults.c, sudo.pod:
18483: fix typos; pepper@reppep.com
18484: [5532c7421340]
18485:
18486: 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
18487:
18488: * sudo.c, sudo.h, sudo_setenv.c:
18489: sudo_setenv() now exits on memory alloc failure instead of returning
18490: -1.
18491: [71f1cf18f47b]
18492:
18493: 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
18494:
18495: * sudo.c:
18496: Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
18497: and possibly others.
18498: [b69d985b0d22]
18499:
18500: * logging.c:
18501: Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
18502: that "%m" won't be expanded but we don't use that anyway since the
18503: logging routines may splat to stderr as well.
18504: [8d37a544d0c0]
18505:
18506: * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
18507: sudoers.pod:
18508: Add always_set_home variable
18509: [dbcaff646e07]
18510:
18511: * configure, configure.in:
18512: Have to hard code default values in help since the defaults are set
18513: _after_ the help stuff.
18514: [7b5d6d72f55c]
18515:
18516: 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
18517:
18518: * lex.yy.c, parse.lex:
18519: Allow special characters (including '#') to be embedded in pathnames
18520: if quoted by a '\\'. The quoted chars will be dealt with by
18521: fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
18522: [3ed33cf09977]
18523:
18524: 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
18525:
18526: * install-sh:
18527: Better path searching for programs we need.
18528: [60517cb1f0d6]
18529:
18530: * TROUBLESHOOTING:
18531: Add section on "C compiler cannot create executables" errors.
18532: [e4ada6eaee59]
18533:
18534: * Makefile.binary, Makefile.in, version.h:
18535: Crank version
18536: [93d1bd5b7f5e]
18537:
18538: * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
18539: sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
18540: visudo.man.in, visudo.pod:
18541: Substitute values from configure into man pages.
18542: [619854c356c1]
18543:
18544: 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
18545:
18546: * parse.c, sudo.c:
18547: The listpw and verifypw sudoers options would not take effect
18548: because the value of the default was checked *before* sudoers was
18549: parsed. Instead of passing in the value of PWCHECK_* to
18550: sudoers_lookup(), pass in the arg for def_ival() so the check can be
18551: deferred until after sudoers is parsed.
18552: [4f596e358f72]
18553:
18554: 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
18555:
18556: * tgetpass.c:
18557: When writing prompt, no need to write the NUL as well;
18558: hag@linnaean.org
18559: [fbcdd7b431ee]
18560:
18561: 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
18562:
18563: * install-sh:
18564: When looking for chown, check in /sbin too
18565: [657ba6653f8c]
18566:
18567: 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
18568:
18569: * visudo.c:
18570: Remove extraneous call to init_defaults() and set runas_user to NULL
18571: betweem parses so init_defaults will reset it each time, thus
18572: avoiding a reference to free()d data.
18573: [7421fcd692af]
18574:
18575: 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
18576:
18577: * config.h.in, interfaces.c, interfaces.h, sudo.c:
18578: Add support for using getifaddrs() to get the list of ip addr /
18579: netmask pairs. Currently IPv4-only.
18580: [a35bc4f7306d]
18581:
18582: * visudo.c:
18583: Add a missing check for UserEditor == NULL Add missing '+' before
18584: line number when invoking editor to fix a syntax error
18585: [f0d4635f6082]
18586:
18587: 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
18588:
18589: * sudo.c:
18590: Call clean_env very early in main() for paranoia's sake. Idea from
18591: Marc Esipovich.
18592: [f8d72ebd0115]
18593:
18594: 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
18595:
18596: * sudo.h:
18597: Update proto for evasprintf and easprintf
18598: [d147d6e58419]
18599:
18600: * alloc.c:
18601: Make easprintf() and evasprintf() return an int.
18602: [b2ca5d089667]
18603:
18604: * check.c:
18605: If the targetpw flag is set, use target username as part of the
18606: timestamp path. If tty tickets are in effect cat the tty and the
18607: target username with a ':' as the separator.
18608: [de11abc693c2]
18609:
18610: 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
18611:
18612: * auth/pam.c:
18613: Backout part of last change; setting PAM_USER to the invoking user
18614: breaks things like targetpw.
18615: [427218a7387f]
18616:
18617: * auth/pam.c:
18618: set tty and username via pam_set_item
18619: [85d1922dbcc9]
18620:
18621: * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
18622: Fix root, runas, and target authentication for non-passwd file auth
18623: methods.
18624: [a14535e7b30c]
18625:
18626: 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
18627:
18628: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
18629: sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
18630: Use B<-Z> not C<-Z> for command line flags in all places. This is
18631: more consistent and works around a bug in Pod::Man.
18632: [64b5a05f30c5]
18633:
18634: * sudoers.cat, sudoers.man.in, sudoers.pod:
18635: Fix an occurence of 'semicolon' that should be 'colon'
18636: [4ea5aacae3fb]
18637:
18638: 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
18639:
18640: * configure, configure.in:
18641: Fix --with-badpri help line
18642: [3cc40977c043]
18643:
18644: 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
18645:
18646: * defaults.c, logging.c, sudo.c:
18647: Bracket calls to syslog with an openlog() and closelog() since some
18648: authentication methods (like PAM) may do their own logging via
18649: syslog. Since we don't use syslog much (usually just once per
18650: session) this doesn't really incur a performance penalty. It also
18651: Fixes a SEGV with pam_kafs.
18652: [fe1cc28529f6]
18653:
18654: 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
18655:
18656: * sudo.c:
18657: Fix -H flag. runas_homedir is only valid after
18658: set_perms(PERM_RUNAS, mode)
18659: [ce9b1c6f68a6]
18660:
18661: 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
18662:
18663: * INSTALL:
18664: Clarify the fact that insults are not enabled just by including them
18665: in the binary.
18666: [d5a31d48320c]
18667:
18668: 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
18669:
18670: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
18671: visudo.man.in:
18672: Regenerated with perl 5.6.0 pod2man
18673: [21751433768b]
18674:
18675: * Makefile.in:
18676: Give date string to pod2man since its default is ugly and it ain't
18677: got no alibi.
18678: [0080b2f6298f]
18679:
18680: * Makefile.in:
18681: Do section substitution on the output of pod2man and remove hack
18682: needed for old pod2man.
18683: [1ef843d5c78b]
18684:
18685: * sudo.pod, sudoers.pod, visudo.pod:
18686: Put back real man sections, we will do the substitution later.
18687: [f728c1abad7e]
18688:
18689: 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
18690:
18691: * configure, configure.in:
18692: Don't bother checking for the path to vi if user specified --with-
18693: editor
18694: [bf698487e0d5]
18695:
18696: 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
18697:
18698: * CHANGES, visudo.c:
18699: Visudo now does its own fork/exec instead of calling system(3).
18700: [99bbcd88863b]
18701:
18702: * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
18703: sudoers.pod, visudo.c:
18704: Visudo now checks for the existence of an editor and gives a
18705: sensible error if it does not exist.
18706:
18707: The path to the editor for visudo is now a colon-separated list of
18708: allowable editors. If the user has $EDITOR set and it matches one
18709: of the allowed editors that editor will be used. If not, the first
18710: editor in the list that actually exists is used.
18711: [cc86eb9f5440]
18712:
18713: * sudo.cat, sudo.man.in, sudo.pod:
18714: Clear up confusion wrt sudo's return value.
18715: [9385b12d8e79]
18716:
18717: 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
18718:
18719: * Makefile.in:
18720: Strip sudo and visudo for bindist target
18721: [a995ddd79177]
18722:
18723: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
18724: sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
18725: Use @mansectsu@ and @mansectform@ in the man page bodies as well.
18726: [5eb9e60a726f] [SUDO_1_6_3]
18727:
18728: * visudo.cat, visudo.man.in, visudo.pod:
18729: Typo: @sysconf@ -> @sysconfdir@
18730: [f07f52fcd099]
18731:
18732: * Makefile.in:
18733: 'make dist' should not cause any files to be modified so remove its
18734: dependencies.
18735: [7f44a2666a9c]
18736:
18737: * CHANGES:
18738: Whoops, forgot to add release marker
18739: [16c0f16b35b8]
18740:
18741: 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
18742:
18743: * CHANGES:
18744: Final change for 1.6.3 (or so I hope)
18745: [473c89da6123]
18746:
18747: * sudo.cat, sudoers.cat, visudo.cat:
18748: Use SYSV man sections since BSD systems will have nroff...
18749: [0a6bd154324e]
18750:
18751: 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
18752:
18753: * parse.yacc, sudo.tab.c:
18754: When checking to see if the host/user matches in a defaults spec,
18755: check against TRUE, not just non-zero since it might be -1.
18756: [41f2b7ad3fdd]
18757:
18758: * configure, configure.in:
18759: OSF/1 puts file formats in section 4, not 5.
18760: [d77c1301afa9]
18761:
18762: * CHANGES, INSTALL, sudo.c:
18763: Make login class support work on BSD/OS
18764: [e9bbe3c08ade]
18765:
18766: * RUNSON:
18767: Update for 1.6.3
18768: [c40ce1d76c4d]
18769:
18770: * configure, configure.in:
18771: If there is no inet_addr but there *is* an __inet_addr that's ok
18772: since inet_addr is probably just a macro then. The better thing to
18773: do would be to look for the macro, but this is fine for now.
18774: [1b8865ae4d68]
18775:
18776: * configure, configure.in:
18777: Don't use shlicc for BSD/OS 4.x
18778: [83fbf6dedd2c]
18779:
18780: * Makefile.in, configure, configure.in:
18781: *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
18782: configure variable so we can deal with this. Also, only remove *.man
18783: for 'distclean' not 'clean'.
18784: [30d56e6de214]
18785:
18786: * sudo.c:
18787: set_loginclass() should be static like the proto says
18788: [d570a2d55fb8]
18789:
18790: 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
18791:
18792: * fnmatch.c:
18793: Add #ifdef __STDC__ around the rangematch function header to avoid
18794: promotion of test to int, thus violating the prototype. Gcc handles
18795: this gracefully but more std ANSI compilers will complain.
18796: [7d98c3e332b2]
18797:
18798: * emul/fnmatch.h:
18799: Pull in newer fnmatch(3) that supports FNM_CASEFOLD
18800: [4e1320852f8b]
18801:
18802: * aclocal.m4, configure, fnmatch.3, fnmatch.c:
18803: Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
18804: FNM_CASEFOLD in configure
18805: [9ef952bf1896]
18806:
18807: * CHANGES, TODO:
18808: update for 1.6.3
18809: [e4ba6368a0c5]
18810:
18811: * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
18812: Fully qualified hosts w/ wildcards were not matching the FQHOST
18813: token type. There's really no need for a separate token for fully-
18814: qualified vs. unqualified anymore so FQHOST is now history and
18815: hostname_matches now decides which hostname (short or long) to check
18816: based on whether or not the pattern contains a '.'.
18817: [fbd2887d9811]
18818:
18819: * parse.h:
18820: Fully qualified hosts w/ wildcards were not matching the FQHOST
18821: token type. There's really no need for a separate token for fully-
18822: qualified vs. unqualified anymore so FQHOST is now history and
18823: hostname_matches now decides which hostname (short or long) to check
18824: based on whether or not the pattern contains a '.'.
18825: [dd7bbe223461]
18826:
18827: * lex.yy.c, parse.c, parse.lex, parse.yacc:
18828: Fully qualified hosts w/ wildcards were not matching the FQHOST
18829: token type. There's really no need for a separate token for fully-
18830: qualified vs. unqualified anymore so FQHOST is now history and
18831: hostname_matches now decides which hostname (short or long) to check
18832: based on whether or not the pattern contains a '.'.
18833: [630d9d205397]
18834:
18835: * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
18836: sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
18837: Add support for wildcards in the hostname.
18838: [d8d821ed4238]
18839:
18840: * Makefile.in:
18841: Add targets for *.man.in, using config.status to generate *.man from
18842: *.man.in
18843: [640e50ede485]
18844:
18845: * sudoers.cat, sudoers.man.in, sudoers.pod:
18846: Document set_logname option and enbolden refs to sudo and visudo.
18847: [9622b3a48707]
18848:
18849: * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
18850: sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
18851: visudo.cat, visudo.man.in, visudo.pod:
18852: Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
18853: from Michael D. Marchionna. configure now does substitution on the
18854: man pages, allowing us to fix up the paths and set the section
18855: correctly. Based on an idea from Michael D. Marchionna.
18856: [463e928a0a2f]
18857:
18858: * auth/passwd.c:
18859: Better fix for handling HP-UX aging info.
18860: [3950f42d8549]
18861:
18862: * sudo.c:
18863: Add support for set_logname run-time default
18864: [c6a7cc76b8b4]
18865:
18866: * sudo.man.in, sudoers.man.in, visudo.man.in:
18867: configure does substitution on these to produce *.man
18868: [b83fc3c1bfc9]
18869:
18870: * sudo.man, sudoers.man, visudo.man:
18871: These files now get generated from *.man.in at configure time.
18872: [c499061f79e0]
18873:
18874: 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
18875:
18876: * defaults.c, defaults.h:
18877: Add set_logname option so users can turn off setting of LOGNAME/USER
18878: environment variables.
18879: [6316869180b8]
18880:
18881: * lsearch.c, parse.c, testsudoers.c:
18882: kill register
18883: [6e104e653748]
18884:
18885: 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
18886:
18887: * auth/passwd.c:
18888: HP-UX adds extra info at the end for password aging so when
18889: comparing the result of crypt to pw_passwd we only compare the first
18890: len(epass) bytes *unless* the user entered an empty string for a
18891: password.
18892: [3d24d4e4e889]
18893:
18894: * logging.c:
18895: Get rid of grandchild hack, it was causing problems and there is
18896: really no need for it. This fixes a bug where we spin eating up CPU
18897: when the user runs a long-running process like a shell.
18898: [5743b10b1e81]
18899:
18900: 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
18901:
18902: * sudo.c:
18903: User can always specify a login class if he/she is already root.
18904: [710d160cef9f]
18905:
18906: * config.h.in, configure, configure.in, defaults.c, defaults.h,
18907: sudo.c, sudo.h:
18908: FreeBSD login class (login.conf) support.
18909: [026b981d6328]
18910:
18911: 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
18912:
18913: * auth/sudo_auth.c:
18914: HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
18915: [9cd4929f1a78]
18916:
18917: 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
18918:
18919: * auth/passwd.c:
18920: Truncate unencrypted password to 8 chars if encrypted password is
18921: exactly 13 characters (indicateing standard a DES password). Many
18922: versions of crypt() do this for you, but not all (like HP-UX's).
18923: [a9d0259cb193]
18924:
18925: 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
18926:
18927: * INSTALL, RUNSON:
18928: Mention that gcc on dynix may have problems
18929: [77b97fa5bf1b]
18930:
18931: 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
18932:
18933: * Makefile.in:
18934: Link visudo with NET_LIBS since we now call syslog via defaults.c
18935: [9e3830b277cc]
18936:
18937: * defaults.c:
18938: Use Argv[0] as the first arg to openlog() since visudo uses this
18939: too.
18940: [e61078f328ec]
18941:
18942: 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
18943:
18944: * sudo.c:
18945: Stash coredumpsize resource limit and retsore it before the exec()
18946: Otherwise the child ends up with a coredumpsize of 0.
18947: [f6a4783835a3]
18948:
18949: 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
18950:
18951: * sudo.cat, sudo.man, sudo.pod:
18952: document -S flag
18953: [3ebd805b7142]
18954:
18955: * sudo.c:
18956: fix usage string
18957: [66b2dfa47fe8]
18958:
18959: * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
18960: auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
18961: Added -S flag (read passwd from stdin) and tgetpass_flags global
18962: that holds flags to be passed in to tgetpass(). Change echo_off
18963: param to tgetpass() into a flags field. There are currently 2
18964: possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
18965: tgetpass(), abstract the echo set/clear via macros and if (flags &
18966: TGP_ECHO) but echo is not set on the terminal, but sure to set it.
18967: [a4fcbb712cd0]
18968:
18969: * tgetpass.c:
18970: Fixed a bug that caused an infinite loop when the password timeout
18971: was disabled.
18972: [2be1ffc5a39f]
18973:
18974: 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
18975:
18976: * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
18977: sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
18978: Add rootpw, runaspw, and targetpw options.
18979: [2d4563e46df7]
18980:
18981: * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
18982: visudo.c:
18983: enveditor -> env_editor
18984: [ddc5f856e583]
18985:
18986: 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
18987:
18988: * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
18989: sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
18990: visudo.man:
18991: crank versino to 1.6.3
18992: [a5f7d3e74360]
18993:
18994: * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
18995: sudoers.pod, visudo.c:
18996: Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
18997: them. This means that visudo will now parse the sudoers file
18998: *before* it is edited so a bogus sudoers file will cause a warning
18999: to go to stderr. Also, visudo checks the variables once--it does not
19000: check them after each editor run since that could be confusing.
19001: [9f5af18e9212]
19002:
19003: 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
19004:
19005: * RUNSON:
19006: 1.6.2 -> 1.6.2p1
19007: [e25b74f1d1af]
19008:
19009: * check.c, sudo.c, sudo.h:
19010: Move user_is_exempt prototype into sudo.h
19011: [daf26a6ded8a]
19012:
19013: 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
19014:
19015: * configure, configure.in:
19016: Fix thinko, some && should have been || in the last commit
19017: [4b9b2d487ded]
19018:
19019: * configure, configure.in:
19020: Don't initialized Makefile variables to be NULL since the user may
19021: want to import variables from their environment.
19022: [7be019f4422c]
19023:
19024: 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
19025:
19026: * configure, configure.in:
19027: typo
19028: [38f4d8971f0a]
19029:
19030: 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
19031:
19032: * sudo.tab.c:
19033: fix a yacc (skeleton.c) warning
19034: [a2da228a937b]
19035:
19036: 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
19037:
19038: * INSTALL, RUNSON, configure, configure.in:
19039: Make pam work on HP-UX 11.0;jaearick@colby.edu
19040: [b94de0ff6f42]
19041:
19042: * CHANGES:
19043: recent changes; prepare for 1.6.2p1
19044: [b291635ea141]
19045:
19046: * find_path.c:
19047: Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
19048: [4306285c4f6e]
19049:
19050: 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
19051:
19052: * sudo.tab.c:
19053: Regen with yacc that has a memory leak plugged.
19054: [e26383a04eb7]
19055:
19056: * sudoers.cat, sudoers.man, sudoers.pod:
19057: Expanded docs on sudoers 'defaults' options based on INSTALL file
19058: info.
19059: [54c3d62d6c74]
19060:
19061: * INSTALL:
19062: Fix some while lies
19063: [d15311782150]
19064:
19065: 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
19066:
19067: * Makefile.in:
19068: When making a bindist, link FAQ to TROUBLESHOOTING instead of
19069: copying.
19070: [2d88a6ac88cf]
19071:
19072: * sudoers.cat, sudoers.man, sudoers.pod:
19073: Add netgroup caveat
19074: [28d119f466e3] [SUDO_1_6_2]
19075:
19076: * RUNSON:
19077: Last minute updates
19078: [89fb4ed22d52]
19079:
19080: * TROUBLESHOOTING:
19081: PAM entry
19082: [a9fd59f39457]
19083:
19084: * auth/pam.c:
19085: correct a comment
19086: [a29627225ba9]
19087:
19088: * CHANGES, RUNSON:
19089: update for 1.6.2
19090: [b7f1c40ea732]
19091:
19092: * auth/pam.c:
19093: Better detection of PAM errors and fix custom prompts with PAM.
19094: Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
19095: [ff69234b94a5]
19096:
19097: 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
19098:
19099: * snprintf.c:
19100: Cast ULONG_MAX to unsigned long long when comparing to an unsigned
19101: long long value.
19102: [9d918c3a2ecd]
19103:
19104: 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
19105:
19106: * CHANGES, config.h.in, configure, configure.in, visudo.c:
19107: Fix sudoers locking in visudo. We now lock the sudoers file itself,
19108: not the temp file (since locking the temp file can foul up editors).
19109: The previous locking scheme didn't work because the fd was closed
19110: too early.
19111: [de2011bb11ed]
19112:
19113: * config.h.in, configure, configure.in:
19114: Don't need test for ftruncate() any more.
19115: [e5f71c848104]
19116:
19117: * configure, configure.in:
19118: Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
19119: the unbundled HP-UX cc.
19120: [2c373612c644]
19121:
19122: 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
19123:
19124: * sudoers.cat, sudoers.man, sudoers.pod:
19125: "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
19126: [05360d2c314e]
19127:
19128: 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
19129:
19130: * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
19131: parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
19132: version.h, visudo.c:
19133: update copyright year on changed files
19134: [5792a2a28a4c]
19135:
19136: * RUNSON:
19137: updates
19138: [edf8f19aa403]
19139:
19140: * CHANGES:
19141: aix fix
19142: [4d4a243b31e2]
19143:
19144: * INSTALL:
19145: Crank version to 1.6.2
19146: [bcb5cb411624]
19147:
19148: * configure:
19149: Crank version to 1.6.2
19150: [32a19f33427f]
19151:
19152: * sudo.c:
19153: When using rlimit check for RLIM_INFINITY When computing the value
19154: of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
19155: [8c16166802e5]
19156:
19157: * CHANGES:
19158: recent changes
19159: [09fc7112e44d]
19160:
19161: * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
19162: sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
19163: Crank version to 1.6.2
19164: [055fa61a7c61]
19165:
19166: * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
19167: Add 'shell_noargs' runtime option back in. We have to defer
19168: checking until after the sudoers file has been parsed but since
19169: there are now other options that operate that way this one can too.
19170: Based on a patch from bguillory@email.com.
19171: [231db7a007a6]
19172:
19173: * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
19174: Add "listpw" and "verifypw" options.
19175: [190683bac878]
19176:
19177: * sudoers.cat, sudoers.man, sudoers.pod:
19178: o Fix some typos/omissions o Add section on verifypw and listpw o
19179: Define how NOPASSWD interacts with the -v and -l flags
19180: [6feb7350eb79]
19181:
19182: 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
19183:
19184: * configure, configure.in:
19185: For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
19186: -D_HPUX_SOURCE to CPPFLAGS.
19187: [06cc35d89dc8]
19188:
19189: * defaults.c, defaults.h:
19190: In struct sudo_defs_types, move the union to the end and don't
19191: initialize the union member since that only works with an ANSI
19192: compiler. We set the value of the union by hand in init_defaults()
19193: anyway. This allows sudo to compile on a K&R compiler again.
19194: [623487e1fcfa]
19195:
19196: 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
19197:
19198: * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
19199: netgr_matches needs to check shost as well as host since they may be
19200: different.
19201: [3f43ace23d3e]
19202:
19203: * tgetpass.c:
19204: End on \r as well as \n
19205: [cb7c6e6f4202]
19206:
19207: 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
19208:
19209: * sudo.c:
19210: Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
19211: from 0400 to whatever SUDOERS_MODE is (converting from the old
19212: sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
19213: 0400 which should always be the case.
19214: [34cd83d49d20]
19215:
19216: * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
19217: Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
19218: w/o a passwd if there is *any* entry for the user on the host with a
19219: NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
19220: the user on the host w/ the specified runas user have the NOPASSWD
19221: flag set.
19222: [4b3b85697653]
19223:
19224: * Makefile.in:
19225: add check target
19226: [3d24d34a76fd]
19227:
19228: 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
19229:
19230: * visudo.c:
19231: Treat EOF at whatnow prompt like 'x' instead of looping.
19232: [5deffc27114c]
19233:
19234: 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
19235:
19236: * CHANGES:
19237: recent changes
19238: [5836a9452568] [SUDO_1_6_1]
19239:
19240: 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
19241:
19242: * config.h.in, configure, configure.in, sudo.c:
19243: Add check for initgroups() since old SYSV lacks this.
19244: [657a6005a569]
19245:
19246: * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
19247: parse.c, testsudoers.c:
19248: o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
19249: exists.
19250: [17d081e917d6]
19251:
19252: 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
19253:
19254: * auth/sudo_auth.c:
19255: Don't allow insults to be enabled if the insults[] array is empty.
19256: Otherwise there would be division by zero.
19257: [b20c14db6029]
19258:
19259: * insults.h:
19260: Don't allow insults to be enabled if the insults[] array is empty.
19261: Otherwise there would be division by zero.
19262: [028f130204b0]
19263:
19264: * CHANGES, RUNSON:
19265: Don't allow insults to be enabled if the insults[] array is empty.
19266: Otherwise there would be division by zero.
19267: [974f4780254b]
19268:
19269: * insults.h:
19270: Don't care about USE_INSULTS #define since the insult stuff may be
19271: overridden at runtime.
19272: [b873df8b299c]
19273:
19274: * auth/sudo_auth.c:
19275: Honor insults flag.
19276: [756111640fdc]
19277:
19278: * CHANGES, parse.c:
19279: Don't ask the user for a password if the user is not allowed to run
19280: the command and the authenticate flag (in sudoers) is false.
19281: [cea9fdc09c76]
19282:
19283: * CHANGES, RUNSON, lex.yy.c, parse.lex:
19284: o Whenever we get a bare newline we change to the INITIAL state. o
19285: Enter GOTRUNAS when we see Runas_Alias
19286:
19287: This allows #uid to work in a RunasAlias.
19288: [a475513e7c7a]
19289:
19290: 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
19291:
19292: * CHANGES, parse.yacc, sudo.tab.c:
19293: fix parsing of runas lists: o oprunasuser and runaslist now return a
19294: value o in a runasspec, if a runaslist does not return TRUE, set
19295: runas_matches to FALSE. Normally, a runaslist only returns FALSE
19296: for explicitly denied users. o since runaslist does not modify the
19297: stack there is no need for a push/pop in runasalias.
19298: [82b305b34a8c]
19299:
19300: * check.c, sudo.c:
19301: Don't kill the user's tickets until after sudoers has been parsed
19302: since tty_tickets and ticket_dir could be set in sudoers.
19303: [f43e25367f3a]
19304:
19305: * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
19306: configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
19307: sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
19308: crank version to 1.6
19309: [95f8bdcf9bb2]
19310:
19311: * testsudoers.c:
19312: add set_fqdn() stub
19313: [bbc81af5b41a]
19314:
19315: 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
19316:
19317: * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
19318: sudoers.man, sudoers.pod, visudo.c:
19319: o Kill shell_noargs option, it cannot work since the command needs
19320: to be set before sudoers is parsed. o Fix the "set_home" sudoers
19321: option (only worked at compile time). o Fix "fqdn" sudoers option.
19322: We now set host/shost via set_fqdn which gets called when the
19323: "fqdn" option is set in sudoers. o Move the openlog() to
19324: store_syslogfac() so this gets overridden correctly from the
19325: sudoers file.
19326: [3dca861f0f5d]
19327:
19328: * auth/securid.c:
19329: SecurID support should compile now.
19330: [a544e5c6ea34]
19331:
19332: 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
19333:
19334: * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
19335: visudo.man, visudo.pod:
19336: fix some syntactic goofs
19337: [b3451f0d5239]
19338:
19339: 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
19340:
19341: * Makefile.in, sudo.html, sudoers.html, visudo.html:
19342: No longer need the .html files as they are generated automatically
19343: on the web site.
19344: [1b4aa4204584]
19345:
19346: * CHANGES, LICENSE:
19347: kill characters that made wml unhappy
19348: [b988fbc6da56]
19349:
19350: * HISTORY:
19351: typo
19352: [a418963f7fce]
19353:
19354: 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
19355:
19356: * README:
19357: majordomo@cs.colorado.edu -> majordomo@courtesan.com
19358: [5d151e8ffd3b]
19359:
19360: * Makefile.in, configure:
19361: Wrap script execution w/ /bin/sh for the benefit of ctm
19362: [3a9c4766b2c3]
19363:
19364: 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
19365:
19366: * sudo.c:
19367: Make the -s flag be exclusive too. Also reorder the flags in the
19368: exclusive usage message so they are alphabetical.
19369: [4c7af200db34]
19370:
19371: 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
19372:
19373: * auth/pam.c:
19374: make pam errors other than PAM_PERM_DENIED fatal
19375: [64bcb3fd2baf]
19376:
19377: * auth/API:
19378: fix typo
19379: [f3134c88b12e]
19380:
19381: * INSTALL:
19382: make it clear that /etc/pam.d/sudo is required on linux
19383: [213cc3eaad82]
19384:
19385: * auth/pam.c:
19386: fix a warning on redhat and spew an error if pam_authenticate()
19387: returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
19388: [7e46dd19da89]
19389:
19390: * sudo.cat, sudo.html, sudo.man, sudo.pod:
19391: Be very clear that the password required is the user's not root's
19392: [a6da127347e5]
19393:
19394: 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
19395:
19396: * Makefile.in:
19397: add sample.syslog.conf to DISTFILES and BINFILES
19398: [8661c27c007e]
19399:
19400: 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
19401:
19402: * RUNSON:
19403: updates from Brian Jackson + some formatting
19404: [6d31c6fa63f8]
19405:
19406: 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
19407:
19408: * INSTALL.binary, Makefile.binary, README, RUNSON:
19409: o One RUNSon update o Changes for automating real binary releases
19410: [dd9585f4406c]
19411:
19412: * Makefile.in:
19413: Add bindist target
19414: [546ed3fa94bb]
19415:
19416: 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
19417:
19418: * TROUBLESHOOTING:
19419: talk about run-time options in addition to compile-time options
19420: [1eb813ff0a9a] [SUDO_1_6_0]
19421:
19422: * CHANGES:
19423: fix typos
19424: [65e92bb70a7b]
19425:
19426: * sudo.c:
19427: need sys/time.h if HAVE_SETRLIMIT
19428: [ce31655a8a60]
19429:
19430: * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
19431: sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
19432: get rid of references to sudo-bugs. Now mention the web site or the
19433: sudo@ alias
19434: [a9db861fd8c6]
19435:
19436: * sudoers.html:
19437: repair pod2html damage
19438: [62ece4277f1f]
19439:
19440: * RUNSON, TODO:
19441: Update for 1.6 release
19442: [98569c57ba2a]
19443:
19444: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19445: Add warning about using ALL in a command context.
19446: [6c77685ab280]
19447:
19448: 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
19449:
19450: * visudo.c:
19451: Call yyrestart() on a parse error to reset the lexer state.
19452: [1370a27acdb2]
19453:
19454: * lex.yy.c, parse.lex:
19455: Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
19456: since it might not get called in yywrap if we get a parse error
19457: (and we only reread the file on error anyway).
19458: [37f4b449e28e]
19459:
19460: * lex.yy.c, parse.lex:
19461: Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
19462: might still exist. Call yyrestart() instead of using the deprecated
19463: YY_NEW_FILE macro.
19464: [7d0d873046c6]
19465:
19466: * lex.yy.c, parse.lex:
19467: flex doesn't need %N table size declarations
19468: [268b020fd60a]
19469:
19470: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19471: Mention what characters need to be escaped in names.
19472: [72ccbb6b0f31]
19473:
19474: 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
19475:
19476: * configure:
19477: regen
19478: [65827abb5c7b]
19479:
19480: * INSTALL:
19481: clarify Mac OS X entry
19482: [8da1549a71f5]
19483:
19484: * RUNSON:
19485: update
19486: [0cff8df7459f]
19487:
19488: * configure.in:
19489: o Use AC_MSG_ERROR throughout o Check syslog configure options for
19490: danity
19491: [4cb81e642e5c]
19492:
19493: 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
19494:
19495: * defaults.c:
19496: Fix printing of type T_MODE in dump_defaults()
19497: [a868bb6f5515]
19498:
19499: * strcasecmp.c:
19500: missing sys/types.h
19501: [ca694ca325b6]
19502:
19503: * INSTALL:
19504: Break out options that may be overridden at run time into their own
19505: section. Add a not about Max OS X and correct some lies.
19506: [d8bcfd120593]
19507:
19508: 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
19509:
19510: * CHANGES, config.h.in, configure, configure.in, sudo.c:
19511: o Now use getrlimit to find the highest fd when closing all non-std
19512: fd's o Turn off core dumps via setrlimit for the sake of paranoia
19513: [dd9f651b6def]
19514:
19515: * RUNSON:
19516: updates
19517: [f581841fe615]
19518:
19519: 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
19520:
19521: * CHANGES:
19522: updates
19523: [553baa1d44c7]
19524:
19525: * tgetpass.c:
19526: When read()'ing, do a single character at a time to be sure we don't
19527: go oast the newline.
19528: [907d33f55bb4]
19529:
19530: * sudo.c:
19531: For the sudo_root option, check against user_uid, not getuid() since
19532: at this point, ruid == euid == 0.
19533: [92d5c51939b4]
19534:
19535: * RUNSON:
19536: some updates
19537: [e3ed0c1f312b]
19538:
19539: * logging.h:
19540: Fix compilation problem when --with-logging=file was specified.
19541: This means that syslog is now required to build sudo but that should
19542: not be a problem. If it is it can be fixed trivially with a
19543: configure check for syslog() or syslog.h.
19544: [839a4b069190]
19545:
19546: * tgetpass.c:
19547: Make this work again for things like "sudo echo hi | more" where the
19548: tty gets put into character at a time mode. We read until we read
19549: end of line or we run out of space (similar to fgets(3)).
19550: [c8f746df2e63]
19551:
19552: 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
19553:
19554: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19555: change ital to bold
19556: [f860978e530a]
19557:
19558: * RUNSON:
19559: update
19560: [9bcfbb405568]
19561:
19562: 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
19563:
19564: * defaults.c:
19565: Error out if syslog parameters are given without a value. For
19566: Ultrix or 4.2BSD "syslog" is allowed without a value since there are
19567: no facilities in the 4.2BSD syslog.
19568: [69e7a686f5f0]
19569:
19570: 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
19571:
19572: * defaults.c:
19573: Ignore the syslog facility for systems w/ old syslog like Ultrix.
19574: [5c250adbbb84]
19575:
19576: * TROUBLESHOOTING:
19577: people with "." early in their path can have problems running sudo
19578: from the build dir ;-)
19579: [20a1744a24a4]
19580:
19581: 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
19582:
19583: * sudo.cat, sudo.html, sudo.man, sudo.pod:
19584: Remove -r realm option
19585: [127caa537f95]
19586:
19587: * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
19588: configure.in, sudo.c:
19589: New krb5 code from Frank Cusack <fcusack@iconnet.net>.
19590: [7177a3893a62]
19591:
19592: * CHANGES:
19593: update to reality
19594: [766cfbb512d6]
19595:
19596: 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
19597:
19598: * auth/fwtk.c:
19599: include <auth.h> to get function prototypes.
19600: [d6c7c12d09fe]
19601:
19602: * sudo.cat, sudo.html, sudo.man, sudo.pod:
19603: document -L flag
19604: [dc803e1ce0d7]
19605:
19606: 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
19607:
19608: * sudo.c:
19609: in set_perms(), always call setuid(0) before changing the ruid/euid
19610: so we always know it will succeed.
19611: [8cced1b862bf]
19612:
19613: * defaults.h:
19614: #undef T_FOO to avoid conflicts with system defines (like on
19615: ULTRIX).
19616: [d9f0aac092b0]
19617:
19618: * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
19619: sudoers.pod:
19620: Docuement "Defaults" lines in /etc/sudoers. Still needs some
19621: fleshing out but this is a start.
19622: [521a1e629bbc]
19623:
19624: 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
19625:
19626: * use strtol, not strtoul since not everyone has not strtoul
19627: [988462f093cc]
19628:
19629: * defaults.c:
19630: use strtol, not strtoul since not everyone has not strtoul
19631: [fce835ce62e3]
19632:
19633: * lex.yy.c, parse.lex:
19634: last {WORD} rule should only apply in the INITIAL state
19635: [9b57570bfa83]
19636:
19637: * lex.yy.c, parse.lex:
19638: o Add support for escaped characters in the WORD macro o Modify
19639: fill() to squash escape chars
19640: [87572d59e4e0]
19641:
19642: * defaults.c, defaults.h:
19643: o Add T_PATH flag to allow simple sanity checks for default values
19644: that are supposed to be pathnames. o Fix a duplicate free when
19645: visudo finds an error.
19646: [bdc6855a6c6d]
19647:
19648: 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
19649:
19650: * defaults.c, defaults.h, logging.c:
19651: mail_if_foo -> mail_foo
19652: [cbee9415875d]
19653:
19654: 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
19655:
19656: * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
19657: o Add requiretty option o Move O_NOCTTY to compat.h
19658: [65b8bf0e1795]
19659:
19660: * logging.c:
19661: The exit() in log_error() was mistakenly removed in a previous
19662: version. Put it back...
19663: [9473449130a4]
19664:
19665: 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
19666:
19667: * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
19668: auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
19669: configure, configure.in, defaults.c, defaults.h, find_path.c,
19670: getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
19671: o Change defaults stuff to put the value right in the struct. o
19672: Implement mailer_flags o Store syslog stuff both in int and string
19673: form. Setting the string form magically updates the int version.
19674: o Add boolean attribute to strings where it makes sense to say !foo
19675: [4698953f9a36]
19676:
19677: * tgetpass.c:
19678: add O_NOCTTY when opening /dev/tty just in case
19679: [4c6d1d1bb300]
19680:
19681: 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
19682:
19683: * auth/API:
19684: cleanup function no longer takes a status arg
19685: [0819edbfe7f8]
19686:
19687: * INSTALL:
19688: the the
19689: [19aadb65ea28]
19690:
19691: 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
19692:
19693: * TODO, config.h.in, configure, configure.in, logging.c:
19694: Use strftime() instead of ctime() if it is available.
19695: [fb60ea63b514]
19696:
19697: 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
19698:
19699: * defaults.c:
19700: fix copyright date
19701: [4a53b54aa72f]
19702:
19703: * RUNSON:
19704: update ReliantUNIX entry
19705: [de618a4f67d9]
19706:
19707: * defaults.c, defaults.h, logging.c:
19708: add log_year option
19709: [251a9e20568a]
19710:
19711: * configure, configure.in:
19712: add --without-sendmail to help output
19713: [93162f199902]
19714:
19715: * configure, configure.in:
19716: enforce an otctal arg for --with-suoders-mode
19717: [45e1b04ccad3]
19718:
19719: 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
19720:
19721: * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
19722: auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
19723: auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
19724: defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
19725: parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
19726: testsudoers.c, version.c, visudo.c:
19727: Add support for "Defaults" line in sudoers to make configuration
19728: variables changable at runtime (and on a global, per-host and per-
19729: user basis). Both the names and the internal representation are
19730: still subject to change. It was necessary to make sudo_user.runas
19731: but a char ** instead of a char * since this value can be changed by
19732: a Defaults line. There is a similar (but more complicated) issue
19733: with sudo_user.prompt but it is handled differently at the moment.
19734:
19735: Add a "-L" flag to list the name of options with their descriptions.
19736: This may only be temporary.
19737:
19738: Move some prototypes to parse.h
19739:
19740: Be much less restrictive on what is allowed for a username.
19741: [f71abf7ba80c]
19742:
19743: * sample.syslog.conf:
19744: Add more info
19745: [e952e6f42d4d]
19746:
19747: 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
19748:
19749: * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
19750: strcasecmp.c:
19751: UCB has dropped the advertising clause from their license.
19752: [a5602b36a341]
19753:
19754: 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
19755:
19756: * auth/sudo_auth.h:
19757: move dce_verofy proto to correct section
19758: [972c815af558]
19759:
19760: * auth/dce.c:
19761: remove XXX
19762: [820631855be0]
19763:
19764: 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
19765:
19766: * emul/fnmatch.h:
19767: Add fnmatch() prototype
19768: [79e84576d92a]
19769:
19770: * fnmatch.c, parse.c, testsudoers.c:
19771: Move inclusion of emul/fnmatch.h to be after sudo.h for __P
19772: [1182c89fa811]
19773:
19774: * sudo.h:
19775: add strcasecmp proto
19776: [512d1d8a6a0c]
19777:
19778: * auth/sudo_auth.c:
19779: add check for case where there are no auth methods
19780: [e4af2b91b43e]
19781:
19782: * configure, configure.in:
19783: Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
19784: SunOS4 w/ gcc
19785: [746ce8bcec23]
19786:
19787: * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
19788: include strings.h everywhere we include string.h
19789: [6f7d5d437e7b]
19790:
19791: * version.c:
19792: nicer output when showing auth methods
19793: [0eac4b977f9d]
19794:
19795: * version.c:
19796: Add support for SEND_MAIL_WHEN_NO_HOST
19797: [9f20a3a3fae6]
19798:
19799: * config.h.in, configure, configure.in:
19800: Add _GNU_SOURCE for Linux
19801: [c7bd8c511847]
19802:
19803: * lex.yy.c, parse.lex:
19804: fix definition of OCTECT
19805: [4af30e63244d]
19806:
19807: * configure, configure.in:
19808: aix_auth.o not authenticate.o
19809: [fe95dfb08df4]
19810:
19811: 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
19812:
19813: * sudo.c:
19814: Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
19815: keyboard). Since we run with ruid/euid == 0 the user can't really
19816: signal us in nasty ways.
19817: [a7f6487c0f48]
19818:
19819: * visudo.c:
19820: Don't need to worry about catching too many signals since we do
19821: locking on the tmp file. If a lockfile is really stale, it will be
19822: detected and overwritten.
19823: [28983db3e749]
19824:
19825: * INSTALL, Makefile.in:
19826: include auth/API in tarball
19827: [014991600252]
19828:
19829: * auth/sudo_auth.c:
19830: move memset() of plaintext pw outside of verify loop and only do the
19831: memset if we are *not* in standalone mode.
19832: [66f8e87567e2]
19833:
19834: * auth/sudo_auth.c, auth/sudo_auth.h:
19835: DCE is not a standalone method
19836: [34963e2d8a1b]
19837:
19838: * sudo.c:
19839: fix --enable-noargs-shell
19840: [4234062abbb0]
19841:
19842: * snprintf.c:
19843: "#ifdef __STDC__" not "#if __STDC__" (I missed one)
19844: [c430b80454c6]
19845:
19846: * auth/fwtk.c, auth/sia.c:
19847: _cleanup() function returns an int.
19848: [d1a1cc071ec1]
19849:
19850: * auth/dce.c:
19851: there were still some return(0)'s hanging around, make them
19852: AUTH_FAILURE
19853: [1002aa1962c3]
19854:
19855: * parse.c:
19856: typo in comment
19857: [5abc410dbfd2]
19858:
19859: * version.c:
19860: add missing semicolon
19861: [a262283b52a5]
19862:
19863: * auth/sudo_auth.h:
19864: missing backslash
19865: [bf89f6bd2900]
19866:
19867: 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
19868:
19869: * CHANGES, config.h.in, configure, configure.in:
19870: Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
19871: [f1a9bca0cf67]
19872:
19873: * Makefile.in:
19874: add parse.h to HDRS
19875: [a3d054987766]
19876:
19877: * Makefile.in, configure, configure.in:
19878: Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
19879: LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
19880: network libs like -lsocket, -lnsl go in NET_LIBS. This allows
19881: testsudoers to build on Solaris and is a bit cleaner in general.
19882: [4e6239e97002]
19883:
19884: * UPGRADE:
19885: mention ptmp -> sudoers.tmp
19886: [ec3baa0fe8a1]
19887:
19888: * config.h.in, configure, configure.in:
19889: Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
19890: [6f93dc7f39f5]
19891:
19892: * RUNSON:
19893: add 2 reports
19894: [ce0fcc00ee4e]
19895:
19896: * auth/kerb5.c:
19897: Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
19898: return a value more like a system function
19899: [0dd56aa21424]
19900:
19901: * auth/dce.c:
19902: Add an XXX
19903: [58fc8562c212]
19904:
19905: * TODO:
19906: more things todo!
19907: [5a459d0cf339]
19908:
19909: * sample.sudoers:
19910: update based on what is in the man page
19911: [1a0477db96fa]
19912:
19913: * parse.yacc, sudo.tab.c:
19914: minor change to first line printed in -l mode
19915: [69eb57d96952]
19916:
19917: * sudo.cat, sudo.html, sudo.man, sudo.pod:
19918: rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
19919: standard and add "EXAMPLES" section
19920: [7e543335ebe1]
19921:
19922: * visudo.cat, visudo.html, visudo.man, visudo.pod:
19923: rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
19924: standard
19925: [f82d87ed65c2]
19926:
19927: * logging.c, parse.c, sudo.h:
19928: add FLAG_NO_CHECK
19929: [c7d69176a2d7]
19930:
19931: * lex.yy.c, parse.lex:
19932: make an OCTET really be limited to 0-255
19933: [6ee568dd6a02]
19934:
19935: * UPGRADE:
19936: mention timestamp changes
19937: [e44d5302bf60]
19938:
19939: * PORTING:
19940: cosmetic cleanup
19941: [36fa3a2664dd]
19942:
19943: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
19944: new sudoers(8) man page
19945: [e674d06283d0]
19946:
19947: 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
19948:
19949: * version.c:
19950: Update comments about syslog name tables
19951: [63830a782dcb]
19952:
19953: * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
19954: strcasecmp.c, sudo.tab.c:
19955: include strcasecmp() for those without it
19956: [a0d8e2488bbc]
19957:
19958: * sample.sudoers:
19959: Use the : operator some more and fix a typo
19960: [18804c70da86]
19961:
19962: * HISTORY:
19963: update the history of sudo
19964: [9d9b3d5279b3]
19965:
19966: * parse.c, parse.lex, testsudoers.c:
19967: CIDR-style netmask support
19968: [768644467353]
19969:
19970: * CHANGES:
19971: recent changes
19972: [a4319e9d07cb]
19973:
19974: * sudo.tab.c, sudo.tab.h:
19975: these should be generated with byacc, not bison
19976: [f57b9489b752]
19977:
19978: * lex.yy.c:
19979: regen
19980: [522461f95dfa]
19981:
19982: * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
19983: In "sudo -l" mode, the type of the stored (expanded) alias was not
19984: stored with the contents. This could lead to incorrect output if
19985: the sudoers file had different alias types with the same name.
19986: Normal parsing (ie: not in '-l' mode) is unaffected.
19987: [823fe2bc4b79]
19988:
19989: 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
19990:
19991: * configure, configure.in:
19992: define _XOPEN_SOURCE to get at crypt() proto on some systems
19993: [1b3769b86fb9]
19994:
19995: 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
19996:
19997: * snprintf.c:
19998: fix comment
19999: [fc1264df00f7]
20000:
20001: * tgetpass.c:
20002: don't need limits.h
20003: [f1631829af45]
20004:
20005: * snprintf.c:
20006: kill bogus reference to vfprintf
20007: [a0b99b25d389]
20008:
20009: * sample.sudoers, sudoers:
20010: better examples
20011: [b4d87ea64cc8]
20012:
20013: * snprintf.c:
20014: Add some const in the K&R defs. This is safe since we define const
20015: away if the compiler doesn't grok it.
20016: [614d6e83d45e]
20017:
20018: * aclocal.m4, configure:
20019: Better test for working long long support. Ultrix compiler supports
20020: basic long long but not all operations on them.
20021: [5da1508710ed]
20022:
20023: * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
20024: snprintf.c, sudo.c:
20025: Add check for LONG_IS_QUAD #undef MAXINT before including
20026: hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
20027: in snprintf.c and use LONG_IS_QUAD
20028: [a1f7993367fc]
20029:
20030: 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
20031:
20032: * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
20033: snprintf.c:
20034: UCB-derived snprintf + asprintf support. Supports quads if the
20035: compiler does. No floating point yet, perhaps later...
20036: [0caf05aba945]
20037:
20038: 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
20039:
20040: * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
20041: goodpath.c, logging.c, parse.c, sudo.c:
20042: Run most of the code as root, not the invoking user. It doesn't
20043: really gain us anything to run as the user since an attacker can
20044: just have an setuid(0) in their egg. Running as root solves
20045: potential problems wrt signalling.
20046: [408e530dda01]
20047:
20048: * sudo.tab.c:
20049: regen
20050: [f8cfb37e37de]
20051:
20052: 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
20053:
20054: * logging.c, sudo.c:
20055: Don't wait for child to finish in log_error(), let the signal
20056: handler get it if we are still running, else let init reap it for
20057: us. The extra time it takes to wait lets the user know that mail is
20058: being sent.
20059:
20060: Install SIGCHLD handler in main() and for POSIX signals, block
20061: everything
20062: *except* SIGCHLD.
20063: [d2b6ab0ef3be]
20064:
20065: * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
20066: parse.yacc, sudo.c, sudo.h:
20067: sudoers_lookup() now returns a bitmap instead of an int. This makes
20068: it possible to express things like "failed to validate because user
20069: not listed for this host". Some thigns that were previously
20070: VALIDATE_FOO are now FLAG_FOO. This may change later on.
20071:
20072: Reorganized code in log_auth() and sudo.c to deal with above
20073: changes.
20074:
20075: Safer versions of push/pushcp with in the do { ... } while (0) style
20076:
20077: parse.yacc now saves info on the stack to allow parse.c to determine
20078: if a user was listed, but not for the host he/she tried to run on.
20079:
20080: Added --with-mail-if-no-host option
20081: [63326cb01efc]
20082:
20083: 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
20084:
20085: * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
20086: visudo.man, visudo.pod:
20087: o NewArgv and NewArgc don't need to be externally visible. o If
20088: pedantic > 1, it is a parse error. o Add -s (strict) option to
20089: visudo which sets pedantic to 2.
20090: [5d7d81b55cd5]
20091:
20092: * HISTORY, INSTALL:
20093: Just have sudo-bugs contact info in one place
20094: [e7f6588ea683]
20095:
20096: * sudo.cat, sudo.html, sudo.man, sudo.pod:
20097: Add BUGS section
20098: [6607d96ea510]
20099:
20100: * Makefile.in, configure, configure.in:
20101: Add testsudoers to default build target if --with-devel Don't clean
20102: generated parser files unless "distclean".
20103: [5827b769dc57]
20104:
20105: * parse.yacc, sudo.tab.c:
20106: In pedantic mode we need to save *all* the aliases, not just those
20107: that match, or we get spurious warnings.
20108: [24f5b1f0e1de]
20109:
20110: * TROUBLESHOOTING:
20111: reference samples.sylog.conf
20112: [11841668380a]
20113:
20114: 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
20115:
20116: * sample.syslog.conf:
20117: Sample entries for syslog.conf
20118: [0f7697d878a1]
20119:
20120: * CHANGES:
20121: recent changes
20122: [8bca8810c6bd]
20123:
20124: * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
20125: auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
20126: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
20127: auth/sudo_auth.c, auth/sudo_auth.h:
20128: In struct sudo_auth, turn need_root and configured into flags and
20129: add a flag to specify an auth method is running alone (the only
20130: one). Pass auth methods their sudo_auth pointer, not the data
20131: pointer. This allows us to get at the flags and tell if we are the
20132: only auth method. That, in turn, allows the method to be able to
20133: decide what should/should not be a fatal error. Currently only
20134: rfc1938 uses it this way, which allows us to kill the OTP_ONLY
20135: define and te hackery that went with it. With access to the
20136: sudo_auth struct, methods can also get at a string holding their
20137: cannonical name (useful in error messages).
20138: [b7e320fc6511]
20139:
20140: * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
20141: getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
20142: sudo.tab.h:
20143: o --with-otp deprecated, use --without-passwd instead o real
20144: dependencies in the Makefile o --with-devel option to enable yacc,
20145: lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
20146: back to being a token, not a string but don't leak memory o rename
20147: hsotspec -> host in parse.yacc
20148: [912c45226cb2]
20149:
20150: 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
20151:
20152: * BUGS, CHANGES:
20153: recent changes
20154: [801fa6e55687]
20155:
20156: * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
20157: sudo.c, sudo.h:
20158: o Digital UNIX needs to check for *snprintf() before -ldb is added
20159: to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
20160: for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
20161: functions in snprintf.c to fix -Wall o Add missing includes to fix
20162: more -Wall
20163: [8d207203e126]
20164:
20165: * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
20166: configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
20167: visudo.c:
20168: o Add a "pedentic" flag to the parser. This makes sudo warn in
20169: cases where an alias may be used before it is defined. Only turned
20170: on for visudo and testsudoers. o Add --disable-authentication option
20171: that makes sudo not require authentication by default. The PASSWD
20172: tag can be used to require authentication for an entry. We no
20173: longer overload --without-passwd.
20174: [f307e09adf98]
20175:
20176: * lex.yy.c, parse.lex:
20177: Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
20178: username can contain just about anything so be very permissive. Also
20179: drop the unused \. punctuation.
20180: [06a50614ff89]
20181:
20182: 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
20183:
20184: * parse.yacc, sudo.tab.c:
20185: o add a 'val' element to aliasinfo struct and move -> parse.h o
20186: find_alias() now returns an aliasinfo * instead of boolean o
20187: add_alias() now takes a value parameter to store in the
20188: aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
20189: return: 1) positive match 0) negative match (due to '!')
20190: -1) no match This means setting $$ explicitly in all cases, which I
20191: should have done in the first place. It also means that we always
20192: store a value that is != -1 and when we see a '!' we can set
20193: *_matches to !rv if rv != -1. The upshot of all of this is that '!'
20194: now works the way it should in lists and some of the rules are more
20195: uniform and sensible.
20196: [ad8e73b5d581]
20197:
20198: * Makefile.in:
20199: add parse.h dependency
20200: [4ccccd464d30]
20201:
20202: * parse.h:
20203: kill unused *_matched macros
20204: [02cba6dcb732]
20205:
20206: * parse.yacc:
20207: Allow a list of users as the first thing in a user spec, not just a
20208: single entry. This makes things more uniform, though it does allow
20209: you to write user specs that are hard to read.
20210: [3c4c91c508ca]
20211:
20212: * sudo.tab.c:
20213: parse.yacc
20214: [feca81881bb6]
20215:
20216: * configure:
20217: regen
20218: [6f247010bb3b]
20219:
20220: * configure.in:
20221: fix check for crypt() in libufc
20222: [82770736f4b0]
20223:
20224: 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
20225:
20226: * README:
20227: sudo-users list now exists
20228: [4716d2bb0bbf]
20229:
20230: * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
20231: Update to reality.
20232: [1eda2d57e42a]
20233:
20234: * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
20235: config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
20236: version.c, visudo.c:
20237: o Move lock_file() and touch() into fileops.c so visudo can use them
20238: o Visudo now locks the sudoers temp file instead of bailing when the
20239: temp file already exists. This fixes the problem of stale temp
20240: files but it does *require* that you not try to put the temp file in
20241: a world-writable directory. This shoud not be an issue as the temp
20242: file should live in the same dir as sudoers. o Visudo now only
20243: installs the temp file as sudoers if it changed.
20244: [2517cd06c070]
20245:
20246: 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
20247:
20248: * logging.c:
20249: add fcntl locking
20250: [c304adeaf515]
20251:
20252: * config.h.in, configure, configure.in, logging.c:
20253: Lock the log file.
20254: [d8652704fbdf]
20255:
20256: * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
20257: visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
20258: o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
20259: temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
20260: -> _PATH_SUDOERS_TMP
20261: [68cad8975807]
20262:
20263: 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
20264:
20265: * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
20266: o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
20267: root sudo -V config reporting
20268: [cdd2613a9dcf]
20269:
20270: * configure, configure.in:
20271: aix_auth.o not authenticate.o
20272: [d972e35f6730]
20273:
20274: * config.h.in:
20275: Add --with-goodpri and --with-badpri configure options to specify
20276: the syslog priority to use.
20277: [2595ae50ab86]
20278:
20279: * INSTALL, configure, configure.in, logging.h:
20280: Add --with-goodpri and --with-badpri configure options to specify
20281: the syslog priority to use.
20282: [8276ee9b2b49]
20283:
20284: * compat.h:
20285: kill crufty AIX stuff
20286: [a4f35ef9854e]
20287:
20288: * Makefile.in:
20289: Sigh, some versions of make (like Solaris's) don't deal with $< like
20290: I would expect. Both GNU and BSD makes get this right but... So, we
20291: just expand $< inline at the cost of some ugliness.
20292: [b1b456f8801f]
20293:
20294: * version.c:
20295: If the invoking user is root, sudo will now print configure info in
20296: -V mode. Currently just prints logging info, to be expanded later.
20297: [392f7ed99267]
20298:
20299: * logging.c, logging.h, sudo.c, sudo.h:
20300: o new defines for syslog facility and priority o use new
20301: print_version() functino for -V mode
20302: [78abc5142985]
20303:
20304: * check.c:
20305: Don't need version.c
20306: [db9a830ad893]
20307:
20308: * aclocal.m4, config.h.in, configure, configure.in:
20309: Add check for syslog facilities and priorities tables in syslog.h
20310: [b86213e5fc5c]
20311:
20312: * Makefile.in:
20313: o authenticate -> aix_auth o add version.c
20314: [44b6b9a8d0f5]
20315:
20316: * auth/sudo_auth.c:
20317: Missed a prompt -> user_prompt conversion
20318: [e4c60b1f210c]
20319:
20320: 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
20321:
20322: * TODO:
20323: sudo should lock its logfile
20324: [6d2830b28b07]
20325:
20326: * parse.yacc, sudo.tab.c:
20327: o Add '!' correctly when expanding Aliases. o Add shortcut macros
20328: for append() to make things more readable. o The separator in
20329: append() is now a string instead of a char. o In append(), only
20330: prepend the separator if the last char is not a '!'. This is a
20331: hack but it greatly simplifies '!' handling. o In -l mode, Runas
20332: lists and NOPASSWD/PASSWD tags are now inherited across entries in
20333: a list (matches current behavior). o Fix formatting in -l mode such
20334: that items in a list are separated by a space. Greatlt improves
20335: readability. o Space for name field in struct aliasinfo is now
20336: allocated dyanically instead of using a (big) buffer. o In
20337: add_alias(), only search the list once (lsearch instead of lfind +
20338: lsearch)
20339: [51f7e07addb9]
20340:
20341: * lex.yy.c, sudo.tab.c, sudo.tab.h:
20342: regen
20343: [5c19bb05dc21]
20344:
20345: * configure, configure.in:
20346: Solais pam doesn't require anye xtra setup
20347: [a25ba03d91d1]
20348:
20349: * parse.yacc:
20350: o Simpler '!' support now that the lexer deals with multiple !'s for
20351: us. o In the case of opFOO, have FOO give a boolean return value and
20352: set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
20353: it gets fill()'d in parse.lex--fixes a small memory leak. In the
20354: long run it may be better to just fix parse.lex and make ALL back
20355: into a token. However, having it be a string is useful since it
20356: can be easily passed back to the parent rule if we so desire.
20357: [b3c64b443018]
20358:
20359: * parse.lex:
20360: o Remove some unnecessary backslashes o collapse multiple !'s by
20361: using !+ and checking if yyleng is even or odd. this allows us to
20362: simplify ! handling in parse.yacc
20363: [76330e8da8e3]
20364:
20365: * sudo.c:
20366: -u flag was being ignored
20367: [e30283207585]
20368:
20369: 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
20370:
20371: * Makefile.in:
20372: correct fix
20373: [a0e2377dec8f]
20374:
20375: * Makefile.in:
20376: work around pod2man stupididy
20377: [7c755640b67f]
20378:
20379: * Makefile.in:
20380: correct dependencies for .cat
20381: [5ed7b0653b68]
20382:
20383: * sudo.cat, sudo.man, visudo.cat, visudo.man:
20384: regen
20385: [b74510dd6a0a]
20386:
20387: * sudo.pod, visudo.pod:
20388: Add copyright Update to reality
20389: [188e9b046c15]
20390:
20391: * parse.c, sudo.c, sudo.h:
20392: rename validate() to the more descriptive sudoers_lookup()
20393: [7a1cb652f379]
20394:
20395: * auth/aix_auth.c:
20396: use tgetpass
20397: [b8ba5daec40a]
20398:
20399: 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
20400:
20401: * CHANGES:
20402: updates
20403: [e61460cdf4a0]
20404:
20405: * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
20406: configure, configure.in, sudo.c:
20407: Sudo, not CU Sudo
20408: [9061b3573c0c]
20409:
20410: * LICENSE:
20411: add 4th term to license similar to term 5 in the apache license
20412: [92712e895afb]
20413:
20414: * emul/search.h, emul/utime.h:
20415: add 4th term to license similar to term 5 in the apache license
20416: [4f93a8b9396e]
20417:
20418: * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
20419: auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
20420: auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
20421: auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
20422: logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
20423: pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
20424: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
20425: visudo.c:
20426: add 4th term to license similar to term 5 in the apache license
20427: [afae9f2bf9ec]
20428:
20429: * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
20430: add 4th term to license similar to term 5 in the apache license
20431: [c389d3fdafac]
20432:
20433: * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
20434: getspwuid.c, goodpath.c:
20435: add 4th term to license similar to term 5 in the apache license
20436: [969e63dbd38e]
20437:
20438: * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
20439: insults.h, logging.c, sudo.c, sudo.h:
20440: there was a 1995 release too
20441: [5963fd89457a]
20442:
20443: 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
20444:
20445: * CHANGES:
20446: updates
20447: [254b794f16ab]
20448:
20449: * check.c:
20450: Use dirs instead of files for timestamp. This allows tty and non-
20451: tty schemes to coexist reasonably. Note, however, that when you
20452: update a tty ticket, the mtime on the user dir gets updated as well.
20453: [44bfac32f799]
20454:
20455: * configure, configure.in:
20456: Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
20457: when linking test program, not just -lprot. Also add check for
20458: getspnam(). The SCO docs indicate that /etc/shadow can be used but
20459: this may be a lie.
20460: [2ba21d36cc1e]
20461:
20462: 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
20463:
20464: * auth/API:
20465: first cut at auth API description
20466: [3d10df021eb8]
20467:
20468: 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
20469:
20470: * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
20471: auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
20472: auth/sudo_auth.h:
20473: auth API change. There is now an init method that gets run before
20474: the main loop. This allows auth routines to differentiate between
20475: initialization that happens once vs. setup that needs to run each
20476: time through the loop.
20477: [76df1c0d3478]
20478:
20479: * auth/kerb5.c, logging.c:
20480: use easprintf() and evasprintf()
20481: [fd97d96dc12f]
20482:
20483: * alloc.c, sudo.h:
20484: add easprintf() and evasprintf(), error checking versions of
20485: asprintf() and vasprintf()
20486: [f54385de20b7]
20487:
20488: * TODO:
20489: remove 2 items. One done, one won't do.
20490: [64513b47bc7a]
20491:
20492: * lex.yy.c, sudo.tab.c:
20493: regen
20494: [4aa299de2752]
20495:
20496: * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
20497: visudo.html, visudo.man:
20498: regen
20499: [553c0d1209be]
20500:
20501: * CHANGES:
20502: new changes
20503: [d7be00b7e36b]
20504:
20505: * sudo.pod:
20506: o Document -K flag and update meaning of -k flag. o BSD-style
20507: copyright o Document clearing of BIND resolver environment variables
20508: o Clarify bit about shared libs o suggest rc files create /tmp/.odus
20509: if your OS gives away files
20510: [4a4092be1455]
20511:
20512: * visudo.pod:
20513: BSD license
20514: [ad0bfd0a4630]
20515:
20516: * version.h:
20517: BSD-style copyright
20518: [ecc6479325be]
20519:
20520: * tgetpass.c:
20521: o BSD copyright o no need to block signals, we now do that in main()
20522: o cosmetic changes
20523: [61958beda7ab]
20524:
20525: * testsudoers.c, visudo.c:
20526: o BSD-style copyright o Use "struct sudo_user" instead of old
20527: globals. o some cometic cleanup
20528: [88c0c6924082]
20529:
20530: * sudo_setenv.c:
20531: BSD-style copyright
20532: [df20290129a0]
20533:
20534: * sudo.h:
20535: o BSD copyright o logging and parser bits moved to their own .h
20536: files o new "struct sudo_user" to encapsulate many of the old
20537: globals.
20538: [50fc86bf25cb]
20539:
20540: * sudo.c:
20541: o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
20542: logging routines o simplified flow of control o BIND resolver
20543: additions to badenv_table
20544: [8c53f15bfcb0]
20545:
20546: * strerror.c:
20547: BSD-style copyright
20548: [7c906c3a82ac]
20549:
20550: * snprintf.c:
20551: Now compiles on more K&R compilers
20552: [07ab1d3231c7]
20553:
20554: * putenv.c:
20555: BSD-style copyright, cosmetic changes
20556: [c42371295881]
20557:
20558: * pathnames.h.in:
20559: BSD-style copyright
20560: [e5c34ebd4cf1]
20561:
20562: * parse.c, parse.h, parse.lex, parse.yacc:
20563: BSD-style copyright. Move parser-specific defines and structs into
20564: parse.h + other cosmetic changes
20565: [d3088efb6228]
20566:
20567: * logging.h:
20568: defines for logging routines
20569: [13147941c02d]
20570:
20571: * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
20572: BSD-style copyright, cosmetic changes
20573: [e8205e91a4fa]
20574:
20575: * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
20576: interfaces.h:
20577: BSD-style copyright
20578: [b9499da7cdce]
20579:
20580: * configure.in:
20581: o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
20582: kill --disable-tgetpass o add --without-passwd o changes to fill in
20583: AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
20584: v?asprintf() o replace --with-AuthSRV with --with-fwtk
20585: [9a3f39b9c128]
20586:
20587: * config.h.in:
20588: BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
20589: HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
20590: HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
20591: [9a09054db53a]
20592:
20593: * compat.h:
20594: BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
20595: [25509c566975]
20596:
20597: * alloc.c:
20598: BSD-style copyright
20599: [4967be892363]
20600:
20601: * TROUBLESHOOTING:
20602: no more --with-getpass
20603: [afd5b670c196]
20604:
20605: * TODO:
20606: Take out things I've done...
20607: [375420c8270e]
20608:
20609: * README:
20610: Refer to LICENSE
20611: [c486c8db30f6]
20612:
20613: * PORTING:
20614: --with-getpass no longer exists
20615: [db48202df1bb]
20616:
20617: * Makefile.in:
20618: BSD-style copyright. Update to reflect reality wrt new files and
20619: new auth modules.
20620: [61a2ca7940fb]
20621:
20622: * INSTALL:
20623: Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
20624: --without-passwd.
20625: [64e8f9e1c05e]
20626:
20627: * HISTORY:
20628: Update history a bit
20629: [df60c0a871b8]
20630:
20631: * COPYING, LICENSE:
20632: Now distributed under a BSD-style license
20633: [d1a184ccabe1]
20634:
20635: * auth/sudo_auth.c:
20636: o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
20637: options. o skey/opie replaced by rfc1938 code o new struct sudo_user
20638: global
20639: [891b57060868]
20640:
20641: * auth/pam.c, auth/sia.c:
20642: BSD-style copyright and use new log functions
20643: [65c44445ea84]
20644:
20645: * auth/kerb5.c:
20646: o BSD-style copyright o Use new log functiongs o Use asprintf() and
20647: snprintf() where sensible.
20648: [1ff0feaacf95]
20649:
20650: * check.c:
20651: Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
20652: done more reasonably--better sanity checks and tty-based stamps are
20653: now done as files in a directory with the same name as the invoking
20654: user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
20655: to mix tty and non-tty based ticket schemes but this may change in
20656: the future (it requires sudo to use a directory instead of a file in
20657: the non-tty case). Also, ``sudo -k'' now sets the ticket back to
20658: the epoch and ``sudo -K'' really deletes the file. That way you
20659: don't get the lecture again just because you killed your ticket in
20660: .logout. BSD-style copyright now.
20661: [ec3460f85be8]
20662:
20663: * logging.c:
20664: o rewritten logging routines. log_error() now takes printf-style
20665: varargs and log_auth() for the return value of validate(). o BSD-
20666: style copyright
20667: [438292025c4e]
20668:
20669: * auth.c, check_sia.c, dce_pwent.c, secureware.c:
20670: superceded by new auth API
20671: [412060590da7]
20672:
20673: * auth/kerb4.c:
20674: BSD-style copyright
20675: [cc4e800833c7]
20676:
20677: * auth/fwtk.c:
20678: Use snprintf() where it makes sense and add a BSD-style copyright
20679: [1b7502388a74]
20680:
20681: * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
20682: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
20683: BSD-style copyright
20684: [42583bedae5c]
20685:
20686: * emul/utime.h, utime.c:
20687: BSD-style copyright
20688: [3985c90aba47]
20689:
20690: * emul/search.h:
20691: this has been rewritten so use my BSD-style copyright
20692: [176df1b0de6f]
20693:
20694: 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
20695:
20696: * snprintf.c:
20697: include malloc.h if no stdlib.h
20698: [7b123f1d1d03]
20699:
20700: * snprintf.c:
20701: KTH snprintf()/asprintf() for systems w/o them
20702: [3ca9aefb9d01]
20703:
20704: * strerror.c:
20705: strerror() for systems w/o it
20706: [7f0bd8a1c1b4]
20707:
20708: 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
20709:
20710: * visudo.c:
20711: stylistic changes
20712: [6f99aceb7170]
20713:
20714: * parse.c, parse.lex, parse.yacc:
20715: Add contribution info in the main comment
20716: [e50cec10acd6]
20717:
20718: 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
20719:
20720: * auth/pam.c:
20721: remove missed ref to PAM_nullpw
20722: [a43e59692cdb]
20723:
20724: * auth/sudo_auth.h:
20725: pasto
20726: [891ff138ab89]
20727:
20728: * auth/kerb5.c:
20729: more or less complete now--still untested
20730: [21036732faa0]
20731:
20732: * auth/afs.c, auth/pam.c:
20733: don't use user_name macro, it will go away
20734: [def7cf727349]
20735:
20736: * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
20737: combine skey/opie code into rfc1938.c
20738: [44d88ca93d3e]
20739:
20740: * auth/dce.c, auth/sudo_auth.h:
20741: DCE authentication method; basically unchanged from dce_pwent.c
20742: [4d468473dd6f]
20743:
20744: * auth/aix_auth.c, auth/sudo_auth.h:
20745: AIX authenticate() support. Could probably be much better
20746: [000013321a33]
20747:
20748: * auth/sia.c:
20749: Fix an uninitialized variable and some cleanup. Now works (tested)
20750: [fd6ad88ff055]
20751:
20752: * auth/sia.c, auth/sudo_auth.h:
20753: SIA support for digital unix
20754: [5335f3e70eab]
20755:
20756: * auth/pam.c:
20757: don't use prompt global, it will go away
20758: [fadd22dd6ce4]
20759:
20760: * auth/secureware.c:
20761: correct copyright years
20762: [6aa07c49f51b]
20763:
20764: * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
20765: auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
20766: auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
20767: New authentication API and methods
20768: [9debe9b59c79]
20769:
20770: 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
20771:
20772: * sudo.tab.c:
20773: regen
20774: [84578e82c1a6]
20775:
20776: * parse.yacc:
20777: only save an entry if user_matches && host_matches, even if the
20778: stack is empty (fix for previous commit)
20779: [00984b078d8a]
20780:
20781: * sudo.tab.c:
20782: regen
20783: [66acf160b4b7]
20784:
20785: * parse.yacc:
20786: 1) Always save an entry on the stack if it is empty. This fixes the
20787: -l and -v flags that were broken by earlier parser changes.
20788:
20789: 2) In a Runas list, don't negate FALSE -> TRUE since that would make
20790: !foo match any time the user specified a runas user (via -u) other
20791: than foo.
20792: [f322eb54b015]
20793:
20794: * testsudoers.c:
20795: interfaces and num_interfaces are now auto, not extern
20796: [113add5c6518]
20797:
20798: 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
20799:
20800: * auth.c:
20801: use a static global to keep stae about empty passwords
20802: [bc02e30807d8]
20803:
20804: * check_sia.c:
20805: make PASSWORD_NOT_CORRECT logging consistent with other modules
20806: [21962549d5fd]
20807:
20808: 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
20809:
20810: * auth.c:
20811: PAM prompt code was wrong, looks like we have to kludge it after
20812: all.
20813: [91f246155ead]
20814:
20815: * auth.c:
20816: In the PAM code, when a user hits return at the first password
20817: prompt, exit without a warning just like the normal auth code
20818: [918f59bacdb7]
20819:
20820: * configure, configure.in:
20821: kludge around cross-compiler false positives
20822: [5e5fc8356400]
20823:
20824: * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
20825: New (correct) PAM code Tgetpass now takes an echo flag for use with
20826: PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
20827: useless umask setting Change error from BAD_ALLOCATION ->
20828: BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
20829: for consistency
20830: [e71397f09dd8]
20831:
20832: * sudo.c:
20833: Some -Wall and kill some trailing spaces
20834: [8229b43d5c4e]
20835:
20836: * configure.in:
20837: define -D__EXTENSIONS__ for solaris so we get crypt() proto
20838: [7533e4436cab]
20839:
20840: 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
20841:
20842: * RUNSON:
20843: add Dynix 4.4.4
20844: [b69f773efbce]
20845:
20846: * INSTALL, config.h.in, configure, configure.in:
20847: for kerberos V < version, fall back on old kerb4 auth code
20848: [d685ed3a1d8e]
20849:
20850: * INSTALL:
20851: clarify some things
20852: [2f5ba2e8e53a]
20853:
20854: * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
20855: typos
20856: [8925a109c093]
20857:
20858: 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
20859:
20860: * sudo.c:
20861: mention why DONT_LEAK_PATH_INFO is not the default
20862: [0346260cb4ec]
20863:
20864: 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
20865:
20866: * tgetpass.c:
20867: Fix open(2) return value checking, was NULL for fopen, should be -1
20868: for open
20869: [355878bf6d8a]
20870:
20871: * configure:
20872: regen
20873: [68bf82871862]
20874:
20875: * configure.in:
20876: better wording for solaris pam notice
20877: [04e88c7a6c42]
20878:
20879: * CHANGES:
20880: document recent changes
20881: [7c922c5622ef]
20882:
20883: * TROUBLESHOOTING:
20884: Update shadow password section
20885: [e8448bae7d66]
20886:
20887: * auth.c:
20888: move authentication code from check.c to auth.c
20889: [e9f6ecae2399]
20890:
20891: * Makefile.in, check.c, sudo.h:
20892: move authentication code to auth.c
20893: [124cded85f46]
20894:
20895: 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
20896:
20897: * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
20898: getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
20899: logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
20900: sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
20901: visudo.c:
20902: Move interface-related defines to interfaces.h so we don't have to
20903: include <netinet/in.h> everywhere.
20904: [e7599d8ea0bf]
20905:
20906: 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
20907:
20908: * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
20909: parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
20910: o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
20911: turns out the old DES crypt does the right thing with passwords
20912: longert than 8 characters. o Fix common typo (necesary ->
20913: necessary) o Update TODO list
20914: [ad75007a6f13]
20915:
20916: 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
20917:
20918: * sudo.c:
20919: set $LOGNAME when we set $USER
20920: [391596210fd7]
20921:
20922: 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
20923:
20924: * INSTALL:
20925: add comment about digital unix and interfaces.c warning with gcc
20926: [e20f815901cc]
20927:
20928: 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
20929:
20930: * sample.sudoers:
20931: use modern paths and give examples for some of the new parser
20932: features
20933: [e7b2e507c695]
20934:
20935: 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
20936:
20937: * parse.c:
20938: fix comment
20939: [5eb0d005a65f]
20940:
20941: * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
20942: getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
20943: parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
20944: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
20945: Function names should be flush with the start of the line so they
20946: can be found trivially in an editor and with grep
20947: [3c400abde574]
20948:
20949: * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
20950: sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
20951: free(3) is already void, no need to cast it
20952: [6981e1ebda0f]
20953:
20954: * logging.c, sudo.c, sudo.h:
20955: catch case where cmnd_safe is not set (this should not be possible)
20956: [3e1e3038546c]
20957:
20958: * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
20959: testsudoers.c, visudo.c:
20960: Stash the "safe" path (ie: the one listed in sudoers) to the command
20961: instead of stashing the struct stat. Should be safer.
20962: [aa2883fcf57e]
20963:
20964: 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
20965:
20966: * INSTALL, Makefile.in, UPGRADE:
20967: notes on updating from an earlier release
20968: [df9fffa4ab2c]
20969:
20970: * CHANGES:
20971: updated
20972: [574f5065d15a]
20973:
20974: 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
20975:
20976: * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
20977: sudoers.man, sudoers.pod:
20978: You can now specifiy a host list instead of just a host or alias.
20979: Ie: user = host1,host2,ALIAS,!host3 my_command now works.
20980: [e3942bb78021]
20981:
20982: * testsudoers.c:
20983: Quiet -Wall
20984: [a3edc8b08c3a]
20985:
20986: * parse.yacc, sudo.tab.c:
20987: Move the push from the beginning of cmndspec to the end. This means
20988: we no longer have to do a push at the end of privilege, just reset
20989: some values.
20990: [8ea66e5860c6]
20991:
20992: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
20993: runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
20994: use "!" most everywhere
20995: [aadae4d1c9d5]
20996:
20997: 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
20998:
20999: * sudoers.pod:
21000: modernize paths and update su example based on sample.sudoers one
21001: [3f6a37e16c83]
21002:
21003: * sample.sudoers:
21004: New runas semantics
21005: [756ee92865b7]
21006:
21007: * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
21008: strdup.c, sudo.h:
21009: In estrdup(), do the malloc ourselves so we don't need to rely on
21010: the system strdup(3) which may or may not exist. There is now no
21011: need to provide strdup() for those w/o it. Also, the prototype for
21012: estrdup() was wrong, it returns char * and its param is const.
21013: [5f1f984da8e3]
21014:
21015: * getcwd.c:
21016: $Sudo tag
21017: [e4188a35e68c]
21018:
21019: * check.c:
21020: buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
21021: [2aec87c86cde]
21022:
21023: * CHANGES, TODO, parse.yacc, sudo.tab.c:
21024: It is now possible to use the '!' operator in a runas list as well
21025: as in a Cmnd_Alias, Host_Alias and User_Alias.
21026: [a4fdaabda990]
21027:
21028: * logging.c, sudo.h:
21029: Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
21030: [73d0376785ae]
21031:
21032: * sudo.h:
21033: Definitions of *_matched were wrong--user top, not top-2 as
21034: subscript.
21035: [5f8350a57362]
21036:
21037: * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
21038: Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
21039: command but the NOPASSWD flag was set. Make runasspec, runaslist,
21040: runasuser, and nopasswd typeless in parse.yacc Add support for '!'
21041: in the runas list Fix double printing of '%' and '+' for groups and
21042: netgroups respectively Add *_matched macros (no need for local stack
21043: variable). Should only be used directly after a pop (since top must
21044: be >= 2).
21045: [392b1400c4e6]
21046:
21047: * aclocal.m4, configure.in:
21048: Add copyright, somewhat silly
21049: [55c2cdd82dca]
21050:
21051: 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
21052:
21053: * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
21054: compat.h, config.h.in, configure, configure.in, dce_pwent.c,
21055: emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
21056: ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
21057: lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
21058: putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
21059: sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
21060: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
21061: visudo.man:
21062: Crank version to 1.6 and combine copyright statements
21063: [0e1c791658ae]
21064:
21065: * sample.sudoers:
21066: Use ! not ^ to do negation
21067: [1480a0761730]
21068:
21069: * lex.yy.c, sudo.tab.c:
21070: regen
21071: [89ca5a46684b]
21072:
21073: * parse.lex, parse.yacc:
21074: Make runas and NOPASSWD tags persistent across entris in a command
21075: list. Add a PASSWD tag to reverse NOPASSWD. When you override a
21076: runas or *PASSWD tag the value given becomes the new default for the
21077: rest of the command list.
21078: [f1bbb4066542]
21079:
21080: 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
21081:
21082: * CHANGES, RUNSON:
21083: update for 1.5.9
21084: [a1ae9d4a7d54] [SUDO_1_5_9]
21085:
21086: * visudo.c:
21087: Shift return value of system(3) by 8 to get real exit value and if
21088: it is not 1 or 0 print the retval along with the error message.
21089: [c1ff50d743fb]
21090:
21091: 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
21092:
21093: * Makefile.in:
21094: testsudoers needs LIBOBJS too
21095: [972571b4e4bf]
21096:
21097: * parse.c, parse.yacc, sudo.tab.c:
21098: Fix another parser bug. For a sudoers entry like this: millert
21099: ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
21100: as root.
21101: [51968e1eb33d]
21102:
21103: * CHANGES:
21104: new change
21105: [271c6110bb62]
21106:
21107: * parse.yacc, sudo.tab.c:
21108: Save entries that match a ! command on the matching stack too
21109: [5afb5107116c]
21110:
21111: * sudo.c:
21112: Make sudo's usage info better when mutually exclusive args are given
21113: and don't rely on argument order to detect this; nick@zeta.org.au
21114: [2422753c88fd]
21115:
21116: 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
21117:
21118: * CHANGES, Makefile.in, RUNSON:
21119: updates from CU
21120: [b37381e3dafb]
21121:
21122: * Makefile.in:
21123: use gzip
21124: [94a64e52a166]
21125:
21126: * parse.yacc, sudo.tab.c:
21127: Fix off by one error introduced in *alloc changes
21128: [95ede581153a]
21129:
21130: * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
21131: check_sia.c, compat.h, config.h.in, configure, configure.in,
21132: dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
21133: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
21134: interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
21135: pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
21136: sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
21137: sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
21138: visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
21139: ++version
21140: [c6d88f024e37]
21141:
21142: * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
21143: interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
21144: putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
21145: sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
21146: Use emalloc/erealloc/estrdup
21147: [44221d97361a]
21148:
21149: * alloc.c:
21150: error checking memory allocation routines
21151: [5f8c1e7bbc71]
21152:
21153: * parse.yacc, sudo.tab.c:
21154: Still not right, this fixes it for real
21155: [ad553b6f5339]
21156:
21157: * parse.yacc, sudo.tab.c:
21158: Fix for previous commit
21159: [4d6f989f9bf2]
21160:
21161: * CHANGES, INSTALL, parse.yacc:
21162: Fix a parser bug that was exposed when mixing different runas specs
21163: and ! commands. For example: millert ALL=(daemon)
21164: /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
21165: as well as daemon when it should just allow daemon. The problem was
21166: that comma-separated commands in a list shared the same entry on the
21167: matching stack. Now they get their own entry iff there is a full
21168: match. It may be better to just make the runas spec persistent
21169: across all commands in a list like the user and host entries of the
21170: matching stack. However, since that is a fairly major change it
21171: should gets its own minor rev increase.
21172: [c4b939cdcc8e]
21173:
21174: 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
21175:
21176: * check.c, config.h.in:
21177: Simplify PAM code and fix a PAM-related warning on Linux
21178: [2468399523b6]
21179:
21180: 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
21181:
21182: * CHANGES:
21183: updates
21184: [29d4a997769c]
21185:
21186: * sample.sudoers:
21187: better su entry
21188: [76d8285a72ba]
21189:
21190: * configure:
21191: regen
21192: [b7450cc6975d]
21193:
21194: * check.c, configure.in:
21195: new pam code that works on solaris, should work on linux too;
21196: aelberg@home.com
21197: [84c16c0ff259]
21198:
21199: 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
21200:
21201: * RUNSON:
21202: more entries
21203: [b6bef8660759]
21204:
21205: * config.h.in:
21206: only include strings.h if there is no string.h
21207: [b66054a32b00]
21208:
21209: 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
21210:
21211: * config.guess:
21212: Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
21213: [c086d2fe63af]
21214:
21215: 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
21216:
21217: * sudo.c:
21218: shost must be set before log functions are called #ifdef HOST_IN_LOG
21219: [d49a7944358f]
21220:
21221: 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
21222:
21223: * CHANGES, lex.yy.c, parse.lex:
21224: Fix a bug wrt quoting characters in command args. Stop processing
21225: an arg when you hit a backslash so the quoted-character detection
21226: can catch it.
21227: [2281438d7f41]
21228:
21229: 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
21230:
21231: * interfaces.c:
21232: include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
21233: [31118a9e9916]
21234:
21235: 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
21236:
21237: * configure, configure.in:
21238: add missing case statement so --without-sendmail works
21239: [ca25614f7dd9]
21240:
21241: 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
21242:
21243: * CHANGES:
21244: more
21245: [4d70e44f7f93]
21246:
21247: 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
21248:
21249: * configure, configure.in:
21250: only search for -lsun in irix <= 4.x
21251: [e604238317b1]
21252:
21253: * configure, configure.in:
21254: back out last configure.in change now that I've hacked autoconf to
21255: fix the real problem and add a missing newline
21256: [2dabf59a79b5]
21257:
21258: * CHANGES:
21259: updated
21260: [bb35d526552f]
21261:
21262: * getcwd.c:
21263: add def of dirfd() for those without it
21264: [95f0173d8441]
21265:
21266: * configure, configure.in:
21267: When falling back to checking for socket() when linking with
21268: "-lsocket -lnsl" check for main() instead since autoconf has already
21269: cached the results of checking for socket() in -lsocket. This is
21270: really an autoconf bug as it should use the extra libs as part of
21271: the cache variable name.
21272: [a845f8b710ad]
21273:
21274: * configure.in:
21275: typo
21276: [a7d62f62a478]
21277:
21278: 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
21279:
21280: * configure.in:
21281: fix occurrence of $with_timeout that should be
21282: $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
21283: bochum.de
21284: [8c4da2cf73d1]
21285:
21286: 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
21287:
21288: * sudo.cat, sudo.html, sudo.man, sudo.pod:
21289: fix grammar; espie@openbsd.org
21290: [7031d9dfbc3e] [SUDO_1_5_8]
21291:
21292: 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
21293:
21294: * parse.yacc, sudo.c, testsudoers.c:
21295: add cast for strdup in places it does not have it
21296: [7ce4478d3b0f]
21297:
21298: 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
21299:
21300: * configure, configure.in:
21301: define for_BSD_TYPES irix
21302: [858337ff4af8]
21303:
21304: 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
21305:
21306: * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
21307: Make it clear that it is the user's password, not root's, that we
21308: want.
21309: [ae0f51b35ee4]
21310:
21311: * check.c, sudo.h:
21312: If the user enters an empty password and really has no password,
21313: accept the empty password they entered. Perviously, they could
21314: enter anything
21315: *but* an empty password. Also, add GETPASS macro that calls either
21316: tgetpass() or getpass() depending on how sudo was configured.
21317: Problem noted by jdg@maths.qmw.ac.uk
21318: [2fde21ce94c1]
21319:
21320: 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
21321:
21322: * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
21323: dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
21324: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
21325: interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
21326: pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
21327: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
21328: visudo.c:
21329: add explicate copyright
21330: [d3b4449834a5]
21331:
21332: * CHANGES:
21333: mention -lsocket, -lnsl configure changes
21334: [9140af4ad8ae]
21335:
21336: 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
21337:
21338: * sudo.c:
21339: Don't clobber errno after calling check_sudoers().
21340: [59bd581b2654]
21341:
21342: 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
21343:
21344: * configure, configure.in:
21345: When linking with both -lsocket and -lnsl be sure to do so in that
21346: order. Also, when we can't find socket() or inet_addr() and have to
21347: try linking with both libs, issue a warning.
21348: [0ee547163067]
21349:
21350: * sudo.cat, sudo.man, sudo.pod:
21351: clarify bad timestamp and fmt
21352: [70e42cf56c75]
21353:
21354: 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
21355:
21356: * INSTALL, RUNSON:
21357: be clear that pam is linux-only and add a RUNSON entry
21358: [7fdeab875e0d]
21359:
21360: 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
21361:
21362: * CHANGES, INSTALL, configure, configure.in:
21363: fix and correctly document --with-umask; problem noted by
21364: adap@adap.org
21365: [11cd0481d63a]
21366:
21367: 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
21368:
21369: * configure, configure.in:
21370: only use /usr/{man,catman}/local to store man pages if suer didn't
21371: override prefix or mandir
21372: [781ad2cbe9be]
21373:
21374: * INSTALL, configure, configure.in:
21375: fix typo, make --with-SecurID take an arg
21376: [026a9b4014fc]
21377:
21378: 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
21379:
21380: * RUNSON:
21381: updates from users
21382: [2286982b31e6]
21383:
21384: * CHANGES, INSTALL, check.c, configure, configure.in:
21385: FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
21386: [23aa4e5c6b02]
21387:
21388: * configure, configure.in:
21389: better fix for the problem of unresolved symbols in -lnsl or
21390: -lsocket
21391: [82fe70fc287f]
21392:
21393: * configure, configure.in:
21394: when checking for functions in -lnsl and -lsocket link with both of
21395: them to avoid unresolved symbols on some weirdo systems
21396: [1734a591808e]
21397:
21398: 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
21399:
21400: * BUGS, CHANGES, RUNSON, TODO:
21401: old changes that didn't make it into RCS before the RCS->CVS switch
21402: [846eb2b8f9aa]
21403:
21404: 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
21405:
21406: * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
21407: configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
21408: getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
21409: ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
21410: lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
21411: secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
21412: sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
21413: visudo.pod:
21414: add sudo tags
21415: [962f81eaa5ab]
21416:
21417: * sudo.h:
21418: testing Sudo tag
21419: [e84cbc521129]
21420:
21421: * version.h:
21422: testing Sudo tag
21423: [a8c3a3998b88]
21424:
21425: * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
21426: config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
21427: find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
21428: ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
21429: logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
21430: secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
21431: sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
21432: utime.c, version.h, visudo.c, visudo.cat, visudo.man:
21433: crank version and regen files
21434: [23eacf00a1a4]
21435:
21436: * Makefile.in:
21437: kill rcs goop in update_version and fix now that version is a const
21438: [e6e50bd8d1e1]
21439:
21440: * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
21441: sudo.c, sudo.h, sudo.pod:
21442: kerb5 support from fcusack@iconnet.net
21443: [8134027986e2]
21444:
21445: * realpath.c, sudo_realpath.c:
21446: we no longer use realpath
21447: [0f5f64abc646]
21448:
21449: * qualify.c:
21450: replaced by find_path.c
21451: [9e32a87e09c4]
21452:
21453: * options.h:
21454: all options are now configure flags
21455: [ee6bd9610102]
21456:
21457: * lex.yy.c:
21458: regen
21459: [bdbf8a18161f]
21460:
21461: * getwd.c:
21462: superceded by getcwd.c
21463: [1e54ee0990b4]
21464:
21465: * getpass.c:
21466: superceded by tgetpass.c
21467: [4e0d1edc30e3]
21468:
21469: * SUPPORTED:
21470: superceded by RUNSON
21471: [854c5a21cb53]
21472:
21473: * OPTIONS:
21474: No longer used now that we have configure options for everything.
21475: [9b1ae1c89259]
21476:
21477: * configure:
21478: regen based on configure.in
21479: [3a4d73936973]
21480:
21481: * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
21482: sudoers.man, visudo.cat, visudo.html, visudo.man:
21483: regen based on sudo.pod, sudoers.pod, and visudo.pod
21484: [c267beb90778]
21485:
21486: 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
21487:
21488: * check.c:
21489: fix tty tickets in remove_timestamp (didn't use ':')
21490: [fd964a74a32b]
21491:
21492: 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
21493:
21494: * interfaces.c:
21495: close sock when we are done with it
21496: [95de0380f8a4]
21497:
21498: 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
21499:
21500: * parse.yacc:
21501: never say "error on line -1"
21502: [361db1491121]
21503:
21504: 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
21505:
21506: * configure.in:
21507: check for -lnsl before -lsocket
21508: [8e966d6bbcb5]
21509:
21510: * configure.in:
21511: quote '[', ']' used in ranges correctly
21512: [fa4f9c6ff651]
21513:
21514: 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
21515:
21516: * config.h.in:
21517: add missing NO_ROOT_SUDO noted by drno@tsd.edu
21518: [c969f25d1667]
21519:
21520: 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
21521:
21522: * version.h:
21523: 1.5.7
21524: [7a22de0bc148]
21525:
21526: * INSTALL:
21527: more info for 1.5.7
21528: [30ad9e784799]
21529:
21530: * README:
21531: update for 1.5.7
21532: [cd03a0a27cd2]
21533:
21534: * parse.yacc:
21535: make increases of cm_list_size and ga_list_size be similar to
21536: increases of stacksize (ie: >= not > in initial compare).
21537: [6bd450a896c7]
21538:
21539: * parse.yacc:
21540: when we get a syntax error, report it for the previous line since
21541: that's generally where the error occurred.
21542: [c4ac84058f0b]
21543:
21544: 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
21545:
21546: * config.h.in, configure.in, interfaces.c:
21547: add back check for sys/sockio.h but only use it if SIOCGIFCONF is
21548: not defined
21549: [d197f31fd1e4] [SUDO_1_5_7]
21550:
21551: * config.h.in:
21552: define BSD_COMP for svr4
21553: [87ac1147ff79]
21554:
21555: * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
21556: goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
21557: parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
21558: testsudoers.c, tgetpass.c, utime.c, visudo.c:
21559: more -Wall
21560: [d98e2d32db2a]
21561:
21562: * configure.in:
21563: kill check for sockio,h
21564: [4399779014c1]
21565:
21566: * config.h.in:
21567: no more HAVE_SYS_SOCKIO_H
21568: [67484528e347]
21569:
21570: * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
21571: goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
21572: parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
21573: testsudoers.c, tgetpass.c, utime.c, visudo.c:
21574: -Wall
21575: [2b7e83976788]
21576:
21577: 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
21578:
21579: * sudo.c:
21580: add missing inform_user()
21581: [8689528c6d55]
21582:
21583: 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
21584:
21585: * find_path.c:
21586: return NOT_FOUND if given fully qualified path and it does not exist
21587: previously it would perror(ENOENT) which bypasses the option to not
21588: leak path info
21589: [ccbc3d0130ae]
21590:
21591: * configure.in:
21592: for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
21593: -ldes
21594: [c77d3b484ece]
21595:
21596: 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
21597:
21598: * INSTALL:
21599: tty tickets are user:tty now
21600: [a53a303a614d]
21601:
21602: * check.c:
21603: when using tty tickets make it user:tty not user.tty as a username
21604: could have a '.' in it
21605: [3160b3f5c890]
21606:
21607: 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
21608:
21609: * sudo.c:
21610: add "ignoring foo found in ." for auth successful case
21611: [24257169e0bd]
21612:
21613: 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
21614:
21615: * sudo.c:
21616: add missing printf param
21617: [8c905124f777]
21618:
21619: 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
21620:
21621: * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
21622: go back to printing "command not found" unless --disable-path-info
21623: specified. Also, tell user when we ignore '.' in their path and it
21624: would have been used but for --with-ignore-dot.
21625: [066e118c11e4]
21626:
21627: * check.c, sudo.c:
21628: Only one space after a colon, not two, in printf's
21629: [38452f4c8007]
21630:
21631: 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
21632:
21633: * sudo.pod:
21634: document setting $USER
21635: [80557fe6aede]
21636:
21637: * check.c:
21638: fix bugs with prompt expansion
21639: [44c4fca5f009]
21640:
21641: * sudo.c:
21642: set $USER for root too
21643: [4b525e1c6269]
21644:
21645: 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
21646:
21647: * getspwuid.c:
21648: typo
21649: [5107446f43e0]
21650:
21651: * configure.in:
21652: HP-UX's iscomsec is in -lsec, not libc
21653: [03c9f700b795]
21654:
21655: * configure.in:
21656: remove some entries in the OS case statement that did nothing
21657: [ea96e7e0f624]
21658:
21659: * TROUBLESHOOTING:
21660: add "cd" section and flush out syslog section
21661: [5107f7363b78]
21662:
21663: * Makefile.in:
21664: no more sudo-lex.yy.c
21665: [ed50826efbbc]
21666:
21667: * check_sia.c:
21668: add custom prompt support
21669: [6a285cea10b7]
21670:
21671: * testsudoers.c:
21672: kill perror("malloc") since we already have a good error messages
21673: pw_ent -> pw for brevity
21674: [eee31052921e]
21675:
21676: * sudo.c:
21677: kill perror("malloc") since we already have a good error messages
21678: pw_ent -> pw for brevity set $USER if -u specified
21679: [9f3753461f8a]
21680:
21681: * parse.yacc:
21682: kill perror("malloc") since we already have a good error messages
21683: [849459088ac3]
21684:
21685: * parse.c:
21686: kill perror("malloc") since we already have a good error messages
21687: pw_ent -> pw for brevity when checking if %group matches, look up
21688: user in password file so that %groups works in a RunAs spec.
21689: [0489b4ecc59a]
21690:
21691: * logging.c:
21692: kill perror("malloc") since we already have a good error messages
21693: [3191a18b3526]
21694:
21695: * check.c, getspwuid.c, interfaces.c:
21696: kill perror("malloc") since we already have a good error messages
21697: pw_ent -> pw for brevity
21698: [7193fdb38cf9]
21699:
21700: 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
21701:
21702: * tgetpass.c:
21703: the prompt is expanded before tgetpass is called
21704: [0f408f508041]
21705:
21706: * sudo.h:
21707: tgetpass now has the same args as getpass again
21708: [b6778cd9d79f]
21709:
21710: * getspwuid.c:
21711: add iscomsec, issecure support
21712: [007be7ec7ae7]
21713:
21714: * check.c:
21715: we now expand any %h or %u in the prompt before passing to tgetpass
21716: [f3db8c9ee387]
21717:
21718: * configure.in:
21719: add check for syslog(3) in -lsocket, -lnsl, -linet
21720: [5a96f902ce00]
21721:
21722: * config.h.in:
21723: add HAVE_ISCOMSEC and HAVE_ISSECURE
21724: [f640b0d4cf05]
21725:
21726: * configure.in:
21727: add check for iscomsec in HP-UX
21728: [b28b249040f0]
21729:
21730: * configure.in:
21731: check for issecure if we have getpwanam on SunOS some options are
21732: incompatible with DUNIX SIA check for dispcrypt on DUNIX
21733: [a49d05d9c913]
21734:
21735: 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
21736:
21737: * config.h.in:
21738: add HAVE_DISPCRYPT
21739: [7376d543d8d6]
21740:
21741: * secureware.c:
21742: add back support for non-dispcrypt based checking for older DUNIX
21743: [977b98e936be]
21744:
21745: * INSTALL:
21746: sia changes
21747: [c5387c06e30f]
21748:
21749: * configure.in:
21750: SIA becomes the default on Digital UNIX now havbe --disable-sia to
21751: turn it off...
21752: [3b647558ea13]
21753:
21754: * check.c:
21755: move local includes after system ones
21756: [b2abad4c4aef]
21757:
21758: 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
21759:
21760: * check.c, check_sia.c, sudo.h:
21761: add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
21762: stderr
21763: [547cbf299661]
21764:
21765: * check_sia.c:
21766: fix while loop in sia_attempt_auth() that checks the password. Only
21767: the first iteration was working.
21768: [1886fd1ac831]
21769:
21770: 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
21771:
21772: * aclocal.m4:
21773: don't trust UID_MAX or MAXUID
21774: [2aeddb1654d8]
21775:
21776: * configure.in:
21777: fix two pastos
21778: [c18f0a10b75d]
21779:
21780: * configure.in:
21781: fix typo
21782: [1eb3190ef12d]
21783:
21784: * getspwuid.c, secureware.c:
21785: init crypt_type to INT_MAX since it is legal to be negative in DUNX
21786: 5.0
21787: [cefbde04822d]
21788:
21789: * configure.in:
21790: for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
21791: -ldb since DUNX < 4.0 lacks it
21792: [e6b11d971068]
21793:
21794: 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
21795:
21796: * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
21797: secureware.c, sudo.c, tgetpass.c:
21798: getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
21799: minutes if the shadow files don't exist).
21800: [2f297d095004]
21801:
21802: 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
21803:
21804: * INSTALL:
21805: updated --with-editor blurb
21806: [77d8a3ea7328]
21807:
21808: * TROUBLESHOOTING:
21809: tell how to put sudoers in a different dir
21810: [456cd20eb1d0]
21811:
21812: * configure.in:
21813: add missing quotes around $with_editor
21814: [22881748ab1b]
21815:
21816: * configure.in:
21817: typo in --with-editor bits
21818: [ab6964580681]
21819:
21820: * INSTALL:
21821: I don't expect it to work on Solaris
21822: [1c2fceaaf56e]
21823:
21824: * check.c:
21825: add back security/pam_misc.h
21826: [6ffd30033c1e]
21827:
21828: 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
21829:
21830: * INSTALL:
21831: remove dunix note since configure checks for this now
21832: [e9904512b8e8]
21833:
21834: * configure.in:
21835: add check for broken dunix prot.h (4.0 < 4.0D is bad)
21836: [8a4c1e6aef3b]
21837:
21838: * getspwuid.c, secureware.c, tgetpass.c:
21839: new dunix shadow code, use dispcrypt(3)
21840: [1b936bc7268c]
21841:
21842: * config.h.in:
21843: add HAVE_INITPRIVS
21844: [4369f4c4f914]
21845:
21846: * sudo.c:
21847: call initprivs() if we have it for getprpwuid later on
21848: [11cf5915d826]
21849:
21850: * Makefile.in:
21851: clean pathnames.h too
21852: [5f1df3262613]
21853:
21854: * configure.in:
21855: quote "Sorry, try again." with [] since it has a comma in it set
21856: LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
21857: getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
21858: initprivs later.
21859: [e226b0a3f250]
21860:
21861: * INSTALL:
21862: update Digital UNIX note about acl.h
21863: [80132b71d73a]
21864:
21865: * INSTALL:
21866: add --with-sia
21867: --without-root-sudo -> --disable-root-sudo some reordering
21868: [198386358818]
21869:
21870: * secureware.c:
21871: add whitespace
21872: [4aadaf1a54b0]
21873:
21874: * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
21875: add SIA support
21876: [fa3ddbb9cc51]
21877:
21878: * check_sia.c:
21879: Initial revision
21880: [2968551d40e4]
21881:
21882: 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
21883:
21884: * configure.in:
21885: when checking for -lsocket, -lnsl, and -linet, check for the
21886: specific functions we need from them.
21887: [8d33e64362a3]
21888:
21889: * config.h.in, sudo.h:
21890: move Syslog_* defs into sudo.h
21891: [03d1774f25c7]
21892:
21893: * Makefile.in, sudo.h:
21894: added check_secureware
21895: [e46e3cbb9a97]
21896:
21897: * configure.in:
21898: finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
21899: [dbefe1856503]
21900:
21901: * insults.h:
21902: don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
21903: defined. configure now does that for us
21904: [e4520ea0581f]
21905:
21906: * configure.in:
21907: move some --with options around change a bunch of echo's to
21908: AC_MSG_CHECKING, AC_MSG_RESULT pairs
21909: [ffdf6869fdd7]
21910:
21911: * configure.in:
21912: change $with_foo-bar -> $with_foo_bar kill extra " that caused a
21913: syntax error add some echo verbage
21914: [3278c49bf74b]
21915:
21916: 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
21917:
21918: * check.c:
21919: moved SecureWare stuff into secureware.c
21920: [42d3d3ac35dc]
21921:
21922: * secureware.c:
21923: Initial revision
21924: [aa7f72a249cf]
21925:
21926: * INSTALL:
21927: update url to solaris gcc bins
21928: [36a3eb668777]
21929:
21930: * INSTALL:
21931: change option formatter and flesh out someentries
21932: [6fbd1db4a8ad]
21933:
21934: * TROUBLESHOOTING, sudo.pod, visudo.pod:
21935: environmental variable -> environment variable
21936: [6f14d708e32d]
21937:
21938: * BUGS:
21939: everything is now done via configure
21940: [c217858f58ab]
21941:
21942: * README:
21943: prev rev was 1.5.6
21944: [7b4177103c35]
21945:
21946: * Makefile.in:
21947: passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
21948: [31c6b0a5e0e2]
21949:
21950: * config.h.in:
21951: SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
21952: [d406a1ef6d25]
21953:
21954: * Makefile.in:
21955: merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
21956: sudoers_mode from configure
21957: [1c509500655a]
21958:
21959: * configure.in:
21960: SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
21961: the Makefile, not config.h
21962: [d4482f1492fe]
21963:
21964: * INSTALL:
21965: document all --with/--enable options
21966: [22d81b312d7f]
21967:
21968: 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
21969:
21970: * insults.h:
21971: options.h is no more
21972: [560946a33f7f]
21973:
21974: * config.h.in:
21975: assimilated options.h
21976: [dd8ce74613c1]
21977:
21978: * configure.in:
21979: moved options from options.h to configure
21980: [d39662f71b4e]
21981:
21982: * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
21983: logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
21984: sudo_setenv.c, visudo.c:
21985: no more options.h
21986: [43924bf0858d]
21987:
21988: * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
21989: remove references to options.h
21990: [ef3474295395]
21991:
21992: * dce_pwent.c, interfaces.c, sudo.c:
21993: kill sys/time.h
21994: [4d833f0034e4]
21995:
21996: * tgetpass.c:
21997: if select return < -1 still prompt for pw
21998: [e0009e5c93a2]
21999:
22000: * options.h:
22001: convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
22002: configure options
22003: [e60a1e546516]
22004:
22005: * parse.c:
22006: FAST_MATCH is no longer an optino
22007: [c448dbb3464b]
22008:
22009: * check.c:
22010: remove_timestamp() if timestamp is preposterous
22011: [70d9a86c6ecd]
22012:
22013: * options.h:
22014: convert more options to --with/--enable
22015: [34646d9b09dc]
22016:
22017: * INSTALL, aclocal.m4:
22018: logfile -> logpath
22019: [42de502bc637]
22020:
22021: * configure.in:
22022: convert more options into --with and --enable
22023: [92d0898c9844]
22024:
22025: * tgetpass.c:
22026: catch EINTR in select and restart
22027: [f045d2f234d7]
22028:
22029: * logging.c:
22030: sys/errno -> errno
22031: [7f0c5beab6f2]
22032:
22033: 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
22034:
22035: * sudo.c:
22036: UMASK -> SUDO_UMASK.
22037: [48f308661514]
22038:
22039: * check.c, logging.c:
22040: time.h, not sys/time.h
22041: [91de049c79e4]
22042:
22043: 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
22044:
22045: * logging.c:
22046: MAILER -> _PATH_SENDMAIL
22047: [df65d6896639]
22048:
22049: * INSTALL, configure.in:
22050: no more --with-C2, now it is --disable-shadow
22051: [18bfcab3b9ab]
22052:
22053: * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
22054: getspwuid.c, sudo.c, tgetpass.c:
22055: new shadow password scheme. Always include shadow support if the
22056: platform supports it and the user did not disable it via configure
22057: [2135d93bb4a9]
22058:
22059: 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
22060:
22061: * configure.in:
22062: --with-getpass -> --{enable,disable}-tgetpass
22063: [451b33fdd4c7]
22064:
22065: * Makefile.in:
22066: pathnames.h -> pathnames.h.in
22067: [b109022eca69]
22068:
22069: * check.c:
22070: fix version string
22071: [761b25c314ea]
22072:
22073: * check.c:
22074: move pam_conv to be static to auth function remove pam_misc.h
22075: (solaris doesn't have one)
22076: [a682e4da987a]
22077:
22078: * aclocal.m4:
22079: _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
22080: [e6005d0599b5]
22081:
22082: * configure.in:
22083: munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
22084: [24c0ac2155ef]
22085:
22086: * pathnames.h.in:
22087: convert to pathnames.h.in
22088: [013bddf7f684]
22089:
22090: 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
22091:
22092: * configure.in:
22093: fix typo in sysv4 matching case /.
22094: [2994c4f88cf5]
22095:
22096: 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
22097:
22098: * check.c:
22099: pam stuff needs to run as root, not user, for shadow passwords
22100: [d94ff75de503]
22101:
22102: 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
22103:
22104: * BUGS, INSTALL, README, configure.in:
22105: updated version
22106: [775adc7de7ac]
22107:
22108: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22109: emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
22110: ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
22111: logging.c, options.h, parse.c, parse.lex, parse.yacc,
22112: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22113: testsudoers.c, tgetpass.c, utime.c, visudo.c:
22114: updated version
22115: [5ca599fb6b93]
22116:
22117: * check.c:
22118: user version.h for long message
22119: [47a52ac7e542]
22120:
22121: * check.c:
22122: this is version 1.5.6
22123: [8451ac79eee2]
22124:
22125: 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
22126:
22127: * Makefile.in:
22128: remove errant backslash
22129: [0222a8a650ff]
22130:
22131: 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
22132:
22133: * options.h, parse.yacc, pathnames.h.in:
22134: fix version string
22135: [fdee73255d64] [SUDO_1_5_6]
22136:
22137: * BUGS, CHANGES, TODO:
22138: updtaed for 1.5.6
22139: [752443bf7f26]
22140:
22141: * RUNSON:
22142: updated for 1.5.6
22143: [0f878123fe6a]
22144:
22145: 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
22146:
22147: * interfaces.c:
22148: kill unused localhost_mask var copy if name to ifr_tmp after we zero
22149: it
22150: [8e89c364cef2]
22151:
22152: 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
22153:
22154: * INSTALL:
22155: Better description of new vs. old sudoers modes fix some typos
22156: better description of /usr/ucb/cc gotchas on slowaris
22157: [c00b2a6fc1e8]
22158:
22159: * Makefile.in:
22160: add sample.pam
22161: [ec7f6cc19b00]
22162:
22163: * sudo.c:
22164: set NewArgv[0] to user_shell, not basename(user_shell)
22165: [1e907cbc9f7b]
22166:
22167: 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
22168:
22169: * README:
22170: mention TROUBLESHOOTING more fix some typos
22171: [2c2e6907d4a4]
22172:
22173: * configure.in:
22174: move --enable/--disable to be after --with
22175: [9b30097f76c1]
22176:
22177: * INSTALL:
22178: document --enable/--disable
22179: [c522362e38a8]
22180:
22181: * INSTALL:
22182: document --with-pam
22183: [7e38932c78ac]
22184:
22185: 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
22186:
22187: * configure.in:
22188: Add message for pam users
22189: [d224f277e3cd]
22190:
22191: * sample.pam:
22192: Initial revision
22193: [3a84d7045f54]
22194:
22195: * config.h.in:
22196: fix HAVE_PAM
22197: [2f0f303ebd88]
22198:
22199: * check.c, config.h.in, configure.in:
22200: pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
22201: [ea3e0a72d707]
22202:
22203: 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
22204:
22205: * config.h.in:
22206: add HOST_IN_LOG and WRAP_LOG
22207: [822c36eeb6a8]
22208:
22209: * logging.c:
22210: add WRAP_LOG and HOST_IN_LOG
22211: [3cf6052bd27e]
22212:
22213: * configure.in:
22214: add --enable-log-host and --enable-log-wrap
22215: [c968cc12b353]
22216:
22217: * aclocal.m4:
22218: use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
22219: [915fef7e11a1]
22220:
22221: 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
22222:
22223: * compat.h:
22224: add howmany macro
22225: [9107a057a7c8]
22226:
22227: * tgetpass.c:
22228: include sys/param.h to get howmany macro
22229: [7e908b5e1f32]
22230:
22231: 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
22232:
22233: * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
22234: add RUNAS_DEFAULT
22235: [1e76398ea3fd]
22236:
22237: 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
22238:
22239: * fnmatch.c:
22240: bring in stdio.h for NULL
22241: [69c016610cbb]
22242:
22243: * aclocal.m4:
22244: allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
22245: [15ab2972f8d0]
22246:
22247: * sudo.c:
22248: use HAVE_SET_AUTH_PARAMETERS
22249: [8abfdc8c80f7]
22250:
22251: * config.h.in:
22252: add HAVE_SET_AUTH_PARAMETERS
22253: [673a5ebd5539]
22254:
22255: * configure.in:
22256: add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
22257: [a401f5a7469a]
22258:
22259: * config.sub:
22260: add support for HI-UX/MPP SR220001 02-03 0 SR2201
22261: [cb657b7acaae]
22262:
22263: * interfaces.c:
22264: initialize previfname
22265: [26a1902f56dc]
22266:
22267: * interfaces.c:
22268: Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
22269: it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
22270: kludging it
22271: [fa5c890c313b]
22272:
22273: * configure.in:
22274: typo
22275: [bff579fbe95c]
22276:
22277: * Makefile.in:
22278: don't need special build line for sudo.tab.o
22279: [10c0a0a912e4]
22280:
22281: * Makefile.in:
22282: don't clean sudo.tab.[ch]
22283: [c40d5968efbb]
22284:
22285: * sudo.c:
22286: Sudo should prompt for a password before telling the user that a
22287: command could not be found.
22288: [d718c85a0047]
22289:
22290: * BUGS:
22291: for 1.5.6
22292: [0cc1fe5b9129]
22293:
22294: * INSTALL, README:
22295: no longer require yacc
22296: [d9096fc5b8b6]
22297:
22298: * Makefile.in:
22299: typo
22300: [70feb1aefbd5]
22301:
22302: * Makefile.in:
22303: y.tab -> sudo.tab include pre-yacc'd parse.yacc
22304: [cc802025fd44]
22305:
22306: * parse.lex:
22307: include sudo.tab.h, not y.tab.h don't break out of command args if
22308: you get a '='
22309: [728ad26dbda5]
22310:
22311: * insults.h:
22312: fix version ,
22313: [242bbce1b2d4]
22314:
22315: * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
22316: fix version
22317: [2bb9086fea1e]
22318:
22319: * compat.h:
22320: fix version
22321: [7e634d498ce6]
22322:
22323: * getcwd.c:
22324: getcwd(3) from OpenBSD for those without it.
22325: [6c68d0df8f6c]
22326:
22327: * sudo.h:
22328: HAVE_GETWD -> HAVE_GETCWD
22329: [2ad1e64d60c0]
22330:
22331: * configure.in:
22332: pretend sunos doesn't have getcwd(3) since it opens a pipe to
22333: getpwd!
22334: [677992ba5a6a]
22335:
22336: * parse.c:
22337: use NAMLEN() macro
22338: [8f5685aa3165]
22339:
22340: * fnmatch.c:
22341: remove duplicate include of string.h
22342: [6024f3051ac3]
22343:
22344: * configure.in:
22345: call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
22346: [3d82a9c22cc2]
22347:
22348: * aclocal.m4:
22349: add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
22350: [53fbc47282f9]
22351:
22352: * config.h.in:
22353: add dev_t and ino_t
22354: [5929bb0c7e1a]
22355:
22356: 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
22357:
22358: * check.c:
22359: fix OTP_ONLY for opie
22360: [7edcfa78f2ec]
22361:
22362: 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
22363:
22364: * testsudoers.c, tgetpass.c:
22365: include stdlib.h for malloc proto
22366: [c9f4b99a2fe9]
22367:
22368: 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
22369:
22370: * Makefile.in:
22371: make update_version saner
22372: [d522f93ee04a]
22373:
22374: * config.h.in:
22375: add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
22376: [c9a2d21dc608]
22377:
22378: * configure.in:
22379: check for waitpid and wait3 or no waitpid
22380: [1f18c3224184]
22381:
22382: * logging.c:
22383: used waitpid or wait3 if we have 'em
22384: [391c3279ee65]
22385:
22386: 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
22387:
22388: * visudo.c:
22389: fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
22390: [fbf53b18178f]
22391:
22392: 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
22393:
22394: * configure.in:
22395: don't need to explicately mention -lsocket -lnsl for sequent
22396: [1898dc055352]
22397:
22398: 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
22399:
22400: * configure.in:
22401: dynix should not link with -linet
22402: [278a4b9cfe2a]
22403:
22404: 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
22405:
22406: * INSTALL:
22407: mention that HP-UX doesn't ship with yacc
22408: [bde5147198c0]
22409:
22410: 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
22411:
22412: * check.c:
22413: ignore kerberos if we can't get the local realm
22414: [1e311a091a27]
22415:
22416: 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
22417:
22418: * BUGS, INSTALL, README, configure.in:
22419: ++version
22420: [499ffc746018]
22421:
22422: * version.h:
22423: ++
22424: [35ba1ee01bd3]
22425:
22426: * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
22427: find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
22428: logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
22429: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
22430: updated version
22431: [b4990a513f31]
22432:
22433: * check.c, sudo.h:
22434: fix version
22435: [5710795834e8]
22436:
22437: * getcwd.c:
22438: don't use popen/pclose. Do it inline.
22439: [29e57b0646a4]
22440:
22441: * lsearch.c:
22442: add rcsid
22443: [b2b55c39858d]
22444:
22445: * sudo.c:
22446: typo
22447: [d381ac39ed0f]
22448:
22449: * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
22450: ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
22451: sudo.h:
22452: updated version
22453: [462d6e1a2d75]
22454:
22455: * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
22456: MAX* + 1 -> MAX*
22457: [2c2eeb78d34f]
22458:
22459: * Makefile.in:
22460: getwd.c -> getcwd.c
22461: [7d718c32fc02]
22462:
22463: * config.h.in:
22464: kill HAVE_GETWD
22465: [6ad3d702343f]
22466:
22467: * configure.in:
22468: getcwd, not getwd
22469: [33e5b9841f58]
22470:
22471: * getcwd.c:
22472: use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
22473: purpose
22474: [24e58d340161]
22475:
22476: 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
22477:
22478: * OPTIONS, options.h:
22479: add STUB_LOAD_INTERFACES
22480: [d747cb23ca83]
22481:
22482: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22483: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22484: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22485: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
22486: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22487: testsudoers.c, tgetpass.c, utime.c, visudo.c:
22488: updated version
22489: [0798229312cc]
22490:
22491: * configure.in:
22492: support *-ccur-sysv4 and fix two typos
22493: [24a823ad7cc9]
22494:
22495: 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
22496:
22497: * configure.in:
22498: don't echo about with_logfile and with_timedir
22499: [31e4a1e2d9ad]
22500:
22501: * INSTALL:
22502: document --with-logfile and --with-timedir
22503: [674f811a40e0]
22504:
22505: * aclocal.m4:
22506: support --with-logfile and --with-timedir
22507: [2fc36b35db12]
22508:
22509: * configure.in:
22510: Add --with-logfile and --with-timedir
22511: [09045bf07e29]
22512:
22513: * sudo.c:
22514: change size computation of NewArgv for UNICOS
22515: [b50df07da3a1]
22516:
22517: 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
22518:
22519: * configure.in:
22520: treate -*-sysv4* like *-*-svr4
22521: [471b7ef4dbf2]
22522:
22523: 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
22524:
22525: * configure.in:
22526: fix spacing for --with-authenticate help
22527: [8321cb37c410]
22528:
22529: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22530: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22531: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22532: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
22533: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22534: testsudoers.c, tgetpass.c, utime.c, visudo.c:
22535: updated version
22536: [dc1ab97312eb]
22537:
22538: * parse.yacc:
22539: fix off by one error in push macro
22540: [bece59c8c3a9]
22541:
22542: 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
22543:
22544: * configure.in:
22545: removed bogus alloca hack
22546: [a68dd720462d]
22547:
22548: * check.c:
22549: added AIX 4.x authenticate() support
22550: [12985eb448a0]
22551:
22552: * parse.yacc:
22553: include alloca.h if using bison and not gcc and it exists. fixes an
22554: alloca problem on hpux 10.x
22555: [e3b5c4f26072]
22556:
22557: * INSTALL:
22558: mention --with-authenticate
22559: [78a1c96820e7]
22560:
22561: * configure.in:
22562: added AIX authenticate() support
22563: [c983193ec252]
22564:
22565: * config.h.in:
22566: add HAVE_AUTHENTICATE
22567: [7b0e5f5db5d9]
22568:
22569: * interfaces.c:
22570: dynamically size ifconf buffer
22571: [10afb0e9b2f9]
22572:
22573: * configure.in:
22574: quote '[' and ']'
22575: [8fc38a4defad]
22576:
22577: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22578: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22579: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22580: logging.c, options.h, parse.c, parse.lex, parse.yacc,
22581: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22582: testsudoers.c, tgetpass.c, utime.c, visudo.c:
22583: updated version
22584: [5f66de71ec61]
22585:
22586: * visudo.pod:
22587: add ERRORS section
22588: [3df3edb73cf6]
22589:
22590: 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
22591:
22592: * TROUBLESHOOTING:
22593: add busy stmp file explanation
22594: [6c555d469b6f]
22595:
22596: 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
22597:
22598: * configure.in:
22599: the name of the cached var that signals whether or not you are cross
22600: compiling changed. It is now ac_cv_prog_cc_cross
22601: [123911c0658c]
22602:
22603: 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
22604:
22605: * INSTALL:
22606: mention glibc 2.07 is fixed wrt lsearch()\.
22607: [ded758524582]
22608:
22609: 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
22610:
22611: * sample.sudoers, sudoers.pod:
22612: better example of su but not root su
22613: [b3199610be21]
22614:
22615: 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
22616:
22617: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
22618: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
22619: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
22620: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
22621: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22622: testsudoers.c, tgetpass.c, utime.c, visudo.c:
22623: updated version
22624: [46922b84e86b]
22625:
22626: * Makefile.in:
22627: correct regexp for updating version
22628: [8032728b2a8a]
22629:
22630: * tgetpass.c:
22631: remove bogus flush of stderr spew prompt before turning off echo.
22632: Seems to fix a weird problem where if sudo complained about a bogus
22633: stamp file the user would sometimes not have a chance to enter a
22634: password
22635: [7aa1493cc141]
22636:
22637: * check.c:
22638: fix bogus flush of stderr
22639: [6d047871c5e8]
22640:
22641: * sudo.c:
22642: close fd's <=2 not <=3 and move that chunk of code up
22643: [553e4faac195]
22644:
22645: * configure.in:
22646: support hpux1[0-9] not just hpux10
22647: [5a34a000ff8a]
22648:
22649: 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
22650:
22651: * parse.c:
22652: set sudoers_fp to nil after closing
22653: [221a8b4bbf34]
22654:
22655: 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
22656:
22657: * config.guess, config.sub:
22658: updated from autoconf 2.12
22659: [6fc86a0fc61b]
22660:
22661: * configure.in:
22662: add *-*-svr4 rule
22663: [38f0427f7c9d]
22664:
22665: 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
22666:
22667: * tgetpass.c:
22668: fix select usage for high fd's (dynamically allocate readfds)
22669: [c2d1f76e0321]
22670:
22671: * check.c:
22672: kill extra whitespace
22673: [d784b6c9c514]
22674:
22675: * sudo.c:
22676: do an initgroups() before running a command, unless the target user
22677: is root.
22678: [4ca561287480]
22679:
22680: 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
22681:
22682: * TROUBLESHOOTING:
22683: tell people to use tabs, not spaces, in syslog.conf
22684: [8ae90a205134]
22685:
22686: 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
22687:
22688: * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
22689: parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
22690: updated version
22691: [4d855ff5de26]
22692:
22693: * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
22694: logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
22695: updated version
22696: [8e007e178b33]
22697:
22698: * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
22699: insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
22700: updated version
22701: [9ddea5c8814d]
22702:
22703: * Makefile.in:
22704: more tweaks to update_version
22705: [047698752855]
22706:
22707: * Makefile.in:
22708: fixed up update_version rule
22709: [47b6fa34b77f]
22710:
22711: * configure.in:
22712: ++version
22713: [c1ca664e30b7]
22714:
22715: * Makefile.in:
22716: removed supe of check.c
22717: [8f340a05296a]
22718:
22719: * INSTALL:
22720: ++version I missed
22721: [a298e6c17491]
22722:
22723: * RUNSON:
22724: updated
22725: [a14f6057bc15]
22726:
22727: * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
22728: dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
22729: goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
22730: insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
22731: parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
22732: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
22733: visudo.c:
22734: updated version
22735: [02231b1a3ab3]
22736:
22737: * CHANGES:
22738: updated for 1.5.5
22739: [634e5fcaf40b]
22740:
22741: * Makefile.in:
22742: add rules to update version stuff in files so I don't need to do it
22743: by hand
22744: [3620ad60485a]
22745:
22746: * sudo.h:
22747: sudoers_fp is now extern
22748: [88c6e9b9ea84]
22749:
22750: * sudo.c:
22751: in check_sudoers, cache the sudoers file handle in sudoers_fp so we
22752: don't have to open it again in the parse. This may help with weird
22753: solaris problems where EAGAIN sometime occurrs.
22754: [d3c26451ed1d]
22755:
22756: * parse.c:
22757: sudoers file open is now done only in check_sudoers() so we just do
22758: a rewind() instead of an open. May help people on solaris who were
22759: getting EAGAIN.
22760: [c8b8c7722fa5]
22761:
22762: 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
22763:
22764: * INSTALL:
22765: mention that newer glibc is fixed
22766: [20f06f5d3ef3]
22767:
22768: 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
22769:
22770: * sudo.c:
22771: newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
22772: _RLD* instead of _RLD_*
22773: [1e22c588d602]
22774:
22775: * parse.c:
22776: typo
22777: [d0b7cb85f08a]
22778:
22779: * parse.c:
22780: fix that bug for real
22781: [5a6eeca6d04b]
22782:
22783: * INSTALL:
22784: document Linux's libc6 brokenness.
22785: [0246c1aa64ee]
22786:
22787: * parse.yacc:
22788: -Wall
22789: [d0e452fb1e2d]
22790:
22791: * RUNSON:
22792: updated
22793: [4949a1bbd0a9] [SUDO_1_5_4]
22794:
22795: * TROUBLESHOOTING:
22796: remind people to HUP syslogd
22797: [590962faa4f0]
22798:
22799: * Makefile.in:
22800: add -O flag to tar
22801: [622d02de339d]
22802:
22803: * RUNSON:
22804: updated
22805: [a72930d6e615]
22806:
22807: * TODO:
22808: updated
22809: [4a51bd458390]
22810:
22811: * sudo.pod:
22812: remove author's email addr. people should mail sudo-bugs
22813: [9b6bbdb3a6d9]
22814:
22815: * INSTALL:
22816: fix version
22817: [246274c6c8af]
22818:
22819: * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
22820: find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
22821: ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
22822: logging.c, options.h, parse.c, parse.lex, parse.yacc,
22823: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
22824: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
22825: ++version
22826: [f532ff4ee766]
22827:
22828: * RUNSON:
22829: updated
22830: [62d5c71358b5]
22831:
22832: * INSTALL, Makefile.in:
22833: ++version
22834: [1a7c7628edfc]
22835:
22836: * CHANGES:
22837: updated fort 1.5.4
22838: [7e4873508c99]
22839:
22840: * check.c:
22841: exit(1) if user enters no passwd
22842: [f382c0e35e4e]
22843:
22844: * BUGS:
22845: ++version
22846: [fab6a867ab67]
22847:
22848: * parse.c:
22849: commands can start with ./* not just /* -- fixes a serious security
22850: hole.
22851: [244d2fe35ee3]
22852:
22853: 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
22854:
22855: * sudo.c:
22856: Don't set the tty variable to NULL when we lack a tty, leave it as
22857: "unknown".
22858: [193b26daba03]
22859:
22860: 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
22861:
22862: * sample.sudoers:
22863: fix usage of (username) in conjunction with , and !
22864: [7ae68607f68f]
22865:
22866: * visudo.c:
22867: catch the case where the user is not in the passwd file
22868: [31650258deb0]
22869:
22870: * tgetpass.c:
22871: use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
22872: select(2)
22873: [60ab2d9a9ee8]
22874:
22875: * sudo.c:
22876: define tty global to an initial value to avoid dumping core in
22877: logging functions when passwd file is unavailable.
22878: [77056c7bc908]
22879:
22880: * sudo.c:
22881: do the set_perms(PERM_USER, sudo_mode) after we have gotten the
22882: passwd entry
22883: [1fdb8e579a5a]
22884:
22885: * sudo.pod:
22886: talk about problem of ALL
22887: [1cd1905c9f6f]
22888:
22889: 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
22890:
22891: * README:
22892: new web location
22893: [d24dc26f6da5]
22894:
22895: * INSTALL:
22896: fdesc bug is fixed in Open/Net BSD
22897: [7d4d81b08ac3]
22898:
22899: * HISTORY:
22900: updates from Nieusma
22901: [3a43769a1b78]
22902:
22903: 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
22904:
22905: * dce_pwent.c:
22906: move compat.h after the system includes
22907: [5ea43a5968ac]
22908:
22909: 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
22910:
22911: * logging.c:
22912: save errno from being clobbered by wait(). From Theo
22913: [f2d1c48cd592]
22914:
22915: 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
22916:
22917: * compat.h:
22918: fix an occurence of setresuid -> setreuid (typo)
22919: [394de35c9b1c]
22920:
22921: 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
22922:
22923: * install-sh:
22924: check for path to strip
22925: [2b7ef824bd55]
22926:
22927: 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
22928:
22929: * logging.c:
22930: deal with maxfilelen < 0 case
22931: [f0af095178d7]
22932:
22933: * OPTIONS:
22934: fixed descriptin
22935: [629f60bd4b5f]
22936:
22937: 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
22938:
22939: * sudo.c:
22940: correct error message if mode/owner wrong and not statable by owner
22941: but is statable by root.
22942: [cb631ce2e85e]
22943:
22944: 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
22945:
22946: * config.guess, config.sub:
22947: autoconf 2.11
22948: [f3cbe59e0756]
22949:
22950: 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
22951:
22952: * CHANGES, RUNSON, TODO:
22953: sudo 1.5.3.
22954: [2be3229b8626]
22955:
22956: 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
22957:
22958: * parse.yacc, sudo.h:
22959: command_alias -> generic_alias
22960: [c404ca8c510d] [SUDO_1_5_3]
22961:
22962: * sample.sudoers:
22963: added Runas_Alias example and fixed syntax errors
22964: [c304053f4a8a]
22965:
22966: * OPTIONS, options.h:
22967: updated MAILSUBJECT
22968: [18d1573fcd2a]
22969:
22970: * logging.c:
22971: added %h expansion
22972: [a4bff9b284fd]
22973:
22974: * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
22975: configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
22976: goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
22977: insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
22978: parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
22979: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
22980: visudo.c:
22981: ++version
22982: [211ff20f956f]
22983:
22984: * BUGS, emul/utime.h:
22985: ++version
22986: [cde5376579e3]
22987:
22988: * sudoers.pod:
22989: document Runas_Alias
22990: [b1a58f28fb2c]
22991:
22992: * visudo.pod:
22993: q (uid) -> Q
22994: [d256649a0e6b]
22995:
22996: * visudo.c:
22997: buffer oflow checking q (uit) -> Q if yyparse() fails drop into
22998: whatnow
22999: [1cb183d15626]
23000:
23001: * parse.yacc:
23002: add size params to sprintf
23003: [9228f698921f]
23004:
23005: * parse.lex:
23006: allow trailing space after '\\' but before '\n'
23007: [f51dbbf69fdf]
23008:
23009: * find_path.c:
23010: off by one error in path size check
23011: [a6d75ccd7632]
23012:
23013: * check.c:
23014: sprintf paranoia
23015: [3ffb12d198dd]
23016:
23017: 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
23018:
23019: * parse.yacc:
23020: fixed more_aliases
23021: [aab12f2a50af]
23022:
23023: * visudo.c:
23024: now warns if killed by signal ./
23025: [310c186a0fd7]
23026:
23027: 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
23028:
23029: * parse.yacc:
23030: fix Runas_Alias stuff Alias's in runas list now get expanded (but it
23031: is gross)
23032: [45590b83120f]
23033:
23034: * sudo.c:
23035: Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
23036: [d53e01c14c58]
23037:
23038: * parse.yacc:
23039: add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
23040: [7a4a040aae2d]
23041:
23042: * parse.lex:
23043: Add Runas_Alias and simplify a rule.
23044: [6f794a769a37]
23045:
23046: * parse.yacc:
23047: always store User_Alias's since they can be used inside of a runas
23048: list. Sigh. Really need a Runas_Alias instead.
23049: [3bab058a873e]
23050:
23051: 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
23052:
23053: * visudo.c:
23054: deal with case where there is no sudoers file
23055: [fa38b3bb244d]
23056:
23057: 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
23058:
23059: * TROUBLESHOOTING:
23060: added one
23061: [e61346d06725]
23062:
23063: 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
23064:
23065: * HISTORY, testsudoers.c:
23066: developement -> development
23067: [4df55e293941]
23068:
23069: * INSTALL:
23070: added a note
23071: [3845fb83dbc0]
23072:
23073: * RUNSON:
23074: for 1.5.2
23075: [5489b7298942]
23076:
23077: * CHANGES:
23078: updated
23079: [0741834929e6]
23080:
23081: 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
23082:
23083: * PORTING:
23084: removed seteuid() notes
23085: [1010a60f281d] [SUDO_1_5_2]
23086:
23087: 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
23088:
23089: * compat.h:
23090: better seteuid() emulatino
23091: [e807623b662c]
23092:
23093: * configure.in:
23094: added check for seteuid
23095: [8cf9fabc6f4f]
23096:
23097: * config.h.in:
23098: added HAVE_SETEUID
23099: [596db46aa828]
23100:
23101: 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
23102:
23103: * configure.in:
23104: first stab at sequent support
23105: [b85a7bfcac76]
23106:
23107: * config.h.in:
23108: added HAVE_SYS_SELECT_H
23109: [93ecdd042463]
23110:
23111: * compat.h:
23112: sequent -> _SEQUENT_
23113: [63a38b6da98c]
23114:
23115: * compat.h:
23116: added seteuid() macro for DYNIX
23117: [695bd63c5ea6]
23118:
23119: * tgetpass.c:
23120: _AIX -> HAVE_SYS_SELECT_H
23121: [b31221211bc2]
23122:
23123: 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
23124:
23125: * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
23126: parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
23127: testsudoers.c, tgetpass.c, utime.c, visudo.c:
23128: ++version
23129: [8052992fd453]
23130:
23131: * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
23132: getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
23133: ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
23134: pathnames.h.in, version.h:
23135: ++version
23136: [f7ad15e1598a]
23137:
23138: * sudo.pod:
23139: added -H and SUDO_PS1
23140: [bb965241e30c]
23141:
23142: * configure.in:
23143: use SUDO_FUNC_FNMATCH
23144: [6a8350d85fb2]
23145:
23146: * aclocal.m4:
23147: added SUDO_FUNC_FNMATCH
23148: [45b32c91c4ba]
23149:
23150: * sudo.c:
23151: added -H flag
23152: [11ebc6872fd6]
23153:
23154: * sudo.h:
23155: added MODE_RESET_HOME /
23156: [67a7f8bcbbd6]
23157:
23158: 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
23159:
23160: * INSTALL:
23161: mention OPIE
23162: [5723515d5bbd]
23163:
23164: * options.h:
23165: SKEY -> OTP
23166: [c1d268130bc4]
23167:
23168: * configure.in:
23169: added opie support
23170: [123872b41b20]
23171:
23172: * compat.h, config.h.in:
23173: added HAVE_OPIE
23174: [528c71afc1e5]
23175:
23176: * check.c:
23177: added HAVE_OPIE and changed to *_OTP_*
23178: [4c62f5db872a]
23179:
23180: * OPTIONS:
23181: SKEY -> OTP
23182: [bd858e5e9652]
23183:
23184: 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
23185:
23186: * check.c:
23187: moved fclose() in skey stuff.
23188: [11f7dc8431a6]
23189:
23190: 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
23191:
23192: * putenv.c:
23193: index -> strchr remove unnecesary stuff
23194: [af2d05238062]
23195:
23196: * check.c:
23197: now call skeychallenge() to get challenge instead of making one up
23198: ourselves. this way, we get extra goodies in the prompt.
23199: [49b770d98d3a]
23200:
23201: 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
23202:
23203: * CHANGES:
23204: added one
23205: [3f5149357e2a] [SUDO_1_5_1]
23206:
23207: * parse.lex:
23208: allow logins to start with a number (YUCK!)
23209: [7ed7ef324741]
23210:
23211: 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
23212:
23213: * TROUBLESHOOTING:
23214: added soalris 2.5 vs 2.4 note
23215: [16160a251aae]
23216:
23217: * configure.in:
23218: DUNIX doesn't need -lnsl
23219: [be924cc322c3]
23220:
23221: * CHANGES:
23222: *** empty log message ***
23223: [1b2937521981]
23224:
23225: * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
23226: getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
23227: ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
23228: options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
23229: strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
23230: utime.c, version.h, visudo.c:
23231: courtesan
23232: [5f203589bbfe]
23233:
23234: * PORTING, README, RUNSON:
23235: courtesan
23236: [d72517f4937e]
23237:
23238: * INSTALL, Makefile.in, TROUBLESHOOTING:
23239: courtesan
23240: [5c007e3c7a71]
23241:
23242: * visudo.pod:
23243: *** empty log message ***
23244: [37ebe85bd4e1]
23245:
23246: * sudo.pod, visudo.pod:
23247: courtesan
23248: [37f02e2130ea]
23249:
23250: 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
23251:
23252: * HISTORY:
23253: added courtesan ./
23254: [b01435226276]
23255:
23256: 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
23257:
23258: * sudo.c:
23259: added $SUDO_PROMPT support
23260: [cb1fa72c093d]
23261:
23262: 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
23263:
23264: * check.c:
23265: print long skey challemged to stderr, not stdout
23266: [750fc775b3b2]
23267:
23268: 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
23269:
23270: * CHANGES:
23271: updated for 1.5.1
23272: [9b615f393057]
23273:
23274: * emul/utime.h:
23275: ++version
23276: [a94de18deafb]
23277:
23278: 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
23279:
23280: * RUNSON:
23281: updated for 1.5.1
23282: [4092f20ab634]
23283:
23284: 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
23285:
23286: * check.c:
23287: use shost, not host for tgetpass
23288: [6061c49ff9be]
23289:
23290: * sudo.pod:
23291: documented %u and %h
23292: [6d2922d29897]
23293:
23294: * OPTIONS:
23295: documented %u and %h
23296: [1a71da13a864]
23297:
23298: * configure.in:
23299: fixed typo
23300: [1230dec2b062]
23301:
23302: * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
23303: dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
23304: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
23305: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
23306: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
23307: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
23308: ++version
23309: [65ce8eabf77a]
23310:
23311: * BUGS:
23312: ++version
23313: [afecab53aab7]
23314:
23315: 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
23316:
23317: * Makefile.in, configure.in, version.h:
23318: ++version
23319: [fb3ff940d672]
23320:
23321: * sudo.h:
23322: new tgetpass() params
23323: [9eccc5b0f8ae]
23324:
23325: * check.c:
23326: pass use and host to tgetpass
23327: [c56d9d13c401]
23328:
23329: * tgetpass.c:
23330: added %u and %h escapes
23331: [04ae775d3e5d]
23332:
23333: * OPTIONS, check.c, options.h:
23334: added NO_MESSAGE
23335: [3927dad19057]
23336:
23337: * configure.in:
23338: added cray (unicos) support
23339: [1122210c5fb1]
23340:
23341: 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
23342:
23343: * OPTIONS, options.h, sudo.c:
23344: added SHELL_SETS_HOME
23345: [0b26909b0929]
23346:
23347: 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
23348:
23349: * INSTALL:
23350: added note about "make install"
23351: [7e56ea76d4b4]
23352:
23353: * parse.yacc:
23354: changed length/size params from int to size_t
23355: [5654e5ceb1b3]
23356:
23357: * OPTIONS:
23358: now get CSOPS insults as well by default
23359: [297323d0179a]
23360:
23361: * insults.h:
23362: use csops insults too by default
23363: [07fafc136169]
23364:
23365: * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
23366: version = 1.5
23367: [4b8772b11e3b]
23368:
23369: * sudo.c:
23370: added runas_homedir
23371: [b0e0d4417a15]
23372:
23373: * TODO:
23374: updated for 1.5
23375: [66259df825d5]
23376:
23377: * RUNSON:
23378: updated for 1.5
23379: [e08bc9ebfe95]
23380:
23381: * CHANGES:
23382: 1.5 release
23383: [8c16942fea41]
23384:
23385: * INSTALL:
23386: added "upgrading" notes
23387: [210d968964ff]
23388:
23389: 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
23390:
23391: * visudo.c:
23392: now do chmod and chown after edit of temp file and before rename
23393: [de174e34faa7] [SUDO_1_5_0]
23394:
23395: 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
23396:
23397: * Makefile.in:
23398: ++version added INSTALL.configure
23399: [c9e9214f52ae]
23400:
23401: * configure.in, version.h:
23402: ++version
23403: [5985abed3eb2]
23404:
23405: * TROUBLESHOOTING:
23406: *** empty log message ***
23407: [d65c540ec52e]
23408:
23409: * parse.yacc:
23410: added missing cast
23411: [e7247319a7d5]
23412:
23413: * sudo.c:
23414: sets $HOME to pw_dir of runas user
23415: [d3f7f4d05752]
23416:
23417: * sudo.pod:
23418: document $HOME change
23419: [854454d458c4]
23420:
23421: 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
23422:
23423: * sudo.pod:
23424: fixed up some wording
23425: [b0c8582f2c97]
23426:
23427: * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
23428: interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
23429: strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
23430: visudo.c:
23431: ++version
23432: [748be723fd8b]
23433:
23434: * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
23435: insults.h, options.h, pathnames.h.in, sudo.h:
23436: ++version
23437: [acdf8b1b2a1b]
23438:
23439: * emul/utime.h:
23440: ++version
23441: [b3f35298ab8d]
23442:
23443: * sudo.h:
23444: name nad type changes
23445: [db24ab3da141]
23446:
23447: * testsudoers.c:
23448: now works with new sudo
23449: [379346c42cc2]
23450:
23451: * parse.yacc:
23452: fixed some XXX
23453: [f5fe4c990052]
23454:
23455: * parse.yacc:
23456: some variable name changes + comment headers for functions.
23457: [3dc3bd9aa73d]
23458:
23459: * tgetpass.c:
23460: added extra paren's to make compilers happy
23461: [9e4968a34d56]
23462:
23463: * sudo.c:
23464: *** empty log message ***
23465: [70c924c1ed69]
23466:
23467: * parse.c:
23468: now uses init_parser() if not in sudoers and tries "list" or
23469: "validate" scold but don't be nasty.
23470: [c0d8fb3f8c9e]
23471:
23472: * TROUBLESHOOTING:
23473: now can use upper case login names
23474: [c772fffcefe5]
23475:
23476: * visudo.c:
23477: now uses init_parser()
23478: [b9efae7243fd]
23479:
23480: * INSTALL, README:
23481: updated
23482: [27dc8283fdc8]
23483:
23484: * PORTING:
23485: added info about PASSWORD_TIMEOUT
23486: [980e15d892f8]
23487:
23488: * INSTALL.configure:
23489: Initial revision
23490: [8292e89a08d3]
23491:
23492: * BUGS:
23493: fixed a bug ,
23494: [c6e46f5624f9]
23495:
23496: * parse.yacc:
23497: now dynamically allocates memory for the stacks -- no more
23498: overflows!
23499: [8615c35b6ad3]
23500:
23501: * sudo.pod:
23502: -l now explands command aliases
23503: [39f45605935d]
23504:
23505: * parse.yacc:
23506: hacks to expand command aliases for `sudo -l'
23507: [e4eb752608f9]
23508:
23509: * sudo.c:
23510: remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
23511: [01327ca5084b]
23512:
23513: * sudo.h:
23514: added struct command_alias
23515: [dd2f32764082]
23516:
23517: * sudo.pod:
23518: fixed a bug
23519: [e708ff08d2eb]
23520:
23521: * lsearch.c:
23522: in compar() key should be first arg
23523: [fc14c3fa62ee]
23524:
23525: 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
23526:
23527: * BUGS:
23528: fixed some bugs
23529: [639dfe425bd5]
23530:
23531: * parse.yacc:
23532: can now deal with upcase HOST and USER names
23533: [c6aa7bcfb00d]
23534:
23535: * sudo.c:
23536: don't yell too loudly at non-sudoers if they do "sudo -l"
23537: [4ef146128d89]
23538:
23539: * sudo.pod:
23540: fixed thinko
23541: [830f2f0f22e7]
23542:
23543: * parse.c:
23544: fix comment
23545: [d20ce9e17ddc]
23546:
23547: 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
23548:
23549: * parse.c, parse.yacc:
23550: added support for new `sudo -l' stuff
23551: [7dceaef3c733]
23552:
23553: * sudo.c:
23554: now uses list_matches()
23555: [293364821b61]
23556:
23557: * sudo.h:
23558: added struct sudo_match
23559: [b2684179d179]
23560:
23561: * configure.in:
23562: now more -lgnumalloc
23563: [4f8ae42617d8]
23564:
23565: 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
23566:
23567: * install-sh:
23568: added more paths for chown and whoami
23569: [6e685a19426c]
23570:
23571: 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
23572:
23573: * check.c:
23574: typo
23575: [3adfa01c04bc]
23576:
23577: 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
23578:
23579: * aclocal.m4:
23580: fixed DUNIX check for shadow pw
23581: [c25324bcd27b]
23582:
23583: * tgetpass.c:
23584: now only turn off echo if it is already on. this fixes a race when
23585: you use sudo in a pipelin
23586: [28388c2de21c]
23587:
23588: * INSTALL:
23589: updated
23590: [b45ac9366b7e]
23591:
23592: * configure.in:
23593: changed "test -z $foo && do_this" to if; then construct
23594: [2183c4426bca]
23595:
23596: 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
23597:
23598: * configure.in:
23599: added missing defines of SHADOW_TYPE
23600: [be89ea68a7f3]
23601:
23602: 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
23603:
23604: * check.c:
23605: protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
23606: only in dunix 4.x
23607: [1e7c1c677263]
23608:
23609: * getspwuid.c:
23610: added AUTH_CRYPT_C1CRYPT support
23611: [88d6b0058b20]
23612:
23613: * parse.c:
23614: no longer return VALIDATE_NOT_OK if there was a runas that didn't
23615: match. Now we can have runas stuff on more than one line.
23616: [52b68920d7b7]
23617:
23618: * getspwuid.c, sudo.c, tgetpass.c:
23619: use SHADOW_TYPE instead of HAVE_C2_SECURITY
23620: [cf401dfcbc06]
23621:
23622: * configure.in:
23623: got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
23624: something
23625: [c7a233c4dd93]
23626:
23627: * config.h.in:
23628: removed HAVE_C2_SECURITY added SPW_BSD
23629: [8314405e9754]
23630:
23631: * compat.h:
23632: use SHADOW_TYPE instead of HAVE_C2_SECURITY
23633: [6f94870df17f]
23634:
23635: * check.c:
23636: SHADOW_TYPE is always defined so just against its value
23637: [72c69a55d02f]
23638:
23639: * aclocal.m4:
23640: added SUDO_CHECK_SHADOW_DUNIX
23641: [ef025ae9d496]
23642:
23643: 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
23644:
23645: * sudoers.pod:
23646: * -> ?* in one example added another instance of (runas) and one of
23647: NOPASSWD:
23648: [d74fe1dcbe7d]
23649:
23650: 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
23651:
23652: * configure.in:
23653: added back check for config.cache from other host type
23654: [0ba87871f585]
23655:
23656: * parse.lex:
23657: removed an instance of \"
23658: [1e008d3709f6]
23659:
23660: * sample.sudoers:
23661: added an example
23662: [dbfcf68ee330]
23663:
23664: * sudoers.pod:
23665: updated wrt new wildcard matching
23666: [193fa44a475b]
23667:
23668: * configure.in:
23669: new check for shadow passwords if we don't know anything
23670: [67465df7dc9a]
23671:
23672: * aclocal.m4:
23673: new SUDO_CHECK_SHADOW_GENERIC
23674: [3563b16a41b8]
23675:
23676: * configure.in:
23677: added back check for -lsocket (oops)
23678: [a80882ee1cb6]
23679:
23680: * configure.in:
23681: better (working) check for shadow passwd type if we know to use C2.
23682: [3cdd2a59a641]
23683:
23684: * configure.in:
23685: now uses AC_CANONICAL_HOST to figure out os type
23686: [80db7fe6e704]
23687:
23688: * Makefile.in:
23689: added config.{guess,sub}
23690: [c6be7e3ca384]
23691:
23692: * aclocal.m4:
23693: removed unused stuff to figure out os type
23694: [c9a0f3b57123]
23695:
23696: * config.sub:
23697: added openbsd
23698: [bfc6bfec3668]
23699:
23700: * config.sub:
23701: Initial revision
23702: [e6e06ce0d17d]
23703:
23704: * config.guess:
23705: Initial revision
23706: [99dd06f79199]
23707:
23708: * testsudoers.c:
23709: don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
23710: pathname. need to check against sudoers_args even if user_args is
23711: nil
23712: [66e6cf77f5d6]
23713:
23714: * parse.c:
23715: don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
23716: pathname need to check against sudoers_args even if user_args is nil
23717: [74374df17311]
23718:
23719: 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
23720:
23721: * check.c:
23722: added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
23723: [cbb00261c415]
23724:
23725: * testsudoers.c:
23726: now takes command line args and uses cmnd_args
23727: [f0c2fd35a527]
23728:
23729: * parse.lex:
23730: fill_args was adding an extra leading space
23731: [692fc999b2e8]
23732:
23733: 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
23734:
23735: * visudo.c:
23736: fixed dummy command_matches()
23737: [93d9543db6e2]
23738:
23739: * parse.yacc:
23740: fixed prototype
23741: [7b0addfbd429]
23742:
23743: * sudo.h:
23744: added cmnd_args
23745: [8f47c4ae65ef]
23746:
23747: * parse.yacc:
23748: now uses flat args string
23749: [016e65877da3]
23750:
23751: * parse.c, parse.lex:
23752: now uses flat arg string
23753: [5b5f2e3f4c09]
23754:
23755: * visudo.c:
23756: added cmnd_args def
23757: [876867134775]
23758:
23759: * sudo.c:
23760: now sets cmnd_args global
23761: [e6fee70cb59b]
23762:
23763: * logging.c:
23764: cmnd_args is now exported from sudo.[ch]
23765: [7a9cd36e356f]
23766:
23767: 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
23768:
23769: * parse.yacc:
23770: can't rely on cmnd_matches as much as I thought -- added some $$
23771: stuff back in to prevent namespace pollution problems.
23772: [3c45fedb5af3]
23773:
23774: * parse.yacc:
23775: Simplified parse rules wrt runas and NOPASSWD (more consistent).
23776: [e6d838c8a4c7]
23777:
23778: 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
23779:
23780: * parse.lex:
23781: NOPASSWD may now have blanks before the ':' '(' only starts a
23782: 'runas' if in the initial state to avoid collision with command args
23783: [c5c01172f499]
23784:
23785: * configure.in:
23786: added checks for specific shadow passwd schemes
23787: [b7e3d1f7b84f]
23788:
23789: * aclocal.m4:
23790: added routines to check for specific shadow passwd types
23791: [e5e1d19960a6]
23792:
23793: 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
23794:
23795: * configure.in:
23796: added support for ncr boxen
23797: [bea9dc5aae7f]
23798:
23799: * aclocal.m4:
23800: added support for detecting ncr boxen
23801: [8653a158a924]
23802:
23803: 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
23804:
23805: * configure.in:
23806: added sinix support
23807: [5de2b2173ee1]
23808:
23809: 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
23810:
23811: * TROUBLESHOOTING:
23812: added info about "config.cache from other other" error.
23813: [845b10198e0b]
23814:
23815: * aclocal.m4:
23816: now makes sure you don't have a config.cache file from another OS
23817: [4fe32571c021]
23818:
23819: * configure.in:
23820: now sets $LIBS when needed to configure links with libs when doing
23821: tests hpux10 now uses SPW_SECUREWARE for C2 added check for
23822: bigcrypt(3) if SPW_SECUREWARE
23823: [2df6b8ca538f]
23824:
23825: * getspwuid.c:
23826: fixed typo
23827: [fe1cb1d792d6]
23828:
23829: * tgetpass.c:
23830: now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
23831: [f71138372c07]
23832:
23833: * getspwuid.c:
23834: no more SPW_HPUX10
23835: [cfdeb18bc16b]
23836:
23837: * config.h.in:
23838: no more SPW_HPUX10 added HAVE_BIGCRYPT
23839: [00d296479a61]
23840:
23841: * compat.h:
23842: now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
23843: [6c6d9e680417]
23844:
23845: * check.c:
23846: SPW_SECUREWARE now uses bigcrypt
23847: [be71fc66690f]
23848:
23849: 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
23850:
23851: * sample.sudoers:
23852: fixed 2 syntax errors
23853: [45eee19ef4ac]
23854:
23855: * sudoers:
23856: root may now run ALL as ALL
23857: [1b54c6b9b212]
23858:
23859: 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
23860:
23861: * interfaces.c:
23862: fixed a typo/thinko that broke BSD's with sa_len
23863: [603438360126]
23864:
23865: 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
23866:
23867: * check.c, configure.in:
23868: updated AFS support
23869: [e572eb8d177a]
23870:
23871: * TROUBLESHOOTING:
23872: added entry about /usr/ucb/cc
23873: [025b353aa9d3]
23874:
23875: * INSTALL:
23876: prep no longer holds gcc binaries
23877: [8b0942958049]
23878:
23879: * INSTALL:
23880: updated AFS note
23881: [7af6efd5abe4]
23882:
23883: * Makefile.in:
23884: added @AFS_LIBS@
23885: [97b6fe6ad7d6]
23886:
23887: * compat.h:
23888: AFS allows long passwords
23889: [5fb17122c302]
23890:
23891: * testsudoers.c:
23892: fixed -u user support
23893: [b1a0c1648639]
23894:
23895: * parse.c:
23896: sudo -v now groks VALIDATE_OK_NOPASS
23897: [74fc03fffe7e]
23898:
23899: * parse.yacc:
23900: fixed no_passwd vs. runas_matched
23901: [549a9b791a6a]
23902:
23903: * TROUBLESHOOTING:
23904: took out stuff about NFS-mounting since it is no longer an issue
23905: [d95ab7fbbc61]
23906:
23907: * INSTALL:
23908: added --with-libraries > --with-libpath --with-incpath
23909: [d5d15a7a0f4c]
23910:
23911: * parse.yacc:
23912: was setting runas_matches to -1 in wrong place
23913: [db2b1deb8d33]
23914:
23915: * check.c:
23916: removed usersec.h which is not present in new AFS versions
23917: [618b016dd17f]
23918:
23919: * tgetpass.c:
23920: now deals with timeout <= 0
23921: [ba53a1257255]
23922:
23923: * OPTIONS:
23924: updated
23925: [75093bd8fdca]
23926:
23927: * configure.in:
23928: BSD/OS >= 2.0 now uses shlicc instead of just gcc
23929: [ff6dbf7825c2]
23930:
23931: * sudo.c:
23932: fixed backwards compatibility with sudo 1.4 sudoers mode for root
23933: readable/writable filesystems
23934: [2694ed627221]
23935:
23936: * Makefile.in:
23937: now gives INSTALL -c flag
23938: [63db055a2fd1]
23939:
23940: * parse.yacc:
23941: slightly simpler initialization of no_passwd and runas_matches
23942: [463a1b5fa323]
23943:
23944: * testsudoers.c:
23945: added -u username support
23946: [38b072fcd6b3]
23947:
23948: * configure.in:
23949: improved --with-libraries support
23950: [047dbc5f0af2]
23951:
23952: 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
23953:
23954: * configure.in:
23955: added --with-incpath, --with-libpath, --with-libraries
23956: [20f20d6c718c]
23957:
23958: * parse.yacc:
23959: now initializes some fields that weren't getting set to -1 pretty
23960: gross -- need a rewrite.
23961: [021c160390c6]
23962:
23963: 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
23964:
23965: * alloca.c:
23966: removed emacs'isms
23967: [9d4ec2efe057]
23968:
23969: * configure.in:
23970: no longer add -lPW to *_LIBS since we include alloca.c
23971: [a626d1bbea80]
23972:
23973: * config.h.in:
23974: added HAVE_ALLOCA_H
23975: [15491e2a6cff]
23976:
23977: * Makefile.in:
23978: added alloca.c
23979: [0400f25e1fe4]
23980:
23981: * alloca.c:
23982: Initial revision
23983: [06d033aa4882]
23984:
23985: * configure.in:
23986: ++version
23987: [f52c0fb98f90]
23988:
23989: 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
23990:
23991: * sudo.c:
23992: now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
23993: not always set to a valid uid.
23994: [c2669f77704d]
23995:
23996: * OPTIONS:
23997: fixed entry for SUDO_MODE
23998: [d7272f6035b8]
23999:
24000: * sudo.c:
24001: Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
24002: being set to -2. Now beat NFS to the punch and set uid to "nobody"
24003: ourselves, preserving group 0 to read sudoers.
24004: [b1fbc5dd1e34]
24005:
24006: * parse.c:
24007: moved set_perms(PERM_ROOT) to be before yyparse()
24008: [7619d8080735]
24009:
24010: * logging.c:
24011: fixed a typo
24012: [318acc48cde0]
24013:
24014: * configure.in:
24015: no longer need AC_PROG_INSTALL
24016: [de01b1336dc8]
24017:
24018: * Makefile.in:
24019: always use install-sh to avoid install(1)'s that use get{pw,gr}nam
24020: [ea2351986406]
24021:
24022: * INSTALL:
24023: make clean -> make distclean
24024: [704a98e8ba10]
24025:
24026: 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
24027:
24028: * parse.yacc:
24029: removed some unnecsary if's
24030: [f00db6508132]
24031:
24032: * Makefile.in, version.h:
24033: ++version
24034: [bdb6740b24c8]
24035:
24036: * parse.c, testsudoers.c:
24037: now includes netgroup.h
24038: [93f5a06352bc]
24039:
24040: * interfaces.c:
24041: removed cats of ioctl to int since they didn't shut up -Wall
24042: [83e9f912cd7a]
24043:
24044: * interfaces.c:
24045: explicately cast ioctl() to int since it it not always declared
24046: [2ff9294e469e]
24047:
24048: * sudo.h:
24049: added declarations for yyparse() and yylex()
24050: [6071321ab771]
24051:
24052: * parse.yacc:
24053: fixed an occurence of '==' -> '='
24054: [2c46d2e11d57]
24055:
24056: * config.h.in, configure.in:
24057: added check for netgroup.h
24058: [73403050f4e3]
24059:
24060: * sudo.c:
24061: fixed 2 compiler warnings
24062: [680929b0bd97]
24063:
24064: * sudo.c:
24065: SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
24066: initialized
24067: [18707ecd07c2]
24068:
24069: 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
24070:
24071: * sudo.pod:
24072: fixed a typo
24073: [e4b5c12aa130]
24074:
24075: 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
24076:
24077: * parse.yacc:
24078: fixed a formatting thingie
24079: [c79327b6f19b]
24080:
24081: * parse.c, parse.yacc:
24082: fixed -u support with multiple user lists on a line
24083: [e4d1066adca2]
24084:
24085: * configure.in:
24086: unixware needs -lgen
24087: [b5bf9bca63cc]
24088:
24089: * README:
24090: updated ftp location
24091: [b25a033f7921]
24092:
24093: * sudoers.pod:
24094: add net_addr/netmask support
24095: [674e83516d1e]
24096:
24097: * sample.sudoers:
24098: added net_addr/mask example
24099: [774878e89b28]
24100:
24101: * parse.c, parse.lex:
24102: added support for net_addr/netmask
24103: [e33de27325d8]
24104:
24105: 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
24106:
24107: * sudoers.pod:
24108: ^ -> !
24109: [1a084950d6ef]
24110:
24111: 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
24112:
24113: * RUNSON:
24114: updated for 1.4.3
24115: [c82019025d09]
24116:
24117: * CHANGES:
24118: udpated for 1.4.3
24119: [ceaa81adb8f0]
24120:
24121: * BUGS, TODO, TROUBLESHOOTING:
24122: updated
24123: [ff94fae4b853]
24124:
24125: * sample.sudoers:
24126: updated with examples of new stuff
24127: [99d0b4cb4c9c]
24128:
24129: * INSTALL, README:
24130: ++version
24131: [b763b80fe836]
24132:
24133: * sudoers.pod:
24134: updated wrt -u and NOPASSWD
24135: [0b5b722ea0f4]
24136:
24137: * sudo.pod:
24138: updated wrt -u and CAVEATS
24139: [71d5d53b5d18]
24140:
24141: 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
24142:
24143: * sudo.c:
24144: fixed usage()
24145: [114c7d09b550]
24146:
24147: * parse.lex:
24148: now use :foo: character classes (makes no diff for generated lexer)
24149: [7b0aeb737a02]
24150:
24151: 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
24152:
24153: * check.c:
24154: fixed LONG_SKEY_PROMPT stuff
24155: [0efe78b4bdda]
24156:
24157: 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
24158:
24159: * visudo.c:
24160: fixed a comment
24161: [3d289017104b]
24162:
24163: * lsearch.c:
24164: make more like NetBSD one -- now compiles w/o warnings
24165: [932206296a54]
24166:
24167: * emul/search.h:
24168: fixed decls of lsearch()
24169: [c58cf4584c45]
24170:
24171: * config.h.in, configure.in, getspwuid.c:
24172: added SPW_HPUX10
24173: [d74e5eaa5f17]
24174:
24175: * check.c:
24176: hpux 10 uses bigcrypt() if C2
24177: [359eb63f4021]
24178:
24179: 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
24180:
24181: * parse.c:
24182: now always uses fnmatch to match args
24183: [a9d91f35256a]
24184:
24185: * tgetpass.c:
24186: back to using stdio instead of raw i/o since that caused some
24187: problems
24188: [e7ce2bc92974]
24189:
24190: 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
24191:
24192: * sudo.c:
24193: now give usage warning if use -l,-v,-k with args
24194: [6b48180c4fea]
24195:
24196: 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
24197:
24198: * sudo.c:
24199: NewArgc is now set to 1 for -l, -v, -k
24200: [7497cb1416a8]
24201:
24202: * sudo.c:
24203: now sets sudoers to correct group if mode is 0400
24204: [484c43d99718]
24205:
24206: * install-sh:
24207: updated to version used by inn and bind
24208: [28683ad8725a]
24209:
24210: * configure.in:
24211: now uses -lgnumalloc if it exists
24212: [3651ca4415a2]
24213:
24214: * Makefile.in:
24215: "make install" now sets uid/gid and mode on sudoers if it exists
24216: [1f5216191ae9]
24217:
24218: * sudo.c:
24219: rmeoved debugging statements
24220: [aeda278e2c26]
24221:
24222: * parse.yacc:
24223: added a missing free()
24224: [592c9482a159]
24225:
24226: * sudo.c:
24227: now uses user_gid instead of getegid (which was wrong anyway) to set
24228: SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
24229: (logging.c depends on args being in the environment)
24230: [9f5328a3b942]
24231:
24232: * logging.c:
24233: now uses SUDO_COMMAND envariable to get command args rather than
24234: building it up again.
24235: [7f8edc5bccb7]
24236:
24237: * parse.c:
24238: now uses user_gid
24239: [4b9303ae45fe]
24240:
24241: * sudo.c:
24242: fixed off by one error in allocation NewArgv
24243: [921ea1a4e7c6]
24244:
24245: * parse.c:
24246: in sudoers, 'command ""' now means command with no args
24247: [a5273648ace2]
24248:
24249: * configure.in:
24250: added check for fnmatch(3) and fnmatch.h
24251: [258916a7866f]
24252:
24253: * config.h.in:
24254: added HAVE_FNMATCH
24255: [b9860d361e93]
24256:
24257: * Makefile.in:
24258: replaced wildcat.* with fnmatch.*
24259: [03ad9ee21a1c]
24260:
24261: * testsudoers.c:
24262: now uses fnmatch()
24263: [5a7f7de987a9]
24264:
24265: 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
24266:
24267: * parse.c:
24268: now uses fnmatch() instead of wildmat a trailing star (*) by itself
24269: now matches multiple args added support for wildcards in the
24270: pathname in sudoers
24271: [1f7fb950b868]
24272:
24273: 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
24274:
24275: * fnmatch.c:
24276: now includes compat.h and config.h
24277: [090206b95cf8]
24278:
24279: * config.h.in:
24280: added HAVE_FNMATCH_H
24281: [90eb42150173]
24282:
24283: * configure.in:
24284: now checks for alloca() (if needed by bison or dce) and links with
24285: -lPW if it contains alloca() and libv and compiler do not.
24286: [cfa2b3cef49a]
24287:
24288: * emul/fnmatch.h, fnmatch.3, fnmatch.c:
24289: Initial revision
24290: [20b1f762a32a]
24291:
24292: 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
24293:
24294: * sudo.c:
24295: now fixes mode on sudoers if set to 0400 to aid in upgrade
24296: [d4bdfd521820]
24297:
24298: 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
24299:
24300: * Makefile.in:
24301: fixed pod2man usage
24302: [5adf2ec77b27]
24303:
24304: * Makefile.in, configure.in, version.h:
24305: ++version
24306: [b4029de876d0]
24307:
24308: * testsudoers.c, visudo.c:
24309: runas_user is now initialized to "root"
24310: [8537d97bff39]
24311:
24312: * sudo.h:
24313: removed PERM_FULL_ROOT
24314: [241f8bbf647f]
24315:
24316: * sudo.c:
24317: runas_user defaults to "root" so no more need to PERM_RUNAS
24318: [fc0c0dfc72ba]
24319:
24320: * parse.c:
24321: will now only running commands as root if there was no runas list
24322: (or if root is in the runas list)
24323: [40c587666c81]
24324:
24325: * logging.c:
24326: now logs "USER=%s"
24327: [b733504c87fd]
24328:
24329: * parse.yacc:
24330: runas_matches is now set to false if we get a negative match
24331: [5495b150b300]
24332:
24333: * parse.lex:
24334: make #uid work + some minor cleanup
24335: [07851bbce03a]
24336:
24337: * sample.sudoers:
24338: added support for NOPASSWD and "runas" from garp@opustel.com /
24339: [7a9c67b51fa5]
24340:
24341: * visudo.c:
24342: added support for "runas" from garp@opustel.com replaced
24343: SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
24344: SUDOERS_MODE
24345: [e714209b9885]
24346:
24347: * testsudoers.c:
24348: added support for "runas" from garp@opustel.com
24349: [b837f856da10]
24350:
24351: * sudo.h:
24352: added support for NO_PASSWD and runas from garp@opustel.com replaced
24353: SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
24354: fro SUDOERS_MODE
24355: [cea6f26679b7]
24356:
24357: * sudo.c:
24358: added support for NO_PASSWD and runas from garp@opustel.com replaced
24359: SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
24360: SUDOERS_MODE
24361: [61b5434237c5]
24362:
24363: * parse.yacc:
24364: added support for NO_PASSWD and runas from garp@opustel.com
24365: [72ebd3056f22]
24366:
24367: * parse.c, parse.lex:
24368: added support for NO_PASSWD and runas from garp@opustel.com
24369: [fef6dbdd114d]
24370:
24371: * logging.c:
24372: added support for SUDOERS_WRONG_MODE and "runas"
24373: [e794efc2b443]
24374:
24375: * configure.in:
24376: added --with-CC only link with -lshadow on linux (with shadow pw) if
24377: libc lacks getspnam()
24378: [3ecf4ae21002]
24379:
24380: * OPTIONS, options.h:
24381: removed NO_PASSWD since it is not possible to do this in the sudoers
24382: file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
24383: SUDOERS_GID. Added SUDOERS_MODE.
24384: [2eaa4891ef48]
24385:
24386: * Makefile.in:
24387: now uses SUDOERS_UID and SUDOERS_GID
24388: [8d615f0fdb2a]
24389:
24390: 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
24391:
24392: * INSTALL:
24393: added --with-CC
24394: [a1b8286a81b8]
24395:
24396: 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
24397:
24398: * parse.lex:
24399: added double quote support
24400: [a5e4fc7e3a2b]
24401:
24402: * sudoers.pod:
24403: documented double quoting
24404: [c6ea47969a44]
24405:
24406: 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
24407:
24408: * mkinstalldirs:
24409: Initial revision
24410: [dcb86d65ad8f]
24411:
24412: * check.c:
24413: fixed some indentation
24414: [4d1c5ab8072b]
24415:
24416: * Makefile.in:
24417: fixed a typo
24418: [0d27eebc7227]
24419:
24420: * Makefile.in:
24421: added install-dirs .
24422: [f499b99b8be7]
24423:
24424: 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
24425:
24426: * dce_pwent.c:
24427: new version from "Jeff A. Earickson" <jaearick@colby.edu>
24428: [422481be5fbd]
24429:
24430: 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
24431:
24432: * configure.in:
24433: $CSOPS -> $with_csops (whoops, missed one)
24434: [b04c6948130e]
24435:
24436: * BUGS:
24437: updated
24438: [c4d5713e227d]
24439:
24440: * parse.lex:
24441: FQHOST now has same constraints as non-FQHOST
24442: [e1c3bf2381d1]
24443:
24444: * INSTALL:
24445: added note about OS's w/ shadow passwords turned on by default
24446: [166257f43be4]
24447:
24448: 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
24449:
24450: * configure.in:
24451: fixed a typo
24452: [e5c3e2e9a359]
24453:
24454: * configure.in:
24455: added support for --without-THING sanitized shadow pw situtation by
24456: adding support for
24457: --without-C2
24458: [65dc6bf64cce]
24459:
24460: * tgetpass.c:
24461: fixed a typo wrt placement of an end paren
24462: [a8780f818231]
24463:
24464: * check.c:
24465: was closing an fd that may not have been opened
24466: [760271c7bdc9]
24467:
24468: 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
24469:
24470: * OPTIONS, options.h, sudo.c:
24471: added NO_PASSWD
24472: [28ff1dc93d7a]
24473:
24474: 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
24475:
24476: * configure.in:
24477: now always use shadow pw on some arches
24478: [069161ccffda]
24479:
24480: 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
24481:
24482: * configure.in:
24483: added pyramid support
24484: [a0eb57a3a531]
24485:
24486: * configure.in:
24487: no longer check for C2 if alternate passwd method is used no longer
24488: check for some libs twice
24489: [2d0c3c902b40]
24490:
24491: * parse.yacc:
24492: moved fqdn stuff into parse.lex (FQHOST)
24493: [d9c9abd481d8]
24494:
24495: * parse.lex:
24496: added FQHOST rules
24497: [4a1695acff6d]
24498:
24499: * tgetpass.c:
24500: now define TCSASOFT in necesary
24501: [3fac2e21c9ab]
24502:
24503: * tgetpass.c:
24504: now uses read/write instead of stdio string goop to avoid problems
24505: with select(2)
24506: [67fd174e518c]
24507:
24508: * OPTIONS, find_path.c, options.h:
24509: -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
24510: [d05ba5100d28]
24511:
24512: 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
24513:
24514: * INSTALL:
24515: added note about no shadow auto-detect if using alternate auth
24516: schemes
24517: [b425592232a3]
24518:
24519: * configure.in:
24520: don't check for C2 if AFS or DCE (unless they said --with-C2)
24521: [61342962171a]
24522:
24523: * testsudoers.c:
24524: now groks shost
24525: [85dda17303f6]
24526:
24527: * OPTIONS, find_path.c, options.h:
24528: added NO_DOT_PATH
24529: [c261ca1fb196]
24530:
24531: 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
24532:
24533: * find_path.c:
24534: checkdot now works correctly
24535: [3bc4835bb3e9]
24536:
24537: 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
24538:
24539: * configure.in:
24540: can't have DCE and C2 passwords both...
24541: [fb9a8ab7ca66]
24542:
24543: 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
24544:
24545: * parse.yacc, sudo.c, sudo.h, visudo.c:
24546: now uses shost even if not FQDN
24547: [87f7498b3a1f]
24548:
24549: * configure.in:
24550: now looks for skey in /usr/lib and doesn't require libskey to be in
24551: /usr/local/lib just because skey.h is (for my netbsd box :-)
24552: [ceb1763e37d2]
24553:
24554: * aclocal.m4, config.h.in, pathnames.h.in:
24555: _SUDO_PATH_ -> _CONFIG_PATH_
24556: [84d97ad13d75]
24557:
24558: * aclocal.m4, sudo.pod:
24559: /var/run/.odus -> /var/run/sudo
24560: [922da220b8f5]
24561:
24562: * pathnames.h.in:
24563: now uses _SUDO_PATH_TIMEDIR
24564: [5ecab0155fdf]
24565:
24566: * OPTIONS:
24567: udpated FQDN
24568: [361b6f7440c0]
24569:
24570: * aclocal.m4, configure.in:
24571: added SUDO_TIMEDIR
24572: [368c95c8c950]
24573:
24574: * config.h.in:
24575: added _SUDO_PATH_TIMEDIR
24576: [3879864d808c]
24577:
24578: * sudo.pod:
24579: updated wrt /var/run/sudo
24580: [9e14f2a429d3]
24581:
24582: * sudo.c, sudo.h:
24583: added support for shost if FQDN
24584: [51a3f51a09a1]
24585:
24586: * parse.yacc, visudo.c:
24587: now uses shost if FQDN
24588: [d19da2e92b42]
24589:
24590: * check.c:
24591: Now use skeylookup() instead off skeychallenge()
24592: [4c7438bb2ae0]
24593:
24594: 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
24595:
24596: * logging.c:
24597: mail_argv should not contain ALERTMAIL as it includes "-t"
24598: [67ffaaa8f843]
24599:
24600: 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
24601:
24602: * INSTALL, Makefile.in, README, configure.in, version.h:
24603: ++version
24604: [e08fd4a809fc]
24605:
24606: * compat.h:
24607: added more _PASSWD_LEN stuff -- now uses PASS_MAX too
24608: [2f20c3153689]
24609:
24610: * tgetpass.c:
24611: now includes limits.h moved _PASSWD_LEN -> compat.h
24612: [b1ca3cafdacc]
24613:
24614: 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
24615:
24616: * INSTALL, README:
24617: ++version
24618: [3eacf32803f5]
24619:
24620: * Makefile.in:
24621: ++versoin
24622: [3b91c317630a]
24623:
24624: * Makefile.in:
24625: fixed a typo
24626: [3661ac4a7803]
24627:
24628: * configure.in:
24629: ++version
24630: [60e842973745]
24631:
24632: 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
24633:
24634: * RUNSON:
24635: updated
24636: [def2c3c24195]
24637:
24638: * CHANGES:
24639: done for 1.4.1 (I hope)
24640: [2ab543769a40]
24641:
24642: * sudoers.pod:
24643: added info on wildcards
24644: [ce3bd41bc063]
24645:
24646: * sample.sudoers:
24647: added wildcard example
24648: [762feb0577bd]
24649:
24650: * Makefile.in:
24651: now uses *.pod to build *.man and *.cat & *.html
24652: [3ec14962028b]
24653:
24654: * configure.in:
24655: addedSUDO_PROG_BSHELL !ll
24656: [3c80b320bf16]
24657:
24658: * visudo.pod:
24659: fixed up some formatting
24660: [12166c434526]
24661:
24662: * sudoers.pod:
24663: redid section describing sample sudoers stuff
24664: [b8065cceec71]
24665:
24666: * sudo.pod:
24667: fixed some formatting
24668: [aa9a681add0f]
24669:
24670: * getspwuid.c:
24671: now treats "" as bourne shell
24672: [30194a72ad56]
24673:
24674: * Makefile.in:
24675: TESTOBJS nwo includes wildmat.o
24676: [86cc6500f84d]
24677:
24678: * testsudoers.c:
24679: now works with NewArg[cv]
24680: [2f72674ce942]
24681:
24682: * sudo.c:
24683: removed an XXX (fixed it in getspwuid.c)
24684: [e791ee0d1a68]
24685:
24686: * aclocal.m4:
24687: added check for bourne shell
24688: [a2fd51676b8a]
24689:
24690: * pathnames.h.in:
24691: added _PATH_BSHELL
24692: [e7c10011d47b]
24693:
24694: * config.h.in:
24695: added _SUDO_PATH_BSHELL
24696: [6a1182898de9]
24697:
24698: 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
24699:
24700: * visudo.c:
24701: unixware vi returns 256 instead of 0
24702: [234ffc7c6786]
24703:
24704: * INSTALL:
24705: added Linux note
24706: [5f85efcd2b58]
24707:
24708: * logging.c:
24709: fixed up some XXX's. file log format now looks a little more like
24710: real syslog(3) format.
24711: [6df55707bfc3]
24712:
24713: * README, TROUBLESHOOTING:
24714: updated wrt lex/flex
24715: [eb787d69156b]
24716:
24717: * Makefile.in:
24718: commented out rule to build lex.yy.c from parse.lex since we ship
24719: with a pre-flex'd parser
24720: [7507e2ce4a95]
24721:
24722: * parse.c, parse.yacc, visudo.c:
24723: path_matches -> command_matches
24724: [0bd469424f86]
24725:
24726: * logging.c:
24727: eliminated some strcat()'s
24728: [9878a79bc374]
24729:
24730: * configure.in:
24731: no longer checks for lex/flex (now assumes flex)
24732: [a086ccc73798]
24733:
24734: * configure.in:
24735: now checks for $kerb_dir_candidate/krb.h instead of just
24736: kerb_dir_candidate
24737: [9133bc3c5208]
24738:
24739: 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
24740:
24741: * parse.yacc:
24742: now use a 'hook' expression instead of an iffy one :-)
24743: [9560df01b8c0]
24744:
24745: 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
24746:
24747: * visudo.c:
24748: now works with new sudo arg stuff
24749: [310a0d43ddad]
24750:
24751: * parse.yacc:
24752: fixed dereferencing deadbeef
24753: [474ef8a8006b]
24754:
24755: * sudo.c:
24756: changed an occurrence of Argv to NewArgv
24757: [205b012b7691]
24758:
24759: * parse.lex:
24760: took out support for quoted commands since there is no need...
24761: [5c5036d353b1]
24762:
24763: * parse.c:
24764: fixed a typo in a for() loop
24765: [7e8d5283c43b]
24766:
24767: * logging.c:
24768: protected against dereferencing rogue pointers
24769: [56debd517717]
24770:
24771: * sudo.c:
24772: now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
24773: also allows us to eliminate some kludges in parse_args() and
24774: eliminate superfluous code.
24775: [5122f66ad150]
24776:
24777: * logging.c:
24778: no longer uses cmnd_args, now uses NewArgv instead.
24779: [abddd23cf068]
24780:
24781: * sudo.h:
24782: added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
24783: (no longer used)
24784: [78410984fb05]
24785:
24786: * Makefile.in:
24787: added wildmat.c to SRCS & SUDOBJS
24788: [3800efb41794]
24789:
24790: * parse.yacc:
24791: COMMAND is now a struct containing the path and args
24792: [5c32822c5b94]
24793:
24794: * parse.lex:
24795: replaced append() with fill_cmnd() and fill_args. command args from
24796: a sudoers entry are now stored in an arrary for easy matching.
24797: [a981d7f4eb0d]
24798:
24799: * parse.c:
24800: command line args from sudoers file are now in an array like ones
24801: passed in from the command line
24802: [1d9e37e84519]
24803:
24804: 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
24805:
24806: * parse.c:
24807: wildwat stuff now works
24808: [49d16488531f]
24809:
24810: 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
24811:
24812: * version.h:
24813: ++version
24814: [53e55463ef89]
24815:
24816: * Makefile.in:
24817: ++version added wildmat.*
24818: [0508297a4711]
24819:
24820: 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
24821:
24822: * parse.lex:
24823: added support for quoted commands (w/ or w/o args)
24824: [b9a637155673]
24825:
24826: 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
24827:
24828: * sudo.pod, visudo.pod:
24829: cleaned up formatting
24830: [4591d4195437]
24831:
24832: * sudo.pod, visudo.pod:
24833: Initial revision
24834: [7564a8242750]
24835:
24836: 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
24837:
24838: * sudoers.pod:
24839: looks reasonable, could be mroe readable
24840: [a5be2d19d9e0]
24841:
24842: * sudoers.pod:
24843: Initial revision
24844: [957888be31a6]
24845:
24846: 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
24847:
24848: * RUNSON:
24849: updated
24850: [633743aa924b]
24851:
24852: * OPTIONS:
24853: updated NO_ROOT_SUDO entry
24854: [f1c15b1dec9e]
24855:
24856: 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
24857:
24858: * RUNSON:
24859: *** empty log message ***
24860: [5b63de579ff7] [SUDO_1_4_0]
24861:
24862: * sudo.c:
24863: fixed SECURE_PATH
24864: [6002889f606d]
24865:
24866: * RUNSON:
24867: udpa`ted for 1.4
24868: [6014a8592815]
24869:
24870: * configure.in:
24871: AIX aixcrypt.exp now uses $(srcdir)
24872: [b0d57674fef4]
24873:
24874: * TROUBLESHOOTING:
24875: added entry for anal ansi compilers
24876: [4193cec1c6b1]
24877:
24878: 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
24879:
24880: * INSTALL:
24881: added info on libcrypt_i for SCO
24882: [575497d56698]
24883:
24884: * TODO:
24885: *** empty log message ***
24886: [d0aaf67b9913]
24887:
24888: * sample.sudoers:
24889: added comments
24890: [a7773f7eda8d]
24891:
24892: * TODO:
24893: 1.4 release
24894: [1dade29e9fd9]
24895:
24896: * CHANGES:
24897: ++version
24898: [67241be40780]
24899:
24900: * INSTALL, OPTIONS, README, config.h.in, configure.in:
24901: ++version
24902: [2e0a37897f68]
24903:
24904: * BUGS:
24905: ++version and fixed ISC
24906: [78963f01a0e3]
24907:
24908: * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
24909: goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
24910: insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
24911: sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
24912: visudo.c:
24913: ++version
24914: [b6227f29b3d9]
24915:
24916: * interfaces.c:
24917: added STUB_LOAD_INTERFACES ++version
24918: [d8150a3fd577]
24919:
24920: * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
24921: version.h:
24922: ++version
24923: [da9e90e69bdc]
24924:
24925: * PORTING:
24926: added info about fd_set in tgetpass added info on interfaces.c
24927: [a39902febd17]
24928:
24929: 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
24930:
24931: * dce_pwent.c:
24932: added sudo header
24933: [fc0f2c48682e]
24934:
24935: * tgetpass.c:
24936: fixed a typo
24937: [43d40b72ee8f]
24938:
24939: * Makefile.in:
24940: tgetpass.o is now only linked in with sudo (not visudo)
24941: [7407c5ff11f8]
24942:
24943: 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
24944:
24945: * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
24946: configure.in:
24947: ++version
24948: [9b82ad805d6b]
24949:
24950: * emul/utime.h:
24951: added copyright notice
24952: [4380f16cd075]
24953:
24954: * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
24955: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
24956: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
24957: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
24958: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
24959: ++version
24960: [32717fdb5d05]
24961:
24962: * tgetpass.c:
24963: minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
24964: [326864428da2]
24965:
24966: * configure.in:
24967: ISC now gets -lcrypt now check for sys/bsdtypes.h
24968: [e064799c054b]
24969:
24970: * config.h.in:
24971: added check for sys/bsdtypes.h
24972: [9adb9533c363]
24973:
24974: 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
24975:
24976: * parse.yacc:
24977: removed debugging stuff (setting freed ptr to NULL)
24978: [02fe8eec63a0]
24979:
24980: * TROUBLESHOOTING:
24981: added 2 entries
24982: [02884e2733e2]
24983:
24984: * Makefile.in:
24985: added FAQ
24986: [074d8dfcf28d]
24987:
24988: * TROUBLESHOOTING:
24989: added section on syslog
24990: [e6bc02a22b86]
24991:
24992: * configure.in:
24993: added AC_ISC_POSIX for better ISC support
24994: [8436b3e12af2]
24995:
24996: * config.h.in:
24997: fixed typo
24998: [f1b3922babf4]
24999:
25000: * config.h.in:
25001: added define for _POSIX_SOURCE
25002: [ded6d92b34f9]
25003:
25004: 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
25005:
25006: * configure.in:
25007: fixed check for lsearch()
25008: [75baa5bc28a3]
25009:
25010: 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
25011:
25012: * interfaces.c:
25013: fixed for AIX now deal if num_interfaces == 0 (should not happen)
25014: [ae450e859227]
25015:
25016: 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
25017:
25018: * configure.in:
25019: now only define HAVE_LSEARCH if there is a corresponding search.h
25020: [8ce645c5d17f]
25021:
25022: * interfaces.c:
25023: works on ISC again
25024: [ccac920d424c]
25025:
25026: 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
25027:
25028: * configure.in:
25029: now define HAVE_LSEARCH if we find lsearch() in libcompat
25030: [7343e4313a87]
25031:
25032: * lsearch.c:
25033: char * -> const char *
25034: [1c0b11c2300a]
25035:
25036: * configure.in:
25037: now looks in -lcompat for lsearch()
25038: [a1cc1d6fcd09]
25039:
25040: * Makefile.in:
25041: remove sudo.core visudo.core for clan target
25042: [b523456a85df]
25043:
25044: * aclocal.m4:
25045: added UID_MAX support in check for MAX_UID_T_LEN
25046: [7ab262b1173f]
25047:
25048: * Makefile.in:
25049: fixed another occurence of sudo_getpwuid.*
25050: [fb5809c07da2]
25051:
25052: * Makefile.in, getspwuid.c:
25053: sudo_getpwuid.c -> getspwuid.c
25054: [875f2ef808b4]
25055:
25056: * configure.in:
25057: moved the "echo"
25058: [ad7b8f966076]
25059:
25060: * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
25061: compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
25062: getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
25063: ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
25064: parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
25065: sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
25066: version.h, visudo.c:
25067: ++version
25068: [ee57c6410ffa]
25069:
25070: * testsudoers.c:
25071: added group support
25072: [54d8097df8bd]
25073:
25074: * sample.sudoers:
25075: added group entry
25076: [50994d31fd49]
25077:
25078: * sudoers.man:
25079: documented group support
25080: [0a16707f8fed]
25081:
25082: * parse.c, parse.lex, parse.yacc, visudo.c:
25083: added group support
25084: [427218c879c8]
25085:
25086: 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
25087:
25088: * check.c:
25089: tkfile was too short and overflowed the kerberos realm
25090: [53823a1ff5af]
25091:
25092: 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
25093:
25094: * sudo.c:
25095: now copy command args directly from Argv
25096: [77408278b6fd]
25097:
25098: * sudo.c:
25099: replaced code to copy cmnd_args so that is does not use realloc
25100: since most realloc()'s really stink
25101: [b29a0ff73fb6]
25102:
25103: 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
25104:
25105: * configure.in:
25106: syslog() fixed in hpux 10.01
25107: [2648e6f0cdb0]
25108:
25109: 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
25110:
25111: * configure.in:
25112: AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
25113: [8f108b8d8711]
25114:
25115: * configure.in:
25116: better error if cannot find skey incs or libs
25117: [5887662ee9d3]
25118:
25119: * aclocal.m4:
25120: now use a temp file for determining max len of uid_t in string form.
25121: the old hacky way broke on netbsd
25122: [b68f470fa9f8]
25123:
25124: * sudo.c:
25125: added set of parens and a space
25126: [8a3d4826d022]
25127:
25128: 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
25129:
25130: * dce_pwent.c:
25131: fixes from Jeff Earickson <jaearick@colby.edu> ,
25132: [bde0f0b756ec]
25133:
25134: * check.c:
25135: modified a comment
25136: [e2a97f1afbbe]
25137:
25138: * Makefile.in:
25139: fixed up testsudoers target
25140: [d39c4e7bb609]
25141:
25142: * configure.in:
25143: DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
25144: SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
25145: [da7a1c433828]
25146:
25147: * Makefile.in:
25148: LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
25149: VISUDO_LDFLAGS
25150: [4b69503e8487]
25151:
25152: 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
25153:
25154: * configure.in:
25155: fix for C2 on hpux 10 now uses -linet if it exists
25156: [8d300112263d]
25157:
25158: * check.c:
25159: LONG_SKEY_PROMPT is less of a klusge /
25160: [dcc144abaac3]
25161:
25162: * configure.in:
25163: fixed typos w/ dce stuff
25164: [f7dfd6d4e149]
25165:
25166: * Makefile.in:
25167: added dce_pwent.c
25168: [79047acdc516]
25169:
25170: 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
25171:
25172: * INSTALL:
25173: amended section on combining authentication mechanisms
25174: [dc5138c7c716]
25175:
25176: * PORTING:
25177: minor updates for 1.3.6
25178: [fe80c13bd994]
25179:
25180: * TROUBLESHOOTING:
25181: added 2 more entries
25182: [c7201439a0f5]
25183:
25184: * BUGS:
25185: updated for 1.3.6
25186: [979b414d2a2d]
25187:
25188: * README:
25189: overhauled
25190: [3af8b60eb594]
25191:
25192: * INSTALL:
25193: rewrote for sudo 1.3.6
25194: [b16027b9c726]
25195:
25196: * TROUBLESHOOTING:
25197: added 3 entries
25198: [934c9ee3f153]
25199:
25200: 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
25201:
25202: * find_path.c, getspwuid.c, sudo.c:
25203: added explict casts for strdup since many includes don't prototype
25204: it. gag me.
25205: [3e19a11f2fcc]
25206:
25207: * sudo.h:
25208: removed prototype for sudo_getpwuid() since convex C compiler choked
25209: on it.
25210: [c3ea74ca67b0]
25211:
25212: * sudo.c:
25213: added prototype for sudo_getpwuid()
25214: [4a8e3cdc2b98]
25215:
25216: * lsearch.c:
25217: now compiles on strict ANSI compilers
25218: [3ce5d72d0b08]
25219:
25220: * check.c:
25221: added LONG_SKEY_PROMPT support
25222: [48a18b8a2332]
25223:
25224: * Makefile.in:
25225: added extra $'s for make to eat up, yum.
25226: [2995b214e12b]
25227:
25228: * OPTIONS, options.h:
25229: added LONG_SKEY_PROMPT
25230: [f23ae799b5a4]
25231:
25232: 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
25233:
25234: * check.c:
25235: s/key support now works with normal s/key as well as logdaemon
25236: [d67573f523bf]
25237:
25238: * OPTIONS, options.h:
25239: added SKEY_ONLY
25240: [bbf07654e0de]
25241:
25242: * compat.h:
25243: set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
25244: [205895b96a36]
25245:
25246: * INSTALL:
25247: added DCE note added more AIX notes
25248: [6345403b3522]
25249:
25250: * sudo.c:
25251: now include pthread.h for DCE support
25252: [6fe02865f679]
25253:
25254: * check.c:
25255: dce_pwent() is ok after all .,
25256: [d26a8746a55d]
25257:
25258: * logging.c:
25259: now uses SYSLOG() macro that equates to either syslog() or
25260: syslog_wrapper
25261: [42ac4cff8045]
25262:
25263: * dce_pwent.c:
25264: minor formatting changes. renamed check() to somthing less generic
25265: [71859f217be1]
25266:
25267: * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
25268: visudo.c:
25269: now uses user_pw_ent and simple macros to get at the contents
25270: [f4cbf3e7145a]
25271:
25272: 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
25273:
25274: * check.c:
25275: simpler dec unix C2 support
25276: [86bc8f75250e]
25277:
25278: * getspwuid.c:
25279: now sets crypt_type for DEC unix C2
25280: [99aeadd18266]
25281:
25282: 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
25283:
25284: * configure.in:
25285: added csops paths for skey
25286: [b8ca672e2117]
25287:
25288: * getspwuid.c:
25289: now includes string.h for strdup() prototype
25290: [3605259c3620]
25291:
25292: * getspwuid.c:
25293: fixed a few typos
25294: [46c97e4ea417]
25295:
25296: * check.c:
25297: now includes skey.h
25298: [11e611ce1b61]
25299:
25300: * getspwuid.c:
25301: fixed up comments
25302: [223dac56f0c8]
25303:
25304: * check.c:
25305: moved a lot of the shadow passwd crap to sudo_getpwuid()
25306: [97d8887fb7d3]
25307:
25308: * sudo.c:
25309: now uses sudo_pw_ent
25310: [d014dadbef48]
25311:
25312: * testsudoers.c:
25313: now uses sudo_pw_ent
25314: [d92936ed7e34]
25315:
25316: * visudo.c:
25317: now sets sudo_pw_ent
25318: [ff75cdfcf8b3]
25319:
25320: * getspwuid.c:
25321: Initial revision
25322: [6deb6df9d7bc]
25323:
25324: * tgetpass.c:
25325: moved dce stuff into compat.h
25326: [1124284396e7]
25327:
25328: * logging.c, sudo.h:
25329: now uses sudo_pw_ent
25330: [404ff20a5067]
25331:
25332: * Makefile.in:
25333: added sudo_getpwuid.c
25334: [6666d0644512]
25335:
25336: * compat.h:
25337: added dce support
25338: [3c3b36a7ce0e]
25339:
25340: * parse.yacc:
25341: now uses sudo_pw_ent
25342: [9f5e8d11bd68]
25343:
25344: 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
25345:
25346: * check.c:
25347: fixed exempt_group stuff for OS's that don't put base gid in group
25348: vector
25349: [003f153bd396]
25350:
25351: * check.c:
25352: S/Key support now works with sunos4 shadow passwords
25353: [1eb64a5efff1]
25354:
25355: * Makefile.in:
25356: fixed clean rule
25357: [5695a2c62816]
25358:
25359: * config.h.in, configure.in:
25360: added DCE support
25361: [f53c766c1947]
25362:
25363: * tgetpass.c:
25364: DCE & KERB support
25365: [904cf436506a]
25366:
25367: * check.c:
25368: first stab at dce support
25369: [aea5ca07b1e3]
25370:
25371: * dce_pwent.c:
25372: now smells like sudo
25373: [8b3d609b49cd]
25374:
25375: * dce_pwent.c:
25376: Initial revision
25377: [b573555f2399]
25378:
25379: * check.c:
25380: skey'd sudo now works w/ normal password as well
25381: [8d038f9f6e94]
25382:
25383: 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
25384:
25385: * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
25386: getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
25387: ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
25388: parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
25389: sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
25390: version.h, visudo.c:
25391: updated version number
25392: [ba7e346d7904]
25393:
25394: * README:
25395: updated to reflect version change
25396: [1d15cf1d8cc8]
25397:
25398: * configure.in:
25399: --with options now line up ++version
25400: [08ebf625fbca]
25401:
25402: * sudo.h:
25403: removed unecesary S/Key stuff
25404: [68188cba90af]
25405:
25406: * configure.in:
25407: fixed S/Key support
25408: [f6d9cbc36618]
25409:
25410: * Makefile.in:
25411: -I stuff now goes in CPPFLAGS
25412: [7b8e53c5b046]
25413:
25414: * check.c:
25415: fixed SKey support
25416: [52c1a5cf4435]
25417:
25418: * README:
25419: updated version
25420: [bed6498a10bb]
25421:
25422: * OPTIONS:
25423: fixed description of EXEMPTGROUP
25424: [cfeead55edc2]
25425:
25426: * sudo.c:
25427: more people use _RLD_ than just alphas...
25428: [6a3c7090a6f6]
25429:
25430: * Makefile.in:
25431: replaced $man_prefix with $mandir
25432: [dc4b36a550e2]
25433:
25434: * configure.in:
25435: fixed a typo
25436: [a38a4acddcaf]
25437:
25438: * Makefile.in:
25439: now use more GNU'ish dir names
25440: [c5498391a520]
25441:
25442: * configure.in:
25443: now set *dir correctly (can override from command line)
25444: [523ff98fd438]
25445:
25446: * sudo.c:
25447: now deal with situations where we getwd() fails
25448: [88a9e61dccbb]
25449:
25450: 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
25451:
25452: * Makefile.in:
25453: added etc_dir, bin_dir, sbin_dir
25454: [75fd08d92842]
25455:
25456: * configure.in:
25457: added sbin_dir
25458: [3cb318c0d8d1]
25459:
25460: * Makefile.in:
25461: now ship a flex-generated lex.yy.c
25462: [4d083ed70dce]
25463:
25464: * Makefile.in:
25465: now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
25466: [4d51dc9c3780]
25467:
25468: * pathnames.h.in:
25469: _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
25470: [773fd163d52f]
25471:
25472: * options.h:
25473: no more error for redefining SUDOERS_OWNER
25474: [4ba336644c6a]
25475:
25476: * OPTIONS:
25477: expanded SUDOERS_OWNER section
25478: [12fae405759e]
25479:
25480: 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
25481:
25482: * visudo.c:
25483: now warn if chown(2) failed
25484: [d0d1db6e3a1f]
25485:
25486: * logging.c:
25487: better default warning for NO_SUDOERS_FILE
25488: [5260b458ac64]
25489:
25490: * sudo.c:
25491: added missing set_perms() no more cryptic message if the sudoers
25492: file is zero length, now just give a parse error
25493: [b81ea724838a]
25494:
25495: * logging.c:
25496: better diagnostics if NO_SUDOERS_FILE
25497: [877e878663c5]
25498:
25499: * sudo.c:
25500: check_sudoers() now catches sudoers files that are not readable (but
25501: are stat'able).
25502: [fea05663b3de]
25503:
25504: 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
25505:
25506: * configure.in:
25507: now add -D__STDC__ for convex cc (not gcc)
25508: [c80fc53ff51b]
25509:
25510: * configure.in:
25511: MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
25512: [fe238226a057]
25513:
25514: * Makefile.in:
25515: now uses exec_prefix & prefix from configure
25516: [f62fca5f56bd]
25517:
25518: * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
25519: parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
25520: utime.c, visudo.c:
25521: options.h is now <> instead of "" so shadow build trees can have a
25522: custom copy of options.h
25523: [e6782676099c]
25524:
25525: * check.c:
25526: user_is_exempt() is no longer a hack, it now uses getgrnam()
25527: [287f8d5356f7]
25528:
25529: * options.h:
25530: EXEMPTGROUP is now "sudo"
25531: [61487304dbe1]
25532:
25533: * configure.in:
25534: MAN_POSTINSTALL now contains a leading space
25535: [eaad4ac34012]
25536:
25537: * Makefile.in:
25538: removed leading tab if @MAN_POSTINSTALL@ not defined now removes
25539: testsudoers in clean:
25540: [e01711baceb8]
25541:
25542: * tgetpass.c:
25543: includes pwd.h to get _PASSWD_LEN definition
25544: [8ec174f263f1]
25545:
25546: 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
25547:
25548: * sudo.c:
25549: unset the KRB_CONF envariable if using kerberos so we don't get
25550: spoofed into using a bogus server
25551: [2561a0274fca]
25552:
25553: 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
25554:
25555: * parse.yacc:
25556: now explicately initialize match[] tp be FALSE
25557: [0e45e5c47766]
25558:
25559: 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
25560:
25561: * sudo.c:
25562: removed unused variable now passes -Wall
25563: [3452508bc16d]
25564:
25565: * parse.yacc:
25566: yyerror and dumpaliases are now void's now passes -Wall
25567: [2769dfb51993]
25568:
25569: * parse.lex:
25570: added prototype for yyerror
25571: [1f3f0c1b4ab4]
25572:
25573: * check.c, logging.c, parse.c:
25574: now passes -Wall
25575: [eab57e5e81d2]
25576:
25577: * interfaces.c:
25578: rmeoved unused cruft now passes -Wall
25579: [7a47e1866f4b]
25580:
25581: * Makefile.in:
25582: fixed headers that moved to emul dir
25583: [e680c1e5049b]
25584:
25585: * logging.c:
25586: fixed deref of nil pointer if no args
25587: [973b9bea432f]
25588:
25589: 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
25590:
25591: * OPTIONS:
25592: added a caveat to FQDN section
25593: [dcf6e2a5fff4]
25594:
25595: 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
25596:
25597: * Makefile.in:
25598: more $srcdir support for install targets
25599: [f6eac78436dd]
25600:
25601: * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
25602: strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
25603: don't include malloc.h if we include stdlib.h
25604: [fca2ff307cd8]
25605:
25606: * parse.yacc:
25607: local search.h now lives in emul
25608: [51c458904424]
25609:
25610: * check.c, utime.c:
25611: local utime.h now lives in emul dir
25612: [f92fc9e8c8de]
25613:
25614: * lsearch.c:
25615: local search.h now lives in emul
25616: [579efc407439]
25617:
25618: * Makefile.in:
25619: added support for building in other than the sourcedir
25620: [2ab53a43f7d4]
25621:
25622: 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
25623:
25624: * OPTIONS:
25625: annotated CSOPS_INSULTS option
25626: [9e57d45a0afa]
25627:
25628: * TROUBLESHOOTING:
25629: updated shadow passwords blurb
25630: [39b785bc7253]
25631:
25632: * sudo.c:
25633: if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
25634: passes along foo as the arguments
25635: [a91077aa8fc5]
25636:
25637: 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
25638:
25639: * parse.lex:
25640: collapsed pathname and dir sections into one -- its now less
25641: expensive
25642: [89caa03bec25]
25643:
25644: * parse.lex:
25645: fixed spacing quoting [,:\\=] now works correctly append() and
25646: fill() now take args to make the above work
25647: [09d023d9ef3a]
25648:
25649: * sudo.c:
25650: fixed a typo that caused commands with no tty on fd 0 but a tty on
25651: fd 1 to erroneously have "none" as their tty
25652: [07d2c0e7977c]
25653:
25654: 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
25655:
25656: * check.c:
25657: timestampfile is now a global static removed decl of timestampfile
25658: in remove_timestamp since we can just use the global one
25659: [f0cbdc6aab1c]
25660:
25661: * check.c:
25662: created touch() to update timestamps added USE_TTY_TICKETS support
25663: (bit of a kludge)
25664: [cee1dd0318f8]
25665:
25666: * compat.h:
25667: added _S_IFDIR and S_ISDIR
25668: [b4a51cc9628e]
25669:
25670: * OPTIONS, options.h:
25671: added USE_TTY_TICKETS
25672: [b4e22f81f25e]
25673:
25674: * parse.yacc:
25675: removed const from casts for lsearch() & lfind() to placate irix 4.x
25676: C compiler
25677: [5003081f76ea]
25678:
25679: 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
25680:
25681: * sudo.c:
25682: now only strip '/dev/' off of a tty if it starts with '/dev/'
25683: [7f62bcd24039]
25684:
25685: * pathnames.h.in:
25686: added _PATH_DEV
25687: [6375f44d1910]
25688:
25689: * configure.in:
25690: AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
25691: have termios.h
25692: [9c60391235fd]
25693:
25694: * tgetpass.c:
25695: fixed incorrect #ifdef termio uses "unsigned short" not int for
25696: c_?flag
25697: [d032e6a29845]
25698:
25699: * parse.lex, parse.yacc:
25700: fixed a spelling error
25701: [cad6a944c7b1]
25702:
25703: * Makefile.in:
25704: fixed typo
25705: [204a65403e7c]
25706:
25707: 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
25708:
25709: * Makefile.in:
25710: fixed a comment
25711: [268f760e57ad]
25712:
25713: * parse.yacc:
25714: added dotcat() to cat 2 strings w/ a dot effeciently now that we
25715: dynamically allocate strings they need to be free()'d
25716: [ec2e2152f415]
25717:
25718: * parse.lex:
25719: dynamically allocates space for strings
25720: [d10ac3533d66]
25721:
25722: * sudo.h:
25723: no more MAXCOMMANDLENGTH
25724: [e2e1219bff8a]
25725:
25726: * sudo.h:
25727: added decl of tty
25728: [c8ae81303ee5]
25729:
25730: * logging.c, sudo.c:
25731: moved tty stuff into sudo.c
25732: [e028abefeb07]
25733:
25734: 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
25735:
25736: * parse.c:
25737: fixed a logic bug. Was denying a command if user gave command line
25738: args but there were none in the sudoers file which is wrong.
25739: [7489a99b8e8a]
25740:
25741: * sudo.h:
25742: MAXCOMMMANDLEN dropped down to 1K
25743: [38ef54ba290b]
25744:
25745: * parse.lex:
25746: return foo; -> return(foo);
25747: [0e8be1b57001]
25748:
25749: * parse.yacc:
25750: fixed netgr_matches() prototype
25751: [e69f15910464]
25752:
25753: * parse.lex:
25754: added support for escaping "termination" characters
25755: [8bd4ef50f35c]
25756:
25757: * parse.c:
25758: buf is now of size MAXPATHLEN+1 since it never holds command args
25759: [2ce4b763058c]
25760:
25761: * sudo.c:
25762: fixed comments
25763: [0c74a3d2ebb0]
25764:
25765: * goodpath.c:
25766: fixed negation problem (doh!)
25767: [782814e3a2d1]
25768:
25769: * parse.yacc:
25770: fixed 2nd parameter to lfind()
25771: [63d7b1623c08]
25772:
25773: * parse.lex:
25774: now do bounds checking in fill() and append()
25775: [54381b563251]
25776:
25777: * sudo.c:
25778: include netdb.h as we should added a missing void cast added
25779: SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
25780: realloc actually moved the string instead of shrinking it
25781: [897ccdec9c06]
25782:
25783: * sample.sudoers:
25784: updated with examples of new features
25785: [9b3ed00e8aa6]
25786:
25787: * goodpath.c:
25788: now set errno to EACCES if not a regular file or not executable
25789: [2d069548a5ea]
25790:
25791: * find_path.c:
25792: if given a fully-qualified or relative path we now check it with
25793: sudo_goodpath() and error out with the appropriate error message if
25794: the file does not exist or is not executable
25795: [590f89dd8dec]
25796:
25797: * emul/search.h, lsearch.c:
25798: now use correct args for lfind
25799: [fccdcdbf020e]
25800:
25801: * logging.c:
25802: added a comment
25803: [fab9f49708ea]
25804:
25805: * insults.h:
25806: added in CSOps insults
25807: [ad8eb1862adc]
25808:
25809: * ins_csops.h:
25810: Initial revision
25811: [de5a475ec018]
25812:
25813: * tgetpass.c:
25814: added RCS id
25815: [c3ffd550a482]
25816:
25817: * sudo.h:
25818: increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
25819: [aba25c90d08a]
25820:
25821: * OPTIONS:
25822: added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
25823: [e27bd62e9ccf]
25824:
25825: * sudo.c:
25826: fixed -k load_interfaces() now gets called if FQDN is set
25827: -p now works with -s
25828: [07ca2a34bae8]
25829:
25830: * parse.c:
25831: don't try to stat() "pseudo commands" like "validate"
25832: [75527045984b]
25833:
25834: * options.h:
25835: added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
25836: [07b157a0eafd]
25837:
25838: * configure.in:
25839: added SecurID support added other insults to --with-csops
25840: [6c992ceb244c]
25841:
25842: * config.h.in:
25843: added HAVE_SECURID
25844: [e734ff617fe8]
25845:
25846: * Makefile.in:
25847: added clobber target added ins_csops.h now gets CFLAGS from
25848: configure
25849: [d1e29c7cec25]
25850:
25851: * aclocal.m4:
25852: relaxed SUDO_FULL_VOID
25853: [fb4084f27406]
25854:
25855: * visudo.c:
25856: function comment blocks are now in same style as rest of code
25857: [04a2931354c5]
25858:
25859: * testsudoers.c:
25860: added support for command line args in /etc/sudoers
25861: [bfe4e1bcc655]
25862:
25863: * sudoers.man:
25864: updated to have command args in the sudoers file
25865: [1cd34355e9ea]
25866:
25867: * sudo.man:
25868: added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
25869: [930b48023b68]
25870:
25871: 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
25872:
25873: * parse.yacc:
25874: PATH renamed to COMMAND
25875: [4e109a6de3cd]
25876:
25877: * parse.lex:
25878: it is now a parse error for directories to have args attached to
25879: them
25880: [2ab10a146b54]
25881:
25882: * logging.c:
25883: now say command args if telling user to buzz off
25884: [933de26ded8b]
25885:
25886: * sudo.c:
25887: -s no longer indicates end of args sped up loading on cmnd_args in
25888: load_cmnd()
25889: [eac99a4da862]
25890:
25891: * parse.c:
25892: removed an unreachable statement
25893: [634302623c49]
25894:
25895: * parse.lex:
25896: made more efficient by pulling out the terminators when in GOTCMND
25897: state and making them their own rule
25898: [80798f1e1166]
25899:
25900: 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
25901:
25902: * sudo.h:
25903: removed MAXLOGLEN since it is no longer used
25904: [102824196b71]
25905:
25906: * parse.lex:
25907: now allows command args
25908: [d29dfa1e5254]
25909:
25910: * parse.c:
25911: now groks command arguments
25912: [6c414cb7f105]
25913:
25914: * logging.c:
25915: now sets tty correctly when piped input
25916: [de46a30c0406]
25917:
25918: * sudo.c:
25919: fixed loading of cmnd_args (was including command name too)
25920: [15319a425ea6]
25921:
25922: * logging.c:
25923: fixed a core dump due to incorrect if construct
25924: [582363c7d7fa]
25925:
25926: 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
25927:
25928: * configure.in:
25929: only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
25930: [da591fe9b931]
25931:
25932: * aclocal.m4:
25933: fixed check for ISC
25934: [52e59f2082a7]
25935:
25936: * sudo.c:
25937: now sets cmnd_args used by log_error() and that will be used by the
25938: parse to check against command args
25939: [c6804389723b]
25940:
25941: * sudo.h:
25942: added cmnd_args
25943: [4d00446b4a8d]
25944:
25945: * logging.c:
25946: now dynamically allocate logline since we can guess at its size
25947: [4bed8c8446aa]
25948:
25949: 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
25950:
25951: * logging.c:
25952: cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
25953: "register" since the compiler knows more than I do now do a
25954: "basename" of the tty
25955: [3b1bbf0b3da1]
25956:
25957: 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
25958:
25959: * configure.in:
25960: ++version
25961: [5ce552f9a5f1]
25962:
25963: * sudo.h:
25964: added shell extern changed MODE_* to be bit masks to allow for
25965: several options together
25966: [06f9dc4f400c]
25967:
25968: * sudo.c:
25969: added -s (shell) option made MODE_* masks so we can do bitwise & and
25970: | to see if multiple flags are set.
25971: [01f8143010ad]
25972:
25973: * check.c:
25974: added securid support
25975: [909e078005fe]
25976:
25977: 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
25978:
25979: * logging.c:
25980: removed a bunch of unnecesary strncpy()'s and replaced with strcat()
25981: [644506b57d61]
25982:
25983: 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
25984:
25985: * Makefile.in, version.h:
25986: ++version
25987: [3cd6f1fbc3d9]
25988:
25989: 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
25990:
25991: * parse.yacc:
25992: fixed free() of an uninitialized pointer (yuck)
25993: [8c404ee502ee]
25994:
25995: * testsudoers.c:
25996: added netgr_matches
25997: [e7c9fa2f774c]
25998:
25999: * parse.c:
26000: cleaned up netgr_matches
26001: [8108f00b810e]
26002:
26003: 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
26004:
26005: * RUNSON:
26006: updated for 1.3.4
26007: [4741704310a1]
26008:
26009: 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
26010:
26011: * Makefile.in:
26012: now installs sudoers.man -- really should clean this up though.
26013: [455631d45a1d]
26014:
26015: * Makefile.in:
26016: added sudoers.cat and sudoers.man
26017: [0bdedd6c7363]
26018:
26019: * sudo.man:
26020: pulled out stuff on the sudoers file format into a separate man page
26021: [de215d999cb9]
26022:
26023: * sudoers.man:
26024: Initial revision
26025: [f25eafbb7095]
26026:
26027: * HISTORY:
26028: fixed up my email address
26029: [254fbf80be74]
26030:
26031: * configure.in:
26032: added checks for innetgr and getdomainname
26033: [24a99cb7e97e]
26034:
26035: * visudo.c:
26036: added dummy netgr_matches function
26037: [1841ff2c01da]
26038:
26039: * parse.c:
26040: added netgr_matches
26041: [ec90db6a97b8]
26042:
26043: * parse.lex, parse.yacc:
26044: added NETGROUP support
26045: [c9dd93e3bc4b]
26046:
26047: * config.h.in:
26048: added HAVE_INNETGR & HAVE_GETDOMAINNAME
26049: [14abd494d875]
26050:
26051: 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
26052:
26053: * sudo.c:
26054: rewrote clean_env() that has rm_env() builtin
26055: [55cb43818a95]
26056:
26057: 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
26058:
26059: * check.c:
26060: now cast uid to long in sprintf
26061: [b549eea40aeb]
26062:
26063: * OPTIONS:
26064: added _INSULTS suffix to HAL & GOONS end
26065: [ed620d0aad30]
26066:
26067: * options.h:
26068: added _INSULTS suffix to HAL & GOONS
26069: [9f72e9b83afd]
26070:
26071: * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
26072: converted to new scheme of insult "unions" end
26073: [2f6d2b412132]
26074:
26075: * sudo.c:
26076: now uses MAX_UID_T_LEN
26077: [c1df79e0f389]
26078:
26079: * configure.in:
26080: added SUDO_UID_T_LEN !l
26081: [195f0b9f5f84]
26082:
26083: * config.h.in:
26084: added MAX_UID_T_LEN
26085: [73f42ae4f14d]
26086:
26087: * check.c:
26088: now use MAX_UID_T_LEN
26089: [df9c063234cb]
26090:
26091: * aclocal.m4:
26092: added check for max len of uid_t fixed sco vs. isc check
26093: [d558f36d2223]
26094:
26095: 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
26096:
26097: * configure.in:
26098: corrected version
26099: [828dd1571e86]
26100:
26101: * configure.in:
26102: added sco support
26103: [af1e2f616638]
26104:
26105: * aclocal.m4:
26106: hack to check for sco
26107: [549ab99a9a43]
26108:
26109: * interfaces.c:
26110: removed #include <net/route.h> since it was hosing some OS's
26111: [ac78a7c04005]
26112:
26113: 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
26114:
26115: * find_path.c:
26116: fixed prreadlink() prototype
26117: [b380fe1f2b11]
26118:
26119: * check.c:
26120: added parens in #if's
26121: [e96ade691b82]
26122:
26123: * configure.in:
26124: added SPW_ prefix
26125: [a302683a1483]
26126:
26127: * sudo.h:
26128: moved SPW_* to config.h.in
26129: [6b3be70e34cf]
26130:
26131: * sudo.c:
26132: added a set of parens
26133: [8188d735d695]
26134:
26135: * config.h.in:
26136: added SPW_*
26137: [5ead6371cf60]
26138:
26139: * sudo.h:
26140: added SPW_* reordered error codes
26141: [dead25b4ed0a]
26142:
26143: * check.c:
26144: moved SPW_* to sudo.h
26145: [ca51fb04caf4]
26146:
26147: 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
26148:
26149: * sudo.c:
26150: SPW_AUTH -> SPW_SECUREWARE
26151: [6b512b2bc5dc]
26152:
26153: * logging.c:
26154: GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
26155: [defdd0944e2f]
26156:
26157: * configure.in:
26158: AUTH -> SECUREWARE
26159: [d1f8a17001dd]
26160:
26161: * check.c:
26162: SPW_AUTH -> SPW_SECUREWARE
26163: [af0e8d8b89b2]
26164:
26165: * check.c:
26166: now uses SHADOW_TYPE to make shadow pw support more readable and
26167: modular. It's a start...
26168: [8c2a59667014]
26169:
26170: * configure.in:
26171: added autodetection of shadow passwords
26172: [85f81fa54b1b]
26173:
26174: * sudo.c:
26175: now uses SHADOW_TYPE define
26176: [355e5dc09b07]
26177:
26178: * config.h.in:
26179: added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
26180: [c0c06e83e483]
26181:
26182: * aclocal.m4:
26183: added SUDO_CHECK_SHADOW
26184: [464301301639]
26185:
26186: 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
26187:
26188: * configure.in:
26189: define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
26190: memmove() since we dno longer use it...
26191: [8aefa87d7d31]
26192:
26193: * CHANGES:
26194: updated
26195: [ce97b3fd7182]
26196:
26197: * logging.c:
26198: added BROKEN_SYSLOG support
26199: [a45c3bca36f6]
26200:
26201: * config.h.in:
26202: added BROKEN_SYSLOG
26203: [6f6abf0a6268]
26204:
26205: * check.c:
26206: now only bitch it timestamp > time_now + 2 * timeout to allow for a
26207: machine udpating its time from a server
26208: [546bc8d35325]
26209:
26210: * sudo.man:
26211: added 2 security notes updated Nieusma's email addr
26212: [616756c56977]
26213:
26214: * lsearch.c:
26215: changed a memmove() to memcpy() since we don't have to worry about
26216: overlapping segments.
26217: [30baa478526b]
26218:
26219: 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
26220:
26221: * interfaces.c:
26222: cleanup up the loop when interfaces are groped in so that it is
26223: readable
26224: [1fa39446bd69]
26225:
26226: * Makefile.in, version.h:
26227: ++version
26228: [b46bd2b1770f]
26229:
26230: 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
26231:
26232: * CHANGES:
26233: annotated 124-126
26234: [b82a2b3ec7ce]
26235:
26236: 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
26237:
26238: * check.c:
26239: fixed permissions check on /tmp/.odus
26240: [cc2431a65468]
26241:
26242: 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
26243:
26244: * check.c:
26245: fixed some comments
26246: [8896d09b4fda]
26247:
26248: * check.c:
26249: now checks owner & mode of timedir also checks for bogus dates on
26250: timestamp file
26251: [a0fad5df5b0a]
26252:
26253: * OPTIONS:
26254: updated TIMEOUT info
26255: [033cc22d9e04]
26256:
26257: * logging.c, sudo.h:
26258: added BAD_STAMPDIR and BAD_STAMPFILE
26259: [31d9ce691101]
26260:
26261: * compat.h:
26262: added definition of S_IRWXU
26263: [ff2dab091a9b]
26264:
26265: * CHANGES:
26266: updated
26267: [a40df90284f1]
26268:
26269: 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
26270:
26271: * interfaces.c:
26272: added #ifdef to make it compile on strange arches
26273: [4a127f12afce]
26274:
26275: 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
26276:
26277: * aclocal.m4:
26278: fixed check for fulkl void impl.
26279: [b6f2a4a361d8]
26280:
26281: * check.c:
26282: added mssing "static"
26283: [520552f2772b]
26284:
26285: * insults.h:
26286: replaced #elif with #else #if constructs for ancient C compilers
26287: [39ab2d365b57]
26288:
26289: * INSTALL:
26290: updated irix c2 & kerb5 info
26291: [ae79b99b4905]
26292:
26293: * configure.in:
26294: added shadow pw support for irix
26295: [632469d9c528]
26296:
26297: 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
26298:
26299: * BUGS, TODO:
26300: updated
26301: [2a96bb18ac30]
26302:
26303: * CHANGES:
26304: last changes for sudo 1.3.3
26305: [c1c0cd1034b8]
26306:
26307: * configure.in:
26308: now calls SUDO_SOCK_SA_LEN
26309: [14ea78159d45]
26310:
26311: * config.h.in:
26312: added HAVE_SA_LEN
26313: [cc2a346aa905]
26314:
26315: * aclocal.m4:
26316: added SUDO_SOCK_SA_LEN
26317: [456a2025644a]
26318:
26319: * interfaces.c:
26320: now works with ip implementations that use sa_len in sockaddr
26321: [90be6e028077]
26322:
26323: * INSTALL:
26324: added note about buggy AIX compiler
26325: [c0f6d427e4e4]
26326:
26327: * interfaces.c:
26328: now include sys/time.h for AIX
26329: [2510858ab38b]
26330:
26331: 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
26332:
26333: * Makefile.in:
26334: getcwd -> getwd
26335: [66085ebca98e]
26336:
26337: * interfaces.c:
26338: now works for ISC and others. yay.
26339: [f336d4ffc927]
26340:
26341: 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
26342:
26343: * Makefile.in, version.h:
26344: version++
26345: [836cffc2078d]
26346:
26347: 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
26348:
26349: * aclocal.m4:
26350: fixed test for full void impl
26351: [fb004107e7b9]
26352:
26353: * sudo.c:
26354: now check to see that st_dev is non-zero before assuming that we are
26355: being spoofed
26356: [1b0e1c30c506]
26357:
26358: 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
26359:
26360: * aclocal.m4, configure.in:
26361: SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
26362: [4953379bfb01]
26363:
26364: 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
26365:
26366: * aclocal.m4:
26367: fixed include file order for SUDO_FUNC_UTIME_POSIX
26368: [ff64ab7df44f]
26369:
26370: * logging.c:
26371: added cast for ttyname()
26372: [444f05f56758]
26373:
26374: * configure.in:
26375: fixed typo
26376: [de068e748431]
26377:
26378: * check.c:
26379: now deal correctly with all known variation of utime() -- yippe
26380: [b778a4195a89]
26381:
26382: * configure.in:
26383: added SUDO_FUNC_UTIME_POSIX
26384: [cf635f2269d6]
26385:
26386: * aclocal.m4:
26387: added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
26388: [d79593be4b73]
26389:
26390: * config.h.in:
26391: added HAVE_UTIME_POSIX
26392: [c67b4ac0dca5]
26393:
26394: * check.c:
26395: fixed a typo
26396: [b14df5680f59]
26397:
26398: * check.c:
26399: no longer assume !HAVE_UTIME_NULL means old BSD utime()
26400: [0aeaf4b2f38b]
26401:
26402: * check.c:
26403: fixed fascist C compiler warning
26404: [c61ddf2f1f93]
26405:
26406: * interfaces.c:
26407: now set strioctl.ic_timout in STRSET() now initialize num_interfaces
26408: to 0 (just to be anal)
26409: [c54cc2ba0052]
26410:
26411: 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
26412:
26413: * sudo.h:
26414: increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
26415: [74cf585a54fb]
26416:
26417: * logging.c:
26418: added tty logging
26419: [e27d8dcfbd78]
26420:
26421: * interfaces.c:
26422: reworked the ISC code
26423: [bcf57ce8ae69]
26424:
26425: * Makefile.in, version.h:
26426: updated version
26427: [032941c9b94d]
26428:
26429: * check.c:
26430: now expect old-style utime(3) if utime() can't take NULL as an arg
26431: [018dd4a73030]
26432:
26433: * configure.in:
26434: added check for utime.h
26435: [0b76e8feb618]
26436:
26437: * config.h.in:
26438: added HAVE_UTIME_H
26439: [62ee42feda46]
26440:
26441: * Makefile.in:
26442: added CPPFLAGS STATIC_FLAGS -> LDFLAGS
26443: [fa3201d294e1]
26444:
26445: * configure.in:
26446: now search for kerb libs and includes
26447: [cc332401e571]
26448:
26449: * check.c:
26450: added support for utime(2)'s that can't take a NULL parameter
26451: [98797fedf69f]
26452:
26453: * utime.c:
26454: moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
26455: [6ce6d825fb44]
26456:
26457: * configure.in:
26458: added utime(s) stuff
26459: [a2afb744403e]
26460:
26461: * check.c:
26462: now use utime()
26463: [48902240a51e]
26464:
26465: * config.h.in:
26466: added HAVE_UTIME and HAVE_UTIME_NULL
26467: [9a56ab65d4f4]
26468:
26469: 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
26470:
26471: * utime.c:
26472: now use HAVE_UTIME_NULL
26473: [e3944de09a92]
26474:
26475: * emul/utime.h, utime.c:
26476: Initial revision
26477: [a2cbf2ef3427]
26478:
26479: * check.c:
26480: need to setuid(0) to make kerb4 stuff work.
26481: [c6cfda4039d7]
26482:
26483: * tgetpass.c:
26484: no more special case for kerberos
26485: [4a5c33145be9]
26486:
26487: * config.h.in:
26488: took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
26489: emulation)
26490: [a607ee43e650]
26491:
26492: * compat.h:
26493: no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
26494: kerberos
26495: [02fb274cc136]
26496:
26497: * check.c:
26498: now use private ticket file for kerberos support to avoid trouncing
26499: on system one
26500: [28d8b6b812c7]
26501:
26502: 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
26503:
26504: * sudo.h:
26505: added SPOOF_ATTEMPT & cmnd_st
26506: [d3b42a1f4d0d]
26507:
26508: * sudo.c:
26509: added anti-spoofing support
26510: [ab1e2aa44a57]
26511:
26512: * parse.c:
26513: now use global cmnd_st
26514: [47018265a1a6]
26515:
26516: * logging.c:
26517: added SPOOF_ATTEMPT suypport
26518: [7bbe9dd2a021]
26519:
26520: * testsudoers.c, visudo.c:
26521: added void casts where appropriate
26522: [f191441ba333]
26523:
26524: * parse.yacc:
26525: fixed up spacing and added void casts where appropriate
26526: [15d886fc809c]
26527:
26528: * sudo.c:
26529: fixed problem with "-p prompt" but no args
26530: [6fc048261a3e]
26531:
26532: 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
26533:
26534: * sudo.man:
26535: added BUGS and annotated -l description
26536: [e5c506de2603]
26537:
26538: * sudo.h:
26539: validate() now takes a flag
26540: [26627becc60a]
26541:
26542: * sudo.c:
26543: validate() now takes a flag added -l
26544: [a4f7bb97fe54]
26545:
26546: * parse.yacc:
26547: added support for -l
26548: [e7a9b10b0ad3]
26549:
26550: * parse.c:
26551: validate() now takes a flag that says whether or not to check the
26552: command
26553: [9e1e67f4e281]
26554:
26555: 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
26556:
26557: * logging.c:
26558: now deals with Argv == 1
26559: [0acb637ab635]
26560:
26561: * sudo.man:
26562: added -p option
26563: [e60382fc0561]
26564:
26565: * sudo.c:
26566: added prompt support reworked parse_args()
26567: [2f605267ed4a]
26568:
26569: * sudo.h:
26570: added prompt
26571: [5ab021bdb419]
26572:
26573: * options.h:
26574: added PASSPROMPT
26575: [614727ff44a2]
26576:
26577: * check.c:
26578: now use BUFSIZ as length of kerb password added kpass so pass is
26579: always a char * now use prompt global when asking for a password
26580: [76be09af784f]
26581:
26582: * tgetpass.c:
26583: now use BUFSIZ as _PASSWD_LEN if using kerberos
26584: [1e907eed312b]
26585:
26586: * OPTIONS:
26587: added PASSPROMPT
26588: [ddb2f405ce40]
26589:
26590: 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
26591:
26592: * configure.in:
26593: only look for -lufc or -lcrypt if crypt() not in libc
26594: [9717d315661f]
26595:
26596: * check.c:
26597: don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
26598: (unknown user) silently fail
26599: [2b48693d4ee9]
26600:
26601: * INSTALL:
26602: added kerb4 note
26603: [986e393f740c]
26604:
26605: * tgetpass.c:
26606: HAVE_KERBEROS -> HAVE_KERB4
26607: [e438bfb5e6aa]
26608:
26609: * check.c:
26610: removed debugging printf
26611: [1cf9f5cbffa5]
26612:
26613: * configure.in:
26614: KERBEROS -> KERB4 added checks for setreuid & setresuid
26615: [01e9945beb1e]
26616:
26617: * config.h.in:
26618: HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
26619: [0e0bb5b8ac3e]
26620:
26621: * compat.h:
26622: added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
26623: with setresuid if applic
26624: [9dae24c47696]
26625:
26626: * check.c:
26627: HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
26628: no setreuid() or a broken one
26629: [1fca642bdb8e]
26630:
26631: 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
26632:
26633: * configure.in:
26634: added kerberos support
26635: [da5639b9b8e7]
26636:
26637: * config.h.in:
26638: added HAVE_KERBEROS
26639: [fcc5be550e65]
26640:
26641: * tgetpass.c:
26642: added KERBEROS support (long passwords)
26643: [303ba6924dd2]
26644:
26645: * check.c:
26646: added kerberos support
26647: [e40afe98fc1d]
26648:
26649: 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
26650:
26651: * sudo.h:
26652: added MODE_BACKGROUND
26653: [9b483c932016]
26654:
26655: * sudo.man:
26656: escaped dashes added -b option
26657: [62e84f1a7714]
26658:
26659: * sudo.c:
26660: added -b option
26661: [7e78aaefeb95]
26662:
26663: * check.c:
26664: added crypt() for osf/1 3.x enhanced secuiry
26665: [e9aa5abdb7d5]
26666:
26667: * configure.in:
26668: now check for -lcrypt
26669: [5cb9c67e9fa2]
26670:
26671: * interfaces.c:
26672: added ENXIO like EADDRNOTAVAIL
26673: [74223bb1ba75]
26674:
26675: 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
26676:
26677: * configure.in:
26678: now emulate getwd(), not getcwd()
26679: [3e5439d9a5f4]
26680:
26681: * sudo.c:
26682: getcwd() -> getwd()
26683: [6392a96a658e]
26684:
26685: * getwd.c:
26686: getcwd -> getwd
26687: [1b0ab9bae11e]
26688:
26689: 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
26690:
26691: * ins_2001.h, ins_classic.h, ins_goons.h:
26692: Initial revision
26693: [86db60d8cf00]
26694:
26695: * insults.h:
26696: broke out insults into separate include files
26697: [0a01993bd38a]
26698:
26699: * OPTIONS, options.h:
26700: added GOONS
26701: [e283203c6515]
26702:
26703: * Makefile.in:
26704: added ins_2001.h ins_classic.h ins_goons.h
26705: [2a39cd6a4cd2]
26706:
26707: * Makefile.in, version.h:
26708: ++version
26709: [05ebf4f5e41a]
26710:
26711: * visudo.c:
26712: moved signal handler setup to setup_signals()
26713: [3dd976c04540]
26714:
26715: * sudo.h:
26716: added load_interfaces()
26717: [af2d473b09e2]
26718:
26719: * sudo.c:
26720: moved load_interfaces to interfaces.c
26721: [5c8c138e5d4c]
26722:
26723: * parse.yacc:
26724: added clearaliases
26725: [aeb4ff301daa]
26726:
26727: * OPTIONS, options.h:
26728: added FAST_MATCH
26729: [f49ea3d1b525]
26730:
26731: * parse.lex:
26732: now uses clearaliases variable
26733: [a2dda415bf61]
26734:
26735: * interfaces.c:
26736: Initial revision
26737: [a1990e3f5c69]
26738:
26739: * Makefile.in:
26740: added interfaces.[co]
26741: [1e8e5984de97]
26742:
26743: * testsudoers.c:
26744: now uses ip addrs and netmasks via load_interfaces()
26745: [54b8f7a6835e]
26746:
26747: * sudo.c:
26748: now remove IFS instead of setting to "sane" value
26749: [ce7eec9f115e]
26750:
26751: 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
26752:
26753: * parse.c:
26754: added FAST_MATCH
26755: [816d4f5fe81a]
26756:
26757: 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
26758:
26759: * Makefile.in:
26760: sudo_goodpath.c-> goodpath.c
26761: [a5072c4e1de2]
26762:
26763: * sudo.c:
26764: added Andy's new ISC changes
26765: [caa6bbee358e]
26766:
26767: 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
26768:
26769: * OPTIONS:
26770: added a sentence to SECURE_PATH info
26771: [cad6e1569d15]
26772:
26773: * BUGS:
26774: added one
26775: [4b35cf699a83]
26776:
26777: * CHANGES:
26778: updated
26779: [5fded9dc62f0]
26780:
26781: * RUNSON:
26782: updated
26783: [33cb993cfd39]
26784:
26785: 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
26786:
26787: * RUNSON:
26788: updated for beta3
26789: [a05dc6a91995]
26790:
26791: * Makefile.in, version.h:
26792: ++version
26793: [54aaf3fadc75]
26794:
26795: * aclocal.m4:
26796: sendmail is now looked for in �/usr/ucblib
26797: [231ac1a4662f]
26798:
26799: * sudo.c:
26800: fixed indentation
26801: [fb137400c8c2]
26802:
26803: * aclocal.m4:
26804: fixed a typo
26805: [e03f1acc468b]
26806:
26807: * sudo.c:
26808: updated ISC mods
26809: [070290d4754b]
26810:
26811: * configure.in:
26812: added unixware case
26813: [e90250bae0d9]
26814:
26815: * check.c:
26816: user_is_exempt is no longer hidden
26817: [1a341765b8af]
26818:
26819: * RUNSON:
26820: updated
26821: [a9c4898b26dd]
26822:
26823: * aclocal.m4:
26824: isc and riscos changes
26825: [98b5d86585d1]
26826:
26827: * OPTIONS:
26828: added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
26829: [e1ecc464ce4b]
26830:
26831: * Makefile.in:
26832: fixed a typo and added testsudoers stuff
26833: [435d60e163dc]
26834:
26835: * testsudoers.c:
26836: Initial revision
26837: [6ce14a448662]
26838:
26839: 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
26840:
26841: * parse.yacc:
26842: applied fixed patch from Chris
26843: [cd6144203d13]
26844:
26845: 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
26846:
26847: * Makefile.in:
26848: fixed a typo
26849: [34f8a54ba041]
26850:
26851: * parse.yacc:
26852: added a set of braces for bison
26853: [f0e43b938914]
26854:
26855: * parse.yacc:
26856: merged in Chris' changes to dekludge the parser.
26857: [82d6e373ab1c]
26858:
26859: * logging.c:
26860: send_mail() was calling find_path() which is wrong since find_path()
26861: stores cmnd in a static var. Anyhow, it doesn't make much sense
26862: since MAILER should always be fully qualified
26863: [6eae6a0b8098]
26864:
26865: 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
26866:
26867: * sample.sudoers:
26868: added User_Alias stuff
26869: [aaba8c8e918d]
26870:
26871: * aclocal.m4:
26872: SUDO_NEXT now looks for /usr/lib/NextStep/software_version
26873: [52bd81f34b32]
26874:
26875: * RUNSON:
26876: added DEC UNIX 3.0 w/ gcc
26877: [7daf570775b5]
26878:
26879: * visudo.c:
26880: Exit was being used in places where exit should be used
26881: [6026a89c07ed]
26882:
26883: * sudoers:
26884: added "User alias specification"
26885: [a487b6e234f8]
26886:
26887: * parse.yacc:
26888: fixed probs caused by making nslots and naliases a size_t
26889: [0be919384f3f]
26890:
26891: * RUNSON:
26892: added KSR, upped rev to 1.3.1b2
26893: [ce04ee6faadf]
26894:
26895: * logging.c, parse.yacc:
26896: 1024 -> BUFSIZ
26897: [cd6dda45fa11]
26898:
26899: * parse.yacc:
26900: void * -> VOID * naliases and nslots are now size_t to appease
26901: lsearch on 64-bit machines
26902: [bf2f807c0dc1]
26903:
26904: 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
26905:
26906: * TODO:
26907: did a bunch of things and added a bunch :-)
26908: [42afd957b829]
26909:
26910: * PORTING:
26911: updated
26912: [972f95c85776]
26913:
26914: * visudo.man:
26915: closer to BSD manpage style
26916: [07ae88f50325]
26917:
26918: * sudo.man:
26919: closer to standard BSD man format
26920: [372c28dcc135]
26921:
26922: * compat.h, config.h.in, emul/search.h, insults.h, options.h,
26923: pathnames.h.in, sudo.h, version.h:
26924: added RCS id
26925: [c0ec90b81002]
26926:
26927: * sudo.h:
26928: removed crufty #defines that are no longer used
26929: [35e2b4b477f0]
26930:
26931: * BUGS:
26932: fixed a bug
26933: [5bb3e1bee85e]
26934:
26935: * sudo.man:
26936: updated based on sudo changes
26937: [e65de1cae438]
26938:
26939: * parse.yacc:
26940: now allow ALL keyword in User_Aliases now allow ALL keyword as well
26941: as a NAME or ALIAS
26942: [1fb31404dd0f]
26943:
26944: * CHANGES:
26945: updated
26946: [b24018ac610b]
26947:
26948: * sudo.c:
26949: now sets SUDO_COMMAND and SUDO_GID envariables.
26950: [e9d791557fb7]
26951:
26952: * aclocal.m4:
26953: fixed bug with full void impl check
26954: [35715301023c]
26955:
26956: * parse.yacc:
26957: fixed User_Alias supoprt
26958: [4c30dfbaaa07]
26959:
26960: * parse.yacc:
26961: added stubs for User_Alias support
26962: [f4afbd247edf]
26963:
26964: * sudo.c:
26965: now sets removes # bogus interfaces from num_interfaces
26966: [6f077fac9ab1]
26967:
26968: * parse.lex:
26969: added User_Alias support
26970: [bc7997e5df85]
26971:
26972: 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
26973:
26974: * Makefile.in:
26975: removed extraneous TODO
26976: [bc87a3b14d6d]
26977:
26978: 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
26979:
26980: * visudo.c:
26981: ntwk_matches -> addr_matches
26982: [475044e288b8]
26983:
26984: * parse.yacc:
26985: ntwk_matches -> addr_matches
26986: [dd1f4093fd2d]
26987:
26988: * parse.c:
26989: ntwk_matches -> addr_matches now use inet_addr() not inet_network()
26990: (which expects octet boundaries) fixes for OSF (sizeof(int) !=
26991: sizeof(long))
26992: [acd2f556940f]
26993:
26994: * sudo.c:
26995: took out debugging info
26996: [044023063eca]
26997:
26998: * aclocal.m4:
26999: OS was being set to unknown before non-uname based host checks.
27000: This caused no checks to happen since $OS was not zero-length.
27001: [335a7267479d]
27002:
27003: * sudo.c:
27004: fixed loading of interfaces struct still has debugging info in
27005: though
27006: [2d1a18998c1e]
27007:
27008: * parse.c:
27009: fixed typo
27010: [175674a3a9fa]
27011:
27012: 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
27013:
27014: * Makefile.in:
27015: ++version
27016: [55d191b5daa3]
27017:
27018: * version.h:
27019: ++
27020: [d7d1f115696a]
27021:
27022: * visudo.c:
27023: removed extraneous extern decl of "top
27024: [50355621047d]
27025:
27026: * visudo.c:
27027: now zeros "top"
27028: [4e683210345b]
27029:
27030: * parse.yacc:
27031: removed parser_cleanup (no need for it now)
27032: [afa59f222b6c]
27033:
27034: * parse.lex:
27035: now calls reset_aliases() directly
27036: [3a23cbd60fc0]
27037:
27038: 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
27039:
27040: * OPTIONS:
27041: added a sentence to SECURE_PATH description
27042: [c5bf75b85af0]
27043:
27044: * parse.c:
27045: fixed my stupid bug where I used NAMLEN on something I wanted to
27046: just get the name from. argh.
27047: [111f460f6540]
27048:
27049: 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
27050:
27051: * lsearch.c:
27052: fixed argument order of memmove() that i hosed when converting from
27053: bcopy(). arghh.
27054: [2f5336045c8b]
27055:
27056: * Makefile.in:
27057: finally fixed DISTFILES line
27058: [a1b419e73a63]
27059:
27060: * Makefile.in:
27061: tabs -> spaces
27062: [280fb03e5764]
27063:
27064: * Makefile.in:
27065: added missing files to DISTFILES
27066: [991fc1cd2263]
27067:
27068: * Makefile.in:
27069: SUPPORTED -> RUNSON
27070: [7580e65b05fb]
27071:
27072: 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
27073:
27074: * TODO:
27075: updated
27076: [fe764a29c1cc]
27077:
27078: * RUNSON:
27079: updated for pl5b1 release
27080: [aefc35bd2291]
27081:
27082: * BUGS, TODO:
27083: updated
27084: [8f0ea249b687]
27085:
27086: * check.c:
27087: fixed bug where if you hit return at first sudo prompt it would
27088: still log as a failure
27089: [24539c854692]
27090:
27091: * CHANGES:
27092: updated
27093: [251cc7b3ede4]
27094:
27095: * aclocal.m4:
27096: better test for bogus void * implementation
27097: [efe23180cb88]
27098:
27099: * logging.c:
27100: added PASSWORDS_NOT_CORRECT
27101: [bd12c73f83f7]
27102:
27103: * check.c:
27104: added PASSWORDS_NOT_CORRECT stuff]
27105: [90de391a979f]
27106:
27107: * sudo.h:
27108: added PASSWORDS_NOT_CORRECT
27109: [727fbeb76fc5]
27110:
27111: * tgetpass.c:
27112: moved pathnames.h
27113: [4f910e5a8df7]
27114:
27115: * sudo.c:
27116: removed some unused vars and fixed up uid2str
27117: [70e92c7f9076]
27118:
27119: * putenv.c:
27120: moved compat.h
27121: [b271091586f6]
27122:
27123: * getcwd.c, getwd.c:
27124: added pathnames.h
27125: [6f25218f133f]
27126:
27127: 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
27128:
27129: * parse.yacc:
27130: fixed a typo I introduced in the last checkin :-(
27131: [62c3af75c4fe]
27132:
27133: * parse.lex:
27134: can't have #ifdef's where N is defined so just do this the broken
27135: way for AIX
27136: [c5648a5594e4]
27137:
27138: * parse.yacc:
27139: better hack from Chris (but still a hack)
27140: [6b6d8aed93f3]
27141:
27142: * parse.lex:
27143: stupid hack for broken aix lex
27144: [efc3f9e5280e]
27145:
27146: * tgetpass.c:
27147: now includes compat.h �
27148: [401822173f77]
27149:
27150: * visudo.c:
27151: now includes fcntl.h
27152: [63865c2f8ac6]
27153:
27154: * compat.h:
27155: added FD_SET and FD_ZERO for 4.2BSD
27156: [00c5597c0bb0]
27157:
27158: * parse.yacc:
27159: dirty hack to fix parser bug. i don't really like this but it works
27160: for now...
27161: [5b8bbdc81569]
27162:
27163: * sudo.c:
27164: uid2str is now static like the prototype says
27165: [f2a97b5cb870]
27166:
27167: 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
27168:
27169: * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
27170: updated
27171: [6f79c3e92716]
27172:
27173: * RUNSON:
27174: Initial revision
27175: [12a09ef9e884]
27176:
27177: * sudo.c:
27178: check_sudoers now returns an error code and sudo calls inform_user
27179: and log_error based on the return value.
27180: [340eca188d9a]
27181:
27182: * logging.c, sudo.h:
27183: added entries for new errors
27184: [6050d8542e1f]
27185:
27186: * parse.c:
27187: now set uid to that of SUDOERS_OWNER while parsing sudoers file
27188: [3683c42bc9b0]
27189:
27190: * Makefile.in:
27191: took out testsudoers �
27192: [65317d49db48]
27193:
27194: * sudo.c:
27195: now explicately checks that it is setuid root
27196: [2fe1be60ef6a]
27197:
27198: * sudo.c:
27199: If a user has no passwd entry sudo would segv (writing to a garbage
27200: pointer). Now allocate space before writing :-)
27201: [d08e7eb5e5ef]
27202:
27203: * configure.in:
27204: reordered AC_CHECK_FUNCS
27205: [4c82e56c6f4f]
27206:
27207: * config.h.in:
27208: fixed memset macro
27209: [77ede6b714ab]
27210:
27211: * tgetpass.c, visudo.c:
27212: bzero -> memset
27213: [1a005bb322c8]
27214:
27215: * logging.c:
27216: bzero -> memset when a parse error is logged the line number of the
27217: error is now logged too
27218: [a42d68047723]
27219:
27220: * INSTALL:
27221: added Sunos to blurb about c2 security
27222: [af750a1d131e]
27223:
27224: * configure.in:
27225: added a SUN4 define for C2 security
27226: [6ad5b23a3eb0]
27227:
27228: * config.h.in:
27229: bcopy -> memmove bzero -> memset
27230: [5494460c8464]
27231:
27232: * lsearch.c:
27233: bcopy -> memmove char * -> VOID *
27234: [a15f5c316e16]
27235:
27236: * check.c:
27237: added support for sunos with C2 security
27238: [03fea5bb21e6]
27239:
27240: * OPTIONS, options.h:
27241: reordered
27242: [1686265af3e1]
27243:
27244: * pathnames.h.in:
27245: _PATH_SUDO_LOGFILE now set based on configure
27246: [5867b58e4a04]
27247:
27248: * configure.in:
27249: added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
27250: [1984d9fd1b5c]
27251:
27252: * config.h.in:
27253: added _SUDO_PATH_LOGFILE
27254: [dd3eebe62580]
27255:
27256: * aclocal.m4:
27257: added SUDO_LOGFILE to find where to put sudo.log added
27258: SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
27259: SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
27260: [c589a515a99a]
27261:
27262: 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
27263:
27264: * TROUBLESHOOTING:
27265: Initial revision
27266: [f42f1baba3a8]
27267:
27268: * sudo.c:
27269: now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
27270: to work around a problem is trusted hpux shadow passwords. yuck.
27271: [ae1f13b54687]
27272:
27273: * parse.yacc:
27274: backed out a change in malloc/realloc
27275: [ab868db0ad69]
27276:
27277: * parse.yacc:
27278: now include stdlib.h
27279: [957eef0631eb]
27280:
27281: * visudo.c:
27282: now do an freopen() of the stmp file so that yyin will always point
27283: to the same thing. This is important for flex since we are doing a
27284: YY_NEWFILE
27285: [44558922fd3e]
27286:
27287: * parse.yacc:
27288: replaced yywrap() with parser_cleanup() since yywrap() needs to be
27289: in parse.lex to be able to use YY_NEW_FILE. sigh.
27290: [12dd09921074]
27291:
27292: * parse.lex:
27293: now have a rule that matches anything that doesn't match an
27294: explicite rule. well, you know what i mean (. matches anything not
27295: yet matched). However, this means that there is input still queued
27296: up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
27297: into parse.lex and it calls parser_cleanup() which is most of the
27298: old yywrap() sigh.
27299: [7f4042bc48d6]
27300:
27301: * SUPPORTED:
27302: no longer used
27303: [8f220be4da94]
27304:
27305: * getcwd.c, getwd.c:
27306: moved compat.h to be the last include file
27307: [9f3a65e2d485]
27308:
27309: * parse.yacc:
27310: fixed type of aliascmp() args
27311: [1c27eb989bdf]
27312:
27313: * find_path.c:
27314: NULL -> '\0'
27315: [5c8d8cf1692e]
27316:
27317: * parse.yacc:
27318: added casts to lfind and lsearch args for irix
27319: [61027ddeecf8]
27320:
27321: * Makefile.in:
27322: bsdinstall -> install-sh
27323: [61de6612c5a5]
27324:
27325: * INSTALL:
27326: added info about make realclean
27327: [29c6324d727f]
27328:
27329: * Makefile.in:
27330: updated VERSION added dependencies for visudo.cat
27331: [09077d7229d4]
27332:
27333: * version.h:
27334: -> pl5b1
27335: [5d21c7ad1a41]
27336:
27337: * sudo.c:
27338: took out -l
27339: [fc1478d81b38]
27340:
27341: * Makefile.in:
27342: now there is a real visudo.man and visudo.cat
27343: [58aeac43a6dd]
27344:
27345: * sudo.man:
27346: took out visudo stuff
27347: [4a6ac4393343]
27348:
27349: * visudo.man:
27350: Initial revision
27351: [cba348843db8]
27352:
27353: * parse.c, parse.lex, parse.yacc:
27354: updated copyright
27355: [ffa16b70944a]
27356:
27357: * README:
27358: updated for pl5
27359: [a26e423e9e5f]
27360:
27361: * sudo.man:
27362: updated Nieusma & Hieb email addresses
27363: [f0083e71989d]
27364:
27365: * INSTALL:
27366: updated to include options.h and OPTIONS
27367: [ee59e2b76c94]
27368:
27369: * CHANGES, TODO:
27370: updated
27371: [51e011ad5220]
27372:
27373: * BUGS:
27374: eliminated bug #1 (yay)
27375: [e7e88515494e]
27376:
27377: * configure.in:
27378: sunos no longer gets linked statically
27379: [2e5b3ff3108f]
27380:
27381: 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
27382:
27383: * parse.lex:
27384: prototype now uses __P()
27385: [68ecdcab4c70]
27386:
27387: * parse.lex:
27388: make fill() non-ansi
27389: [d6509972260b]
27390:
27391: * parse.c:
27392: made -v (validate) work
27393: [13c9d520638c]
27394:
27395: * logging.c:
27396: now gives host
27397: [f04859cdba5a]
27398:
27399: * find_path.c:
27400: don't check for execute/statable if fq or relative path given
27401: [4bbe851f3973]
27402:
27403: * parse.c:
27404: added a cast
27405: [345c308f72f3]
27406:
27407: * visudo.c:
27408: now include ctype.h for islower and tolower macros
27409: [582c0aa332d5]
27410:
27411: * goodpath.c:
27412: moved _S_IFMT & _S_ISREG to compat.h
27413: [828e4ca4e7b4]
27414:
27415: * sudo.c:
27416: moved a set of parens
27417: [5783474ecf37]
27418:
27419: * strdup.c:
27420: now include compat.h
27421: [75e2036b94af]
27422:
27423: * emul/search.h:
27424: void * -> VOID *
27425: [cedcfaf04161]
27426:
27427: * parse.yacc:
27428: now cast malloc & realloc return vals added search for HAVE_LSEARCH
27429: now use strcmp if no strcasecmp available
27430: [d6a42bc3d4ae]
27431:
27432: * lsearch.c:
27433: void * -> VOID *
27434: [886adc44f607]
27435:
27436: * config.h.in:
27437: removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
27438: HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
27439: [3b50d7fb4349]
27440:
27441: * compat.h:
27442: added _S_IFMT, _S_IFREG, and S_ISREG
27443: [73d506c7d53c]
27444:
27445: * aclocal.m4:
27446: took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
27447: to most SUDO_* macros
27448: [8442155f5936]
27449:
27450: * Makefile.in:
27451: no more -I.
27452: [63462f195bd4]
27453:
27454: * configure.in:
27455: various 1.x ro 2.x autoconf changes now check for strcasecmp now use
27456: AC_INSTALL_PROG instead of custom one added check for fully woorking
27457: void implementation
27458: [5ac6b6e6230f]
27459:
27460: * Makefile.in:
27461: added lsearch & search.h visudo links into $(LIBOBJS)
27462: [bc119cda4598]
27463:
27464: * aclocal.m4:
27465: partial 1.x to 2.x changes added SUDO_FULL_VOID
27466: [1194d01fa5c5]
27467:
27468: * visudo.c:
27469: whatnow_help was prototyped to be static be was not declared as
27470: such
27471: [0f85489dd426]
27472:
27473: * configure.in:
27474: autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
27475: for dirent/dir/ndir.h
27476: [7408f3854948]
27477:
27478: * parse.c:
27479: now use groovy gnu autoconf macro AC_HEADER_DIRENT
27480: [e465db9f5dfa]
27481:
27482: * getcwd.c, getwd.c:
27483: MAXPATHLEN -> MAXPATHLEN+1
27484: [714d87424e21]
27485:
27486: * emul/search.h, lsearch.c:
27487: Initial revision
27488: [55d79482c535]
27489:
27490: 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
27491:
27492: * parse.yacc:
27493: eliminated bison warnings
27494: [61ca0a96da22]
27495:
27496: * parse.lex:
27497: added missing case
27498: [6be0f849747c]
27499:
27500: * visudo.c:
27501: now iincludes signal.h
27502: [221e0fcc144f]
27503:
27504: * parse.yacc:
27505: only clear data structures on a parse error
27506: [7b1c0f1a4527]
27507:
27508: * visudo.c:
27509: whatnow() now gives help on invalid input
27510: [e5a4cd88c587]
27511:
27512: * visudo.c:
27513: added a whatnow() function (sort of like mh)
27514: [932d9b145f1c]
27515:
27516: * parse.yacc:
27517: kill_aliases -> reset_aliases yywrap() now cleans up by calling
27518: reset_aliases() and clearing top took reset stuff out of yyerror()
27519: since it doesn't beling there (and doesn't work anyway). errorlineno
27520: is now initially set to -1 so we can set it to the first error that
27521: occurrs (it was getting set to the last)
27522: [2f71f95a974c]
27523:
27524: * parse.lex:
27525: added a void cast
27526: [18ae6042dce4]
27527:
27528: * visudo.c:
27529: rewrote from scratch based on 4.3BSD vipw.c
27530: [2f6814f18576]
27531:
27532: 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
27533:
27534: * sudo.c, sudo.h:
27535: removed ocmnd
27536: [a31735f41ad4]
27537:
27538: * sudo.h:
27539: no more sudo_realpath() and find_path() changed params
27540: [8e85c3b39159]
27541:
27542: * sudo.c:
27543: find_path() changed since no more realpath()
27544: [b25366c7f2ee]
27545:
27546: * parse.yacc:
27547: on error, errorlineno is set to the line where the error occurred
27548: added kill_aliases() to free the aliases struct now clean up in
27549: yyerror() so we can reparse cleanly
27550: [2342f578c27a]
27551:
27552: * options.h, parse.c:
27553: no more USE_REALPATH
27554: [cfc59babeaff]
27555:
27556: * logging.c:
27557: changed to use new find_path()
27558: [91c7a38e7751]
27559:
27560: * find_path.c:
27561: removed all the realpath() stuff
27562: [cc21a43a8562]
27563:
27564: * Makefile.in:
27565: sudo_realpath.c -> sudo_goodpath.c
27566: [03a9b1ddec2f]
27567:
27568: * visudo.c:
27569: now works correctly with utk parser
27570: [08aa554a0ce8]
27571:
27572: * goodpath.c:
27573: Initial revision
27574: [1ea607e1ffb2]
27575:
27576: * sudo_realpath.c:
27577: eliminated a compiler warning
27578: [198bcccc55b6]
27579:
27580: * sudo.c:
27581: elinated compiler warning
27582: [e2384f9a878b]
27583:
27584: * sudo_realpath.c:
27585: added sudo_goodpath()
27586: [43878c4cc540]
27587:
27588: * sudo.h:
27589: added prototype for sudo_goodpath
27590: [23e8627a2265]
27591:
27592: * parse.c:
27593: added support for /sys/dir.h
27594: [eca897087741]
27595:
27596: * options.h:
27597: USE_REALPATH turned off
27598: [620ac8b63d85]
27599:
27600: * find_path.c:
27601: added calls to sudo_goodpath()
27602: [ad170904fbcd]
27603:
27604: * configure.in:
27605: added check for dirent.h
27606: [7964a8c26855]
27607:
27608: * config.h.in:
27609: added HAVE_DIRENT_H
27610: [1f785fec7e19]
27611:
27612: * configure.in:
27613: added in linux shadow pass stuff �
27614: [e585a5785f50]
27615:
27616: 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
27617:
27618: * visudo.c:
27619: added back host, user, cmnd, parse_error
27620: [0ec19f3d64f4]
27621:
27622: * visudo.c:
27623: added in utk changes plus some minor cosmetic changes
27624: [c5c1921c8a58]
27625:
27626: * sudo.c, sudo_realpath.c:
27627: added void casts for printf's
27628: [9c6ff11c0082]
27629:
27630: * options.h:
27631: added a define of USE_REALPATH
27632: [db3711c9efc5]
27633:
27634: * configure.in:
27635: there is no more visudoers/Makefile
27636: [36e1bc1f78d0]
27637:
27638: * Makefile.in:
27639: added in utk changes (visudo is now built from the toplevel)
27640: [76203d4b345d]
27641:
27642: * find_path.c:
27643: added (void) casts to printf's
27644: [dd5cb1e060ac]
27645:
27646: * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
27647: merged in utk changes
27648: [35563307fd8e]
27649:
27650: 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
27651:
27652: * find_path.c:
27653: now check to see that what we are trying to run is a file (or a link
27654: to a file, we do a stat(2) so there is no diff)
27655: [05889c4bcace]
27656:
27657: 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
27658:
27659: * CHANGES:
27660: updated
27661: [3e8047bb26fb]
27662:
27663: * Makefile.in:
27664: aclocal.m4 -> acsite.m4 make realclean updated for new autoconf �
27665: [0bdbaa7c4c7d]
27666:
27667: * sudo.man:
27668: added myself as maintainer
27669: [77a9d75aab84]
27670:
27671: 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
27672:
27673: * sudo.c:
27674: changed setegid -> setgid
27675: [7f4788d73b6f]
27676:
27677: 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
27678:
27679: * configure.in:
27680: fixed the test for irix 5.x to skip bad libs
27681: [bfef896de013]
27682:
27683: * aclocal.m4:
27684: now initialize OS and OSREV
27685: [cc302756e440]
27686:
27687: 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
27688:
27689: * configure.in:
27690: irix5 changes
27691: [ac985b23f5f2]
27692:
27693: * configure.in:
27694: AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
27695: compatibility
27696: [0cf8c92a06d7]
27697:
27698: 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
27699:
27700: * visudo.c:
27701: use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
27702: thing wrt yyrestart (grrrr)
27703: [18e8eabfbb82]
27704:
27705: 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
27706:
27707: * Makefile.in:
27708: added visudoers/compat.h to DISTFILES
27709: [db23b574b034]
27710:
27711: * configure.in:
27712: fixed an echo
27713: [7cbc0462b89d]
27714:
27715: * sudo.c:
27716: added ocmnd declaration adjusted for find_path()'s new parameters
27717: [d929cd156474]
27718:
27719: * sudo.h:
27720: added ocmnd extern adjusted find_path() prototype
27721: [e0004daf5d3c]
27722:
27723: * parse.c:
27724: cmndcmp() now takes 3 arguments and checks against the qualified as
27725: well as the unqualified pathname. more code that should use
27726: cmndcmp() but did not, now does
27727: [6f70a8c17bee]
27728:
27729: * options.h:
27730: added to a comment
27731: [7a78680426b2]
27732:
27733: * logging.c:
27734: changed to use new find_path() parameter passing
27735: [840981d30db4]
27736:
27737: * find_path.c:
27738: find_path() now takes 2 copyout parameters (one for the qualified
27739: pathname and one for the unqualified pathname). The third parameter
27740: may be NULL.
27741: [851503b005e9]
27742:
27743: * configure.in:
27744: no longer munge pathnames.h
27745: [427d8796c5a9]
27746:
27747: * pathnames.h.in:
27748: changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
27749: as a result, pathnames.h does not need to be run through configure
27750: and the user can override the configured values easily.
27751: [2e378f2ebe88]
27752:
27753: * config.h.in:
27754: added _SUDO_PATH_* entries
27755: [0857de7cebab]
27756:
27757: * aclocal.m4:
27758: _PATH* -> _SUDO_PATH_*
27759: [7601193f56cc]
27760:
27761: * Makefile.in:
27762: updated DISTFILES and HDRS .o's now depend on config.h
27763: [39d8601965cf]
27764:
27765: 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
27766:
27767: * compat.h:
27768: removed extraneous #endif
27769: [27d4c5f2ce7e]
27770:
27771: * aclocal.m4:
27772: added SUDO_PROG_MV
27773: [76dda3bdd816]
27774:
27775: * configure.in:
27776: added SUDO_PROG_MV added riscos and isc os types took out
27777: -DSHORT_MESSAGE from --with-csops since it is now the default
27778: [68c206ad976e]
27779:
27780: * sudo.c:
27781: move the include of id.h to compat.h now includes options.h
27782: [45a1eaafb3a8]
27783:
27784: * sudo.h:
27785: moved compatibility #defines to compat.h
27786: [0eee27057698]
27787:
27788: * pathnames.h.in:
27789: added _PATH_MV
27790: [e830797ab320]
27791:
27792: * config.h.in:
27793: move __P to compat.h
27794: [188e12e0ba93]
27795:
27796: * getcwd.c, getwd.c, putenv.c:
27797: now includes compat.h
27798: [c72cb6d73981]
27799:
27800: * compat.h:
27801: Initial revision
27802: [d4d2f359ae03]
27803:
27804: 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
27805:
27806: * sudo.h:
27807: pull user-configurable stuff out and put in options.h
27808: [ef929467b070]
27809:
27810: 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
27811:
27812: * parse.lex, parse.yacc, visudo.c:
27813: now includes options.h
27814: [e36d7c82add1]
27815:
27816: * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
27817: sudo_setenv.c:
27818: now includes options.h
27819: [f186ba03de07]
27820:
27821: * Makefile.in:
27822: added visudoers/options.h
27823: [e5350c476494]
27824:
27825: * OPTIONS, options.h:
27826: Initial revision
27827: [9b6b5001e318]
27828:
27829: * Makefile.in:
27830: added OPTIONS and options.h
27831: [25448341e16a]
27832:
27833: * logging.c:
27834: changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
27835: [5dd6385dd1d3]
27836:
27837: * check.c, sudo.h:
27838: changed PASSWORD_TIMEOUT to minutes
27839: [0ec6aab98738]
27840:
27841: 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
27842:
27843: * visudo.c:
27844: now only do Editor +line_num if line_num != 0
27845: [b69f04b5e3c7]
27846:
27847: 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
27848:
27849: * visudo.c:
27850: now use mv if rename(2) fails
27851: [83210dca1bab]
27852:
27853: * BUGS:
27854: added a visudo bug
27855: [d61a806f9aa7]
27856:
27857: * check.c:
27858: expanded comment
27859: [641f2cba94cb]
27860:
27861: 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
27862:
27863: * check.c:
27864: fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
27865: [7a11135039a8]
27866:
27867: 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
27868:
27869: * sudo.c:
27870: added mips & isc support
27871: [e258dc053119]
27872:
27873: * parse.c:
27874: added support for non-root owned sudoers file
27875: [fea07e65a0fc]
27876:
27877: * check.c:
27878: added exempt group support
27879: [928fb4bd9ad5]
27880:
27881: * sudo.h:
27882: added set_perms() support added SUDOERS_OWNER so can have non-root
27883: own sudoers file added exempt group support added isc support
27884: [61c578d31fc1]
27885:
27886: * visudo.c:
27887: now copy sudoers to temp file via read/write (not stdio) now chown
27888: new sudoers file to SUDOERS_OWNER
27889: [a5176c59df70]
27890:
27891: 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
27892:
27893: * configure.in:
27894: added skey support
27895: [35a8d2fabdb7]
27896:
27897: * sudo_realpath.c:
27898: be_* -> setperms()
27899: [a1631d686e1c]
27900:
27901: * sudo.h:
27902: fixed typo added set_perms support added skey support added
27903: seteuid()/setegid() emulation for AIX
27904: [c0c8d6771406]
27905:
27906: * sudo.c:
27907: be_* -> setperms() now check to make sure sudoers file is owned by
27908: root nread/write by only root
27909: [13ab1e261f1a]
27910:
27911: * logging.c, parse.c:
27912: be_* -> setperms()
27913: [21499d845c8f]
27914:
27915: * check.c:
27916: be_* -> set_perms() added skey support
27917: [df51b56871c1]
27918:
27919: 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
27920:
27921: * Makefile.in:
27922: ++version
27923: [3c1abbe4e43c]
27924:
27925: * version.h:
27926: ++
27927: [1d2f9b540a95]
27928:
27929: 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
27930:
27931: * sudo.c:
27932: now sets IFS
27933: [eabbb41b9f08]
27934:
27935: * insults.h:
27936: fixed typo
27937: [c7997f19216e]
27938:
27939: 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
27940:
27941: * config.h.in:
27942: added HAVE_SKEY
27943: [da948ec4186b]
27944:
27945: 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
27946:
27947: * CHANGES:
27948: updated
27949: [f4b55ab007ea]
27950:
27951: * Makefile.in:
27952: ++version
27953: [0489068b8c95]
27954:
27955: * version.h:
27956: ++
27957: [d189faedf423]
27958:
27959: * sudo.c:
27960: now bail if ARgv[1] > MAXPATHLEN
27961: [0cea8ecc9dc2]
27962:
27963: * configure.in:
27964: added function check for tcgetattr(3)
27965: [e03289b22c2f]
27966:
27967: * config.h.in:
27968: only define HAVE_TERMIOS_H if you have tcgetattr(3)
27969: [757eab83d1a2]
27970:
27971: * config.h.in:
27972: added check for tcgetattr
27973: [c5ae92715930]
27974:
27975: 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
27976:
27977: * CHANGES:
27978: updated
27979: [cbc419883108]
27980:
27981: 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
27982:
27983: * parse.lex:
27984: now only include unistd.h for linux
27985: [e9adeab95ef0]
27986:
27987: 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
27988:
27989: * Makefile.in:
27990: added visudo.8 generation
27991: [d6a3f0f887f8]
27992:
27993: * configure.in:
27994: added -Wl,-bI:./aixcrypt.exp to aix flags
27995: [72594a21edcf]
27996:
27997: 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
27998:
27999: * BUGS:
28000: added one
28001: [9993a349e096]
28002:
28003: * CHANGES:
28004: updated
28005: [297b31ec4cdd]
28006:
28007: * README:
28008: added mailing list info
28009: [10372f94a2b2]
28010:
28011: * parse.yacc:
28012: now use sudolineno instead of yylineno fixed bison warnings
28013: [25a83e62057b]
28014:
28015: * configure.in:
28016: now use -no_library_replacement for osf don't make a static binary
28017: for hpux >= 9.0
28018: [1fa7b892f1a3]
28019:
28020: * tgetpass.c:
28021: added string.h/strings.h inclusion
28022: [71faa98fc0a1]
28023:
28024: * config.h.in:
28025: added ssize_t def
28026: [406284bd1ac0]
28027:
28028: * parse.lex:
28029: added inclusion of string.h/strings.h
28030: [6985b1df5d09]
28031:
28032: * aclocal.m4:
28033: fixed uname | sed (needed to quote the '[')
28034: [4cd2d3415c1a]
28035:
28036: * parse.lex:
28037: replaced yylineno with sudolineno fixed bison syntax errors
28038: [0bd31a5fab26]
28039:
28040: * visudo.c:
28041: changed yylineno to sudolineno since yylineno cannot be counted
28042: upon.
28043: [38c30104d0ae]
28044:
28045: * TODO:
28046: updated
28047: [5d4746f1a752]
28048:
28049: * parse.c:
28050: added code to support command listings
28051: [030172e133fd]
28052:
28053: * sudo.c:
28054: added code for -l flag
28055: [801dbbc82778]
28056:
28057: * sudo.man:
28058: fixed typo added info for -l flag
28059: [8916ca945d65]
28060:
28061: * configure.in:
28062: AC_SSIZE_T -> SUDO_SSIZE_T
28063: [c61f7f47013f]
28064:
28065: * aclocal.m4:
28066: added SUDO_SSIZE_T
28067: [0ccdb77be84d]
28068:
28069: * sudo.h:
28070: added MODE_LIST
28071: [9b2bd844c76c]
28072:
28073: * configure.in:
28074: added AC_SSIZE_T
28075: [35cca208f9b5]
28076:
28077: * find_path.c, sudo_realpath.c:
28078: readlink() is now declared as returning ssize~_t
28079: [0640a08d1407]
28080:
28081: * configure.in:
28082: added -laud for OSF c2
28083: [b7539c905efc]
28084:
28085: 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
28086:
28087: * Makefile.in, visudo.c:
28088: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
28089: [067fd9bcb5e1]
28090:
28091: * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
28092: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
28093: [fc46e7c7110a]
28094:
28095: * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
28096: parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
28097: sudo_setenv.c, tgetpass.c, version.h:
28098: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
28099: [d1d4fbc53a98]
28100:
28101: 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
28102:
28103: * Makefile.in:
28104: ++version
28105: [b7066d97633f]
28106:
28107: * version.h:
28108: ++
28109: [65ec69d88110]
28110:
28111: * logging.c:
28112: added host to alertmail messages
28113: [d973c19ce777]
28114:
28115: * CHANGES, TODO:
28116: udpated
28117: [5a65eb16faeb]
28118:
28119: * logging.c:
28120: fixed logging problem where mail would not say which user it was
28121: [35723edcc5d2]
28122:
28123: * configure.in:
28124: added -laud for gcc if osf & c2
28125: [18f1e0ae5548]
28126:
28127: * check.c:
28128: moved set_auth_parameters to sudo.c
28129: [d23112fe01db]
28130:
28131: * sudo.c:
28132: added set_auth_parameters for osf
28133: [eb70f65214ac]
28134:
28135: * configure.in:
28136: cleaned up -static stuff
28137: [01e9575f0422]
28138:
28139: * Makefile.in:
28140: ++version
28141: [7ac3bff5c770]
28142:
28143: * version.h:
28144: ++
28145: [10a4ff478469]
28146:
28147: * sudo.c:
28148: changed setenv() to sudo_setenv()
28149: [40a78abb9946]
28150:
28151: * check.c:
28152: fixed osf problem
28153: [3d69b118efb8]
28154:
28155: * configure.in:
28156: added OSF C2 stuff
28157: [38cff3ad4093]
28158:
28159: * CHANGES:
28160: updated
28161: [cd341dd0581a]
28162:
28163: * check.c:
28164: added osf auth support & removed some extra spaces
28165: [a448cdd81514]
28166:
28167: * INSTALL, SUPPORTED:
28168: added osf C2 stuff
28169: [f70484796146]
28170:
28171: 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
28172:
28173: * TODO:
28174: added 2 suggestions
28175: [695fbdbd86e6]
28176:
28177: * Makefile.in:
28178: removed README.v1.3.1 and added VERSION stuff
28179: [f69403eb04c6]
28180:
28181: * version.h:
28182: pl1
28183: [21580c0f8cb1]
28184:
28185: 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
28186:
28187: * version.h:
28188: 1.3.1final
28189: [630114970298]
28190:
28191: * Makefile.in:
28192: added HISTORY
28193: [901bff251614]
28194:
28195: * sudo.man:
28196: mention HISTPRY file
28197: [86dbcfd4326e]
28198:
28199: * sudo.c:
28200: use sizeof instead of a constant in 1 place
28201: [d819604c68ca]
28202:
28203: * parse.yacc:
28204: added unistd.h
28205: [6f9500f9fe7e]
28206:
28207: * parse.lex:
28208: added unistd.h
28209: [468b81a276eb]
28210:
28211: * README:
28212: udpated
28213: [7e275618923a]
28214:
28215: * HISTORY:
28216: Initial revision
28217: [5db1b0a3939b]
28218:
28219: 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
28220:
28221: * version.h:
28222: ++
28223: [7dfbb4a810bb] [SUDO_1_3_1]
28224:
28225: * CHANGES:
28226: updated
28227: [7820ee610bf8]
28228:
28229: * sudo_setenv.c:
28230: added unistd.h include
28231: [30cf2b654525]
28232:
28233: 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
28234:
28235: * sudo.c:
28236: added sys/time.h for AIX
28237: [199fc8caf3a3]
28238:
28239: 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
28240:
28241: * configure.in:
28242: added check for -lsocket and sys/sockio.h
28243: [f9abfbb31031]
28244:
28245: * config.h.in:
28246: took out libshadow check and added in sys/sockio.h check
28247: [0c4b0393ac80]
28248:
28249: * sudo.c:
28250: now include sockio.h instead of ioctl.h if it exists "sudo -" now
28251: gets a better error message
28252: [53041bea5483]
28253:
28254: * sample.sudoers:
28255: now has a dir and subnet entry
28256: [56b820f65438]
28257:
28258: 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
28259:
28260: * sudo.c:
28261: removed if_ether.h
28262: [b4f64507493e]
28263:
28264: * TODO:
28265: added an item
28266: [ea2a1bb6922a]
28267:
28268: * sudo.man:
28269: added network and ip addresses to man page
28270: [01c85016511f]
28271:
28272: * sudo.c:
28273: no error if can't get interfaces or netmask since networking may not
28274: be in the kernel.
28275: [50b8890e2134]
28276:
28277: * parse.c:
28278: nwo check for interfaces == NULL
28279: [dc1b3eef0db2]
28280:
28281: * parse.c:
28282: fixed a bug that caused directory specs in a Cmnd_Alias to fail if
28283: the last entry in the spec failed (ie: it was only looking at the
28284: last entry). CLeaned things up by adding the cmndcmp() function--all
28285: neat & tidy
28286: [007e93578e5e]
28287:
28288: * CHANGES:
28289: added one
28290: [40e8a2cef497]
28291:
28292: 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
28293:
28294: * sudo.c:
28295: now do two passes to skip bogus interfaces (lo0, etc)
28296: [465e30aecaf7]
28297:
28298: * parse.lex, parse.yacc, visudo.c:
28299: added include of netinet/in.h
28300: [11e3816ed362]
28301:
28302: * logging.c, sudo_realpath.c, sudo_setenv.c:
28303: added ninclude of netinet/in.h
28304: [daccfa40fe1e]
28305:
28306: * check.c, find_path.c, getcwd.c, getwd.c:
28307: added include of netinet/in.h
28308: [0222f95e06ad]
28309:
28310: * version.h:
28311: ++
28312: [d6b0cfa35a38]
28313:
28314: * sudo.h:
28315: added interfaces global
28316: [ba52fa8ad75e]
28317:
28318: * parse.c:
28319: now uses new interfaces global
28320: [17473ad5ecba]
28321:
28322: * sudo.c:
28323: now ip addresses are gleaned fw/o dns
28324: [8828bb2007e0]
28325:
28326: 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
28327:
28328: * sudo.c:
28329: added load_ip_addrs() to load the ip_addrs global var
28330: [60c825f04238]
28331:
28332: * parse.c:
28333: added hostcmp() to compare hostnames, ip addrs, and network addrs
28334: [ab0e40e37537]
28335:
28336: * sudo.h:
28337: added ip_addrs def added load_ip_addrs prototype
28338: [c41c565d0777]
28339:
28340: 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
28341:
28342: * CHANGES:
28343: updated
28344: [2a128dbe9bcb]
28345:
28346: * Makefile.in:
28347: removed multiple entries in DISTFILES
28348: [2490f4f371e6]
28349:
28350: * visudo.c:
28351: ansified the !STDC_HEADERS decls
28352: [646ba06d17ae]
28353:
28354: * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
28355: don't do malloc decl if gnuc
28356: [f1bad1925f98]
28357:
28358: * sudo.c:
28359: can't use getopt(3) since it munges args to the command to be run as
28360: root don't do malloc decl if gnuc
28361: [38e78f6da14e]
28362:
28363: * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
28364: sudo_realpath.c, sudo_setenv.c:
28365: ansi-fied !STDC_HEADER function prottypes
28366: [51d8cad89976]
28367:
28368: * getcwd.c, getwd.c:
28369: added missing paren
28370: [6a1fae70e27e]
28371:
28372: * Makefile.in:
28373: added putenv.c to DISTFILES
28374: [a5e4523eabbb]
28375:
28376: * sudo_setenv.c:
28377: added params to func decls when STDC_HEADERS is not defined now can
28378: count on putenv() being there
28379: [fd587796189b]
28380:
28381: * sudo_realpath.c:
28382: took out errno decl since sudo.h does it for us fixed up a next cc
28383: warning added params to func decls when STDC_HEADERS is not defined
28384: [70fa5152ace6]
28385:
28386: * sudo.h:
28387: took out environ extern added local declaratio of putenv() if local
28388: version is needed
28389: [a84bae6c020d]
28390:
28391: * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
28392: added params to func decls when STDC_HEADERS is not defined
28393: [f406f0e47ac0]
28394:
28395: * config.h.in:
28396: added memcpy check check to see that ansi vs bsd macros are ntot
28397: already defiend before defining (ie: avoid redefinition)
28398: [879ae026e19f]
28399:
28400: * configure.in:
28401: removed fluff setenv check plus check w/ replace for putenv if also
28402: no setenv
28403: [e3c03814ad4b]
28404:
28405: * putenv.c:
28406: Initial revision
28407: [3cff63e2dc1b]
28408:
28409: 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
28410:
28411: * sudo_setenv.c:
28412: Initial revision
28413: [4d637631fa6b]
28414:
28415: * sudo.h:
28416: rm'd s realp[ath added sudo_realpath and sudo_setenv
28417: [07ba001ff57e]
28418:
28419: * sudo.c:
28420: now use sudo_setenvc
28421: [fd81e04d5ef0]
28422:
28423: * configure.in:
28424: added puteenv and setenv, removed realpath
28425: [27bfacfb513b]
28426:
28427: * config.h.in:
28428: added putenv & setenv
28429: [515f14eaf6e4]
28430:
28431: * Makefile.in:
28432: added sudo_setenv
28433: [217731a717c5]
28434:
28435: * version.h:
28436: ++
28437: [eadb346d7129]
28438:
28439: 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
28440:
28441: * configure.in:
28442: added MAN_POSTINSTALL and /usr/share/catman for irix
28443: [2a9496c1bdba]
28444:
28445: * Makefile.in:
28446: added MAN_POSTINSTALL
28447: [89b0d4695529]
28448:
28449: * CHANGES:
28450: added
28451: [48c021ba8a70]
28452:
28453: * sudo.man:
28454: added SUDO_* plus new options
28455: [c0759cff5683]
28456:
28457: * CHANGES:
28458: added one
28459: [7d44a3922d56]
28460:
28461: * configure.in:
28462: took out shadow lib
28463: [07cf3de18701]
28464:
28465: * TODO:
28466: adde done
28467: [a27a578e8afe]
28468:
28469: * visudo.c:
28470: now use yyrestart() if flex now reset yylineno to 0
28471: [77d67ce0b677]
28472:
28473: * Makefile.in:
28474: support for installing a cat page instead of a man page if no nroff
28475: [44671c0fc0fa]
28476:
28477: * configure.in:
28478: now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
28479: to determine whether or not to install a cat or man page
28480: [0562d069c135]
28481:
28482: * config.h.in:
28483: added HAVE_FLEX
28484: [c5490bae39d3]
28485:
28486: * sudo.c:
28487: not set ret to MODE_RUN initially
28488: [88b4983c195b]
28489:
28490: * find_path.c:
28491: made command (and therefor cmnd dynamically allocated)
28492: [95b82e32b6de]
28493:
28494: * TODO:
28495: did #8
28496: [fb6f41308cdf]
28497:
28498: * version.h:
28499: ++
28500: [14112ecab5ae]
28501:
28502: * sudo_realpath.c:
28503: changed bufs from MAXPATHLEN to MAXPATHLEN+1
28504: [0ad4f34e55c0]
28505:
28506: * sudo.h:
28507: added MODE_ removed validate_only and added remove_timestamp()
28508: [dd5f99c57728]
28509:
28510: * sudo.c:
28511: usage() now takes an int (exit value) added parse_args() to parse
28512: command line arguments moved call to find_path() from load_globals
28513: to new function load_cmnd() removed validate_only global -- now use
28514: the concept of "modes" added -h and -k options
28515: [c3887090b28a]
28516:
28517: * parse.c:
28518: no longer use global validate_only now checks for command called
28519: "validate" removed check for non-fully qualified commands since that
28520: is done by find_path
28521: [7d56fbd26369]
28522:
28523: * find_path.c:
28524: changed MAXPATHLEN r to MAXPATHLEN+1
28525: [a86e8664d971]
28526:
28527: * find_path.c:
28528: fixed off by one error with MAXPATHLEN and fixed a comment
28529: [58adcef8c981]
28530:
28531: * check.c:
28532: check_timestamp no longer runs reminder(), it is implied in the
28533: return val added remove_timestamp()
28534: [42ab5a77066f]
28535:
28536: * CHANGES:
28537: updated
28538: [8e69b31df024]
28539:
28540: 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
28541:
28542: * BUGS:
28543: fixed on
28544: [bc34f1ac4280]
28545:
28546: * sudo_realpath.c:
28547: took out old_errno
28548: [a168d00a0768]
28549:
28550: * CHANGES:
28551: updated
28552: [04ba80922df7]
28553:
28554: 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
28555:
28556: * logging.c:
28557: moved send_mail to after syslog
28558: [4d4188087834]
28559:
28560: * sudo.c:
28561: now set SUDO_ envariables
28562: [e5963f1bd3bb]
28563:
28564: 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
28565:
28566: * version.h:
28567: ++
28568: [2a4534845d8c]
28569:
28570: * sudo_realpath.c:
28571: now print error if chdir fails
28572: [0d75c8973d49]
28573:
28574: * find_path.c:
28575: removed an XXX
28576: [e2077bcb35aa]
28577:
28578: 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
28579:
28580: * CHANGES:
28581: updated
28582: [e30a2b39b41a]
28583:
28584: * configure.in:
28585: no more static binaries for aix
28586: [77a0beb6bd80]
28587:
28588: 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
28589:
28590: * INSTALL:
28591: fixed typo
28592: [ba5e0d391bc4]
28593:
28594: * sudo_realpath.c:
28595: took out stuff not needed for sudo now does be_root/be_user itself
28596: now uses cwd global
28597: [4f6d4641d793]
28598:
28599: * version.h:
28600: +=2
28601: [97da927b297c]
28602:
28603: * logging.c, sudo.c:
28604: be_root/be_user is now down in sudo_realpath()
28605: [f331662fa50f]
28606:
28607: * logging.c, sudo.h:
28608: now works with 4.2BSD syslog (blech)
28609: [98e39d89dd36]
28610:
28611: * find_path.c:
28612: now use sudo_realpath()
28613: [ab436a8ebd02]
28614:
28615: * config.h.in:
28616: took out realpth() stuff since we now use sudo_realpath()
28617: [8de5ef9f6044]
28618:
28619: * configure.in:
28620: ultrix enhanced sec
28621: [815fb7fffcc0]
28622:
28623: * SUPPORTED:
28624: added ultrix enhanced sec.
28625: [6466766c8062]
28626:
28627: * INSTALL:
28628: updated
28629: [d681a634297a]
28630:
28631: * check.c:
28632: ultrix enhanced security suport
28633: [f10c8decbcc2]
28634:
28635: * Makefile.in:
28636: added sudo_realpath.c
28637: [6b9bcd3be022]
28638:
28639: * CHANGES:
28640: updated
28641: [2fa8084c1b53]
28642:
28643: * tgetpass.c:
28644: increased passwd len to 24 for c2 security
28645: [ec64838be62d]
28646:
28647: * BUGS:
28648: updated BUGS
28649: [ca00d8fec2ce]
28650:
28651: 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
28652:
28653: * check.c:
28654: now use user global var
28655: [568769719013]
28656:
28657: * configure.in:
28658: took out -ls
28659: [490a44180d5f]
28660:
28661: 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
28662:
28663: * configure.in:
28664: added AFS libs
28665: [4fb40c8c01ba]
28666:
28667: * sudo.h:
28668: user is now a char * added epasswd
28669: [27a919fafdfb]
28670:
28671: * sudo.c:
28672: added tzset() to load_globals added epasswd (encrypted password)
28673: global made user dynamically allocated
28674: [b99ef9bdbfce]
28675:
28676: * configure.in:
28677: added tzset test
28678: [27592dd1214b]
28679:
28680: * config.h.in:
28681: added HAVE_TZSET
28682: [b13f4213f3d0]
28683:
28684: * check.c:
28685: cleaned up encrypted passwd grab somewhat
28686: [c8ba9a4db38a]
28687:
28688: * configure.in:
28689: fixed AFS typo
28690: [2bfcbce237b6]
28691:
28692: * INSTALL:
28693: added AFS not
28694: [80c67329393c]
28695:
28696: * CHANGES:
28697: udpated
28698: [2f09ecdd5d31]
28699:
28700: * logging.c:
28701: can now log to both syslog & a file
28702: [4d5c0932bc01]
28703:
28704: * sudo.h:
28705: added BOTH_LOGS
28706: [623c539be824]
28707:
28708: * CHANGES:
28709: updated
28710: [a1c7f5ef3616]
28711:
28712: * configure.in:
28713: --with-AFS
28714: [28718d8f5daf]
28715:
28716: * config.h.in:
28717: added HAVE_AFS
28718: [2e32bb4e63e4]
28719:
28720: * check.c:
28721: added afs changes
28722: [fe4d0ff320a2]
28723:
28724: * sudo.h:
28725: removed AFS stuff :-)
28726: [a40387e6fa27]
28727:
28728: * tgetpass.c:
28729: include sys/select for AIX
28730: [f32c5a8f2c84]
28731:
28732: * sudo.h:
28733: added AFS
28734: [da2ab3dd0348]
28735:
28736: * version.h:
28737: ++
28738: [452d4dfe25af]
28739:
28740: 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
28741:
28742: * CHANGES, SUPPORTED:
28743: updated
28744: [e7dfe6f23a37]
28745:
28746: * logging.c:
28747: can now have MAILER undefined
28748: [1d33b98b35e1]
28749:
28750: * INSTALL:
28751: new sub-note about MAILER
28752: [d35c636a0574]
28753:
28754: * sudo.man:
28755: added blurb about password timeout
28756: [70c2ee50de20]
28757:
28758: * configure.in:
28759: convex c2 changes
28760: [367138a6232e]
28761:
28762: * aclocal.m4:
28763: took out duplicate define of _CONVEX_SOURCE
28764: [647182138450]
28765:
28766: * Makefile.in:
28767: added OSDEFS
28768: [7fdcd50602d1]
28769:
28770: * config.h.in:
28771: added spaces
28772: [f2b8a05e48f3]
28773:
28774: * tgetpass.c:
28775: added a goto if fgets fails
28776: [68a6586d9c45]
28777:
28778: * sudo.h:
28779: use __hpux not hpux convex c2 stuff
28780: [5c377a8d5f34]
28781:
28782: * sudo.c:
28783: use __hpux not hpux
28784: [9363bc0f9f9e]
28785:
28786: * logging.c:
28787: convex c2 stuff
28788: [ea5630975ac4]
28789:
28790: * config.h.in:
28791: define ansi-ish cpp os defines if non-ansi are defined for hpux &
28792: convex
28793: [664f53a5e786]
28794:
28795: * INSTALL:
28796: updated to say we support sonvex C2
28797: [5f2f8b87013e]
28798:
28799: * check.c:
28800: added convex c2 support
28801: [9a665d4918fa]
28802:
28803: 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
28804:
28805: * tgetpass.c:
28806: no more ioctl never returns NULL uses fgets() and select() to
28807: timeout
28808: [b333e6d63e97]
28809:
28810: 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
28811:
28812: * configure.in:
28813: things were testing -n "$GCC" instead of -z "$GCC"
28814: [059a9b15ede2]
28815:
28816: * tgetpass.c:
28817: now works + uses fgets()
28818: [353d7ebcb7bb]
28819:
28820: 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
28821:
28822: * tgetpass.c:
28823: select doesn't seem to recognize a single '\n' as input waiting so
28824: we can;t use it, sigh.
28825: [f76e3218b835]
28826:
28827: 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
28828:
28829: * PORTING:
28830: updated tgetpass() blurb
28831: [95baac736b49]
28832:
28833: * configure.in:
28834: added --with-getpass
28835: [42ac0bdf58ed]
28836:
28837: * Makefile.in:
28838: added tgetpass stuff
28839: [e2b38c635663]
28840:
28841: * tgetpass.c:
28842: now uses stdio
28843: [36af8ff66e35]
28844:
28845: * version.h:
28846: ++
28847: [4e81c9db19bd]
28848:
28849: 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
28850:
28851: * PORTING:
28852: updated ,.
28853: [54f523770a05]
28854:
28855: * config.h.in:
28856: added USE_GETPASS && HAVE_C2_SECURITY
28857: [86b355cb2953]
28858:
28859: * configure.in:
28860: fixed a test aded --with-C2 and --with-tgetpass
28861: [abf6181588ef]
28862:
28863: * check.c:
28864: added hpux C2 shit
28865: [20d4177ffa88]
28866:
28867: * Makefile.in:
28868: took out tgetpass.*
28869: [cc82fd9984b4]
28870:
28871: * INSTALL:
28872: added C2 blurb
28873: [1d2bfc35e4b6]
28874:
28875: 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
28876:
28877: * configure.in:
28878: no termio(s) for ultrix since it is broken
28879: [d3e82e835350]
28880:
28881: * check.c:
28882: added a space (yeah, anal)
28883: [05e4b31ca68c]
28884:
28885: * realpath.c, sudo_realpath.c:
28886: fixed it (duh, rtfm)
28887: [f13097cb8cb6]
28888:
28889: 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
28890:
28891: * config.h.in:
28892: took out bsd signal stuff for irix
28893: [e179cdafc97a]
28894:
28895: * visudo.c:
28896: comments in #endif
28897: [e3a629190f5e]
28898:
28899: * configure.in:
28900: don't define BSD signals for irix
28901: [3ce57bffb7f0]
28902:
28903: * TODO:
28904: did some...
28905: [274241cd0f74]
28906:
28907: * CHANGES:
28908: updated
28909: [8f29fc755faf]
28910:
28911: * realpath.c, sudo_realpath.c:
28912: took out unneeded code by changing where a strings was terminated
28913: [b5564d62d30e]
28914:
28915: 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
28916:
28917: * realpath.c, sudo_realpath.c:
28918: fix bug where /dirname would return NULL
28919: [b85f470daf26]
28920:
28921: * sudo.h:
28922: move __P to config.h
28923: [7763c0ff3f28]
28924:
28925: * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
28926: added errno definition
28927: [4cc9d2d9782a]
28928:
28929: * config.h.in:
28930: added __P
28931: [ca06f5aa58f3]
28932:
28933: * config.h.in:
28934: added HAVE_FCHDIR
28935: [206d714641e0]
28936:
28937: * strdup.c:
28938: now include stdio
28939: [0d8458da0e1d]
28940:
28941: * realpath.c, sudo_realpath.c:
28942: now works if no fchdir
28943: [e035911b6722]
28944:
28945: * visudo.c:
28946: define SA_RESETHAND to null if not defined
28947: [afec03e84342]
28948:
28949: * configure.in:
28950: added check & replace
28951: [c1a65481441c]
28952:
28953: * configure.in:
28954: took out -static for nextstep -- it doesn't work
28955: [fa1a1a611743]
28956:
28957: 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
28958:
28959: * logging.c:
28960: moved #endif to where it belongs
28961: [07d3a8972097]
28962:
28963: * SUPPORTED:
28964: correction
28965: [0c1ecba3e5a3]
28966:
28967: * configure.in:
28968: now checks for strdup realpath getcwd bzero
28969: [f029a1917515]
28970:
28971: * config.h.in:
28972: emulate bzero
28973: [d792352e44a3]
28974:
28975: * visudo.c:
28976: added posic signals
28977: [2ed0005f90fc]
28978:
28979: * tgetpass.c:
28980: bzero cast
28981: [6d91b1a1526f]
28982:
28983: * logging.c:
28984: added posix signals
28985: [67ede9c22a05]
28986:
28987: * configure.in:
28988: removed BROKEN_GETPASS added new srcs toreplace missing functions
28989: [cf44274bb1c8]
28990:
28991: * config.h.in:
28992: added posix signal stuff
28993: [a3c1c98fe8ef]
28994:
28995: * Makefile.in:
28996: added new srcs
28997: [b6a079afee47]
28998:
28999: * visudo.c:
29000: updated useag
29001: [589ed091c44f]
29002:
29003: * tgetpass.c:
29004: now uses posix signals
29005: [30f74964074f]
29006:
29007: * PORTING:
29008: updated sto reflect major changes
29009: [bcfc309e017b]
29010:
29011: * CHANGES, TODO:
29012: updated
29013: [23aacbd54278]
29014:
29015: * tgetpass.c:
29016: uses sysconf() if available
29017: [a27431c90bab]
29018:
29019: * sudo.h:
29020: added PASSWORD_TIMEOUT + prototypes for new functions
29021: [d7473c2f77c4]
29022:
29023: * realpath.c, sudo_realpath.c:
29024: for those w/o this in libc
29025: [1e47aa7a9d46]
29026:
29027: * getcwd.c, getwd.c:
29028: Initial revision
29029: [c90dea57a84f]
29030:
29031: * find_path.c:
29032: rewrote to use realpath(3) - nis now all my code
29033: [d2c3bb8fb37d]
29034:
29035: * config.h.in:
29036: added HAVE_REALPATH
29037: [02c10352a8c7]
29038:
29039: * check.c:
29040: now use tgetpass
29041: [b5c021fc179f]
29042:
29043: * Makefile.in:
29044: added LIBOBJS use tgetpass.c
29045: [230a7b3eeaa3]
29046:
29047: 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
29048:
29049: * tgetpass.c:
29050: works now :-)
29051: [025e7a3875ba]
29052:
29053: * tgetpass.c:
29054: Initial revision
29055: [3316ab33b230]
29056:
29057: * pathnames.h.in:
29058: added /dev/tty
29059: [29242585e53f]
29060:
29061: 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
29062:
29063: * version.h:
29064: incremented
29065: [f2e54b48280f]
29066:
29067: * sudo.c:
29068: always use getcwd
29069: [c6068e8a4029]
29070:
29071: * config.h.in:
29072: added check for getwd
29073: [ab1e102ad673]
29074:
29075: * configure.in:
29076: replace strdup & realpath & getcwd if missing
29077: [b0eb14f2a1c3]
29078:
29079: * pathnames.h.in:
29080: added _PATH_PWD
29081: [309d2388f69a]
29082:
29083: * aclocal.m4:
29084: added SUDO_PROG_PWD
29085: [e16e85deb96c]
29086:
29087: * strdup.c:
29088: Initial revision
29089: [810efdc15007]
29090:
29091: * realpath.c, sudo_realpath.c:
29092: Initial revision
29093: [d85eee438e09]
29094:
29095: 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
29096:
29097: * configure.in:
29098: quoted quare brackets
29099: [d0e7ca111d98]
29100:
29101: 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
29102:
29103: * sudo.c:
29104: no need to strdup() a constant
29105: [a8c44712df9a]
29106:
29107: * CHANGES:
29108: updated
29109: [71364129cca0]
29110:
29111: * sudo.man:
29112: added validate
29113: [0bb198095a26]
29114:
29115: * sudo.c:
29116: added -v to usage
29117: [31ea71f11dbb]
29118:
29119: * parse.c, sudo.c, sudo.h:
29120: added validate_only stuff
29121: [9bcd853d3c90]
29122:
29123: 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
29124:
29125: * configure.in:
29126: now finds sed
29127: [6374bb0d3f28]
29128:
29129: * aclocal.m4:
29130: $OSREV is now an int
29131: [ace0666d66cf]
29132:
29133: 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
29134:
29135: * configure.in:
29136: added mtxinu to caser
29137: [73a776887b16]
29138:
29139: * sudo.h:
29140: added EXEC macro
29141: [2e8eb28b710a]
29142:
29143: * sudo.c:
29144: now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
29145: [56afb4f658d5]
29146:
29147: * logging.c:
29148: changed mail_argv[] def now use EXEC() macro
29149: [ddcabd28edb1]
29150:
29151: * check.c:
29152: took out crypt() definition
29153: [0e657724cf5f]
29154:
29155: * version.h:
29156: upped the version
29157: [62c5d66119fc]
29158:
29159: * configure.in:
29160: always look for -lnsl
29161: [d7b594f0313b]
29162:
29163: * aclocal.m4:
29164: added an echo
29165: [1caae3491dc5]
29166:
29167: * sudo.h:
29168: SHORT_MESSAGE is now the default
29169: [cfce35c3119a]
29170:
29171: * config.h.in:
29172: fixed typo
29173: [6499a564bf75]
29174:
29175: * configure.in:
29176: added missing AC_DEFINE(SVR4) for solaris
29177: [feef0b17b94f]
29178:
29179: * sudo.man:
29180: documented the -v flag
29181: [a6429f2bc2cf]
29182:
29183: * SUPPORTED:
29184: updated
29185: [088886e79540]
29186:
29187: * check.c:
29188: proto-ized crypt()
29189: [801e4ff5b121]
29190:
29191: * config.h.in:
29192: added LIBSHADOW undef
29193: [8df588e9ee2b]
29194:
29195: * configure.in:
29196: nwo set OS to be lowercase
29197: [561ebed833e4]
29198:
29199: 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
29200:
29201: * configure.in:
29202: now use SUDO_OSTYPE to set $OS
29203: [0e60aee23098]
29204:
29205: * aclocal.m4:
29206: now use uname to determine os
29207: [99705e58d400]
29208:
29209: * visudo.c:
29210: added prototypes & moved sig handler around
29211: [1f0bc8d23b51]
29212:
29213: * sudo.h:
29214: added prototyppes
29215: [be3935a2b163]
29216:
29217: * check.c, logging.c, sudo.c:
29218: added prototypes
29219: [2079b4605ab8]
29220:
29221: * parse.c:
29222: added comment
29223: [a34d147d8399]
29224:
29225: * config.h.in:
29226: nwo use _BSD_SIGNALS not _BSD_COMPAT
29227: [63663195f047]
29228:
29229: * aixcrypt.exp:
29230: Initial revision
29231: [890aed08357e]
29232:
29233: * Makefile.in:
29234: added aixcrypt.exp
29235: [1005a183105f]
29236:
29237: * parse.lex, parse.yacc:
29238: moved config.h to top of includes
29239: [9569c49aa5f3]
29240:
29241: 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
29242:
29243: * find_path.c:
29244: now don't bitch if get EACCESS (treat like EPERM)
29245: [dbeffb638de4]
29246:
29247: * visudo.c:
29248: added -v flag and usage()
29249: [4d44ed60ed75]
29250:
29251: * version.h:
29252: fixed a typo
29253: [cf3f9347ae41]
29254:
29255: * sudo.c:
29256: cast Argv to a const for exec added -v flag
29257: [d11b6efc0e45]
29258:
29259: * logging.c:
29260: mail_argv is now a const
29261: [93bb5d90bb6f]
29262:
29263: * configure.in:
29264: only set RETSIGTYPE if it is not set already
29265: [c97aac260b77]
29266:
29267: * aclocal.m4:
29268: now defines & STDC_HEADERS for Irix
29269: [9c2b24ad1fc5]
29270:
29271: * Makefile.in:
29272: added version.h
29273: [9f79e880229a]
29274:
29275: * insults.h, sudo.h:
29276: prevent multiple inclusion
29277: [d68c8a9243ce]
29278:
29279: * version.h:
29280: Initial revision
29281: [dbb39c5ef8d9]
29282:
29283: * parse.lex, parse.yacc:
29284: now includes config.h
29285: [f117e036a56b]
29286:
29287: * aclocal.m4:
29288: now talks about sunos 4.x
29289: [c9054aa92d4e]
29290:
29291: * visudo.c:
29292: calls to Exit now pass an arg
29293: [a92104670551]
29294:
29295: 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
29296:
29297: * visudo.c:
29298: signal handler now takes an int argument
29299: [26f480c41523]
29300:
29301: * CHANGES:
29302: updated
29303: [8c166a9d796b]
29304:
29305: * sudo.c:
29306: ok, the getcwd() is now *really* done as the user
29307: [ab86cf85134a]
29308:
29309: * configure.in:
29310: changed AIX STATIC_FLAGS
29311: [b9c0a3ba5663]
29312:
29313: * aclocal.m4:
29314: solaris now defines SVR4
29315: [c3e20cac96f5]
29316:
29317: * sudo.h:
29318: added cwd and fixed stupid core dump that makes no sense. sigh.
29319: [7a9755436dbb]
29320:
29321: * sudo.c:
29322: moved getcwd stuff into load_globals
29323: [ec2bc90df1f3]
29324:
29325: * parse.c:
29326: took out externs that are in suod.h
29327: [93c4b3f856d7]
29328:
29329: * logging.c:
29330: moved cwd into load_globals
29331: [050de754d228]
29332:
29333: * find_path.c:
29334: moved cwd stuff
29335: [22f3f3b4c34d]
29336:
29337: * Makefile.in:
29338: fixed make distclean & realclean
29339: [c9964d89bcef]
29340:
29341: * TODO:
29342: updated .,
29343: [e513581ef0e3]
29344:
29345: * CHANGES:
29346: added solaris changes
29347: [505d930daf27]
29348:
29349: * aclocal.m4:
29350: added solaris changes, need to rework
29351: [33f20fb16c49]
29352:
29353: * configure.in:
29354: cleaned up for solaris
29355: [2fb8cfa05d0f]
29356:
29357: * logging.c:
29358: reinstall reapchild signal handler for non-bsd signals
29359: [3d1dc545113d]
29360:
29361: * sudo.h:
29362: took out getdtablesize() emulation for HP-UX (no longer needed)
29363: [1fc83d170f34]
29364:
29365: * sudo.c:
29366: support for HAVE_SYSCONF
29367: [50ca2a7a224a]
29368:
29369: * visudo.c:
29370: added <fcntl.h> for solaris & reorg'd the includes + minor prettying
29371: up /
29372: [0a570e826dd4]
29373:
29374: * config.h.in:
29375: added HAVE_SYSCONF
29376: [2b9a9f3a4e94]
29377:
29378: 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
29379:
29380: * configure.in:
29381: now tells you what os you are running /.
29382: [06c6332a895b]
29383:
29384: * aclocal.m4:
29385: took out extra ','
29386: [e8c75ce59f4a]
29387:
29388: 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
29389:
29390: * config.h.in:
29391: added _BSD_COMPAT
29392: [73c5099806c2]
29393:
29394: * aclocal.m4:
29395: fixed for irix5
29396: [1047d1f6c0eb]
29397:
29398: * CHANGES:
29399: updated
29400: [1bc4969fee96]
29401:
29402: * sudo.c:
29403: uid seinitialized to -2
29404: [8d7812b1878b]
29405:
29406: 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
29407:
29408: * sudo.c:
29409: now removes LIBPATH for AIX
29410: [075392eb1dd9]
29411:
29412: 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
29413:
29414: * configure.in:
29415: now uses ufc if it finds it
29416: [ab6ce30a5958]
29417:
29418: 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
29419:
29420: * sudo.h:
29421: no longer define yyval & yylval since yacc does it
29422: [09d250aea50a]
29423:
29424: * parse.lex:
29425: now defines yylval as extenr
29426: [8ec2b88952bc]
29427:
29428: * configure.in:
29429: BROKEN_GETPASS is now an OPTION
29430: [3714f4bb8312]
29431:
29432: * config.h.in:
29433: took out BROKEN_GETPASS
29434: [9c4f6aa50137]
29435:
29436: * Makefile.in:
29437: took out big comment
29438: [4c13cff0e556]
29439:
29440: * README:
29441: updated
29442: [b8b9902b620d]
29443:
29444: * Makefile.in:
29445: took out README.beta
29446: [ed2cd861e82b]
29447:
29448: * SUPPORTED:
29449: Initial revision
29450: [2fffc51e6606]
29451:
29452: * INSTALL:
29453: now reference SUPPORTED .,
29454: [d112c30be1f2]
29455:
29456: * config.h.in:
29457: now check for convex OR __convex__
29458: [a0e5701a3069]
29459:
29460: * aclocal.m4:
29461: now check for convex or __convex__
29462: [5dae2bfbe3bc]
29463:
29464: * Makefile.in:
29465: added dist target
29466: [400a54de57db]
29467:
29468: * aclocal.m4:
29469: use __convex__
29470: [58a19470ed0b]
29471:
29472: * find_path.c:
29473: now use _S_* stat stuff to be ansi-like
29474: [28cce560e048]
29475:
29476: * INSTALL:
29477: updated for configure directions
29478: [a034ccc7c30a]
29479:
29480: * Makefile.in:
29481: distclean now removes config.h and pathnames.h
29482: [300f2349b4ab]
29483:
29484: * CHANGES:
29485: updated
29486: [646f7e9430c1]
29487:
29488: * TODO:
29489: fixed typoe
29490: [70fd6361b2bc]
29491:
29492: * visudo.c:
29493: updated version
29494: [cf13d87d789f]
29495:
29496: * Makefile.in:
29497: updated version
29498: [8c5dacc27a7a]
29499:
29500: * config.h.in, pathnames.h.in:
29501: added copyright header
29502: [747ce3d3d6b7]
29503:
29504: * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
29505: parse.yacc, sudo.c, sudo.h:
29506: udpated version
29507: [4751c39bad18]
29508:
29509: * visudo.c:
29510: udpated to use configure + pathnames.h
29511: [d45dff76a1cd]
29512:
29513: * aclocal.m4:
29514: updated
29515: [f05a367a55be]
29516:
29517: * Makefile.in, config.h.in, configure.in:
29518: updated
29519: [524778598879]
29520:
29521: * sudo.h:
29522: now works with configure
29523: [83fc40e533f4]
29524:
29525: * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
29526: updated to work with configure + pathnames.h
29527: [cb67fa6ab52d]
29528:
29529: * Makefile.in:
29530: added LEXLIB
29531: [f43cad4ab0a2]
29532:
29533: 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
29534:
29535: * COPYING:
29536: updated gnu general licence to versio 2
29537: [2b0b56112ddc]
29538:
29539: * config.h.in, pathnames.h.in:
29540: Initial revision
29541: [4b586f39ec2d]
29542:
29543: * sudo.h:
29544: changed to work with configure
29545: [13f3506ddf16]
29546:
29547: 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
29548:
29549: * Makefile.in, aclocal.m4, configure.in:
29550: Initial revision
29551: [a8636ae77371]
29552:
29553: * visudo.c:
29554: now uses defines used by configure
29555: [de438d118993]
29556:
29557: 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
29558:
29559: * find_path.c:
29560: sudo won't bitch about EPERM now, for real
29561: [ce26d9ef7e3f]
29562:
29563: 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
29564:
29565: * logging.c:
29566: renamed exec_argv to eliminate a libc name clash with ksros
29567: [bcb4350d8411]
29568:
29569: * CHANGES:
29570: corrected
29571: [dae68d422efd]
29572:
29573: * logging.c, sudo.c, sudo.h:
29574: execve -> execv
29575: [40cc2c4bdb15]
29576:
29577: * TODO:
29578: upated
29579: [9275a8b8fc45]
29580:
29581: * PORTING:
29582: added 2 mroe items
29583: [6cbb5c56993c]
29584:
29585: * CHANGES:
29586: updated
29587: [73f34f8e571a]
29588:
29589: * sudo.h:
29590: added UMASK and mode_t declaration
29591: [7c2015e1d171]
29592:
29593: * sudo.c:
29594: added UMASK
29595: [d37be7523680]
29596:
29597: * logging.c:
29598: now opens log file with mode 077
29599: [0825cc3ee841]
29600:
29601: * check.c:
29602: saved current umask ans restores it
29603: [659c1aaae8e8]
29604:
29605: * sudo.h:
29606: added MAXLOGFILELEN
29607: [34331c7dee90]
29608:
29609: * logging.c:
29610: split long log lines. FOr syslog, split into multiple entries, for
29611: a log file, indent the extra for readability
29612: [72c9e4cdba6e]
29613:
29614: 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
29615:
29616: * CHANGES:
29617: added changes
29618: [81196833673d]
29619:
29620: * sudo.h:
29621: MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
29622: [1aa69e903840]
29623:
29624: 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
29625:
29626: * TODO:
29627: added input from Brett M Hogden <hogden@rge.com>
29628: [80f01fc88ce9]
29629:
29630: 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
29631:
29632: * sudo.c:
29633: added rmenv() to remove stuff from environ. can now uses execvp()
29634: OR execve() becuase of this.
29635: [e7fc2535bd67]
29636:
29637: * logging.c:
29638: now uses execvp() OR execve()
29639: [56391aa1f99d]
29640:
29641: * sudo.h:
29642: added USE_EXECVE
29643: [f21f38050b95]
29644:
29645: * sudo.h:
29646: added environ
29647: [6b805e23c6f6]
29648:
29649: * find_path.c:
29650: now ignore EPERM
29651: [c8fd7117a1d7]
29652:
29653: * sudo.h:
29654: moved some func decls out of sudo.h and into sudo.c as statics /.
29655: [5f555c267d27]
29656:
29657: * CHANGES:
29658: updated
29659: [431f478af320]
29660:
29661: * sudo.h:
29662: took out Envp
29663: [6f722be7793d]
29664:
29665: 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
29666:
29667: * BUGS:
29668: Initial revision
29669: [4a8ecf0da95c]
29670:
29671: 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
29672:
29673: * CHANGES:
29674: added SECURE_PATH
29675: [1c72cb222609]
29676:
29677: * sudo.c, sudo.h:
29678: added SECURE_PATH
29679: [5bf5357a63c5]
29680:
29681: * sudo.h:
29682: added SECURE_PATH
29683: [3976a74405ac]
29684:
29685: * INSTALL:
29686: added sample.sudoers note
29687: [1b395d29aaeb]
29688:
29689: * sudoers:
29690: Initial revision
29691: [485888d07477]
29692:
29693: 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
29694:
29695: * find_path.c:
29696: fixed typo
29697: [bfc3cc4d41ca]
29698:
29699: * PORTING:
29700: took out SAVED_UID garbage
29701: [b7c2d3469661] [SUDO_1_3_0]
29702:
29703: * INSTALL:
29704: mentioned HAL
29705: [253d6695df90]
29706:
29707: * sudo.h:
29708: added HAL line
29709: [29ec1a4ac6de]
29710:
29711: * insults.h:
29712: added HAL insults
29713: [7d7c96d77c74]
29714:
29715: * TODO:
29716: updated
29717: [aa2ed9790586]
29718:
29719: * logging.c:
29720: more verbose error if mailer not found
29721: [fca47fd00cb6]
29722:
29723: * check.c:
29724: now do getpwent as root for soem shadow password systems (bsdi)
29725: [e0339e110d46]
29726:
29727: 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
29728:
29729: * sudo.h:
29730: took out SAVED_UID garbade
29731: [fcb0e81dcdb5]
29732:
29733: * sudo.c:
29734: took out SAVED_UID garbage since it don't work
29735: [507e9513e9c2]
29736:
29737: 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
29738:
29739: * README:
29740: updated
29741: [d2b6b253dae5]
29742:
29743: * insults.h:
29744: added a missing space :-)
29745: [8940ea991f87]
29746:
29747: * sudo.c, sudo.h:
29748: took out multimax cruft
29749: [c2606b365181]
29750:
29751: * INSTALL:
29752: minor update
29753: [05fb6ee73131]
29754:
29755: * PORTING:
29756: finished
29757: [c4ac47c84dc5]
29758:
29759: * sudo.c:
29760: fixed a typo + indentation
29761: [7eab40aae8fa]
29762:
29763: 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
29764:
29765: * sudo.h:
29766: took outumoved some defines to the config file ,. ,.
29767: [defff05beb52]
29768:
29769: * PORTING:
29770: Initial revision
29771: [c803e9127959]
29772:
29773: * TODO:
29774: did #6
29775: [c6fa1c946c31]
29776:
29777: * sudo.h:
29778: added HAS_SAVED_UID
29779: [6a88a39c0a07]
29780:
29781: * sudo.c:
29782: put back AIX cruft
29783: [a24d2507ddd4]
29784:
29785: 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
29786:
29787: * sudo.c:
29788: aix changes
29789: [1663915f754a]
29790:
29791: 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
29792:
29793: * CHANGES:
29794: updated
29795: [a8cc73747cae]
29796:
29797: * check.c, logging.c, parse.c, sudo.c, sudo.h:
29798: now is only root when abs necesary
29799: [3c9d12c5cdfe]
29800:
29801: * check.c:
29802: added missing %s\n
29803: [609320b72d89]
29804:
29805: 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
29806:
29807: * install-sh:
29808: Initial revision
29809: [b5bba140a175]
29810:
29811: * TODO:
29812: updated
29813: [c9d2eba602af]
29814:
29815: * CHANGES:
29816: updated
29817: [932f1fc3bb14]
29818:
29819: * sudo.c:
29820: now removed _RLD_* for alphas
29821: [54a36e648158]
29822:
29823: * INSTALL:
29824: updated for new config scheme
29825: [61c8ae800444]
29826:
29827: * find_path.c:
29828: more verbose eror messages
29829: [b4fd123db42d]
29830:
29831: 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
29832:
29833: * TODO:
29834: now have solaris
29835: [371002fbf266]
29836:
29837: * sudo.h:
29838: define __svr4__ for SOLARIS
29839: [0b5cf5ed936d]
29840:
29841: * check.c:
29842: added svr4 junk for shadow pws for solaris 2.x
29843: [91ed58f21618]
29844:
29845: * check.c, sudo.c:
29846: took out setuid(0) and setreuid(udi) garbage. Its not needed since
29847: we start out setuid with the correct perms.
29848: [07689e782b0b]
29849:
29850: * check.c, sudo.c, sudo.h:
29851: now use setreuid()
29852: [7d64d685d78e]
29853:
29854: 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
29855:
29856: * sudo.man:
29857: revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
29858: sectoin
29859: [b26967b1e19b]
29860:
29861: * visudo.c:
29862: now uses ENV_EDITOR if you want to use the EDITOR envar
29863: [a4f8fcb9bd1d]
29864:
29865: * sudo.h:
29866: now uses ENV_EDITOR if you want to use the EDITOR envar >> .
29867: [028cc55c4328]
29868:
29869: 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
29870:
29871: * INSTALL:
29872: rewrote most of this
29873: [a6750923f9c9]
29874:
29875: * README:
29876: minor update + spell fix
29877: [a411717a7249]
29878:
29879: * sudo.h:
29880: added all options that are in the Makefile
29881: [6db3b3b841b3]
29882:
29883: * getpass.c:
29884: now use USE_TERMIO #define for sgi & hpux
29885: [b91f89ae6be1]
29886:
29887: * TODO:
29888: todo: posix sigs
29889: [4548a56eb2ef]
29890:
29891: 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
29892:
29893: * check.c, find_path.c:
29894: always include strings.h
29895: [1fc20bda92c0]
29896:
29897: * visudo.c:
29898: added STATICEDITOR
29899: [0596f820716e]
29900:
29901: * sudo.h:
29902: sgi has vi in /usr/bin too
29903: [94203b62bfd9]
29904:
29905: * sudo.man:
29906: added VISUAL
29907: [87c2844c4cac]
29908:
29909: 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
29910:
29911: * sudo.h:
29912: sue /usr/bin/vi on some systems
29913: [e3ad9190f35e]
29914:
29915: * sudo.c:
29916: fixed warning (include strings.h)
29917: [0b896de4d8a0]
29918:
29919: * sudo.man:
29920: added John_Rouillard@dl5000.bc.edu's changes (new features)
29921: [f41b4205a8cf]
29922:
29923: * CHANGES:
29924: changes from John_Rouillard@dl5000.bc.edu
29925: [6bdef8e948d5]
29926:
29927: * visudo.c:
29928: added EDITOR envar
29929: [5c4bf716de21]
29930:
29931: * check.c, find_path.c, parse.c, sudo.c:
29932: added patches from John_Rouillard directory spec
29933: uses EDITOR
29934: [f62a435f8c41]
29935:
29936: 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
29937:
29938: * getpass.c:
29939: added flush for hpux
29940: [07cfdd6a7b55]
29941:
29942: 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
29943:
29944: * sudo.c:
29945: no longer assume malloc returns a char *
29946: [7480bd2756f3]
29947:
29948: * sudo.c:
29949: alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
29950: gets removed correctly
29951: [8587166c6ac8]
29952:
29953: * sudo.h:
29954: added STD_HEADERS macro
29955: [480f5a9a516c]
29956:
29957: * sudo.c:
29958: now uses STD_HEADERS macor for ansi
29959: [c5018806fd59]
29960:
29961: * find_path.c:
29962: now uses STD_HEADERS macro
29963: [ad821e0788ea]
29964:
29965: * check.c:
29966: niceties for C compiler bitches -- no real change
29967: [0fc0b1a5fb64]
29968:
29969: 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
29970:
29971: * visudo.c:
29972: now doesn't fclose a file never opened.
29973: [ee888ec9427d]
29974:
29975: 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
29976:
29977: * sudo.man:
29978: added visudo line
29979: [698d51c66407]
29980:
29981: * sudo.man:
29982: added error stuff added me in there...
29983: [d202fd34b906]
29984:
29985: * CHANGES:
29986: noted insults
29987: [998a22c2230c]
29988:
29989: * INSTALL:
29990: added blurb about reading stuff
29991: [e71db100798f]
29992:
29993: * sudo.h:
29994: added insults
29995: [c110431cec56]
29996:
29997: * insults.h:
29998: corrected somments and removed newlines
29999: [493706fd488c]
30000:
30001: * check.c:
30002: now uses insults
30003: [6d23cf06a0ef]
30004:
30005: * insults.h:
30006: Initial revision
30007: [83153c26b4a3]
30008:
30009: * INSTALL:
30010: added dec syslog note
30011: [555437273237]
30012:
30013: * sample.sudoers:
30014: added real stuff in there
30015: [53442a7fba78]
30016:
30017: * TODO:
30018: added a todo
30019: [c630472bd4dc]
30020:
30021: * TODO:
30022: added one
30023: [806464453284]
30024:
30025: 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
30026:
30027: * sample.sudoers:
30028: Initial revision
30029: [7db0a9f1ca8f]
30030:
30031: * sudo.man:
30032: updated with changes
30033: [d9bf254c6c08]
30034:
30035: * sudo.man:
30036: Initial revision
30037: [dd6f11174ac6]
30038:
30039: * indent.pro:
30040: Initial revision
30041: [dbfbb494fad9]
30042:
30043: * CHANGES, COPYING, INSTALL, README, TODO:
30044: Initial revision
30045: [6d98f489a079]
30046:
30047: * visudo.c:
30048: updated version number and took out jeff's old addr since it is no
30049: good
30050: [ee47c24818cb]
30051:
30052: * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
30053: sudo.c, sudo.h:
30054: updated version number and took out jeff's email (since it is
30055: invalid)
30056: [54616458a52e]
30057:
30058: 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
30059:
30060: * check.c:
30061: added fflush()
30062: [145c881f4fb4]
30063:
30064: 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
30065:
30066: * find_path.c:
30067: now return NULL instead pf��of exiting for nopn��n-fatal errors
30068: [8bc74f8cb1ae]
30069:
30070: 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
30071:
30072: * check.c:
30073: new banner
30074: [5387ab2af516]
30075:
30076: * parse.lex:
30077: now sudo.h gets included first
30078: [2acb01c18e18]
30079:
30080: 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
30081:
30082: * parse.lex:
30083: now can use flex
30084: [164d3839adf0]
30085:
30086: * sudo.h:
30087: linux patch
30088: [f1b6b1b1a2ca]
30089:
30090: * sudo.c:
30091: hpux 9 fix, removes SHLIB_PATH linux patch
30092: [67611dc1737f]
30093:
30094: * check.c:
30095: linux diff
30096: [c24536682397]
30097:
30098: 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
30099:
30100: * find_path.c:
30101: stat now ignores EINVAL
30102: [c7761a5dc642]
30103:
30104: 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
30105:
30106: * find_path.c, sudo.c:
30107: now declare strdup as extern
30108: [6b7d6f8784b5]
30109:
30110: 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
30111:
30112: * visudo.c:
30113: reformatted with indent + by hand
30114: [9d43084e4990]
30115:
30116: * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
30117: used indent to "fix" coding style
30118: [489ffacbdc70]
30119:
30120: * find_path.c:
30121: now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
30122: move the code that does this into the loop body. makes it messier
30123: tho. hmmm.
30124: [c4d22b48da9a]
30125:
30126: 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
30127:
30128: * find_path.c:
30129: redid the fix for non-executable files in an easier to read way plus
30130: some minor aethetic changes
30131: [84fe337f1426]
30132:
30133: * find_path.c:
30134: fixed bug with non-executable tings of same name in path introduced
30135: by checkig errno after stat(2).
30136: [c2a812cfcbc1]
30137:
30138: 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
30139:
30140: * sudo.c:
30141: fixed off by one error
30142: [fabb7cee0041]
30143:
30144: * find_path.c:
30145: now handles decending below '/' correctly
30146: [5d2ddfc0b220]
30147:
30148: * sudo.c:
30149: now actually builds Envp instead of munging envp
30150: [bdc4b08f6898]
30151:
30152: 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
30153:
30154: * parse.yacc:
30155: now includes sys/param.h
30156: [efbb494ab4de]
30157:
30158: * visudo.c:
30159: now includes sys/param.h
30160: [ad6c91d59958]
30161:
30162: * sudo.h:
30163: fixed ifndef -> ifdef
30164: [7aebe822d863]
30165:
30166: * qualify.c:
30167: make more like find_path.c
30168: [853b2dab2e03]
30169:
30170: * find_path.c:
30171: rewritten by millert
30172: [c6a043cc11b3]
30173:
30174: * sudo.h:
30175: fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
30176: about new defines in the comment
30177: [39ffefce3aec]
30178:
30179: * logging.c:
30180: now uses USE_CWD
30181: [fa0f3b118bb3]
30182:
30183: * sudo.h:
30184: added delc for clean_envp() and Envp
30185: [a12034e300c2]
30186:
30187: * sudo.c:
30188: now rips LD_* env vars out of envp and passed sanitized Envp to exec
30189: [d201a218e056]
30190:
30191: * logging.c:
30192: now uses execve()
30193: [f3e01032cd33]
30194:
30195: * find_path.c:
30196: ENOTDIR is ok now too (in case part of the path is bogus)
30197: [b5cbbb201bb5]
30198:
30199: * qualify.c:
30200: now works correctly (ttaltotal rewrite)
30201: [0c25d64a5c68]
30202:
30203: * parse.lex:
30204: now includes sys/param.h didn't match trailing / -- fix from
30205: rouilj@cs.umb.edu
30206: [b6363ba110af]
30207:
30208: 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
30209:
30210: * sudo.c:
30211: moved around the #ifndef _AIX
30212: [7d4330950c20]
30213:
30214: * check.c, logging.c, parse.c:
30215: Initial revision
30216: [c101e9572d7f]
30217:
30218: 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
30219:
30220: * qualify.c:
30221: Initial revision
30222: [5a5f21d0e0bf]
30223:
30224: 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
30225:
30226: * find_path.c:
30227: now works if you do sudo bin/test
30228: [07835120ce43]
30229:
30230: * find_path.c:
30231: works
30232: [c3da8b5efa20]
30233:
30234: 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
30235:
30236: * sudo.h:
30237: Initial revision
30238: [28a1caa38b72]
30239:
30240: * visudo.c:
30241: Initial revision
30242: [0e5cd7c3cdbe]
30243:
30244: * parse.lex, parse.yacc:
30245: Initial revision
30246: [5f2d0cccb06b]
30247:
30248: 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
30249:
30250: * sudo.c:
30251: took out errno.h
30252: [7466431a2655]
30253:
30254: * sudo.c:
30255: now spews error if exec fails and exits with -1
30256: [e5c41ea725c1]
30257:
30258: * sudo.c:
30259: Initial revision
30260: [8aeabe39a0c2]
30261:
30262: * find_path.c:
30263: now only execs files with (an) executable bit set.
30264: [0a451f9c0e58]
30265:
30266: * find_path.c:
30267: Initial revision
30268: [02a534891a35]
30269:
30270: 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
30271:
30272: * getpass.c:
30273: added nice comment
30274: [ea8b2aaa9389]
30275:
30276: * getpass.c:
30277: now works on sgi's
30278: [bf2b7c6d0960]
30279:
30280: * getpass.c:
30281: Initial revision
30282: [9f4de251c1b5]
30283:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ChangeLog CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo