Annotation of embedaddon/sudo/ChangeLog, revision 1.1.1.2
1.1.1.2 ! misho 1: 2012-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
! 2:
! 3: * NEWS, configure, configure.in:
! 4: Update for 1.8.5p1
! 5: [c33c49bf5b4b]
! 6:
! 7: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 8: Fix #includedir; from Mike Frysinger
! 9: [d4833d4e39a0]
! 10:
! 11: * plugins/sudoers/check.c:
! 12: Don't prompt for a password if the user is in the exempt group, is
! 13: root, or is running the command as themselves even if the -k option
! 14: was specified. This makes "sudo -k command" consistent with the
! 15: behavior one would get if the user ran "sudo -k" immediately before
! 16: running the command.
! 17: [632b3961df00]
! 18:
! 19: 2012-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
! 20:
! 21: * INSTALL:
! 22: Fix capitalization
! 23: [7258aa977caf]
! 24:
! 25: * mkpkg:
! 26: Build PIE executable on Mac OS X 10.5 and above.
! 27: [2a5c7ef92182]
! 28:
! 29: 2012-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
! 30:
! 31: * NEWS:
! 32: Update for sudo 1.8.4p5
! 33: [21164f508b68]
! 34:
! 35: * plugins/sudoers/match_addr.c:
! 36: Add missing break between AF_INET and AF_INET6 in
! 37: addr_matches_if_netmask()
! 38: [672a4793931a]
! 39:
! 40: * plugins/sudoers/mon_systrace.c:
! 41: Move systrace monitor code to the attic
! 42: [d6faf4754e9c]
! 43:
! 44: 2012-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
! 45:
! 46: * src/exec.c:
! 47: The pointer to the siginfo_t struct in a signal handler may be NULL.
! 48: [41a4ee934b53]
! 49:
! 50: 2012-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
! 51:
! 52: * plugins/sudoers/pwutil.c:
! 53: Fix an alignment problem on NetBSD systems with a 64-bit time_t and
! 54: strict alignment. Based on a patch from Martin Husemann.
! 55: [1e5ba3c18f17]
! 56:
! 57: * include/missing.h:
! 58: Add offsetof macro for those without it.
! 59: [e44cb51d2587]
! 60:
! 61: * MANIFEST:
! 62: add system_group plugin
! 63: [6169793b510c]
! 64:
! 65: 2012-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
! 66:
! 67: * compat/dlopen.c:
! 68: Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX.
! 69: [85bd03bc5d94]
! 70:
! 71: 2012-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
! 72:
! 73: * NEWS:
! 74: Mention system_group plugin
! 75: [05393dd4bdb8]
! 76:
! 77: * Makefile.in, plugins/sudoers/Makefile.in,
! 78: plugins/system_group/Makefile.in:
! 79: update depends
! 80: [6feb0b824fc4]
! 81:
! 82: * plugins/system_group/system_group.c:
! 83: Only call gr_delref() when use sudo's password caching functions.
! 84: [1103442e21fa]
! 85:
! 86: * plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in:
! 87: Add missing dependency on libreplace.la
! 88: [05bfd9d4657f]
! 89:
! 90: * compat/dlopen.c:
! 91: Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and
! 92: PROG_HANDLE.
! 93: [2382d0693acc]
! 94:
! 95: * Makefile.in, configure, configure.in,
! 96: plugins/system_group/Makefile.in,
! 97: plugins/system_group/system_group.c,
! 98: plugins/system_group/system_group.sym:
! 99: Add group plugin that does lookups by name using the system group
! 100: database.
! 101: [2ddbb604112f]
! 102:
! 103: * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo,
! 104: src/po/pl.po:
! 105: sync with translationproject.org
! 106: [4ef05df4226d]
! 107:
! 108: 2012-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
! 109:
! 110: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
! 111: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
! 112: plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
! 113: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
! 114: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
! 115: src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po,
! 116: src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
! 117: src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po,
! 118: src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
! 119: src/po/zh_CN.mo, src/po/zh_CN.po:
! 120: sync with translationproject.org
! 121: [115c3f828fc5]
! 122:
! 123: 2012-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
! 124:
! 125: * sudo.pp:
! 126: Add mode for docdir and use '-' (default) for localedir mode. Fixes
! 127: a problem on Linux when building in a directory with the setgid bit
! 128: set.
! 129: [582279c8bcb1]
! 130:
! 131: 2012-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
! 132:
! 133: * pp:
! 134: Match CentOS 6.0
! 135: [1e99ef210f98]
! 136:
! 137: 2012-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
! 138:
! 139: * NEWS:
! 140: Update with recent changes
! 141: [c5fc220ba696]
! 142:
! 143: * pp:
! 144: Fix version check on AIX
! 145: [d272e39112f4]
! 146:
! 147: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
! 148: regen
! 149: [72b23509465a]
! 150:
! 151: * plugins/sudoers/ldap.c:
! 152: Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP
! 153: SDK.
! 154: [87b685e70b9a]
! 155:
! 156: * plugins/sudoers/ldap.c:
! 157: Fix printing of invalid uri
! 158: [645aa53acdde]
! 159:
! 160: * plugins/sudoers/auth/pam.c:
! 161: Pass PAM_SILENT when deleting creds to remove an annoying warning
! 162: message on Solaris.
! 163: [1dd0301ef293]
! 164:
! 165: 2012-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
! 166:
! 167: * src/utmp.c:
! 168: Fix the setutxent and endutxent compatibility defines (this time
! 169: correctly) when only setutent and endutent are available.
! 170: [d136d2867db9]
! 171:
! 172: * plugins/sudoers/ldap.c:
! 173: sudo_ldap_set_options_global() should not take an LDAP handle as an
! 174: argument since the options affect the global settings.
! 175: [1dc39b9d20f2]
! 176:
! 177: * mkpkg:
! 178: Debian sudo has not been built with --with-exempt=sudo since 1.6.8.
! 179: [c7716291a856]
! 180:
! 181: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
! 182: plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c,
! 183: src/sudo.h:
! 184: Call the policy's init_session() function before we fork the child.
! 185: That way, the session is created and destroyed in the same process,
! 186: which is needed by some modules, such as pam_mount.
! 187: [ece552ba002e]
! 188:
! 189: * doc/TROUBLESHOOTING:
! 190: Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is
! 191: not specified.
! 192: [bd293e100b28]
! 193:
! 194: * plugins/sudoers/auth/pam.c:
! 195: Delete creds after closing the PAM session.
! 196: [5158d726d6a5]
! 197:
! 198: * plugins/sudoers/ldap.c:
! 199: Provide a more useful error message if using a Mozilla-style LDAP
! 200: SDK and you forgot to specify TLS_CERT in ldap.conf.
! 201: [7cb78feb899c]
! 202:
! 203: * src/exec_pty.c:
! 204: Add missing initialization of a sigaction structure when I/O
! 205: logging. Fixes a potential problem when suspending the command.
! 206: [f4480f2ba816]
! 207:
! 208: * plugins/sudoers/ldap.c:
! 209: Split global and per-connection LDAP options into separate arrays.
! 210: Set global LDAP options before calling ldap_initialize() or
! 211: ldap_init(). After we have an LDAP handle, set the per-connection
! 212: options. Fixes a problem with OpenLDAP using the nss crypto backend;
! 213: bug #342
! 214: [265c9d2dc12b]
! 215:
! 216: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
! 217: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
! 218: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
! 219: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
! 220: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
! 221: src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po,
! 222: src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
! 223: sync with translationproject.org
! 224: [6d7fe44be21e]
! 225:
! 226: 2012-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
! 227:
! 228: * src/sudo.c, src/sudo.h:
! 229: Move struct passwd pointer into struct command details.
! 230: [d6fb1eff2065]
! 231:
! 232: 2012-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
! 233:
! 234: * pp:
! 235: Sync with upstream for Mac OS X (and other) fixes.
! 236: [c2f4998d01b0]
! 237:
! 238: * mkpkg:
! 239: Only built Mac intel universal binary on an intel machine.
! 240: [0009e0b7e5a8]
! 241:
! 242: * src/Makefile.in:
! 243: Do not pass libtool the -static-libtool-libs option when building
! 244: sudo and sesh. Otherwise, libtool may prefer a static version of an
! 245: installed library over a dynamic one when linking.
! 246: [6fbac9adc885]
! 247:
! 248: 2012-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
! 249:
! 250: * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo,
! 251: plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po:
! 252: Add German translation for sudo Add Croatian translation for sudoers
! 253: [fa4da1a6530c]
! 254:
! 255: * plugins/sudoers/iolog.c:
! 256: typo fix in comment
! 257: [abd721d1288e]
! 258:
! 259: 2012-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
! 260:
! 261: * NEWS:
! 262: Update with recent changes
! 263: [6fa11e8448b9]
! 264:
! 265: * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
! 266: Sort xgettext output by file name.
! 267: [f650841810f0]
! 268:
! 269: * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
! 270: Clarify what "sudoreplay -l" displays and mention that it is sorted.
! 271: [84031c117bd6]
! 272:
! 273: * config.h.in, configure, configure.in, src/ttyname.c:
! 274: Use AC_HEADER_MAJOR to determine where major/minor are defined.
! 275: [3c949650a223]
! 276:
! 277: * config.h.in, configure, configure.in, src/ttyname.c:
! 278: Include sys/mkdev.h if present instead of sys/sysmacros.h for
! 279: minor(). This is needed on Solaris (at least) where the makedev
! 280: macros in sysmacros.h are obsolete and library functions should be
! 281: used instead.
! 282: [343928acf81e]
! 283:
! 284: * mkpkg:
! 285: When building on Mac OS X, only set SDK_FLAGS if specified osversion
! 286: doesn't match host.
! 287: [d84c6efac872]
! 288:
! 289: 2012-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
! 290:
! 291: * src/ttyname.c:
! 292: Add back buf and tty variables for _ttyname() case that were
! 293: inadvertantly removed.
! 294: [a4a820b22a44]
! 295:
! 296: 2012-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
! 297:
! 298: * plugins/sudoers/po/sudoers.pot:
! 299: regen
! 300: [5446b12c1250]
! 301:
! 302: * configure, configure.in:
! 303: Remove b8 from version number.
! 304: [5adc4dcec061]
! 305:
! 306: * src/ttyname.c:
! 307: remove some XXX
! 308: [187579a5f593]
! 309:
! 310: * src/ttyname.c:
! 311: When looking for a device match, do a breadth-first search instead
! 312: of depth-first. We already special case /dev/pts/ so chances are
! 313: good that if it is not a pseudo-tty it is in the base of /dev/. Also
! 314: avoid a stat(2) when possible if struct dirent has d_type.
! 315: [0183f8a1b278]
! 316:
! 317: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
! 318: src/sudo.c, src/sudo.h:
! 319: Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list.
! 320: [f0574d878491]
! 321:
! 322: * src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo,
! 323: src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo,
! 324: src/po/vi.mo:
! 325: sync with translationproject.org
! 326: [4527ea78fbd5]
! 327:
! 328: * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po,
! 329: src/po/hr.mo, src/po/hr.po:
! 330: New Croatian and Galician translations from translationproject.org
! 331: [ad4bd924b4de]
! 332:
! 333: * src/ttyname.c:
! 334: Add depth-first traversal of /dev/ for the /proc case when not
! 335: /dev/pts/N
! 336: [499bd3456774]
! 337:
! 338: * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c:
! 339: If struct dirent has d_type, use it to avoid an extra stat().
! 340: [741dabbe4bcd]
! 341:
! 342: * plugins/sudoers/sudoreplay.c:
! 343: Sort output of "sudoreplay -l"
! 344: [c0615795bd4b]
! 345:
! 346: 2012-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
! 347:
! 348: * plugins/sudoers/sudoreplay.c:
! 349: Fix duplicate free introduced in last rev
! 350: [efdaabe69d75]
! 351:
! 352: 2012-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
! 353:
! 354: * plugins/sudoers/auth/pam.c:
! 355: Instead of treating ^C from tgetpass() specially, always return
! 356: AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL
! 357: like PAM_AUTH_ERR which Mac OS X returns this when there is no tty.
! 358: [a3b17298d4d0]
! 359:
! 360: * config.h.in, configure, configure.in, src/ttyname.c:
! 361: Rototill code to determine the tty. For Linux, we now look up the
! 362: tty device in /proc/pid/stat instead of trying to open
! 363: /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given
! 364: device number to a string. On BSD, we can use devname(). On
! 365: Solaris, _ttyname_dev() does what we want. TODO: write /dev/
! 366: traversal code for the generic sudo_ttyname_dev().
! 367: [6b22be4d09f0]
! 368:
! 369: 2012-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
! 370:
! 371: * src/ttyname.c:
! 372: Define PRNODEV for those w/o it.
! 373: [f17290e64559]
! 374:
! 375: * config.h.in, configure, configure.in, src/ttyname.c:
! 376: Check for SVR4-style struct psinfo.pr_ttydev and use that to
! 377: determine the tty if std{in,out,err} are not ttys.
! 378: [76ad33a91f4b]
! 379:
! 380: * src/ttyname.c:
! 381: Better support for SVR4-style /proc entries where we can't use
! 382: ttyname() on the /proc/pid/fd/[0-2] entries. We can, however,
! 383: attempt to map the device number back to the correct pseudo-tty
! 384: slave device.
! 385: [4f9f48cc79eb]
! 386:
! 387: * src/ttyname.c:
! 388: When trying to determine the tty name, check parent's stderr in
! 389: addition to its stdin and stdout.
! 390: [604644056c7d]
! 391:
! 392: * src/exec_pty.c:
! 393: Treat a tty read failure like EOF as it usually means the pty has
! 394: gone away. Handle write() on the tty returning EIO.
! 395: [16957f4a706f]
! 396:
! 397: * src/exec.c, src/exec_pty.c:
! 398: Linux select() may return ENOMEM if there is a kernel resource
! 399: shortage. Older Solaris select() may return EIO instead of EBADF
! 400: when the tty goes away. If we get an unhandled select() failure,
! 401: kill the child and exit cleanly.
! 402: [d93940a311ab]
! 403:
! 404: * src/ttyname.c:
! 405: Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might
! 406: block in open.
! 407: [a9f809d09d52]
! 408:
! 409: 2012-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
! 410:
! 411: * plugins/sudoers/set_perms.c:
! 412: Fix restoration of AIX permissions.
! 413: [30c717115988]
! 414:
! 415: * src/parse_args.c:
! 416: Allow the -k flag to be used along with the -i and -s flags.
! 417: [0653b17c97f1]
! 418:
! 419: * plugins/sudoers/sudoreplay.c:
! 420: Plug memory leak in parse_logfile() in the error path.
! 421: [9cce86fa833b]
! 422:
! 423: * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
! 424: src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po,
! 425: src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po,
! 426: src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
! 427: src/po/zh_CN.mo, src/po/zh_CN.po:
! 428: sync with translationproject.org
! 429: [14af43d0b170]
! 430:
! 431: 2012-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
! 432:
! 433: * compat/regress/glob/globtest.c, config.h.in, configure,
! 434: configure.in, plugins/sudoers/match.c:
! 435: Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the
! 436: glob() and fnmatch() results to be consistent.
! 437: [4226750d73c2]
! 438:
! 439: 2012-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
! 440:
! 441: * MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in,
! 442: src/ttysize.c:
! 443: Move ttysize.c to common so sudoreplay can use it.
! 444: [b4a0aa514cd4]
! 445:
! 446: * plugins/sudoers/sudoreplay.c:
! 447: If I/O log file includes rows + cols, warn if the user's tty is not
! 448: big enough.
! 449: [b980ef89efff]
! 450:
! 451: * plugins/sudoers/sudoreplay.c:
! 452: Fix printing of TSID in "sudoreplay -l"
! 453: [4221e3e108b4]
! 454:
! 455: * common/sudo_debug.c, include/sudo_debug.h,
! 456: plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c,
! 457: src/exec_pty.c:
! 458: Log the process id in the debug file output. Since we don't want to
! 459: keep calling getpid(), stash the value at init time and when we
! 460: fork().
! 461: [2782d30c024d]
! 462:
! 463: * src/exec_pty.c:
! 464: Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It
! 465: is better to receive EIO from read()/write() than to be suspended
! 466: when we don't expect it. Fixes a problem when our terminal is
! 467: revoked which can happen when, e.g. our sshd is killed
! 468: unceremoniously. Also, only change the value of "alive" from true to
! 469: false, never from false to true. It is possible for us to receive
! 470: notification of the child having stopped after it is already dead.
! 471: This does not mean it has risen from the grave.
! 472: [26c9fe8ce0f9]
! 473:
! 474: * src/exec_pty.c:
! 475: Distinguish between signals we received from the parent vs. those
! 476: delivered explicitly to the monitor process in debugging info.
! 477: [40716cb180e5]
! 478:
! 479: 2012-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
! 480:
! 481: * plugins/sudoers/check.c:
! 482: In Solaris 11, /dev/pts under the "dev" filesystem, not "devices".
! 483: Update tty_is_devpts() to match so we can determine when the tty has
! 484: been reused.
! 485: [2689665df027]
! 486:
! 487: * common/sudo_debug.c, include/error.h, include/sudo_debug.h:
! 488: Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf()
! 489: and use a new flag, SUDO_DEBUG_FILENO to specify when to use it.
! 490: This allows consumers of sudo_debug_printf() to log that data
! 491: without having to specify it manually.
! 492: [7c94c4879208]
! 493:
! 494: * src/exec_pty.c:
! 495: Make this compile after last change.
! 496: [ee09034f3266]
! 497:
! 498: * src/exec_pty.c:
! 499: Don't try to restore the terminal if we are not the foreground
! 500: process. Otherwise, we may be stopped by SIGTTOU when we try to
! 501: update the terminal settings when cleaning up.
! 502: [c48b24335456]
! 503:
! 504: * src/exec.c:
! 505: If select() return EBADF in the main event loop, one of the ttys
! 506: must have gone away so perform any I/O we can and close the bad fds.
! 507: [3bc8678c03ce]
! 508:
! 509: * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
! 510: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
! 511: plugins/sudoers/toke.l:
! 512: Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the
! 513: function, file and line number in the debug log for warning() and
! 514: error().
! 515: [894cd131f11d]
! 516:
! 517: 2012-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
! 518:
! 519: * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
! 520: src/conversation.c:
! 521: Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno.
! 522: Use this flag when wrapping error() and warning() so the debug
! 523: output includes the error string.
! 524: [1e2c67adaf1f]
! 525:
! 526: 2012-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
! 527:
! 528: * NEWS:
! 529: Update for sudo 1.8.5
! 530: [7d2b62b823fe]
! 531:
! 532: * plugins/sudoers/po/sudoers.pot:
! 533: regen
! 534: [718ad9de92cd]
! 535:
! 536: * doc/CONTRIBUTORS:
! 537: sync
! 538: [f48013aea641]
! 539:
! 540: * plugins/sudoers/pwutil.c:
! 541: Use ecalloc()
! 542: [fabd23c1f271]
! 543:
! 544: * src/exec_pty.c:
! 545: Don't need zero_bytes() after ecalloc()
! 546: [1a9d95cd10ef]
! 547:
! 548: * config.h.in, configure, configure.in, src/sudo_noexec.c:
! 549: Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to
! 550: sudo_noexec.c.
! 551: [cbaa1d4b0f8a]
! 552:
! 553: * src/utmp.c:
! 554: Fix compat setutxent and endutxent macros for systems with
! 555: setutent() but not setutxent(). From Gustavo Zacarias
! 556: [d7ce622fc5f2]
! 557:
! 558: 2012-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
! 559:
! 560: * configure.in:
! 561: Add ignore_result definition to AH_BOTTOM
! 562: [8d4096838a98]
! 563:
! 564: * common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c,
! 565: plugins/sudoers/iolog.c, plugins/sudoers/toke.c,
! 566: plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c,
! 567: src/exec.c, src/exec_pty.c, src/tgetpass.c:
! 568: Fix compiler warnings on some platforms and provide a better method
! 569: of defeating gcc's warn_unused_result attribute.
! 570: [9a8f804fcc75]
! 571:
! 572: * configure, configure.in:
! 573: Fix building the builtin zlib from a build dir. When a zlib dir was
! 574: specified, prepend its include path instead of appending so we get
! 575: the right zlib headers.
! 576: [5f61d591b186]
! 577:
! 578: * doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h,
! 579: zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c,
! 580: zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h,
! 581: zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in,
! 582: zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
! 583: Update zlib to version 1.2.6
! 584: [173c4bc4d4fc]
! 585:
! 586: 2012-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
! 587:
! 588: * include/missing.h:
! 589: g/c __unused which is no longer used
! 590: [7ef3f23edcd6]
! 591:
! 592: * src/env_hooks.c:
! 593: Fix compilation if RTLD_NEXT is not defined.
! 594: [d5605f468b71]
! 595:
! 596: * src/po/sr.mo, src/po/sr.po:
! 597: sync with translationproject.org
! 598: [27d559f7985d]
! 599:
! 600: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
! 601: doc/sudoers.man.in:
! 602: regen
! 603: [f9f63ce478b6]
! 604:
! 605: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
! 606: regen
! 607: [59035d82d15a]
! 608:
! 609: * Makefile.in:
! 610: Ignore Project-Id-Version when comparing pot files.
! 611: [22feb9ede46b]
! 612:
! 613: * plugins/sudoers/bsm_audit.c:
! 614: Use error() instead of log_fatal()
! 615: [54130bda4b50]
! 616:
! 617: * plugins/sudoers/env.c:
! 618: Fix signedness of didvar in env_update_didvar()
! 619: [77048a80b3e4]
! 620:
! 621: * plugins/sudoers/iolog.c:
! 622: Quiet a compiler warning on some platforms.
! 623: [8fdcaece0400]
! 624:
! 625: * compat/fnmatch.c:
! 626: cast ctype(3) function/macro arguments from char to unsigned char to
! 627: avoid potential negative subscripting.
! 628: [bdcf7eef21ef]
! 629:
! 630: * common/setgroups.c:
! 631: Quiet a warning on systems where the gids array in setgroups() is
! 632: not prototyped as being const, even though it really is.
! 633: [fdd758c6302d]
! 634:
! 635: * src/env_hooks.c:
! 636: Quiet a compiler warning on systems where the argument to putenv(3)
! 637: is const.
! 638: [51bae2193b53]
! 639:
! 640: * plugins/sudoers/sudoreplay.c:
! 641: Undo an incorrect int -> bool conversion.
! 642: [b9a4ce320f14]
! 643:
! 644: * MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
! 645: src/po/sv.mo, src/po/sv.po:
! 646: Add Swedish sudo and sudoers translations from
! 647: translationproject.org
! 648: [f7ce1de9073f]
! 649:
! 650: * plugins/sudoers/env.c:
! 651: No need to preserve ODMDIR on AIX now that we always read
! 652: /etc/environment.
! 653: [4aa04b2f0125]
! 654:
! 655: 2012-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
! 656:
! 657: * doc/sudoers.pod, plugins/sudoers/env.c:
! 658: When initializing the environment for env_reset, start out with the
! 659: contents of /etc/environment on AIX and login.conf on BSD.
! 660: [5717bdc321e2]
! 661:
! 662: * doc/TROUBLESHOOTING, src/sudo.c:
! 663: If we are not running with an effective uid of 0, try to give the
! 664: user enough information to debug the problem.
! 665: [fa4894896d8a]
! 666:
! 667: * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
! 668: Quiet a clang-analyzer false positive.
! 669: [c4c0c1b9c8b0]
! 670:
! 671: * src/tgetpass.c:
! 672: If there is nothing to read from the askpass program, set errno to
! 673: EINTR. This makes the cancel button behave like the user entered ^C
! 674: at the password prompt when PAM is used.
! 675: [594302cb9caf]
! 676:
! 677: * src/sudo.h, src/tgetpass.c:
! 678: Fetch the value of "askpass" from the sudo conf struct.
! 679: [4593ee8f1bd3]
! 680:
! 681: * common/sudo_conf.c:
! 682: Fix matching of "Path askpass" and "Path noexec"
! 683: [4df28d62afb9]
! 684:
! 685: 2012-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
! 686:
! 687: * plugins/sudoers/visudo.c:
! 688: Quiet a clang-analyzer dead store warning.
! 689: [dd90bf385a3f]
! 690:
! 691: * plugins/sudoers/sudoers.c:
! 692: If the "timestampowner" user cannot be resolved, use ROOT_UID
! 693: instead of exiting with a fatal error.
! 694: [8d62aae99715]
! 695:
! 696: * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
! 697: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
! 698: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c,
! 699: plugins/sudoers/check.c, plugins/sudoers/env.c,
! 700: plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
! 701: plugins/sudoers/logging.h, plugins/sudoers/parse.c,
! 702: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
! 703: Remove the NO_EXIT flag to log_error() and add a log_fatal()
! 704: function that exits and is marked no_return. Fixes false positives
! 705: from static analyzers and is easier for humans to read too.
! 706: [a0fe785c2a3d]
! 707:
! 708: 2012-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
! 709:
! 710: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
! 711: src/po/eo.po:
! 712: sync with translationproject.org
! 713: [df5e8777de13]
! 714:
! 715: 2012-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
! 716:
! 717: * src/po/da.mo, src/po/da.po:
! 718: sync with translationproject.org
! 719: [629d99548b78]
! 720:
! 721: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
! 722: sync with translationproject.org
! 723: [9d122a2860d6]
! 724:
! 725: 2012-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
! 726:
! 727: * src/po/it.mo, src/po/it.po:
! 728: sync with translationproject.org
! 729: [6397593b15cf]
! 730:
! 731: * common/sudo_conf.c, plugins/sudoers/alias.c,
! 732: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
! 733: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
! 734: plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c,
! 735: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
! 736: plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c,
! 737: src/load_plugins.c:
! 738: Use ecalloc() when allocating structs.
! 739: [8b5888868db2]
! 740:
! 741: * common/alloc.c, include/alloc.h:
! 742: Add ecalloc() and commented out recalloc(). Use inline strnlen()
! 743: instead of strlen() in estrndup().
! 744: [7fb9aa46c1e0]
! 745:
! 746: 2012-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
! 747:
! 748: * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
! 749: plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
! 750: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
! 751: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
! 752: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
! 753: src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
! 754: src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
! 755: src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
! 756: src/po/zh_CN.mo, src/po/zh_CN.po:
! 757: sync with translationproject.org
! 758: [45a032c37334]
! 759:
! 760: 2012-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
! 761:
! 762: * plugins/sudoers/set_perms.c:
! 763: Remove unused label
! 764: [2660bb0c1313]
! 765:
! 766: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
! 767: Document what changed in each plugin API revision
! 768: [59b30a6fc4d1]
! 769:
! 770: * plugins/sudoers/set_perms.c:
! 771: Remove bogus optimization that could lead to a double free of the
! 772: group list.
! 773: [b0bfbd2a83a8]
! 774:
! 775: 2012-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
! 776:
! 777: * doc/TROUBLESHOOTING:
! 778: Expand AIX /etc/security/privcmds entry.
! 779: [9f3f072e034e]
! 780:
! 781: * NEWS:
! 782: Update for sudo 1.8.5
! 783: [086049011f25]
! 784:
! 785: * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat,
! 786: doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
! 787: doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat,
! 788: doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h,
! 789: include/sudo_plugin.h, src/load_plugins.c, src/sudo.c,
! 790: src/sudo_plugin_int.h:
! 791: Rename plugin "args" to "options"
! 792: [f25624951bd2]
! 793:
! 794: * doc/CONTRIBUTORS:
! 795: Add Lithuanian and Vietnamese translators
! 796: [2b4c075b69e3]
! 797:
! 798: * Makefile.in:
! 799: Ignore comments when comparing new and old pot files.
! 800: [f872999347b3]
! 801:
! 802: * src/Makefile.in:
! 803: regen
! 804: [c8193b1b11c7]
! 805:
! 806: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in:
! 807: regen
! 808: [15e3c17e8a3a]
! 809:
! 810: * doc/sudo_plugin.pod, include/sudo_plugin.h,
! 811: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
! 812: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c,
! 813: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c,
! 814: src/sudo.c, src/sudo.h:
! 815: Pass a pointer to user_env in to the init_session policy plugin
! 816: function so session setup can modify the user environment as needed.
! 817: For PAM authentication, merge the PAM environment with the user
! 818: environment at init_session time. We no longer need to swap in the
! 819: user_env for environ during session init, nor do we need to disable
! 820: the env hooks at init_session time.
! 821: [3f5277b359d8]
! 822:
! 823: * plugins/sample/sample_plugin.c:
! 824: Add explicit NULL entries for init_session, register_hooks and
! 825: deregister_hooks with appropriate comments.
! 826: [727a57978b40]
! 827:
! 828: * compat/pw_dup.c:
! 829: Quiet a gcc "used uninitialized in this function" false positive.
! 830: [f14b68379ce9]
! 831:
! 832: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 833: We should always call warning() with a format string or a string
! 834: literal. In this case, the argument (path) is not user-controlled.
! 835: [e9ef51224024]
! 836:
! 837: 2012-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
! 838:
! 839: * src/selinux.c:
! 840: Include sudo_exec.h for the sudo_execve() prototype.
! 841: [769e58065edc]
! 842:
! 843: * config.h.in, configure, configure.in:
! 844: Add check for pam_getenvlist()
! 845: [36bde3f26c60]
! 846:
! 847: * common/sudo_conf.c:
! 848: Set args to NULL in default plugin info struct when there is no
! 849: Plugin line in sudo.conf.
! 850: [93ec67708f01]
! 851:
! 852: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
! 853: regen
! 854: [a9287677795c]
! 855:
! 856: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
! 857: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
! 858: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
! 859: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
! 860: regen
! 861: [a242769d7962]
! 862:
! 863: * configure, configure.in:
! 864: Bump version to 1.8.5
! 865: [e8618f0c2505]
! 866:
! 867: * doc/sudo_plugin.pod:
! 868: Document hooks API
! 869: [e6ad07d27958]
! 870:
! 871: 2012-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
! 872:
! 873: * sudo.pp:
! 874: Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris.
! 875: [fd72340042d3]
! 876:
! 877: * include/sudo_plugin.h:
! 878: Use sudo_hook_fn_t in struct sudo_hook.
! 879: [938f93112d6e]
! 880:
! 881: * doc/TROUBLESHOOTING:
! 882: If cross compiling, --host must include the OS in the tuple. E.g.
! 883: --host powerpc-unknown-linux
! 884: [b8c010070c1e]
! 885:
! 886: 2012-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
! 887:
! 888: * plugins/sudoers/parse.c:
! 889: Fix bogus int -> bool conversion; tags can have a value of -1.
! 890: [e63d6434a303]
! 891:
! 892: * plugins/sudoers/env.c:
! 893: Add env_should_keep() and env_should_delete() wrapper functions to
! 894: simplify things a bit and hide the fact that matches_env_check() is
! 895: not bool.
! 896: [7a03d7a12b50]
! 897:
! 898: * sudo.pp:
! 899: Fix application of debian-specific sudoers mods when building
! 900: packages as non-root.
! 901: [34bf4c52c425]
! 902:
! 903: * plugins/sudoers/env.c:
! 904: matches_env_check() returns int, not boolean
! 905: [0ad915b8d5cb]
! 906:
! 907: * src/sudo_edit.c:
! 908: Fix compilation when seteuid() is not available.
! 909: [8a722f998000]
! 910:
! 911: * src/ttyname.c:
! 912: Simply move the free of ki_proc outside the realloc() loop.
! 913: [217b786da760]
! 914:
! 915: * src/ttyname.c:
! 916: Bring back the erealloc() for the ENOMEM loop and just zero the
! 917: pointer after we free it.
! 918: [29a016e45127]
! 919:
! 920: * src/ttyname.c:
! 921: Don't try to erealloc() a potentially freed pointer; Mateusz Guzik
! 922: [266e08844065]
! 923:
! 924: 2012-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
! 925:
! 926: * plugins/sudoers/set_perms.c:
! 927: Use normal error path if unable to set sudoers gid.
! 928: [01c816918c99]
! 929:
! 930: * plugins/sudoers/set_perms.c:
! 931: Make this work again on systems w/o seteuid().
! 932: [2e67f7421e97]
! 933:
! 934: 2012-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
! 935:
! 936: * plugins/sudoers/set_perms.c:
! 937: Fix compilation if no seteuid/setreuid/setresuid available.
! 938: [d0b3c1f88eb4]
! 939:
! 940: * plugins/sudoers/set_perms.c:
! 941: Better error messages, and added debugging throughout. Fixed
! 942: seteuid() version of set_perms()/restore_perms(). Fixed logic bug in
! 943: AIX version of restore_perms(). Added checks to avoid changing
! 944: uid/gid when we don't have to. Never set gid/uid state to -1, use
! 945: the old value instead.
! 946: [29188d469b5c]
! 947:
! 948: * src/exec_pty.c, src/ttyname.c:
! 949: Fix format string warning on Solaris with gcc 3.4.3.
! 950: [d1eeb6e1dd0f]
! 951:
! 952: * src/sudo.c:
! 953: Always declare environ now that we swap it around unilaterally.
! 954: [aaa3e92e7d0d]
! 955:
! 956: * src/Makefile.in:
! 957: Honor LDFLAGS when linking sesh; from Vita Cizek
! 958: [498b41438f6e]
! 959:
! 960: * src/sesh.c:
! 961: Include alloc.h for estrdup() prototype; from Vita Cizek
! 962: [93203655a320]
! 963:
! 964: 2012-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
! 965:
! 966: * plugins/sudoers/sudoers.c:
! 967: Don't read /etc/environment on Linux when using PAM, PAM should set
! 968: the environment variables as needed via pam_env.
! 969: [b1ef62cb2d40]
! 970:
! 971: * INSTALL:
! 972: Fix editor goof.
! 973: [0c3dd3bb8b57]
! 974:
! 975: * src/hooks.c, src/sudo.c, src/sudo.h:
! 976: Disable environment hooks after we get user_env back to make sure a
! 977: plugin can't to modify user_env after we "own" it. This is kind of
! 978: a hack but we don't want the init_session plugin function to modify
! 979: user_env.
! 980: [8e6d119452a5]
! 981:
! 982: * src/hooks.c, src/sudo.c:
! 983: Add support for deregistering hooks. If an I/O log plugin fails to
! 984: initialize, deregister its hooks (if any).
! 985: [ac00c93900c5]
! 986:
! 987: 2012-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
! 988:
! 989: * plugins/sudoers/sudoers.c, src/sudo.c:
! 990: Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook
! 991: setenv.
! 992: [e75469dd9908]
! 993:
! 994: * MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in,
! 995: compat/setenv.c, compat/unsetenv.c, config.h.in, configure,
! 996: configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl,
! 997: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c,
! 998: plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c,
! 999: plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c,
! 1000: src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h,
! 1001: src/sudo_plugin_int.h:
! 1002: Initial cut at a hooks implementation. The plugin can register
! 1003: hooks for getenv, putenv, setenv and unsetenv. This makes it
! 1004: possible for the plugin to trap changes to the environment made by
! 1005: authentication methods such as PAM or BSD auth so that such changes
! 1006: are reflected in the environment passed back to sudo for execve().
! 1007: [61cffa06f863]
! 1008:
! 1009: 2012-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
! 1010:
! 1011: * MANIFEST, src/po/vi.mo, src/po/vi.po:
! 1012: Add Vietnamese sudo translation from translationproject.org
! 1013: [96df426790d5]
! 1014:
! 1015: 2012-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
! 1016:
! 1017: * doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod,
! 1018: doc/sudoers.pod:
! 1019: List sudo_noexec.so not noexec.so in the sample sudo.conf
! 1020: [53844e190ec5]
! 1021:
! 1022: * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
! 1023: doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h,
! 1024: include/sudo_plugin.h, plugins/sample/sample_plugin.c,
! 1025: plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
! 1026: plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c,
! 1027: src/sudo_plugin_int.h:
! 1028: Add support for plugin args at the end of a Plugin line in
! 1029: sudo.conf. Bump the minor number accordingly and update the
! 1030: documentation. A plugin must check the sudo front end's version
! 1031: before using the plugin_args parameter since it is only supported
! 1032: for API version 1.2 and higher.
! 1033: [587f1f819536]
! 1034:
! 1035: 2012-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
! 1036:
! 1037: * plugins/sudoers/Makefile.in:
! 1038: update depends
! 1039: [6d2da44e11e5]
! 1040:
! 1041: * MANIFEST:
! 1042: secure_path.c is in common, not compat
! 1043: [619c4a663dde]
! 1044:
! 1045: * configure, configure.in:
! 1046: Add check for variadic macro support in cpp.
! 1047: [756854caf675]
! 1048:
! 1049: 2012-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
! 1050:
! 1051: * common/secure_path.c, common/sudo_conf.c, include/secure_path.h,
! 1052: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
! 1053: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
! 1054: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 1055: Add type param to sudo_secure_path() and add sudo_secure_file() and
! 1056: sudo_secure_dir() wrappers which get by #includedir in sudoers.
! 1057: [2ec2d3d8df04]
! 1058:
! 1059: 2012-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
! 1060:
! 1061: * doc/visudo.pod, plugins/sudoers/visudo.c:
! 1062: Check the owner and mode in -c (check) mode unless the -f option is
! 1063: specified. Previously, the owner and mode were checked on the main
! 1064: sudoers file when the -s (strict) option was given, but this was not
! 1065: documented.
! 1066: [b2d6ee1e547a]
! 1067:
! 1068: * config.h.in, configure, configure.in, src/ttyname.c:
! 1069: Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some
! 1070: versions of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
! 1071: [159f6a50456a]
! 1072:
! 1073: 2012-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
! 1074:
! 1075: * doc/CONTRIBUTORS:
! 1076: Add Eric Lakin for patch in bug #538
! 1077: [490c29c234c6]
! 1078:
! 1079: * src/exec_pty.c:
! 1080: Fix typo in safe_close() made while converting to debug framework
! 1081: that prevented it from actually closing anything.
! 1082: [a66422a62afd]
! 1083:
! 1084: * src/exec_pty.c:
! 1085: Add some more debugging.
! 1086: [b5667947dda9]
! 1087:
! 1088: * common/Makefile.in, compat/Makefile.in, doc/Makefile.in,
! 1089: include/Makefile.in:
! 1090: We need sysconfdir in compat/Makfile to get the proper sudo.conf
! 1091: path. Add standard prefix and foodir expansion in all Makefiles to
! 1092: avoid this problem in the future.
! 1093: [62b6ce4ecae9]
! 1094:
! 1095: 2012-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
! 1096:
! 1097: * MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po:
! 1098: New Lithuanian sudoers translation from translationproject.org
! 1099: [10436b649035]
! 1100:
! 1101: * plugins/sudoers/po/ja.po:
! 1102: Update from translationproject.org
! 1103: [acb8db5f8ef1]
! 1104:
! 1105: 2012-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
! 1106:
! 1107: * plugins/sudoers/ldap.c:
! 1108: When adding gids to the LDAP filter, only add the primary gid once.
! 1109: This is consistent with the space computation/allocation. From Eric
! 1110: Lakin
! 1111: [35d9d99c92c6]
! 1112:
! 1113: * doc/TROUBLESHOOTING:
! 1114: Add entry for AIX enhanced RBAC config.
! 1115: [5e10b6f8def7]
! 1116:
! 1117: * mkpkg:
! 1118: Target Mac OS X 10.5 when building packages.
! 1119: [06fce9bbebee]
! 1120:
! 1121: 2012-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
! 1122:
! 1123: * MANIFEST, common/Makefile.in, common/secure_path.c,
! 1124: common/sudo_conf.c, include/secure_path.h,
! 1125: plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c:
! 1126: Relax the user/group/mode checks on sudoers files. As long as the
! 1127: file is owned by the right user, not world-writable and not writable
! 1128: by a group other than the one specified at configure time (gid 0 by
! 1129: default), the file is considered OK. Note that visudo will still
! 1130: set the mode to the value specified at configure time.
! 1131: [241174babfcc]
! 1132:
! 1133: 2012-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
! 1134:
! 1135: * plugins/sudoers/set_perms.c:
! 1136: Add AIX-specific version of permission setting code to make sure
! 1137: that the saved uid gets restored properly.
! 1138: [9a6f5d22c301]
! 1139:
! 1140: * config.h.in, configure, configure.in, src/exec_common.c:
! 1141: Check for LD_PRELOAD variants in configure instead of checkign cpp
! 1142: symbols. In disable_execute(), compute the length of the new envp
! 1143: and allocate it once instead of reallocating on demand. Also append
! 1144: old value of LD_PRELOAD (if any) to the new value.
! 1145: [680266346917]
! 1146:
! 1147: * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
! 1148: Fix the description of noexec.
! 1149: [6a6d142f3c80]
! 1150:
! 1151: * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
! 1152: The "op" parameter to set_default() must be int, not bool since it
! 1153: is set to '+' or '-' for list add and subtract.
! 1154: [8da5b137bea2]
! 1155:
! 1156: * sudo.pp:
! 1157: Make sure sudoers is writable before calling ed script.
! 1158: [95352ab6336b]
! 1159:
! 1160: 2012-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
! 1161:
! 1162: * doc/CONTRIBUTORS, doc/contributors.pod:
! 1163: Update contributors. Now includes translators and authors of compat
! 1164: code.
! 1165: [4fb5b616b50a]
! 1166:
! 1167: 2012-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
! 1168:
! 1169: * src/po/sudo.pot:
! 1170: regen
! 1171: [2c86e2c328fe]
! 1172:
! 1173: * pp, sudo.pp:
! 1174: Build flat packages, not package bundles, on Mac OS X.
! 1175: [57bda3cd5520]
! 1176:
! 1177: 2012-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
! 1178:
! 1179: * sudo.pp:
! 1180: Move macos section to be with the other OS-specific sections.
! 1181: [51423bb2973a]
! 1182:
! 1183: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
! 1184: plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
! 1185: Sync with translationproject.org
! 1186: [8ce41cbb8da0]
! 1187:
! 1188: * configure, configure.in:
! 1189: Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS
! 1190: [fa979aa6fe7d]
! 1191:
! 1192: * sudo.pp:
! 1193: Add Mac OS X support, printing the latest chunk of the NEWS file and
! 1194: the license text in the installer.
! 1195: [ffeab72387c0]
! 1196:
! 1197: * sudo.pp:
! 1198: Add explicit file modes that match those used by "make install"
! 1199: [7eb37242c920]
! 1200:
! 1201: * pp:
! 1202: Sync with upstream for Mac OS X fixes.
! 1203: [97cba179041e]
! 1204:
! 1205: * plugins/sudoers/Makefile.in, src/Makefile.in:
! 1206: Got back to using "install-sh -M" for files installed as non-
! 1207: readable by owner. This fixes "make install" as non-root for
! 1208: package building.
! 1209: [967804ee77d6]
! 1210:
! 1211: 2012-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
! 1212:
! 1213: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
! 1214: plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
! 1215: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
! 1216: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
! 1217: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
! 1218: Sync with translationproject.org
! 1219: [0e53db12039a]
! 1220:
! 1221: * Makefile.in, doc/Makefile.in, include/Makefile.in,
! 1222: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
! 1223: plugins/sudoers/Makefile.in, src/Makefile.in:
! 1224: Use -m not -M for install-sh for everything except setuid. Install
! 1225: locale .mo files mode 0444, not 0644. If timedir parent doesn't
! 1226: exist, use default dir mode, not 0700.
! 1227: [8b6f64c92090]
! 1228:
! 1229: 2012-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
! 1230:
! 1231: * pp:
! 1232: Re-sync with upstream; no longer need a local patch.
! 1233: [97a2c7be5e59]
! 1234:
! 1235: * mkpkg:
! 1236: Add support for building Mac OS X packages.
! 1237: [94d49ac223a4]
! 1238:
! 1239: * pp:
! 1240: Sync with upstream
! 1241: [1c97654fc841]
! 1242:
! 1243: * src/Makefile.in:
! 1244: No longer need to define _PATH_SUDO_CONF here.
! 1245: [2560905b7482]
! 1246:
! 1247: * src/exec_common.c:
! 1248: Fix noexec for Mac OS X.
! 1249: [b7a744bca2c0]
! 1250:
! 1251: 2012-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
! 1252:
! 1253: * common/Makefile.in:
! 1254: Move _PATH_SUDO_CONF override to common to match sudo_debug.c
! 1255: [f0788972a63a]
! 1256:
! 1257: * plugins/sudoers/set_perms.c:
! 1258: More complete fix for LDR_PRELOAD on AIX. The addition of
! 1259: set_perm(PERM_ROOT) before calling the nss open functions (needed to
! 1260: avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective
! 1261: and then real uid to 0 for PERM_ROOT works around the issue.
! 1262: [5888eda051af]
! 1263:
! 1264: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
! 1265: regen
! 1266: [997fe403e219]
! 1267:
! 1268: * src/sudo.c:
! 1269: Set real uid to root before calling sudo_edit() or run_command() so
! 1270: that the monitor process is owned by root and not by the user.
! 1271: Otherwise, on AIX at least, the monitor process shows up in ps as
! 1272: belonging to the user (and can be killed by the user).
! 1273: [d4772d7d2fc5]
! 1274:
! 1275: * plugins/sudoers/set_perms.c:
! 1276: For PERM_ROOT when using setreuid(), only set the euid to 0 prior to
! 1277: the call to setuid(0) if the current euid is non-zero. This
! 1278: effectively restores the state of things prior to rev 7bfeb629fccb.
! 1279: Fixes a problem on AIX where LDR_PRELOAD was not being honored for
! 1280: the command being executed.
! 1281: [b9b40325b4dc]
! 1282:
! 1283: * MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in,
! 1284: include/missing.h, src/sudo.c:
! 1285: Make a copy of the struct passwd in exec_setup() to make sure
! 1286: nothing in the policy init modifies it.
! 1287: [b721261c921f]
! 1288:
! 1289: 2012-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
! 1290:
! 1291: * doc/sudoers.pod:
! 1292: update copyright
! 1293: [f9d229d1f65e]
! 1294:
! 1295: * common/sudo_debug.c, include/sudo_debug.h:
! 1296: g/c now-unused debug subsystems
! 1297: [8f21726e698f]
! 1298:
! 1299: * doc/sudo.pod, doc/sudoers.pod:
! 1300: Enumerate the debug subsystems used by sudo and sudoers.
! 1301: [ac4f84293d14]
! 1302:
! 1303: 2012-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
! 1304:
! 1305: * NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
! 1306: include/sudo_conf.h, src/sudo.c:
! 1307: Normally, sudo disables core dumps while it is running. This
! 1308: behavior can now be modified at run time with a line in sudo.conf
! 1309: like "Set disable_coredumps false"
! 1310: [ad14e0508b0d]
! 1311:
! 1312: * NEWS:
! 1313: Mention Spanish translation
! 1314: [600f3205bd6e]
! 1315:
! 1316: * common/sudo_debug.c:
! 1317: Make sure we don't try to fall back to using the conversation
! 1318: function for debugging in the main sudo process if we are unable to
! 1319: open the debug file.
! 1320: [ffa329aa908c]
! 1321:
! 1322: * MANIFEST, src/po/es.mo, src/po/es.po:
! 1323: Add sudo Spanish translation from translationproject.org
! 1324: [c1906654e740]
! 1325:
! 1326: 2012-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
! 1327:
! 1328: * plugins/sudoers/iolog.c:
! 1329: Better debug subsystem usage
! 1330: [1a31f115743c]
! 1331:
! 1332: * src/sudo.c:
! 1333: Remove duplicate function prototypes
! 1334: [ae04b00532eb]
! 1335:
! 1336: 2012-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
! 1337:
! 1338: * configure, configure.in:
! 1339: Error out if user specified --with-pam but we can't find the headers
! 1340: or library. Also throw an error if the headers are present but the
! 1341: library is not and vice versa.
! 1342: [d6bf3e3d0aae]
! 1343:
! 1344: 2012-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
! 1345:
! 1346: * plugins/sudoers/sudoers.c:
! 1347: Fix the sudoers permission check when the expected sudoers mode is
! 1348: owner-writable.
! 1349: [8b0b7e770a22]
! 1350:
! 1351: 2012-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
! 1352:
! 1353: * configure, configure.in:
! 1354: Verify that we can link executables built with -D_FORTIFY_SOURCE
! 1355: before using it.
! 1356: [7578215d1a95]
! 1357:
! 1358: * src/exec_common.c:
! 1359: Fix potential off-by-one when making a copy of the environment for
! 1360: LD_PRELOAD insertion. Fixes bug #534
! 1361: [cc699cd551b6]
! 1362:
! 1363: * configure, configure.in:
! 1364: Add rudimentary check for _FORTIFY_SOURCE support by checking for
! 1365: __sprintf_chk, one of the functions used by gcc to support it.
! 1366: [a992673d2ef8]
! 1367:
! 1368: * compat/stdbool.h, config.h.in, configure, configure.in:
! 1369: Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves.
! 1370: [8ba1370884b3]
! 1371:
! 1372: 2012-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
! 1373:
! 1374: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
! 1375: regen
! 1376: [1e0b38397705]
! 1377:
! 1378: 2012-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
! 1379:
! 1380: * src/exec.c, src/sudo.c:
! 1381: The change in 818e82ecbbfc that caused to exit when the monitor dies
! 1382: created a race condition between the monitor exiting and the status
! 1383: being read. All we really want to do is make sure that select()
! 1384: notifies us that there is a status change when the monitor dies
! 1385: unexpectedly so shutdown the socketpair connected to the monitor for
! 1386: writing when it dies. That way we can still read the status that is
! 1387: pending on the socket and select() on Linux will tell us that the fd
! 1388: is ready.
! 1389: [7fb5b30ea48d]
! 1390:
! 1391: * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
! 1392: src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h,
! 1393: src/sudo_exec.h:
! 1394: Refactor disable_execute() and my_execve() into exec_common.c for
! 1395: use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of
! 1396: disabling exec in exec_setup(), disable it immediately before
! 1397: executing the command. Adapted from a diff by Arno Schuring.
! 1398: [ec4d8b53db6b]
! 1399:
! 1400: 2012-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
! 1401:
! 1402: * aclocal.m4, configure, configure.in:
! 1403: Add custom version of AC_CHECK_LIB that uses the extra libs in the
! 1404: cache value name. With this we no longer need to rely on a modified
! 1405: version of autoconf.
! 1406: [1c3b1d482d6c]
! 1407:
! 1408: 2012-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
! 1409:
! 1410: * configure, configure.in:
! 1411: Better handling of network functions that need -lsocket -lnsl
! 1412: [cc386342ec2b]
! 1413:
! 1414: * src/sudo.c:
! 1415: When setting up the execution environment, set groups before
! 1416: gid/egid like sudo 1.7 did.
! 1417: [928e1c5fa6c1]
! 1418:
! 1419: * configure, configure.in:
! 1420: Remove "WARNING: unable to find foo() trying -lsocket -lnsl"
! 1421: [84b23cdf138f]
! 1422:
! 1423: * plugins/sudoers/sudoers.c:
! 1424: For "sudo -g" prepend the specified group ID to the beginning of the
! 1425: groups list. This matches BSD convention where the effective gid is
! 1426: the first entry in the group list. This is required on newer
! 1427: FreeBSD where the effective gid is not tracked separately and thus
! 1428: setgroups() changes the egid if this convention is not followed.
! 1429: Fixes bug #532
! 1430: [782d6909108b]
! 1431:
! 1432: 2012-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
! 1433:
! 1434: * configure, configure.in:
! 1435: Fix sh warning; use "test" instead of "["
! 1436: [c6ee3407f65e]
! 1437:
! 1438: * src/exec.c:
! 1439: When not logging I/O, use a signal handler that only forwards
! 1440: SIGINT, SIGQUIT and SIGHUP when they are user-generated signals.
! 1441: Fixes a race in the non-I/O logging path where the command may
! 1442: receive two keyboard-generated signals; one from the kernel and one
! 1443: from the sudo process.
! 1444: [9638684e786a]
! 1445:
! 1446: * src/exec.c:
! 1447: Back out change that put the command in its own pgrp when not
! 1448: logging I/O. It causes problems with pipelines.
! 1449: [4fc9c6e1e770]
! 1450:
! 1451: 2012-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
! 1452:
! 1453: * compat/Makefile.in, configure, configure.in:
! 1454: Only run compat regress tests on compat objects we actually build.
! 1455: Fixes "make check" in the compat dir for systems that don't
! 1456: implement character classes in fnmatch() or glob(). Bug #531
! 1457: [a7addc305e83]
! 1458:
! 1459: 2012-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
! 1460:
! 1461: * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
! 1462: Update po files from translationproject.org
! 1463: [5ea066af1356]
! 1464:
! 1465: 2012-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
! 1466:
! 1467: * sudo.pp:
! 1468: Include parent directories in case they don't already exist. This
! 1469: fixes a directory permissions problem with the AIX package when the
! 1470: /usr/local directories don't already exist.
! 1471: [a14f783dc827]
! 1472:
! 1473: * pp:
! 1474: sync with git version
! 1475: [2f79d0543661]
! 1476:
! 1477: * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
! 1478: regen dependencies
! 1479: [24c92ca6c64d]
! 1480:
! 1481: * MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c:
! 1482: Move tty name lookup code to its own file.
! 1483: [58faf072cbf4]
! 1484:
! 1485: 2012-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
! 1486:
! 1487: * NEWS:
! 1488: Update with latest sudo 1.8.4 changes.
! 1489: [a4ffe4f42528]
! 1490:
! 1491: * config.h.in, configure, configure.in:
! 1492: Remove obsolete template for HAVE_TIMESPEC
! 1493: [75709007c906]
! 1494:
! 1495: * src/sudo.c:
! 1496: Add a check for devname() returning a fully-qualified pathname. None
! 1497: of the devname() implementations do this today but you never know
! 1498: when this might change.
! 1499: [16813ace38f9]
! 1500:
! 1501: 2012-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
! 1502:
! 1503: * plugins/sudoers/visudo.c:
! 1504: For "visudo -c" also list include files that were checked when
! 1505: everything is OK.
! 1506: [ad6f85b35c9c]
! 1507:
! 1508: * src/sudo.c:
! 1509: The device name returned by devname() does not include the /dev/
! 1510: prefix so we need to add it ourselves.
! 1511: [b55285abb7ed]
! 1512:
! 1513: * src/sudo.c:
! 1514: Add debug warning if KERN_PROC sysctl fails or devname() can't
! 1515: resolve the tty device to a name.
! 1516: [b5a23916ba3a]
! 1517:
! 1518: * common/sudo_debug.c:
! 1519: The result of writev() is never checked so just cast to NULL.
! 1520: [4be4e9b58d5b]
! 1521:
! 1522: * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
! 1523: plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
! 1524: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
! 1525: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
! 1526: Update Esperanto, Finnish, Polish and Ukrainian translations from
! 1527: translationproject.org.
! 1528: [bb91bc6ad7e9]
! 1529:
! 1530: 2012-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
! 1531:
! 1532: * config.h.in, configure, configure.in, src/sudo.c:
! 1533: Add support for determining tty via sysctl on other BSD variants.
! 1534: [fd15f63f719a]
! 1535:
! 1536: * configure, configure.in:
! 1537: Only check for struct kinfo_proc.ki_tdev on systems that support
! 1538: sysctl.
! 1539: [109b3f07a39d]
! 1540:
! 1541: * src/sudo.c:
! 1542: For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on
! 1543: ttyname() of std{in,out,err}.
! 1544: [95969b70bd68]
! 1545:
! 1546: 2012-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
! 1547:
! 1548: * config.h.in, configure, configure.in, src/sudo.c:
! 1549: On newer FreeBSD we can get the parent's tty name via sysctl().
! 1550: [3207290501ee]
! 1551:
! 1552: * plugins/sudoers/testsudoers.c:
! 1553: Include locale.h
! 1554: [a602cd0b8c2d]
! 1555:
! 1556: * src/sudo.c:
! 1557: Silence a gcc warning.
! 1558: [8c6d0e3cd534]
! 1559:
! 1560: * plugins/sudoers/bsm_audit.c:
! 1561: Need to include gettext.h and sudo_debug.h; from John Hein
! 1562: [447912aa7300]
! 1563:
! 1564: * plugins/sudoers/iolog.c:
! 1565: Initialize the debug framework from the I/O plugin too.
! 1566: [ce1bf44d96d2]
! 1567:
! 1568: 2012-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
! 1569:
! 1570: * plugins/sudoers/testsudoers.c:
! 1571: Enable debugging via sudo.conf.
! 1572: [d85669c749d0]
! 1573:
! 1574: 2012-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
! 1575:
! 1576: * plugins/sudoers/visudo.c:
! 1577: Use SUDO_DEBUG_ALIAS for alias checking functions.
! 1578: [fb84af30dc76]
! 1579:
! 1580: * configure, configure.in:
! 1581: More complete test for getaddrinfo() that doesn't rely on the
! 1582: network libraries already being added to LIBS.
! 1583: [cbaf2369f4f0]
! 1584:
! 1585: 2012-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
! 1586:
! 1587: * common/aix.c:
! 1588: Add debug support.
! 1589: [def1bdf24485]
! 1590:
! 1591: * configure, configure.in:
! 1592: Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least.
! 1593: [a2ea1c2eac61]
! 1594:
! 1595: * compat/getaddrinfo.c:
! 1596: Include errno.h and missing.h
! 1597: [7d15e17cc2f2]
! 1598:
! 1599: * .hgignore:
! 1600: ignore doc/varsub
! 1601: [417f9fc3231b]
! 1602:
! 1603: * configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in,
! 1604: plugins/sudoers/gram.y, plugins/sudoers/match.c,
! 1605: plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c,
! 1606: src/parse_args.c, src/sudo.c, src/sudo.h:
! 1607: Update copyright year.
! 1608: [5d0ffc7dd567]
! 1609:
! 1610: * NEWS:
! 1611: Update for sudo 1.8.4
! 1612: [841e3eff9844]
! 1613:
! 1614: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
! 1615: regen pot files
! 1616: [c509cb45b66a]
! 1617:
! 1618: * plugins/sudoers/sudoreplay.c:
! 1619: Enable debugging via sudo.conf.
! 1620: [5087aaee8484]
! 1621:
! 1622: * plugins/sudoers/visudo.c:
! 1623: Enable debugging via sudo.conf.
! 1624: [04b067c16ed3]
! 1625:
! 1626: * plugins/sudoers/visudo.c:
! 1627: Allow "visudo -c" to work when we only have read-only access to the
! 1628: sudoers include files.
! 1629: [d8c6713fe5c1]
! 1630:
! 1631: * doc/sudo.pod, doc/visudo.pod:
! 1632: Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add
! 1633: HISTORY section in sudo that points to HISTORY file.
! 1634: [d1f1bcb051c5]
! 1635:
! 1636: * doc/sudo.pod, doc/sudo_plugin.pod:
! 1637: Document Debug setting in sudo.conf and debug_flags in plugin.
! 1638: [acfc505aa4a9]
! 1639:
! 1640: 2012-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
! 1641:
! 1642: * plugins/sudoers/match.c:
! 1643: Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a
! 1644: bug where a pattern like "/usr/*" include /usr/bin/ in the results,
! 1645: which would be incorrectly be interpreted as if the sudoers file had
! 1646: specified a directory. From Vitezslav Cizek.
! 1647: [0cdb6252188c]
! 1648:
! 1649: * INSTALL, config.h.in, configure, configure.in,
! 1650: plugins/sudoers/auth/kerb5.c:
! 1651: Add --enable-kerb5-instance configure option to allow people using
! 1652: Kerberos V authentication to use a custom instance. Adapted from a
! 1653: diff by Michael E Burr.
! 1654: [e83af8bb7aa7]
! 1655:
! 1656: * doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h:
! 1657: Remove -D debug_level option.
! 1658: [cbcd05094347]
! 1659:
! 1660: * doc/LICENSE:
! 1661: Update copyright year.
! 1662: [9f43dd7aa852]
! 1663:
! 1664: 2012-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
! 1665:
! 1666: * plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
! 1667: plugins/sudoers/visudo.c:
! 1668: parse_error is now bool, not int
! 1669: [5ea7fb6fda38]
! 1670:
! 1671: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
! 1672: plugins/sudoers/parse.c:
! 1673: Print a more sensible error if yyparse() returns non-zero but
! 1674: yyerror() was not called.
! 1675: [d44ec88f1183]
! 1676:
! 1677: * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
! 1678: plugins/sudoers/gram.c:
! 1679: Replace y.tab.c with the correct filename in #line directives.
! 1680: [3c84fcb7e959]
! 1681:
! 1682: 2012-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 1683:
1684: * src/sudo.c:
1.1.1.2 ! misho 1685: When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2}
! 1686: if the main process's fds 0-2 are not hooked up to a tty. Adapted
! 1687: from a diff by Zdenek Behan.
! 1688: [b9dfce12af85]
! 1689:
! 1690: * src/exec.c:
! 1691: When not logging I/O, put command in its own pgrp and make that the
! 1692: controlling pgrp if the command is in the foreground. Fixes a race
! 1693: in the non-I/O logging path where the command may receive two
! 1694: keyboard-generated signals; one from the kernel and one from the
! 1695: sudo process.
! 1696: [d0e263ce496c]
! 1697:
! 1698: 2011-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
! 1699:
! 1700: * src/sudo_edit.c:
! 1701: Quiet a bogus gcc warning.
! 1702: [2009669e0608]
! 1703:
! 1704: * src/parse_args.c, src/sudo.h:
! 1705: Fix warnings related to sudo.conf accessors.
! 1706: [08ddc29ba50b]
! 1707:
! 1708: * common/sudo_conf.c, include/sudo_conf.h:
! 1709: Separate sudo.conf parsing from plugin loading and move the parse
! 1710: functions into the common lib so that visudo, etc. can use them.
! 1711: [f1fc659a8079]
! 1712:
! 1713: * MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c,
! 1714: src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h:
! 1715: Separate sudo.conf parsing from plugin loading and move the parse
! 1716: functions into the common lib so that visudo, etc. can use them.
! 1717: [e1f2cf6bd57a]
! 1718:
! 1719: * doc/sudoers.pod, plugins/sudoers/def_data.c,
! 1720: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
! 1721: plugins/sudoers/sudoers.c, src/sudo.c:
! 1722: Remove support for noexec_file in sudoers and the plugin API
! 1723: [3e2fd58879b5]
! 1724:
! 1725: * plugins/sudoers/sudoers.c:
! 1726: Don't dump interfaces if there are none.
! 1727: [9081bb4d3e9e]
! 1728:
! 1729: * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
! 1730: Add missing %s printf escape to the group_plugin, iolog_dir and
! 1731: iolog_file descriptions.
! 1732: [7db03f2b737e]
! 1733:
! 1734: 2011-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
! 1735:
! 1736: * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c:
! 1737: Fix typo in visiblepw description; from Joel Pickett
! 1738: [2fb4b26d5c2c]
! 1739:
! 1740: 2011-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
! 1741:
! 1742: * MANIFEST, configure, configure.in, mkdep.pl,
! 1743: plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
! 1744: plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
! 1745: plugins/sudoers/sudoers.h, src/sudo.c:
! 1746: When running a login shell with a login_class specified, use
! 1747: LOGIN_SETENV instead of rolling our own login.conf setenv support
! 1748: since FreeBSD's login.conf has more than just setenv capabilities.
! 1749: This requires us to swap the plugin-provided envp for the global
! 1750: environ before calling setusercontext() and then stash the resulting
! 1751: environ pointer back into the command details, which is kind of a
! 1752: hack.
! 1753: [ad4f1190143b]
! 1754:
! 1755: * plugins/sudoers/Makefile.in:
! 1756: If srcdir is "." just use the basename of the yacc/lex file when
! 1757: generating the C version. This matches the generated files
! 1758: currently in the repo.
! 1759: [0b11c3df87a8]
! 1760:
! 1761: * doc/Makefile.in, plugins/sudoers/Makefile.in:
! 1762: Clean up the DEVEL noise
! 1763: [9de2afe457fd]
! 1764:
! 1765: * src/exec.c:
! 1766: Handle different Unix domain socket (actually socketpair) semantics
! 1767: in BSD vs. Linux. In BSD if one end of the socketpair goes away
! 1768: select() returns the fd as readable and the read will fail with
! 1769: ECONNRESET. This doesn't appear to happen on Linux so if we notice
! 1770: that the monitor process has died when I/O logging is enabled,
! 1771: behave like the command has exited. This means we log the wait
! 1772: status of the monitor, not the command, but there is nothing else we
! 1773: can do at that point. This should only be an issue if SIGKILL is
! 1774: sent to the monitor process.
! 1775: [818e82ecbbfc]
! 1776:
! 1777: * src/exec_pty.c:
! 1778: Catch common signals in the monitor process so they get passed to
! 1779: the command. Fixes a problem when the entire login session is
! 1780: killed when ssh is disconnected or the terminal window is closed.
! 1781: Previously, the monitor would exit and plugin's close method would
! 1782: not be called.
! 1783: [0e4658263138]
! 1784:
! 1785: * INSTALL, configure, configure.in:
! 1786: Mention how to configure pam_hpsec on HP-UX to play nicely with
! 1787: sudo.
! 1788: [a7294cd8ce98]
! 1789:
! 1790: 2011-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
! 1791:
! 1792: * plugins/sudoers/ldap.c:
! 1793: Escape values in the search expression as per RFC 4515.
! 1794: [c2adbc5db92b]
! 1795:
! 1796: * doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
! 1797: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
! 1798: src/Makefile.in:
! 1799: No need for install target to depend explicitly on install-dirs, the
! 1800: install-foo targets all depend on it.
! 1801: [62a36ed98279]
! 1802:
! 1803: 2011-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
! 1804:
! 1805: * .hgignore:
! 1806: ignore src/sesh
! 1807: [463d492f6782]
! 1808:
! 1809: * MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl,
! 1810: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
! 1811: plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
! 1812: plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
! 1813: plugins/sudoers/sudoers.h, src/Makefile.in:
! 1814: Add support for setenv entries in login.conf. We can't use
! 1815: LOGIN_SETENV since the plugin sets up the envp the command is
! 1816: executed with. Also regen the Makefile.in files while here. Fixes
! 1817: bug #527
! 1818: [088d507926e2]
! 1819:
! 1820: 2011-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
! 1821:
! 1822: * MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h,
! 1823: config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
! 1824: src/net_ifs.c:
! 1825: Add getaddrinfo() for those without it, written by Russ Allbery
! 1826: [4cf9ac831222]
! 1827:
! 1828: * doc/Makefile.in:
! 1829: Restore PACKAGE_TARNAME, it is used in docdir
! 1830: [9d65e893edb1]
! 1831:
! 1832: * MANIFEST, compat/stdbool.h:
! 1833: SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to
! 1834: the MANIFEST
! 1835: [e67700dc5621]
! 1836:
! 1837: * common/atobool.c, common/term.c, src/exec.c:
! 1838: Remove duplicate return statements.
! 1839: [48a20d5215fd]
! 1840:
! 1841: * plugins/sudoers/auth/bsdauth.c:
! 1842: Remove inaccurate comment
! 1843: [e7f0265cf657]
! 1844:
! 1845: * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c:
! 1846: Fetch the login class for the user we authenticate specifically when
! 1847: using BSD authentication. That user may have a different login
! 1848: class than what we will use to run the command. When setting the
! 1849: login class for the command, use the target user's struct passwd,
! 1850: not the invoking user's. Fixes bug 526
! 1851: [21bf0af892f7]
! 1852:
! 1853: * compat/Makefile.in, configure, configure.in, doc/Makefile.in,
! 1854: plugins/sudoers/Makefile.in:
! 1855: Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1"
! 1856: [8ee6e0891f27]
! 1857:
! 1858: * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
! 1859: plugins/sudoers/regress/logging/check_wrap.c,
! 1860: plugins/sudoers/regress/parser/check_addr.c,
! 1861: plugins/sudoers/regress/parser/check_fill.c:
! 1862: Fix "make check" fallout from the sudo_conv changes in sudo_debug.
! 1863: [b0aaa63c9081]
! 1864:
! 1865: * common/fileops.c, common/sudo_debug.c, configure, configure.in,
! 1866: include/fileops.h, plugins/sample/Makefile.in,
! 1867: plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in,
! 1868: plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
! 1869: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
! 1870: plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
! 1871: plugins/sudoers/env.c, plugins/sudoers/find_path.c,
! 1872: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
! 1873: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
! 1874: plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
! 1875: plugins/sudoers/ldap.c, plugins/sudoers/match.c,
! 1876: plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
! 1877: plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
! 1878: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
! 1879: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
! 1880: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
! 1881: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
! 1882: plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c,
! 1883: src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h,
! 1884: src/sudo_plugin_int.h, src/utmp.c:
! 1885: Use stdbool.h instead of rolling our own TRUE/FALSE macros.
! 1886: [dcb0bbc42fc9]
! 1887:
! 1888: 2011-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
! 1889:
! 1890: * compat/stdbool.h, config.h.in, configure, configure.in:
! 1891: Add stdbool.h for systems without it.
! 1892: [18bd9dda1dcd]
! 1893:
! 1894: * aclocal.m4, config.h.in, configure, configure.in:
! 1895: No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default
! 1896: includes have unistd.h in them. Add check for socklen_t for
! 1897: upcoming getaddrinfo compat.
! 1898: [d705465bef69]
! 1899:
! 1900: * common/fileops.c, compat/nanosleep.c, config.h.in, configure,
! 1901: configure.in, plugins/sudoers/interfaces.c,
! 1902: plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c,
! 1903: plugins/sudoers/sudoreplay.c, src/net_ifs.c:
! 1904: Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of
! 1905: HAVE_TIMESPEC and HAVE_IN6_ADDR respectively.
! 1906: [fa187c9bd2be]
! 1907:
! 1908: * src/sudo_noexec.c:
! 1909: No longer need to include time.h here as missing.h does not use
! 1910: time_t.
! 1911: [fa3a089bf5b1]
! 1912:
! 1913: 2011-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
! 1914:
! 1915: * plugins/sudoers/visudo.c:
! 1916: Fix mode on sudoers as needed when the -f option is not specified.
! 1917: [7a1c40b0dc03]
! 1918:
! 1919: * MANIFEST, src/po/sr.mo, src/po/sr.po:
! 1920: Add Serbian translation for sudo from translationproject.org
! 1921: [9a0c25e25cba]
! 1922:
! 1923: * common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c,
! 1924: src/parse_args.c:
! 1925: No longer pass debug_file to plugin, plugins must now use
! 1926: CONV_DEBUG_MSG
! 1927: [810cda1abb0b]
! 1928:
! 1929: * mkpkg:
! 1930: Build PIE executables for newer Debian and Ubuntu
! 1931: [1c5f25f8904a]
! 1932:
! 1933: * common/sudo_debug.c:
! 1934: Include time.h for ctime() prototype.
! 1935: [10090cf3bca1]
! 1936:
! 1937: 2011-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
! 1938:
! 1939: * common/sudo_debug.c, include/sudo_debug.h, src/exec.c,
! 1940: src/exec_pty.c:
! 1941: Do not close error pipe or debug fd via closefrom() as we need them
! 1942: to report an exec error should one occur.
! 1943: [732f6587fafa]
! 1944:
! 1945: * doc/sudoers.ldap.pod:
! 1946: Document that a sudoUser may now be a group ID.
! 1947: [2fef46b9d3d3]
! 1948:
! 1949: * plugins/sudoers/ldap.c:
! 1950: Add support for permitting access by group ID in addition to group
! 1951: name.
! 1952: [b9450fdf1f69]
! 1953:
! 1954: * plugins/sudoers/ldap.c:
! 1955: Older Netscape LDAP SDKs don't prototype ldapssl_set_strength()
! 1956: [d62a1e7cff4f]
! 1957:
! 1958: * compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE:
! 1959: Replace UCB fnmatch.c with a non-recursive version written by
! 1960: William A. Rowe Jr.
! 1961: [354d3384adb8]
! 1962:
! 1963: * plugins/sudoers/auth/pam.c:
! 1964: Fix typo, return_debug vs. debug_return
! 1965: [1b522efcbb0d]
! 1966:
! 1967: 2011-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
! 1968:
! 1969: * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
! 1970: Update Japanese sudoers translation from translationproject.org
! 1971: [ec0f2beaad36]
! 1972:
! 1973: * doc/sudoers.pod:
! 1974: Make the env_reset descriptions consistent.
! 1975: [41c056f02688]
! 1976:
! 1977: 2011-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
! 1978:
! 1979: * configure, configure.in:
! 1980: Do multiple expansion when expanding paths to the noexec file, sesh
! 1981: and the plugin directory. Adapted from a diff by Mike Frysinger
! 1982: [d7e16c876c66]
! 1983:
! 1984: * common/Makefile.in:
! 1985: regen
! 1986: [9d729e09c186]
! 1987:
! 1988: 2011-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
! 1989:
! 1990: * .hgignore:
! 1991: Add ignore file; from Mike Frysinger
! 1992: [1fa8d52425f8]
! 1993:
! 1994: * mkdep.pl:
! 1995: no longer save old Makefile.in to .old
! 1996: [378dd2395545]
! 1997:
! 1998: * plugins/sudoers/Makefile.in, src/Makefile.in:
! 1999: regen
! 2000: [769faf517720]
! 2001:
! 2002: * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4,
! 2003: m4/ltoptions.m4, m4/ltversion.m4:
! 2004: Update to libtool 2.4.2
! 2005: [9dac78d84b4f]
! 2006:
! 2007: 2011-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
! 2008:
! 2009: * plugins/sudoers/sudoers_version.h:
! 2010: Bump grammar version for #include and #includedir relative path
! 2011: support.
! 2012: [82a4f7cd8f71]
! 2013:
! 2014: 2011-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
! 2015:
! 2016: * doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 2017: Add support for relative paths in #include and #includedir
! 2018: [4d6e3bd0c24f]
! 2019:
! 2020: * plugins/sudoers/Makefile.in:
! 2021: Fix install-plugin when shared objects are unsupported or disabled.
! 2022: [cbdd770a7a1b]
! 2023:
! 2024: * plugins/sudoers/goodpath.c:
! 2025: Don't write to sbp if it is NULL
! 2026: [fc438f8e8570]
! 2027:
! 2028: 2011-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
! 2029:
! 2030: * Makefile.in:
! 2031: Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set,
! 2032: only install matching .mo files
! 2033: [c1dc30ab4ebc]
! 2034:
! 2035: 2011-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
! 2036:
! 2037: * plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
! 2038: plugins/sudoers/sudoers.c, src/conversation.c:
! 2039: Fix non-dynamic (no dlopen) sudo build.
! 2040: [b0bd3fa925a3]
! 2041:
! 2042: * configure, configure.in:
! 2043: Don't error out if the user specified --disable-shared
! 2044: [cf035dd1e5cc]
! 2045:
! 2046: * common/sudo_debug.c, plugins/sudoers/sudoreplay.c,
! 2047: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
! 2048: src/conversation.c:
! 2049: Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to
! 2050: the debug file.
! 2051: [640c62f83251]
! 2052:
! 2053: * plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
! 2054: plugins/sudoers/sudoers.h:
! 2055: Make sudo_goodpath() return value bolean
! 2056: [fea2d59a6e55]
1.1 misho 2057:
1.1.1.2 ! misho 2058: * INSTALL, MANIFEST, configure, configure.in, mkdep.pl,
! 2059: plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c:
! 2060: Remove obsolete securid auth method.
! 2061: [4e54f860214b]
! 2062:
! 2063: * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
! 2064: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
! 2065: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
! 2066: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
! 2067: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
! 2068: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
! 2069: plugins/sudoers/auth/sudo_auth.h:
! 2070: Prefix authentication functions with a "sudo_" prefix to avoid
! 2071: namespace problems.
! 2072: [581d74063ea1]
! 2073:
! 2074: * INSTALL, MANIFEST, config.h.in, configure, configure.in,
! 2075: doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in,
! 2076: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c,
! 2077: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c:
! 2078: Remove the old Kerberos IV support
! 2079: [2e4b4a44209d]
! 2080:
! 2081: 2011-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
! 2082:
! 2083: * plugins/sudoers/check.c:
! 2084: Don't print garbage at the end of the custom lecture.
! 2085: [44bb788fafaa]
! 2086:
! 2087: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 2088: Add lexer tracing as debug@parser
! 2089: [d850f3f9d414]
! 2090:
! 2091: * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
! 2092: plugins/sudoers/defaults.h, plugins/sudoers/gram.c,
! 2093: plugins/sudoers/match.c, plugins/sudoers/parse.c,
! 2094: plugins/sudoers/regress/parser/check_fill.c,
! 2095: plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
! 2096: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
! 2097: plugins/sudoers/visudo.c:
! 2098: Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and
! 2099: <def_data.h> and not "def_data.h" when generating the parser in a
! 2100: build dir.
! 2101: [7da701def753]
! 2102:
! 2103: 2011-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
! 2104:
! 2105: * mkdep.pl, plugins/sudoers/Makefile.in:
! 2106: Better devdir support in mkdep.pl
! 2107: [7dcec57bd155]
! 2108:
! 2109: * plugins/sudoers/Makefile.in:
! 2110: Add devdir before srcdir in include path and fix up dependecies
! 2111: accordingly.
! 2112: [6e9958eca485]
! 2113:
! 2114: * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
! 2115: plugins/sudoers/defaults.h, plugins/sudoers/match.c,
! 2116: plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
! 2117: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
! 2118: plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
! 2119: #include "gram.h" not <gram.h> and "def_data.h" and not
! 2120: <def_data.h>.
! 2121: [003bdb078a15]
1.1 misho 2122:
2123: * sudo.pp:
1.1.1.2 ! misho 2124: Mark libexec files as optional. If we build without shared object
! 2125: support, libexec is not used.
! 2126: [4bffcf482219]
! 2127:
! 2128: * src/load_plugins.c:
! 2129: Change Debug sudo.conf setting to take a program name as the first
! 2130: argument. In the future, this will allow visudo and sudoreplay to
! 2131: use their own Debug entries.
! 2132: [cfb8f7e4867c]
! 2133:
! 2134: * src/sudo.c:
! 2135: fix sudo_debug_printf priority
! 2136: [dcb67e965609]
! 2137:
! 2138: * plugins/sudoers/sudoers.c:
! 2139: add missing debug_return_int
! 2140: [d88ec450c592]
! 2141:
! 2142: 2011-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
! 2143:
! 2144: * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
! 2145: plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c:
! 2146: Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR
! 2147: [dcee8efc294f]
! 2148:
! 2149: * doc/UPGRADE:
! 2150: Add missing word in HOME security note.
! 2151: [fd844fdcc1ac]
! 2152:
! 2153: * plugins/sudoers/testsudoers.c:
! 2154: Prevent "testsudoers -d username" from trying to malloc(0).
! 2155: [839126e56e8c]
! 2156:
! 2157: 2011-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
! 2158:
! 2159: * plugins/sudoers/regress/sudoers/test10.in,
! 2160: plugins/sudoers/regress/sudoers/test10.out.ok,
! 2161: plugins/sudoers/regress/sudoers/test10.toke.ok,
! 2162: plugins/sudoers/regress/sudoers/test10.toke.out.ok,
! 2163: plugins/sudoers/regress/sudoers/test11.in,
! 2164: plugins/sudoers/regress/sudoers/test11.out.ok,
! 2165: plugins/sudoers/regress/sudoers/test11.toke.ok,
! 2166: plugins/sudoers/regress/sudoers/test11.toke.out.ok,
! 2167: plugins/sudoers/regress/sudoers/test12.in,
! 2168: plugins/sudoers/regress/sudoers/test12.out.ok,
! 2169: plugins/sudoers/regress/sudoers/test12.toke.ok,
! 2170: plugins/sudoers/regress/sudoers/test13.in,
! 2171: plugins/sudoers/regress/sudoers/test13.out.ok,
! 2172: plugins/sudoers/regress/sudoers/test13.toke.ok,
! 2173: plugins/sudoers/regress/sudoers/test9.in,
! 2174: plugins/sudoers/regress/sudoers/test9.out.ok,
! 2175: plugins/sudoers/regress/sudoers/test9.toke.ok,
! 2176: plugins/sudoers/regress/sudoers/test9.toke.out.ok:
! 2177: Tests for empty sudoers (should parse OK) and syntax errors within a
! 2178: line (should report correct line number) both with and without the
! 2179: trailing newline.
! 2180: [d57c879c4718]
! 2181:
! 2182: * plugins/sudoers/regress/sudoers/test4.out.ok,
! 2183: plugins/sudoers/regress/sudoers/test5.out.ok,
! 2184: plugins/sudoers/regress/sudoers/test7.out.ok,
! 2185: plugins/sudoers/regress/sudoers/test8.out.ok,
! 2186: plugins/sudoers/testsudoers.c:
! 2187: Print line number when there is a parser error.
! 2188: [5444ef6ac6dc]
! 2189:
! 2190: 2011-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
! 2191:
! 2192: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
! 2193: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 2194: Keep track of the last token returned. On error, if the last token
! 2195: was COMMENT, decrement sudolineno since the error most likely
! 2196: occurred on the preceding line. Previously we always uses
! 2197: sudolineno-1 which will give the wrong line number for errors within
! 2198: a line.
! 2199: [d661a03a64da]
! 2200:
! 2201: 2011-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
! 2202:
! 2203: * NEWS:
! 2204: update with sudo 1.8.3p1 info
! 2205: [0f79ff31f602]
! 2206:
! 2207: * plugins/sudoers/sudoers.c:
! 2208: Fix crash when "sudo -g group -i" is run. Fixes bug 521
! 2209: [a3087ae337c4]
! 2210:
! 2211: 2011-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
! 2212:
! 2213: * plugins/sudoers/visudo.c:
! 2214: Make alias_remove_recursive() return TRUE/FALSE as its callers
! 2215: expect and remove two unused arguments. Fixes bug 519.
! 2216: [2ee3b2882844]
! 2217:
! 2218: * plugins/sudoers/regress/visudo/test1.out.ok,
! 2219: plugins/sudoers/regress/visudo/test1.sh:
! 2220: Add regress test for bugzilla 519
! 2221: [48000ebedf97]
! 2222:
! 2223: * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
! 2224: plugins/sudoers/regress/logging/check_wrap.c,
! 2225: plugins/sudoers/regress/parser/check_addr.c,
! 2226: plugins/sudoers/regress/parser/check_fill.c:
! 2227: Disable warning/error wrapping in regress tests.
! 2228: [373c589ba561]
1.1 misho 2229:
2230: 2011-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
2231:
1.1.1.2 ! misho 2232: * Makefile.in:
! 2233: Do compile-po as part of sync-po so that the .mo files get rebuild
! 2234: automatically when we sync with translationproject.org
! 2235: [83f3cbfc2f33]
! 2236:
1.1 misho 2237: * plugins/sudoers/Makefile.in:
2238: check_addr needs to link with the network libraries on Solaris
2239: [322bd70e316e]
2240:
2241: * plugins/sudoers/match.c:
2242: When matching a RunasAlias for a runas group, pass the alias in as
2243: the group_list, not the user_list. From Daniel Kopecek.
2244: [766545edf141]
2245:
2246: * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
2247: We need to init the auth system regardless of whether we need a
2248: password since we will be closing the PAM session in the monitor
2249: process. Fixes a crash in the monitor on Solaris; bugzilla #518
2250: [e82809f86fb3]
2251:
1.1.1.2 ! misho 2252: 2011-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 2253:
1.1.1.2 ! misho 2254: * src/exec.c:
! 2255: Get rid of done: label. If the child exits we still need to close
! 2256: the pty, update utmp and restore the SELinux tty context.
! 2257: [cc127bf48405]
! 2258:
! 2259: 2011-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
! 2260:
! 2261: * common/Makefile.in, common/atobool.c, common/fileops.c,
! 2262: common/fmt_string.c, common/lbuf.c, common/list.c,
! 2263: common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in,
! 2264: plugins/sudoers/alias.c, plugins/sudoers/audit.c,
! 2265: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
! 2266: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
! 2267: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
! 2268: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
! 2269: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
! 2270: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
! 2271: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
! 2272: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
! 2273: plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
! 2274: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
! 2275: plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
! 2276: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
! 2277: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
! 2278: plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
! 2279: plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
! 2280: plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
! 2281: plugins/sudoers/logwrap.c, plugins/sudoers/match.c,
! 2282: plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
! 2283: plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
! 2284: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
! 2285: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
! 2286: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
! 2287: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
! 2288: src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c,
! 2289: src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
! 2290: src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
! 2291: src/tgetpass.c, src/ttysize.c, src/utmp.c:
! 2292: Add debug_decl/debug_return (almost) everywhere. Remove old
! 2293: sudo_debug() and convert users to sudo_debug_printf().
! 2294: [8f3bbf907b67]
! 2295:
! 2296: * common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c,
! 2297: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
! 2298: plugins/sudoers/visudo.c, src/error.c:
! 2299: Wrap error/errorx and warning/warningx functions with debug
! 2300: statements. Disable wrapping for standalone sudoers programs as well
! 2301: as memory allocation functions (to avoid infinite recursion).
! 2302: [562ed7b5ae8d]
! 2303:
! 2304: * README, config.h.in, configure, configure.in:
! 2305: Add checks for __func__ and __FUNCTION__ and mention that we now
! 2306: require a cpp that supports variadic macros.
! 2307: [314cfe4c5d23]
! 2308:
! 2309: * MANIFEST, common/Makefile.in, common/sudo_debug.c,
! 2310: include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c,
! 2311: src/load_plugins.c, src/parse_args.c, src/sudo.c,
! 2312: src/sudo_plugin_int.h:
! 2313: New debug framework for sudo and plugins using /etc/sudo.conf that
! 2314: also supports function call tracing.
! 2315: [cded741e9f10]
1.1 misho 2316:
1.1.1.2 ! misho 2317: 2011-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
! 2318:
! 2319: * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
! 2320: Update Japanese sudoers translation from translationproject.org
! 2321: [c24725775e32]
1.1 misho 2322:
2323: 2011-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
2324:
2325: * configure, configure.in:
2326: Override and ignore the --disable-static option. Sudo already runs
2327: libtool with -tag=disable-static where applicable and we need non-
2328: PIC objects to build the executables.
1.1.1.2 ! misho 2329: [aff1227b853a]
1.1 misho 2330:
2331: 2011-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
2332:
2333: * NEWS:
2334: Add sudoedit fix
1.1.1.2 ! misho 2335: [74655c7ccad1]
1.1 misho 2336:
2337: * plugins/sudoers/po/sudoers.pot:
2338: regen pot files
1.1.1.2 ! misho 2339: [28d89a831ed3]
1.1 misho 2340:
1.1.1.2 ! misho 2341: * plugins/sudoers/env.c:
! 2342: Ignore set_logname (which is now the default) for sudoedit since we
1.1 misho 2343: want the LOGNAME, USER and USERNAME environment variables to refer
2344: to the calling user since that is who the editor runs as. This
2345: allows the editor to find the user's startup files. Fixes bugzilla
2346: #515
1.1.1.2 ! misho 2347: [6c5dddf5ff05]
1.1 misho 2348:
1.1.1.2 ! misho 2349: * plugins/sudoers/pwutil.c:
! 2350: Instead of trying to grow the buffer in make_grlist_item(), simply
1.1 misho 2351: increase the total length, free the old buffer and allocate a new
2352: one. This is less error prone and saves us from having to adjust
2353: all the pointers in the buffer. This code path is only taken when
2354: there are groups longer than the length of the user field in struct
2355: utmp or utmpx, which should be quite rare.
1.1.1.2 ! misho 2356: [5587dc8cffaf]
1.1 misho 2357:
1.1.1.2 ! misho 2358: * src/po/it.mo:
! 2359: Add Italian translation for sudo from translationproject.org
! 2360: [1b3dd886e7e3]
1.1 misho 2361:
1.1.1.2 ! misho 2362: * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
! 2363: src/po/ja.mo, src/po/ja.po:
1.1 misho 2364: Japanese translation for sudo and sudoers from
2365: translationproject.org
1.1.1.2 ! misho 2366: [c06dd866be6e]
1.1 misho 2367:
2368: 2011-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
2369:
1.1.1.2 ! misho 2370: * plugins/sudoers/Makefile.in:
! 2371: sudoreplay depends on timestr.lo too; from Mike Frysinger
! 2372: [b9e73214b2f1]
1.1 misho 2373:
2374: 2011-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
2375:
2376: * plugins/sudoers/po/sudoers.pot:
2377: Regen sudoers pot file.
1.1.1.2 ! misho 2378: [019588bafdb3]
1.1 misho 2379:
2380: * NEWS:
2381: Update with latest sudo 1.8.3 news
1.1.1.2 ! misho 2382: [6868042a88e9]
1.1 misho 2383:
1.1.1.2 ! misho 2384: * plugins/sudoers/sudoers.c:
! 2385: It appears that LDAP or NSS may modify the euid so we need to be
! 2386: root for the open(). We restore the old perms at the end of
! 2387: sudoers_policy_open().
! 2388: [2da67a5497ef]
1.1 misho 2389:
1.1.1.2 ! misho 2390: * plugins/sudoers/set_perms.c:
! 2391: Better warning message on setuid() failure for the setreuid()
1.1 misho 2392: version of set_perms().
1.1.1.2 ! misho 2393: [07abcfe7bd9a]
1.1 misho 2394:
2395: 2011-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
2396:
1.1.1.2 ! misho 2397: * plugins/sudoers/check.c:
! 2398: Delref auth_pw at the end of check_user() instead of getting a ref
1.1 misho 2399: twice.
1.1.1.2 ! misho 2400: [cb665f55e6a5]
1.1 misho 2401:
1.1.1.2 ! misho 2402: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c:
! 2403: Make sudo_auth_{init,cleanup} return TRUE on success and check for
1.1 misho 2404: sudo_auth_init() return value in check_user().
1.1.1.2 ! misho 2405: [92631c919356]
1.1 misho 2406:
1.1.1.2 ! misho 2407: * plugins/sudoers/auth/sudo_auth.c:
! 2408: Do not return without restoring permissions.
! 2409: [59ef40b6696a]
1.1 misho 2410:
2411: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
2412: regen pot files
1.1.1.2 ! misho 2413: [9f320a340b7c]
1.1 misho 2414:
1.1.1.2 ! misho 2415: * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c,
! 2416: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
! 2417: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
! 2418: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
! 2419: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
! 2420: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
! 2421: plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
! 2422: plugins/sudoers/sudoers.h:
! 2423: Modify the authentication API such that the init and cleanup
1.1 misho 2424: functions are always called, regardless of whether or not we are
2425: going to verify a password. This is needed for proper PAM session
2426: support.
1.1.1.2 ! misho 2427: [19a53f3fb596]
1.1 misho 2428:
1.1.1.2 ! misho 2429: * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
! 2430: Add missing dependency for getspwuid.lo and regen other depends.
! 2431: [f7f70eae819a]
1.1 misho 2432:
1.1.1.2 ! misho 2433: * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
! 2434: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c:
! 2435: Fix a PAM_USER mismatch in session open/close. We update PAM_USER
1.1 misho 2436: to the target user immediately before setting resource limits, which
2437: is after the monitor process has forked (so it has the old value).
2438: Also, if the user did not authenticate, there is no pamh in the
2439: monitor so we need to init pam here too. This means we end up
2440: calling pam_start() twice, which should be fixed, but at least the
2441: session is always properly closed now.
1.1.1.2 ! misho 2442: [fbc063a2a872]
1.1 misho 2443:
1.1.1.2 ! misho 2444: * src/utmp.c:
! 2445: Add check for old being NULL in utmp_setid(); from Steven McDonald
! 2446: [e87126442f2e]
1.1 misho 2447:
2448: 2011-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
2449:
1.1.1.2 ! misho 2450: * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
! 2451: plugins/sudoers/sudoers.h:
! 2452: If the invoking user cannot be resolved by uid fake the struct
1.1 misho 2453: passwd and store it in the cache so we can delref it on exit.
1.1.1.2 ! misho 2454: [a27e2f8b9f5e]
1.1 misho 2455:
2456: 2011-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
2457:
1.1.1.2 ! misho 2458: * plugins/sudoers/sudoers.c:
! 2459: Don't error out if the group plugin cannot be loaded, just warn.
! 2460: [0fbfcd381e33]
1.1 misho 2461:
2462: 2011-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
2463:
1.1.1.2 ! misho 2464: * plugins/sudoers/sudoers.c:
! 2465: Quiet a false positive found by several static analysis tools. These
1.1 misho 2466: tools don't know that log_error() does not return (it longjmps to
2467: error_jmp which returns to the sudo front-end).
1.1.1.2 ! misho 2468: [33d0469df21b]
1.1 misho 2469:
2470: 2011-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
2471:
1.1.1.2 ! misho 2472: * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo,
! 2473: plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
! 2474: plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po:
! 2475: Add Italian translation for sudo from translationproject.org Regen
1.1 misho 2476: .mo files
1.1.1.2 ! misho 2477: [c3c888a82be6]
1.1 misho 2478:
2479: 2011-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
2480:
1.1.1.2 ! misho 2481: * doc/TROUBLESHOOTING:
! 2482: Update to current reality and add bit about ssh auth
! 2483: [184a1e7c2eeb]
1.1 misho 2484:
1.1.1.2 ! misho 2485: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
! 2486: Make "verbose" static; fixes a namespace clash with
1.1 misho 2487: pam_ssh_agent_auth (and it doesn't need to be extern these days).
1.1.1.2 ! misho 2488: [cc38d2eb2f4c]
1.1 misho 2489:
1.1.1.2 ! misho 2490: * config.h.in, configure, configure.in, src/get_pty.c:
1.1 misho 2491: FreeBSD has libutil.h not util.h
1.1.1.2 ! misho 2492: [dab4c94b6d4f]
1.1 misho 2493:
2494: * configure, configure.in:
2495: Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD
1.1.1.2 ! misho 2496: [41c362f0a92a]
1.1 misho 2497:
1.1.1.2 ! misho 2498: 2011-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 2499:
1.1.1.2 ! misho 2500: * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po,
! 2501: plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po,
! 2502: plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po:
! 2503: Update po files from translationproject.org
! 2504: [1e99e147c7fa]
1.1 misho 2505:
1.1.1.2 ! misho 2506: 2011-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 2507:
1.1.1.2 ! misho 2508: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
1.1 misho 2509: Add support for DEREF in ldap.conf.
1.1.1.2 ! misho 2510: [3c1937a98547]
1.1 misho 2511:
2512: * Makefile.in:
2513: install target should depend on ChangeLog too, not just install-doc
1.1.1.2 ! misho 2514: [1a7c83941175]
1.1 misho 2515:
1.1.1.2 ! misho 2516: * doc/sudoers.pod:
1.1 misho 2517: Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
1.1.1.2 ! misho 2518: [0eca47d60a2c]
1.1 misho 2519:
1.1.1.2 ! misho 2520: * NEWS:
! 2521: Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes.
! 2522: [0501415cc5ff]
! 2523:
! 2524: * doc/UPGRADE:
! 2525: Document group lookup change and possible side effects.
! 2526: [585743e1ebf7]
1.1 misho 2527:
2528: * configure, configure.in:
2529: Fix some square brackets in case statements that needed to be
2530: doubled up. While here, use $OSMAJOR when it makes sense.
1.1.1.2 ! misho 2531: [8973343f4696]
1.1 misho 2532:
1.1.1.2 ! misho 2533: * plugins/sudoers/pwutil.c:
! 2534: Fix a crash in make_grlist_item() on 64-bit machines with strict
1.1 misho 2535: alignment.
1.1.1.2 ! misho 2536: [c89508c73c46]
1.1 misho 2537:
1.1.1.2 ! misho 2538: * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
! 2539: Remove list_options() function that is no longer used now that "sudo
1.1 misho 2540: -L" is gone.
1.1.1.2 ! misho 2541: [fcc6a776c135]
1.1 misho 2542:
2543: * configure, configure.in:
2544: Error message if user tries --with-CC
1.1.1.2 ! misho 2545: [ec5b478f813a]
1.1 misho 2546:
2547: * configure, configure.in:
2548: Check for -libmldap too when looking for ldap libs, which is the
2549: Tivoli Directory Server client library.
1.1.1.2 ! misho 2550: [bb3007a97206]
1.1 misho 2551:
2552: 2011-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
2553:
1.1.1.2 ! misho 2554: * plugins/sudoers/parse.c:
! 2555: Honor NOPASSWD tag for denied commands too.
! 2556: [8dd92656db92]
! 2557:
! 2558: 2011-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 2559:
2560: * INSTALL, configure, configure.in:
2561: Remove --with-CC option; it doesn't work correctly now that we use
2562: libtool. Users can get the same effect by setting the CC
2563: environment variable when running configure.
1.1.1.2 ! misho 2564: [ec22bd1a55e0]
1.1 misho 2565:
2566: 2011-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
2567:
1.1.1.2 ! misho 2568: * config.h.in, configure, configure.in, plugins/sudoers/visudo.c,
! 2569: src/sudo_edit.c:
1.1 misho 2570: Assume all modern systems support fstat(2).
1.1.1.2 ! misho 2571: [6a5a8985f6a0]
1.1 misho 2572:
2573: 2011-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
2574:
1.1.1.2 ! misho 2575: * compat/regress/glob/globtest.c, config.h.in, configure,
! 2576: configure.in, include/missing.h, plugins/sudoers/sudoers.h,
! 2577: src/sudo.h, src/sudo_noexec.c:
1.1 misho 2578: Add configure test for missing errno declaration and only declare it
2579: ourselves if it is missing.
1.1.1.2 ! misho 2580: [456e76c809a2]
1.1 misho 2581:
1.1.1.2 ! misho 2582: * plugins/sudoers/alias.c:
! 2583: Include errno.h before sudo.h to avoid conflicting with the system
1.1 misho 2584: definition of errno.
1.1.1.2 ! misho 2585: [d0b97e392512]
1.1 misho 2586:
2587: 2011-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
2588:
1.1.1.2 ! misho 2589: * plugins/sudoers/regress/parser/check_addr.c:
! 2590: Only print individual check status when there is a failure.
! 2591: [2ac704c91441]
! 2592:
! 2593: * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
! 2594: plugins/sudoers/regress/logging/check_wrap.c,
! 2595: plugins/sudoers/regress/parser/check_addr.c:
! 2596: Add calls to setprogname() for test programs.
! 2597: [a8d9b420e826]
1.1 misho 2598:
2599: * configure, configure.in:
2600: Add -Wall and -Werror after all tests so they don't cause failures.
1.1.1.2 ! misho 2601: [2661188ff3fa]
1.1 misho 2602:
1.1.1.2 ! misho 2603: * plugins/sudoers/Makefile.in:
! 2604: Actually run check_addr in the check target
! 2605: [0b2778bc86bf]
1.1 misho 2606:
1.1.1.2 ! misho 2607: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c,
! 2608: plugins/sudoers/match_addr.c,
! 2609: plugins/sudoers/regress/parser/check_addr.c,
! 2610: plugins/sudoers/regress/parser/check_addr.in:
! 2611: Split out address matching into its own file and add regression
1.1 misho 2612: tests for it.
1.1.1.2 ! misho 2613: [12b9a2bf8dba]
1.1 misho 2614:
2615: 2011-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
2616:
1.1.1.2 ! misho 2617: * plugins/sudoers/match.c:
! 2618: When matching an address with a netmask in sudoers, AND the mask and
! 2619: addr before checking against the local addresses.
! 2620: [9747bb6d7b1c]
1.1 misho 2621:
2622: 2011-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
2623:
1.1.1.2 ! misho 2624: * plugins/sudoers/match.c:
! 2625: Fix netmask matching.
! 2626: [a3c8f8cc1464]
! 2627:
! 2628: * plugins/sudoers/visudo.c:
! 2629: Don't assume all editors support the +linenumber command line
1.1 misho 2630: argument, use a whitelist of known good editors.
1.1.1.2 ! misho 2631: [21d43a91fd10]
1.1 misho 2632:
2633: 2011-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
2634:
1.1.1.2 ! misho 2635: * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c,
! 2636: src/exec_pty.c, src/sudo.c:
! 2637: Silence compiler warnings on Solaris with gcc 3.4.3
! 2638: [da620bae6fdb]
1.1 misho 2639:
1.1.1.2 ! misho 2640: * mkpkg:
! 2641: Fix building on RHEL 3
! 2642: [f3227fb2a252]
1.1 misho 2643:
2644: * INSTALL, configure, configure.in:
2645: Add --enable-werror configure option.
1.1.1.2 ! misho 2646: [fec2cdb95543]
1.1 misho 2647:
1.1.1.2 ! misho 2648: * common/setgroups.c:
! 2649: setgroups() proto lives in grp.h on RHEL4, perhaps others.
! 2650: [de91c0de5a98]
1.1 misho 2651:
2652: * configure, configure.in:
2653: Use PAM by default on AIX 6 and higher.
1.1.1.2 ! misho 2654: [e16493208e5f]
1.1 misho 2655:
2656: 2011-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
2657:
1.1.1.2 ! misho 2658: * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
! 2659: src/po/eo.mo, src/po/eo.po:
! 2660: Add new Esperanto translation from translationproject.org
! 2661: [0d9a59e04c64]
1.1 misho 2662:
2663: 2011-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
2664:
1.1.1.2 ! misho 2665: * plugins/sudoers/iolog_path.c:
! 2666: Quiet an innocuous valgrind warning.
! 2667: [0582b6027161]
1.1 misho 2668:
2669: 2011-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
2670:
1.1.1.2 ! misho 2671: * plugins/sudoers/iolog_path.c,
! 2672: plugins/sudoers/regress/iolog_path/data:
! 2673: Fix expansion of strftime() escapes in log_dir and add a regress
1.1 misho 2674: test that exhibited the problem.
1.1.1.2 ! misho 2675: [a5c7c1c4c589]
1.1 misho 2676:
1.1.1.2 ! misho 2677: * plugins/sudoers/Makefile.in:
1.1 misho 2678: Fix "make check" return value.
1.1.1.2 ! misho 2679: [33b58e175230]
1.1 misho 2680:
2681: 2011-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
2682:
1.1.1.2 ! misho 2683: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
1.1 misho 2684: Regen pot files
1.1.1.2 ! misho 2685: [063841aac19b]
1.1 misho 2686:
2687: * Makefile.in:
2688: Fix logic inversion in pot file up to date check.
1.1.1.2 ! misho 2689: [f6a8ca8654df]
1.1 misho 2690:
2691: 2011-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
2692:
2693: * configure, configure.in:
2694: Add caching for gettext() checks.
1.1.1.2 ! misho 2695: [01b7200f6105]
1.1 misho 2696:
2697: * configure, configure.in:
2698: Better handling of libintl header and library mismatch.
1.1.1.2 ! misho 2699: [9a49b1d4db69]
1.1 misho 2700:
2701: 2011-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
2702:
1.1.1.2 ! misho 2703: * plugins/sudoers/sudoers.c:
! 2704: Also check sudoers gid if sudoers is group writable.
! 2705: [23ef96ca0d33]
1.1 misho 2706:
2707: 2011-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
2708:
2709: * configure, configure.in:
2710: If dlopen is present but libtool doesn't find it, error out since it
2711: probably means that libtool doesn't support the system.
1.1.1.2 ! misho 2712: [a9da0a5f7941]
1.1 misho 2713:
1.1.1.2 ! misho 2714: * mkpkg:
! 2715: configure args on the command line should override builtin defaults.
1.1 misho 2716: Disable NLS for non-Linux/Solaris unless explicitly enabled.
1.1.1.2 ! misho 2717: [b2fb05614504]
1.1 misho 2718:
1.1.1.2 ! misho 2719: * plugins/sudoers/auth/aix_auth.c:
! 2720: Fix loop that calls authenticate(). If there was an error message
1.1 misho 2721: from authenticate(), display it.
1.1.1.2 ! misho 2722: [063a0c4f0b9a]
1.1 misho 2723:
2724: 2011-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
2725:
1.1.1.2 ! misho 2726: * m4/libtool.m4, m4/ltversion.m4:
1.1 misho 2727: Update to autoconf 2.68 and libtool 2.4
1.1.1.2 ! misho 2728: [5a912a6eb67b]
1.1 misho 2729:
1.1.1.2 ! misho 2730: * config.guess, config.sub, configure, configure.in, ltmain.sh:
! 2731: Update to autoconf 2.68 and libtool 2.4
! 2732: [931ab56aecf6]
! 2733:
! 2734: * doc/sudoers.pod:
! 2735: Fix typo; OPT should be OTP
! 2736: [e97bd2e46544]
1.1 misho 2737:
1.1.1.2 ! misho 2738: * plugins/sudoers/Makefile.in:
! 2739: Rename libsudoers convenience library to libparsesudoers to avoid
1.1 misho 2740: libtool confusion.
1.1.1.2 ! misho 2741: [2a89a613f537]
1.1 misho 2742:
2743: 2011-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
2744:
1.1.1.2 ! misho 2745: * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
! 2746: Add Danish sudoers translation from translationproject.org
! 2747: [27b96e85eb13]
1.1 misho 2748:
1.1.1.2 ! misho 2749: * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
! 2750: Add dedicated callback function for runas_default sudoers setting
1.1 misho 2751: that only sets runas_pw if no runas user or group was specified by
2752: the user.
1.1.1.2 ! misho 2753: [b8382d8eea34]
1.1 misho 2754:
2755: 2011-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
2756:
1.1.1.2 ! misho 2757: * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
! 2758: plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
! 2759: plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo,
! 2760: src/po/ru.po:
! 2761: Update Finish, Polish, Russian and Ukrainian translations from
1.1 misho 2762: translationproject.org.
1.1.1.2 ! misho 2763: [f9339aff664e]
1.1 misho 2764:
1.1.1.2 ! misho 2765: * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c,
! 2766: plugins/sudoers/testsudoers.c:
1.1 misho 2767: Go back to using a callback for runas_default to keep runas_pw in
2768: sync. This is needed to make per-entry runas_default settings work
2769: with LDAP-based sudoers. Instead of declaring it a callback in
2770: def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
2771: bit naughty, but avoids requiring stub functions in visudo and the
2772: tests.
1.1.1.2 ! misho 2773: [9aaefb908415]
1.1 misho 2774:
2775: 2011-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
2776:
2777: * Makefile.in:
2778: Add check for out of date message catalogs when doing "make dist".
1.1.1.2 ! misho 2779: [e45a29b612f4]
1.1 misho 2780:
2781: 2011-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
2782:
1.1.1.2 ! misho 2783: * configure:
! 2784: regen
! 2785: [d6f9ad26774a]
! 2786:
! 2787: * configure.in:
1.1 misho 2788: Make sure compiler supports static-libgcc before using it.
1.1.1.2 ! misho 2789: [b01bd9566e50]
1.1 misho 2790:
2791: 2011-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
2792:
1.1.1.2 ! misho 2793: * src/Makefile.in:
! 2794: Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
! 2795: [c99c7ab3edef]
1.1 misho 2796:
2797: 2011-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
2798:
1.1.1.2 ! misho 2799: * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
! 2800: plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo,
! 2801: plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po,
! 2802: src/po/zh_CN.mo:
! 2803: Add new Russian sudo translation from translationproject.org and
1.1 misho 2804: rebuild the other translation files.
1.1.1.2 ! misho 2805: [e20015459056]
1.1 misho 2806:
2807: 2011-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
2808:
1.1.1.2 ! misho 2809: * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po:
! 2810: Update Finish and Polish translations from translationproject.org
! 2811: [4e3dbba4a1de]
1.1 misho 2812:
1.1.1.2 ! misho 2813: * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c:
! 2814: Go back to escaping the command args for "sudo -i" and "sudo -s"
1.1 misho 2815: before calling the plugin. Otherwise, spaces in the command args
2816: are not treated properly. The sudoers plugin will unescape non-
2817: spaces to make matching easier.
1.1.1.2 ! misho 2818: [dfa2c4636f33]
1.1 misho 2819:
2820: 2011-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
2821:
1.1.1.2 ! misho 2822: * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c,
! 2823: plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
! 2824: plugins/sudoers/set_perms.c, plugins/sudoers/toke.c,
! 2825: plugins/sudoers/toke.l:
! 2826: Fix some potential problems found by the clang static analyzer, none
1.1 misho 2827: serious.
1.1.1.2 ! misho 2828: [ff64aa74aae6]
1.1 misho 2829:
1.1.1.2 ! misho 2830: * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po,
! 2831: src/po/zh_CN.po:
! 2832: Updated Ukranian and Chinese (simplified) po files from
1.1 misho 2833: translationproject.org
1.1.1.2 ! misho 2834: [ec792becb48e]
1.1 misho 2835:
2836: 2011-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
2837:
1.1.1.2 ! misho 2838: * plugins/sudoers/po/pl.po:
! 2839: Updated Polish translation from translationproject.org
! 2840: [a3af53cb649c]
1.1 misho 2841:
2842: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
2843: Rebuild pot files
1.1.1.2 ! misho 2844: [c650524c0f0a]
1.1 misho 2845:
1.1.1.2 ! misho 2846: * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c:
! 2847: Don't try to audit failure if the runas user does not exist. We
1.1 misho 2848: don't have the user's command at this point so there is nothing to
2849: audit. Add a NULL check in audit_success() and audit_failure() just
2850: to be on the safe side.
1.1.1.2 ! misho 2851: [2a0007c2022f]
1.1 misho 2852:
1.1.1.2 ! misho 2853: * mkpkg:
! 2854: Add -g to CFLAG for PIE builds.
! 2855: [32a0a9693c9c]
1.1 misho 2856:
2857: 2011-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
2858:
1.1.1.2 ! misho 2859: * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
! 2860: plugins/sudoers/sudoers.h, src/sudo.c:
! 2861: Remove fallback to per-group lookup when matching groups in sudoers.
1.1 misho 2862: The sudo front-end will now use getgrouplist() to get the user's
2863: list of groups if getgroups() fails or returns zero groups so we
2864: always have a list of the user's groups. For systems with
2865: mbr_check_membership() which support more that NGROUPS_MAX groups
2866: (Mac OS X), skip the call to getgroups() and use getgrouplist() so
2867: we get all the groups.
1.1.1.2 ! misho 2868: [51b3ed8c600b]
1.1 misho 2869:
2870: 2011-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
2871:
1.1.1.2 ! misho 2872: * common/setgroups.c:
! 2873: Fix setgroups() fallback code on EINVAL.
! 2874: [2b6faecd56a4]
1.1 misho 2875:
1.1.1.2 ! misho 2876: * plugins/sudoers/set_perms.c:
! 2877: Fix two PERM_INITIAL cases that were still using user_gids.
! 2878: [9680bab0acc6]
1.1 misho 2879:
1.1.1.2 ! misho 2880: * MANIFEST:
! 2881: Add Polish sudo message catalog
! 2882: [8bb40c3ba576]
1.1 misho 2883:
1.1.1.2 ! misho 2884: * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
! 2885: user_group is no longer used, remove it
! 2886: [9acede0fe6c5]
1.1 misho 2887:
1.1.1.2 ! misho 2888: 2011-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 2889:
1.1.1.2 ! misho 2890: * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po:
! 2891: Add Polish translation from translationproject.org
! 2892: [afac5c638573]
1.1 misho 2893:
1.1.1.2 ! misho 2894: * MANIFEST, common/Makefile.in, common/setgroups.c,
! 2895: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c,
! 2896: src/sudo.h, src/sudo_edit.c:
! 2897: Add a wrapper for setgroups() that trims off extra groups and
1.1 misho 2898: retries if setgroups() fails. Also add some missing addrefs for
2899: PERM_USER and PERM_FULL_USER.
1.1.1.2 ! misho 2900: [224dfd8aae5c]
1.1 misho 2901:
1.1.1.2 ! misho 2902: * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in,
! 2903: configure, configure.in, include/missing.h, mkdep.pl,
! 2904: plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
! 2905: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
! 2906: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c:
1.1 misho 2907: Instead of keeping separate groups and gids arrays, create struct
2908: group_info and use it to store both, along with a count for each.
2909: Cache group info on a per-user basis using getgrouplist() to get the
2910: groups. We no longer need special to special case the user or list
2911: user for user_in_group() and thus no longer need to reset the groups
2912: list when listing another user.
1.1.1.2 ! misho 2913: [0ad849a8b2d5]
! 2914:
! 2915: * src/preload.c:
! 2916: Don't rely on NULL since we don't include a header for it.
! 2917: [b40937f1890c]
1.1 misho 2918:
1.1.1.2 ! misho 2919: 2011-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 2920:
1.1.1.2 ! misho 2921: * doc/sudoers.pod:
! 2922: Fix typo
! 2923: [c1035360e169]
1.1 misho 2924:
1.1.1.2 ! misho 2925: 2011-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
! 2926:
! 2927: * plugins/sudoers/sudoers.c:
! 2928: Do not shadow global sudo_mode with a local variable in set_cmnd()
! 2929: [0c72969503ad]
1.1 misho 2930:
2931: 2011-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
2932:
1.1.1.2 ! misho 2933: * plugins/sudoers/sudoers.c:
! 2934: bash 2.x doesd not support the -l flag and exits with an error if it
1.1 misho 2935: is specified so use --login instead. This causes an error with bash
2936: 1.x (which uses -login instead) but this version is hopefully less
2937: used than 2.x.
1.1.1.2 ! misho 2938: [5c4c296e30e6]
1.1 misho 2939:
1.1.1.2 ! misho 2940: * src/po/pl.mo, src/po/pl.po:
! 2941: Add Polish translation from translationproject.org
! 2942: [48592dd6edcf]
1.1 misho 2943:
2944: 2011-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
2945:
1.1.1.2 ! misho 2946: * plugins/sudoers/set_perms.c:
! 2947: Make error strings translatable.
! 2948: [414c5c484768]
1.1 misho 2949:
1.1.1.2 ! misho 2950: * mkpkg:
! 2951: Only run configure with --with-pam-login for RHEL 5 and above.
! 2952: [6c16e4de4026]
1.1 misho 2953:
1.1.1.2 ! misho 2954: * sudo.pp:
! 2955: Fix typo in summary
! 2956: [9ac618c9a749]
1.1 misho 2957:
2958: 2011-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
2959:
1.1.1.2 ! misho 2960: * plugins/sudoers/logwrap.c:
! 2961: Add missing logwrap.c
! 2962: [c12a413ecc1d]
! 2963:
! 2964: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
! 2965: plugins/sudoers/logging.h,
! 2966: plugins/sudoers/regress/logging/check_wrap.c,
! 2967: plugins/sudoers/regress/logging/check_wrap.in,
! 2968: plugins/sudoers/regress/logging/check_wrap.out.ok:
! 2969: Split out log file word wrap code into its own file and add unit
1.1 misho 2970: tests. Fixes an off-by one in the word wrap when the log line
2971: length matches loglinelen.
1.1.1.2 ! misho 2972: [52ed277f6690]
1.1 misho 2973:
2974: 2011-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
2975:
1.1.1.2 ! misho 2976: * mkpkg:
! 2977: For SuSE, only use /usr/lib64 as libexec if generating 64-bit
1.1 misho 2978: binaries.
1.1.1.2 ! misho 2979: [645ab903cf77]
1.1 misho 2980:
1.1.1.2 ! misho 2981: * src/load_plugins.c, src/sudo.c:
! 2982: Fix build error when --without-noexec configure option is used.
! 2983: [b994f7b0d8b4]
1.1 misho 2984:
2985: * configure, configure.in:
2986: Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX
2987: 5.3 and above.
1.1.1.2 ! misho 2988: [c2a6f9b472f3]
1.1 misho 2989:
2990: 2011-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
2991:
1.1.1.2 ! misho 2992: * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
! 2993: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
! 2994: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
! 2995: Resolve the list of gids passed in from the sudo frontend (the
1.1 misho 2996: result of getgroups()) to names and store both the group names and
2997: ids in the sudo_user struct. When matching groups in the sudoers
2998: file, match based on the names in the groups list first and only do
2999: a gid-based match when we absolutely have to. By matching on the
3000: group name (as it is listed in sudoers) instead of id (which we
3001: would have to resolve) we save a lot of group lookups for sudoers
3002: files with a lot of groups in them.
1.1.1.2 ! misho 3003: [8dc19353f148]
1.1 misho 3004:
3005: 2011-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
3006:
1.1.1.2 ! misho 3007: * plugins/sudoers/sudoers.c:
! 3008: Workaround for "sudo -i command" and newer versions of bash which
1.1 misho 3009: don't go into login mode when -c is specified unless -l is too.
1.1.1.2 ! misho 3010: [9393762b80f3]
1.1 misho 3011:
3012: 2011-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
3013:
1.1.1.2 ! misho 3014: * plugins/sudoers/logging.c:
! 3015: Rewrite logfile word wrapping code to be more straight-forward and
1.1 misho 3016: actually wrap at the correct place.
1.1.1.2 ! misho 3017: [f712a0c90f55]
1.1 misho 3018:
3019: 2011-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
3020:
1.1.1.2 ! misho 3021: * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c:
! 3022: Set use_pty=true in command details when use_pty is set in sudoers.
1.1 misho 3023: From Ludwig Nussel
1.1.1.2 ! misho 3024: [8d95a163dfc1]
1.1 misho 3025:
3026: 2011-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
3027:
1.1.1.2 ! misho 3028: * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
! 3029: src/po/zh_CN.mo, src/po/zh_CN.po:
! 3030: Sync Chinese (simplified) PO files from translationproject.org
! 3031: [acce8eb7be18]
1.1 misho 3032:
3033: 2011-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
3034:
1.1.1.2 ! misho 3035: * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo,
! 3036: plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo:
! 3037: Add Danish translation from translationproject.org and add missing
1.1 misho 3038: Basque mo files.
1.1.1.2 ! misho 3039: [0c22bb21b9c4]
1.1 misho 3040:
3041: * Makefile.in, configure, configure.in:
3042: No longer need to specify LINGUAS in configure, "make install-nls"
3043: now just installs all the .mo files it finds.
1.1.1.2 ! misho 3044: [fcd45cf04885]
1.1 misho 3045:
3046: 2011-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
3047:
1.1.1.2 ! misho 3048: * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod:
! 3049: Build CONTRIBUTORS from newly-added contributors.pod
! 3050: [8b192f2720f4]
! 3051:
! 3052: * doc/CONTRIBUTORS:
! 3053: Rework the wording in the leading paragraph
! 3054: [312044145cdd]
1.1 misho 3055:
1.1.1.2 ! misho 3056: 2011-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 3057:
1.1.1.2 ! misho 3058: * MANIFEST, doc/CONTRIBUTORS:
! 3059: Add a CONTRIBUTORS file with the names of folks who have contributed
1.1 misho 3060: code or patches to sudo since I started maintaining it (plus the
3061: original authors).
1.1.1.2 ! misho 3062: [b8bdd8b59528]
1.1 misho 3063:
3064: 2011-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
3065:
1.1.1.2 ! misho 3066: * plugins/sudoers/env.c:
! 3067: Preserve SHELL variable for "sudo -s". Otherwise we can end up with
1.1 misho 3068: a situation where the SHELL variable and the actual shell being run
3069: do not match.
1.1.1.2 ! misho 3070: [b8b3974aee3e]
1.1 misho 3071:
3072: 2011-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
3073:
3074: * configure, configure.in:
3075: Only enable Solaris project support when setproject() is present in
3076: libproject.
1.1.1.2 ! misho 3077: [49ad7857ab89]
1.1 misho 3078:
1.1.1.2 ! misho 3079: * sudo.pp:
! 3080: Explicitly set mode and owner of /etc/sudoers instead of relying on
1.1 misho 3081: "cp -p" to work in the postinstall script. On AIX 6.1 at least the
3082: postinstall script runs before the final file permissions are set.
1.1.1.2 ! misho 3083: [e41ffc0212b2]
! 3084:
! 3085: 2011-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 3086:
1.1.1.2 ! misho 3087: * doc/sudo.pod, doc/sudoers.pod:
! 3088: Refer the user to the "Command Environment" section in description
1.1 misho 3089: of sudo's -i option.
1.1.1.2 ! misho 3090: [263cc3be7eef]
! 3091:
! 3092: * doc/sudo.pod:
! 3093: Fix typo
! 3094: [35dfac450f4d]
1.1 misho 3095:
1.1.1.2 ! misho 3096: 2011-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 3097:
1.1.1.2 ! misho 3098: * mkdep.pl:
! 3099: If there is no old dependency for an object file, use the MANIFEST
1.1 misho 3100: to find its source.
1.1.1.2 ! misho 3101: [d15e3b9899f9]
1.1 misho 3102:
1.1.1.2 ! misho 3103: * compat/Makefile.in:
! 3104: Remove dependency for getgrouplist.lo as we don't ship that source
1.1 misho 3105: file.
1.1.1.2 ! misho 3106: [312a6d5fe6b0]
1.1 misho 3107:
1.1.1.2 ! misho 3108: 2011-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
! 3109:
! 3110: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
! 3111: Do not declare yyparse() static as the actual function generated by
1.1 misho 3112: yacc is extern.
1.1.1.2 ! misho 3113: [9017b79dcf55]
! 3114:
! 3115: 2011-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 3116:
3117: * Makefile.in:
3118: Remove locale files in "make uninstall"
1.1.1.2 ! misho 3119: [201ff261ecbe]
1.1 misho 3120:
1.1.1.2 ! misho 3121: * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po,
! 3122: plugins/sudoers/po/uk.po, src/po/eu.po:
1.1 misho 3123: Add Basque translation and sync Finish and Ukranian translations.
1.1.1.2 ! misho 3124: [66d2c78c8a13]
1.1 misho 3125:
3126: * configure, configure.in:
3127: FreeBSD no longer needs the main sudo binary to link with -lpam now
3128: that plug-ins are loaded with RTLD_GLOBAL.
1.1.1.2 ! misho 3129: [96c710df2457]
1.1 misho 3130:
1.1.1.2 ! misho 3131: * plugins/sudoers/group_plugin.c, src/load_plugins.c:
! 3132: Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
1.1 misho 3133: problems with pam modules not having access to symbols provided by
3134: libpam on some platforms. Affects FreeBSD and SLES 10 at least.
1.1.1.2 ! misho 3135: [0d016983ec84]
1.1 misho 3136:
3137: * Makefile.in:
3138: Move xgettext invocation out of update-po target into update-pot
1.1.1.2 ! misho 3139: [19a73c6d017c]
1.1 misho 3140:
3141: 2011-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
3142:
3143: * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
3144: Regenerate .pot files for 1.8.2rc2
1.1.1.2 ! misho 3145: [c3037f591dd8]
1.1 misho 3146:
1.1.1.2 ! misho 3147: * Makefile.in, common/Makefile.in, compat/Makefile.in,
! 3148: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
! 3149: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
! 3150: src/Makefile.in, zlib/Makefile.in:
1.1 misho 3151: Move nls targets to the top level Makefile so the paths in the pot
3152: file are saner
1.1.1.2 ! misho 3153: [65b9285cd8d9]
1.1 misho 3154:
1.1.1.2 ! misho 3155: * src/po/fi.mo:
! 3156: Add compiled version of sudo Finish translation
! 3157: [8f2405384ea3]
1.1 misho 3158:
1.1.1.2 ! misho 3159: * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo:
! 3160: Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
1.1 misho 3161: files
1.1.1.2 ! misho 3162: [a165e70fa9ec]
1.1 misho 3163:
1.1.1.2 ! misho 3164: * configure, configure.in, plugins/sudoers/po/fi.po:
1.1 misho 3165: Add Finish translation from translationproject.org
1.1.1.2 ! misho 3166: [4466f8a96ceb]
! 3167:
! 3168: 2011-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
! 3169:
! 3170: * doc/sudoers.pod:
! 3171: The group named by exempt_group should not have a % prefix.
! 3172: [df084d6b32c8]
! 3173:
! 3174: 2011-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 3175:
1.1.1.2 ! misho 3176: * doc/sudoers.pod:
! 3177: Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
! 3178: [5113699a3f8b]
1.1 misho 3179:
1.1.1.2 ! misho 3180: 2011-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 3181:
1.1.1.2 ! misho 3182: * src/exec.c, src/exec_pty.c:
! 3183: Fix compressed io log corruption in background mode by using _exit()
1.1 misho 3184: instead of exit() to avoid flushing buffers twice.
3185:
3186: Improved background mode support. When not allocating a pty, the
3187: command is run in its own process group. This prevents write access
3188: to the tty. When running in a pty, stdin is not hooked up and we
3189: never read from /dev/tty, which results in similar behavior.
1.1.1.2 ! misho 3190: [87c15149894c]
1.1 misho 3191:
1.1.1.2 ! misho 3192: * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
! 3193: Clean up regress files Generate proper dependencies for regress objs
1.1 misho 3194: in compat
1.1.1.2 ! misho 3195: [88bfc728c1e7]
1.1 misho 3196:
1.1.1.2 ! misho 3197: * plugins/sudoers/Makefile.in:
! 3198: Add missing dependency for check_fill.o.
! 3199: [0bd6362e3e17]
1.1 misho 3200:
1.1.1.2 ! misho 3201: 2011-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 3202:
3203: * INSTALL, configure, configure.in:
3204: Add support for --enable-nls[=location]
1.1.1.2 ! misho 3205: [b90db44a050f]
1.1 misho 3206:
3207: 2011-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
3208:
1.1.1.2 ! misho 3209: * plugins/sudoers/linux_audit.c:
! 3210: Include gettext.h
! 3211: [7f909a6e48cb]
1.1 misho 3212:
1.1.1.2 ! misho 3213: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
! 3214: Quiet gcc warnings.
! 3215: [b41a6cdca583]
1.1 misho 3216:
3217: * configure, configure.in:
3218: Don't install .mo files if gettext was not found.
1.1.1.2 ! misho 3219: [1397b34cc165]
1.1 misho 3220:
3221: 2011-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
3222:
1.1.1.2 ! misho 3223: * src/exec.c:
! 3224: Always allocate a pty when running a command in the background but
1.1 misho 3225: call setsid() after forking to make sure we don't end up with a
3226: controlling tty.
1.1.1.2 ! misho 3227: [b6454ba172e8]
1.1 misho 3228:
1.1.1.2 ! misho 3229: * plugins/sudoers/iolog.c:
! 3230: Add missing space between command name and the first command line
1.1 misho 3231: argument.
1.1.1.2 ! misho 3232: [fe217f0a36d4]
1.1 misho 3233:
1.1.1.2 ! misho 3234: * plugins/sudoers/sudoreplay.c:
! 3235: Quiet a compiler warning on some platforms.
! 3236: [de9f2849f236]
1.1 misho 3237:
1.1.1.2 ! misho 3238: * plugins/sudoers/po/README, src/po/README:
! 3239: README file that directs people to translationproject.org
! 3240: [30c0fc323281]
! 3241:
! 3242: * plugins/sudoers/po/uk.po, src/po/fi.po:
! 3243: Sync translations with TP
! 3244: [1d7d64559cba]
1.1 misho 3245:
3246: * Makefile.in:
3247: Add 'sync-po' target to top-level Makefile to rsync the po files
3248: from translationproject.org.
1.1.1.2 ! misho 3249: [20508211aaa3]
1.1 misho 3250:
1.1.1.2 ! misho 3251: * plugins/sudoers/Makefile.in:
! 3252: install nls files from install target
! 3253: [5fc07b6cab38]
1.1 misho 3254:
1.1.1.2 ! misho 3255: * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp:
1.1 misho 3256: Include .mo files in sudo binary packags.
1.1.1.2 ! misho 3257: [278d4821a916]
1.1 misho 3258:
1.1.1.2 ! misho 3259: * configure, configure.in, plugins/sudoers/po/zh_CN.mo,
! 3260: plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po:
1.1 misho 3261: Add simplified chinese translation
1.1.1.2 ! misho 3262: [2b33ffc755b9]
1.1 misho 3263:
3264: 2011-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
3265:
1.1.1.2 ! misho 3266: * configure, configure.in, plugins/sudoers/po/uk.mo,
! 3267: plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po:
1.1 misho 3268: Add ukranian translation
1.1.1.2 ! misho 3269: [2d8102688e93]
1.1 misho 3270:
1.1.1.2 ! misho 3271: * compat/Makefile.in:
! 3272: refer to siglist.c, not ./siglist.c since not all makes will treat
1.1 misho 3273: foo and ./foo the same.
1.1.1.2 ! misho 3274: [6639d293ffba]
1.1 misho 3275:
1.1.1.2 ! misho 3276: * plugins/sudoers/sudoers.c:
! 3277: Set def_preserve_groups before searching for the command when the -P
1.1 misho 3278: flag is specified.
1.1.1.2 ! misho 3279: [0edc7942f875]
1.1 misho 3280:
1.1.1.2 ! misho 3281: * Makefile.in, compat/Makefile.in, mkdep.pl,
! 3282: plugins/sudoers/Makefile.in:
1.1 misho 3283: Add dependency for siglist.lo in compat. This is a generated file
3284: so "make depend" needs to depend on it.
1.1.1.2 ! misho 3285: [28d0932f8b50]
1.1 misho 3286:
1.1.1.2 ! misho 3287: * compat/Makefile.in:
! 3288: More dependency fixes.
! 3289: [aad0d05cd020]
1.1 misho 3290:
1.1.1.2 ! misho 3291: * compat/Makefile.in:
! 3292: Fix a few dependencies.
! 3293: [eb21aa35a032]
1.1 misho 3294:
1.1.1.2 ! misho 3295: * plugins/sudoers/Makefile.in, src/Makefile.in:
! 3296: Place compiled mo files in the src dir, not the build dir. When
1.1 misho 3297: installing compiled mo files, display a status message.
1.1.1.2 ! misho 3298: [e15634c29cd3]
1.1 misho 3299:
3300: 2011-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
3301:
1.1.1.2 ! misho 3302: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
! 3303: Tivoli Directory Server requires that seconds be present in a
1.1 misho 3304: timestamp, even though RFC 4517 states that they are optional.
1.1.1.2 ! misho 3305: [55fe23dd4ef9]
1.1 misho 3306:
1.1.1.2 ! misho 3307: * plugins/sudoers/sudo_nss.h:
! 3308: Add missing bit of copyright
! 3309: [d2eba3c364ca]
! 3310:
! 3311: * doc/visudo.pod:
! 3312: Mention cycle detection warnings
! 3313: [a76bef15ab67]
1.1 misho 3314:
1.1.1.2 ! misho 3315: * plugins/sudoers/visudo.c:
! 3316: When checking aliases, also check the contents of the alias in case
1.1 misho 3317: there are problems with an alias that is referenced inside another.
3318: Replace the self reference check with real alias cycle detection.
1.1.1.2 ! misho 3319: [a66c904cf53b]
1.1 misho 3320:
1.1.1.2 ! misho 3321: * plugins/sudoers/alias.c:
! 3322: Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
1.1 misho 3323: ENOENT in alias_find() and alias_remove() if the entry could not be
3324: found.
1.1.1.2 ! misho 3325: [b4f0b89e433c]
1.1 misho 3326:
1.1.1.2 ! misho 3327: * plugins/sudoers/visudo.c:
! 3328: Increment alias_seqno before calls to alias_remove_recursive() to
1.1 misho 3329: avoid false positives with the alias loop detection. Fixes spurious
3330: warnings about unused aliases when they are nested.
1.1.1.2 ! misho 3331: [a344483b8193]
1.1 misho 3332:
1.1.1.2 ! misho 3333: * MANIFEST:
! 3334: add mkdep.pl
! 3335: [86b7ed33eab2]
1.1 misho 3336:
1.1.1.2 ! misho 3337: * plugins/sudoers/Makefile.in:
! 3338: Add dependency on convenience libs to binaries
! 3339: [cd3078b3c997]
1.1 misho 3340:
3341: * Makefile.in:
3342: mkdep.pl only works when run from the src dir
1.1.1.2 ! misho 3343: [f35a5e47c944]
1.1 misho 3344:
1.1.1.2 ! misho 3345: * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl,
! 3346: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
! 3347: plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
1.1 misho 3348: Auto-generate Makefile dependencies with a perl script.
1.1.1.2 ! misho 3349: [a3e4afcd7975]
1.1 misho 3350:
3351: 2011-05-23 Todd C. Miller <Todd.Miller@courtesan.com>
3352:
1.1.1.2 ! misho 3353: * plugins/sudoers/match.c:
! 3354: If the user specifies a runas group via sudo's -g option that
1.1 misho 3355: matches the runas user's group in the passwd database and that group
3356: is not denied in the Runas_Spec, allow it. Thus, if user root's gid
3357: in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
3358: no groups are present in the Runas_Spec.
1.1.1.2 ! misho 3359: [e3f9732dc564]
1.1 misho 3360:
3361: 2011-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
3362:
1.1.1.2 ! misho 3363: * plugins/sudoers/Makefile.in, src/Makefile.in:
! 3364: Add dependencies on gettext.h
! 3365: [a3a9dc51f78b]
1.1 misho 3366:
1.1.1.2 ! misho 3367: * plugins/sudoers/Makefile.in, src/Makefile.in:
! 3368: Fix install-nls target with HP-UX sh when gettext is not present.
! 3369: [0c6b9655cd41]
1.1 misho 3370:
3371: 2011-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
3372:
1.1.1.2 ! misho 3373: * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot,
! 3374: src/Makefile.in, src/po/sudo.pot:
1.1 misho 3375: regenerate .pot files for lbuf changes
1.1.1.2 ! misho 3376: [918ded125a0b]
1.1 misho 3377:
3378: * configure, configure.in:
3379: Add missing "checking" message for gettext when using the cache.
1.1.1.2 ! misho 3380: [9c21187ad1d2]
1.1 misho 3381:
1.1.1.2 ! misho 3382: * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c,
! 3383: plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c,
! 3384: src/parse_args.c:
! 3385: Add primitive format string support to the lbuf code to make
1.1 misho 3386: translations simpler.
1.1.1.2 ! misho 3387: [ee71c7ef5299]
1.1 misho 3388:
1.1.1.2 ! misho 3389: * MANIFEST, plugins/sudoers/Makefile.in,
! 3390: plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot:
! 3391: Add message catalog template files for sudo and the sudoers module.
! 3392: [f3f8acb1f014]
! 3393:
! 3394: * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c,
! 3395: config.h.in, configure.in, doc/Makefile.in, include/gettext.h,
! 3396: plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
! 3397: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
! 3398: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
! 3399: src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h:
1.1 misho 3400: Add gettext.h convenience header. This is similar to but distinct
3401: from the one included with the gettext package.
1.1.1.2 ! misho 3402: [930a0591f73c]
! 3403:
! 3404: 2011-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 3405:
3406: * configure, configure.in:
3407: Add checks for nroff -c and -Tascii flags
1.1.1.2 ! misho 3408: [19ca990b3149]
1.1 misho 3409:
3410: * configure, configure.in:
3411: Add check for HP bundled C Compiler (which cannot create shared
3412: libs)
1.1.1.2 ! misho 3413: [517716a7072d]
1.1 misho 3414:
1.1.1.2 ! misho 3415: * plugins/sudoers/sudoreplay.c:
! 3416: Fix C format warnings.
! 3417: [6514326013fa]
1.1 misho 3418:
1.1.1.2 ! misho 3419: * include/error.h:
! 3420: Add __printflike
! 3421: [e1749a30a406]
1.1 misho 3422:
1.1.1.2 ! misho 3423: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
! 3424: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c,
! 3425: plugins/sudoers/visudo.c, src/parse_args.c:
! 3426: Translate help / usage strings.
! 3427: [ee1cc9b1a8bd]
1.1 misho 3428:
1.1.1.2 ! misho 3429: * plugins/sudoers/Makefile.in, src/Makefile.in:
! 3430: Set --msgid-bugs-address to the bugzilla url
! 3431: [5a0aa250ca21]
1.1 misho 3432:
1.1.1.2 ! misho 3433: * Makefile.in, common/Makefile.in, compat/Makefile.in, configure,
! 3434: configure.in, doc/Makefile.in, include/Makefile.in,
! 3435: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
! 3436: plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
1.1 misho 3437: Add scaffolding to update .po files and install .mo files.
1.1.1.2 ! misho 3438: [f05f4eed1fe1]
1.1 misho 3439:
1.1.1.2 ! misho 3440: * doc/license.pod:
! 3441: update copyright year
! 3442: [fa0c62523875]
1.1 misho 3443:
1.1.1.2 ! misho 3444: * INSTALL, README:
! 3445: No need to include version number at the top of these files.
! 3446: [9f2981325351]
! 3447:
! 3448: 2011-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
! 3449:
! 3450: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c,
! 3451: plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
! 3452: plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
! 3453: plugins/sudoers/visudo.c:
! 3454: Minor warning/error cleanup
! 3455: [9236dc85aeab]
! 3456:
! 3457: * config.h.in, configure.in:
1.1 misho 3458: Emulate ngettext for the non-nls case
1.1.1.2 ! misho 3459: [13571d63fa36]
! 3460:
! 3461: * plugins/sudoers/ldap.c:
! 3462: Do not mark untranslatable strings for translation
! 3463: [735f5d4413fe]
1.1 misho 3464:
1.1.1.2 ! misho 3465: * plugins/sudoers/check.c:
! 3466: Use ROOT_UID not 0.
! 3467: [09a268db8da4]
1.1 misho 3468:
1.1.1.2 ! misho 3469: * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
! 3470: plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c,
! 3471: src/load_plugins.c, src/sudo.c, src/sudo_edit.c:
! 3472: Minor warning/error message cleanup
! 3473: [3c7b1a7939b5]
1.1 misho 3474:
1.1.1.2 ! misho 3475: * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c,
! 3476: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
! 3477: plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
! 3478: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c,
! 3479: src/exec_pty.c, src/net_ifs.c, src/selinux.c:
! 3480: cannot -> "unable to" in warning/error messages
! 3481: [31c3897649e9]
1.1 misho 3482:
1.1.1.2 ! misho 3483: * plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c,
! 3484: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
! 3485: plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c,
! 3486: src/sudo.c, src/utmp.c:
! 3487: can't -> "unable to" in warning/error messages
! 3488: [127b75f15291]
1.1 misho 3489:
3490: * configure, configure.in:
3491: FreeBSD needs the main sudo executable to link with -lpam when
3492: loading dynaic pam modules for some reason.
1.1.1.2 ! misho 3493: [944522cc9bef]
1.1 misho 3494:
1.1.1.2 ! misho 3495: 2011-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 3496:
1.1.1.2 ! misho 3497: * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c:
! 3498: We don't want to translate debugging messages.
! 3499: [56a1a365815a]
! 3500:
! 3501: * configure, configure.in, plugins/sudoers/Makefile.in,
! 3502: plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
! 3503: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
! 3504: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
! 3505: src/Makefile.in, src/sesh.c, src/sudo.c:
1.1 misho 3506: Add calls to bindtextdomain() and textdomain() Currently there are
3507: two domains, one for the sudo front-end and one for the sudoers
3508: plugin and its associated utilities.
1.1.1.2 ! misho 3509: [0426138f789e]
1.1 misho 3510:
3511: * configure, configure.in:
3512: Fix caching of libc gettext check.
1.1.1.2 ! misho 3513: [942142d2c43a]
1.1 misho 3514:
1.1.1.2 ! misho 3515: * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c,
! 3516: plugins/sudoers/mkdefaults:
! 3517: Mark defaults descriptions for translation
! 3518: [5b27f018e6cf]
1.1 misho 3519:
3520: * NEWS:
3521: Update for sudo 1.8.1p2
1.1.1.2 ! misho 3522: [747c4dee2ca7]
1.1 misho 3523:
1.1.1.2 ! misho 3524: 2011-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
! 3525:
! 3526: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 3527: Quiet compiler warning when SELinux is enabled.
! 3528: [1fbf77dda240]
1.1 misho 3529:
1.1.1.2 ! misho 3530: * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
! 3531: src/error.c, src/net_ifs.c, src/sesh.c:
! 3532: Add missing includes of libintl.h.
! 3533: [bc1d66316082]
1.1 misho 3534:
1.1.1.2 ! misho 3535: * plugins/sudoers/auth/pam.c:
! 3536: Fix gettext marker.
! 3537: [a5cf4ed66c66]
1.1 misho 3538:
1.1.1.2 ! misho 3539: * common/aix.c, common/alloc.c, compat/strsignal.c,
! 3540: plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h:
! 3541: Include libint.h where needed.
! 3542: [2b0e5a663c7b]
! 3543:
! 3544: * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c,
! 3545: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
! 3546: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c,
! 3547: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
! 3548: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
! 3549: plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
! 3550: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
! 3551: plugins/sudoers/find_path.c, plugins/sudoers/gram.c,
! 3552: plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
! 3553: plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
! 3554: plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
! 3555: plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
! 3556: plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c,
! 3557: plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c,
! 3558: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
! 3559: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
! 3560: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
! 3561: plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
! 3562: Prepare sudoers module messages for translation.
! 3563: [7212ae1909c5]
1.1 misho 3564:
1.1.1.2 ! misho 3565: * plugins/sudoers/sudoers.c:
! 3566: Only check gid of sudoers file if it is group-readable.
! 3567: [50e3bc0cb242]
1.1 misho 3568:
1.1.1.2 ! misho 3569: * plugins/sudoers/auth/aix_auth.c:
! 3570: For AIX, keep calling authenticate() until reenter reaches 0.
! 3571: [e240815b74b1]
1.1 misho 3572:
1.1.1.2 ! misho 3573: 2011-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 3574:
3575: * configure, configure.in:
3576: Cache the status of the initial gettext() check.
1.1.1.2 ! misho 3577: [32751ebe1704]
1.1 misho 3578:
3579: * INSTALL, configure, configure.in:
3580: Add --disable-nls flag and improve checks for gettext.
1.1.1.2 ! misho 3581: [c7e6b17052de]
1.1 misho 3582:
3583: * configure, configure.in:
3584: When building with gcc on HP-UX, use -march=1.1 to produce portable
3585: binaries on a pa-risc2 host. Previously, the +Dportable option was
3586: used for the HP-UX C compiler but gcc always produced native
3587: binaries.
1.1.1.2 ! misho 3588: [8f4c749324d7]
1.1 misho 3589:
1.1.1.2 ! misho 3590: 2011-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 3591:
1.1.1.2 ! misho 3592: * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c,
! 3593: src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c,
! 3594: src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c,
! 3595: src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
! 3596: Prepare sudo front end messages for translation.
! 3597: [2fc2fabceccb]
1.1 misho 3598:
3599: 2011-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
3600:
1.1.1.2 ! misho 3601: * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c:
! 3602: Add initial scaffolding to support localization via gettext()
! 3603: [7d47b59fcf95]
! 3604:
! 3605: * compat/fnmatch.h, compat/glob.h:
! 3606: Don't let the fnmatch/glob macros expand the function prototype.
! 3607: [a9014aa0288e]
1.1 misho 3608:
3609: 2011-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
3610:
1.1.1.2 ! misho 3611: * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h:
! 3612: Resolve namespace collisions on HP-UX ia64 and possibly others by
1.1 misho 3613: adding a rpl_ prefix to our fnmatch and glob replacements and
3614: #defining rpl_foo to foo in the header files.
1.1.1.2 ! misho 3615: [caa9b690a15d]
1.1 misho 3616:
3617: 2011-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
3618:
1.1.1.2 ! misho 3619: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 3620: Split ALL, ROLE and TYPE into their own actions. Since you can only
1.1 misho 3621: have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
3622: the non-SELinux case. This is safe because the actions are in one
3623: big switch() statement.
1.1.1.2 ! misho 3624: [7473fc2cfa2c]
1.1 misho 3625:
1.1.1.2 ! misho 3626: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 3627: Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
! 3628: [9be3480c2865]
! 3629:
! 3630: 2011-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 3631:
1.1.1.2 ! misho 3632: * doc/UPGRADE, doc/sudoers.pod:
! 3633: askpass moved from sudoers to sudo.conf in sudo 1.8.0
! 3634: [b2c2956cec4e]
1.1 misho 3635:
1.1.1.2 ! misho 3636: * doc/sudoers.pod:
! 3637: Remove obsolete warning about runas_default and ordering. Move
1.1 misho 3638: syslog facility and priority lists into the section where the
3639: relevant options are described.
1.1.1.2 ! misho 3640: [e57b8dc3f779]
1.1 misho 3641:
3642: 2011-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
3643:
1.1.1.2 ! misho 3644: * plugins/sudoers/auth/sia.c:
! 3645: Fix SIA support; we no longer have access to the real argc and argv
1.1 misho 3646: so allocate space for a fake one and use the argv passed to the
3647: plugin with "sudo" for argv[0].
1.1.1.2 ! misho 3648: [1c0552772ad2]
! 3649:
! 3650: 2011-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 3651:
1.1.1.2 ! misho 3652: * src/net_ifs.c:
! 3653: Remove useless realloc when trying to get the buffer size right.
! 3654: [792225380a62]
1.1 misho 3655:
1.1.1.2 ! misho 3656: * plugins/sudoers/set_perms.c:
! 3657: Be explicit when setting euid to 0 before call to setreuid(0, 0)
! 3658: [7bfeb629fccb]
1.1 misho 3659:
3660: 2011-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
3661:
3662: * configure, configure.in:
3663: Need to do checks for krb5_verify_user, krb5_init_secure_context and
1.1.1.2 ! misho 3664: krb5_get_init_creds_opt_alloc regardless of whether or not
! 3665: krb5-config is present.
! 3666: [9d1b98ece1d3]
1.1 misho 3667:
3668: 2011-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
3669:
1.1.1.2 ! misho 3670: * plugins/sudoers/set_perms.c:
! 3671: Work around weird AIX saved uid semantics on setuid() and
1.1 misho 3672: setreuid(). On AIX, setuid() will only set the saved uid if the euid
3673: is already 0.
1.1.1.2 ! misho 3674: [069fc08150ca]
1.1 misho 3675:
3676: 2011-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
3677:
1.1.1.2 ! misho 3678: * sudo.pp:
! 3679: update copyright year
! 3680: [1c42d579ba6e]
1.1 misho 3681:
1.1.1.2 ! misho 3682: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 3683: Treat a missing includedir like an empty one and do not return an
1.1 misho 3684: error.
1.1.1.2 ! misho 3685: [92f71d8cbfd4]
1.1 misho 3686:
3687: 2011-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
3688:
1.1.1.2 ! misho 3689: * pp:
! 3690: Fix ARCH setting in cross-compile Solaris packages.
! 3691: [b0de281cc889]
1.1 misho 3692:
1.1.1.2 ! misho 3693: * sudo.pp:
! 3694: Fix aix version setting.
! 3695: [98437dbfb085]
1.1 misho 3696:
1.1.1.2 ! misho 3697: * plugins/sudoers/ldap.c:
! 3698: Remove extraneous parens in LDAP filter when sudoers_search_filter
1.1 misho 3699: is enabled that causes a search error. From Matthew Thomas.
1.1.1.2 ! misho 3700: [1d75bf1fc8d9]
1.1 misho 3701:
3702: 2011-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
3703:
1.1.1.2 ! misho 3704: * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
! 3705: Correct sizeof() to fix test failure.
! 3706: [fd2f7c0c0572]
1.1 misho 3707:
1.1.1.2 ! misho 3708: * plugins/sudoers/Makefile.in:
! 3709: "install" target should depend on "install-dirs". Fixes "make -j"
1.1 misho 3710: problem and closes bz #487. From Chris Coleman.
1.1.1.2 ! misho 3711: [083902d38edb]
1.1 misho 3712:
3713: 2011-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
3714:
1.1.1.2 ! misho 3715: * config.h.in:
! 3716: Add HAVE_RFC1938_SKEYCHALLENGE
! 3717: [a94cb33758a8]
1.1 misho 3718:
3719: 2011-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
3720:
1.1.1.2 ! misho 3721: * NEWS:
! 3722: Mention plugin loading and libgcc changes
! 3723: [e11b30b5026a]
1.1 misho 3724:
1.1.1.2 ! misho 3725: * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:
! 3726: Load plugins after parsing arguments and potentially printing the
1.1 misho 3727: version. That way, an error loading or initializing a plugin
3728: doesn't break "sudo -h" or "sudo -V".
1.1.1.2 ! misho 3729: [1b76f2b096a2]
1.1 misho 3730:
3731: * Makefile.in:
3732: When using a sub-shell to invoke the sub-make, exec make instead of
3733: running it inside the shell to avoid an extra process.
1.1.1.2 ! misho 3734: [fd2c04a71fbf]
1.1 misho 3735:
1.1.1.2 ! misho 3736: * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c:
! 3737: Stop testing unspecified behavior in fnmatch Make glob test more
1.1 misho 3738: portable
1.1.1.2 ! misho 3739: [229803093725]
1.1 misho 3740:
1.1.1.2 ! misho 3741: * compat/Makefile.in:
! 3742: No need to add current dir to include path and having it breaks the
1.1 misho 3743: test programs that expect to get the system glob.h and fnmatch.h
1.1.1.2 ! misho 3744: [68085f624be4]
1.1 misho 3745:
1.1.1.2 ! misho 3746: * INSTALL, configure, configure.in:
1.1 misho 3747: Fix and document --with-plugindir; partially from Diego Elio Petteno
1.1.1.2 ! misho 3748: [07edc52ea89e]
1.1 misho 3749:
1.1.1.2 ! misho 3750: * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
! 3751: compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c,
! 3752: compat/regress/glob/globtest.in:
! 3753: Fix fnmatch and glob tests to not use hard-coded flag values in the
1.1 misho 3754: input file. Link test programs with libreplace so we get our
3755: replacement verions as needed.
1.1.1.2 ! misho 3756: [c2cca448f660]
1.1 misho 3757:
3758: * Makefile.in:
3759: If make in a subdir fails, fail the target in the upper level
3760: Makefile too. Adapted from a patch from Diego Elio Petteno
1.1.1.2 ! misho 3761: [76fc9a0d96fd]
1.1 misho 3762:
1.1.1.2 ! misho 3763: * configure, configure.in, plugins/sudoers/auth/rfc1938.c:
1.1 misho 3764: Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
3765: has this. Adapted from a patch from Diego Elio Petteno
1.1.1.2 ! misho 3766: [a97279a59b93]
1.1 misho 3767:
1.1.1.2 ! misho 3768: * plugins/sudoers/Makefile.in:
! 3769: Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
1.1 misho 3770: directly.
1.1.1.2 ! misho 3771: [47b884029b3b]
1.1 misho 3772:
3773: * configure, configure.in:
3774: Fix warnings when -without-skey, --without-opie, --without-kerb4,
3775: --without-kerb5 or --without-SecurID were specified.
1.1.1.2 ! misho 3776: [71ad150f4d24]
1.1 misho 3777:
1.1.1.2 ! misho 3778: * MANIFEST:
! 3779: Add plugins/sudoers/sudoers_version.h
! 3780: [7423966de440]
1.1 misho 3781:
1.1.1.2 ! misho 3782: * configure, configure.in, plugins/sample/Makefile.in,
! 3783: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
1.1 misho 3784: Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
3785: now include LDFLAGS in the sudoers Makefile.in. Add missing settng
3786: of @LDFLAGS@ in plugin Makefile.in files.
1.1.1.2 ! misho 3787: [b835826f889c]
1.1 misho 3788:
3789: 2011-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
3790:
1.1.1.2 ! misho 3791: * NEWS:
! 3792: Mention %#gid support in User_List and Runas_List
! 3793: [5a983dff017a]
1.1 misho 3794:
1.1.1.2 ! misho 3795: * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h,
! 3796: plugins/sudoers/visudo.c:
! 3797: Keep track of sudoers grammar version and report it in the -V
1.1 misho 3798: output.
1.1.1.2 ! misho 3799: [52901a3c0296]
1.1 misho 3800:
1.1.1.2 ! misho 3801: * plugins/sudoers/sudo_nss.h:
! 3802: Add multiple inclusion guard
! 3803: [50853aed046e]
1.1 misho 3804:
1.1.1.2 ! misho 3805: * configure, configure.in, plugins/sample/Makefile.in,
! 3806: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
1.1 misho 3807: The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
3808: LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
3809: set it to -Wc,-static-libgcc if not using GNU ld so we don't
3810: have a dependency on the shared libgcc in sudoers.so.
1.1.1.2 ! misho 3811: [66ad8bc5e32d]
1.1 misho 3812:
1.1.1.2 ! misho 3813: * doc/sudoers.pod:
! 3814: Fix typo; from Petr Uzel
! 3815: [f9a7afd80892]
1.1 misho 3816:
3817: 2011-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
3818:
1.1.1.2 ! misho 3819: * plugins/sudoers/testsudoers.c:
! 3820: In dump-only mode, use "root" as the default username instead of
1.1 misho 3821: "nobody" as the latter may not be available on all systems.
1.1.1.2 ! misho 3822: [0c48e6414337]
1.1 misho 3823:
3824: 2011-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
3825:
1.1.1.2 ! misho 3826: * plugins/sudoers/testsudoers.c:
! 3827: Remove NewArgv/NewArgc, they are no longer needed.
! 3828: [16e18f734c7e]
1.1 misho 3829:
1.1.1.2 ! misho 3830: * plugins/sudoers/testsudoers.c:
! 3831: Fix setting of user_args
! 3832: [aa29e0d0a54a]
1.1 misho 3833:
1.1.1.2 ! misho 3834: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 3835: Add '!' token to lex tracing
! 3836: [5227ad266235]
1.1 misho 3837:
1.1.1.2 ! misho 3838: * plugins/sudoers/regress/testsudoers/test1.sh:
! 3839: Use group bin in test, not wheel as most systems have the bin group
1.1 misho 3840: but the same is no longer true of wheel.
1.1.1.2 ! misho 3841: [718802b3b45e]
1.1 misho 3842:
1.1.1.2 ! misho 3843: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 3844: Avoid using pre or post increment in a parameter to a ctype(3)
1.1 misho 3845: function as it might be a macro that causes the increment to happen
3846: more than once.
1.1.1.2 ! misho 3847: [78e281152c3a]
1.1 misho 3848:
3849: 2011-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
3850:
1.1.1.2 ! misho 3851: * sudo.pp:
! 3852: Strip off the beta or release candidate version when building AIX
1.1 misho 3853: packages.
1.1.1.2 ! misho 3854: [28fe31668559]
1.1 misho 3855:
3856: * configure, configure.in:
3857: We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
3858: structure checks for glibc which only has __e_termination visible
3859: when _GNU_SOURCE is *not* defined.
1.1.1.2 ! misho 3860: [59ae1698911f]
1.1 misho 3861:
1.1.1.2 ! misho 3862: * common/aix.c:
! 3863: getuserattr(user, ...) will fall back to the "default" entry
1.1 misho 3864: automatically, there's no need to check "default" manually.
1.1.1.2 ! misho 3865: [3c7a47a61fdb]
1.1 misho 3866:
3867: 2011-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
3868:
1.1.1.2 ! misho 3869: * doc/UPGRADE:
! 3870: Document parser changes.
! 3871: [ec415503308d]
! 3872:
! 3873: * Makefile.in, common/Makefile.in, compat/Makefile.in,
! 3874: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
! 3875: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
! 3876: src/Makefile.in, zlib/Makefile.in:
1.1 misho 3877: If there is an existing sudoers file, only install if it passes a
3878: syntax check.
1.1.1.2 ! misho 3879: [37427c73e8cb]
1.1 misho 3880:
1.1.1.2 ! misho 3881: * plugins/sudoers/regress/sudoers/test6.out.ok,
! 3882: plugins/sudoers/testsudoers.c:
! 3883: Add runasgroup support to testsudoers
! 3884: [047ea5571f33]
1.1 misho 3885:
1.1.1.2 ! misho 3886: * plugins/sudoers/Makefile.in:
! 3887: For "make check", keep going even if a test fails.
! 3888: [ce6a0a73c372]
1.1 misho 3889:
1.1.1.2 ! misho 3890: * plugins/sudoers/testsudoers.c:
! 3891: More useful exit codes:
1.1 misho 3892: * 0 - parsed OK and command matched.
3893: * 1 - parse error
3894: * 2 - command not matched
3895: * 3 - command denied
1.1.1.2 ! misho 3896: [1d2ce1361903]
1.1 misho 3897:
1.1.1.2 ! misho 3898: * doc/sudoers.pod:
! 3899: Document %#gid, and %:#nonunix_gid syntax.
! 3900: [492d4f9696c4]
1.1 misho 3901:
1.1.1.2 ! misho 3902: * plugins/sudoers/pwutil.c:
! 3903: Add support to user_in_group() for treating group names that begin
1.1 misho 3904: with a '#' as gids.
1.1.1.2 ! misho 3905: [20240c94a134]
1.1 misho 3906:
1.1.1.2 ! misho 3907: * config.h.in, configure, configure.in, src/utmp.c:
1.1 misho 3908: Add explicit check for struct utmpx.ut_exit.e_termination and struct
3909: utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
3910: ut_exit if we detect one or the other.
1.1.1.2 ! misho 3911: [b4e8cab777e6]
1.1 misho 3912:
3913: 2011-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
3914:
1.1.1.2 ! misho 3915: * plugins/sudoers/toke.c:
! 3916: Add back missing #include of config.h
! 3917: [9ab3897a1b2e]
! 3918:
! 3919: * plugins/sudoers/iolog_path.c,
! 3920: plugins/sudoers/regress/iolog_path/data:
! 3921: Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
1.1 misho 3922: strftime() does.
1.1.1.2 ! misho 3923: [93395762cdcd]
1.1 misho 3924:
1.1.1.2 ! misho 3925: * aclocal.m4:
! 3926: Quote first argument to AC_DEFUN(); from Elan Ruusamae
! 3927: [97f53ad31d77]
1.1 misho 3928:
3929: 2011-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
3930:
1.1.1.2 ! misho 3931: * MANIFEST:
! 3932: add new sudoers tests
! 3933: [476af91b3da3]
1.1 misho 3934:
1.1.1.2 ! misho 3935: * plugins/sudoers/regress/sudoers/test8.in,
! 3936: plugins/sudoers/regress/sudoers/test8.out.ok,
! 3937: plugins/sudoers/regress/sudoers/test8.toke.ok:
! 3938: Add test for a newline in the middle of a string when no line
1.1 misho 3939: continuation character is used.
1.1.1.2 ! misho 3940: [de2394bc86ab]
1.1 misho 3941:
1.1.1.2 ! misho 3942: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 3943: Use bitwise AND instead of modulus to check for length being odd. A
1.1 misho 3944: newline in the middle of a string is an error unless a line
3945: continuation character is used.
1.1.1.2 ! misho 3946: [bdb1d762a1d5]
1.1 misho 3947:
1.1.1.2 ! misho 3948: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
! 3949: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 3950: Move lexer globals initialization into init_lexer.
! 3951: [1ce62211aadb]
1.1 misho 3952:
1.1.1.2 ! misho 3953: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 3954: Fix a potential crash when a non-regular file is present in an
1.1 misho 3955: includedir. Fixes bz #452
1.1.1.2 ! misho 3956: [1586760c3525]
1.1 misho 3957:
1.1.1.2 ! misho 3958: * pp:
! 3959: On some Linux systems, "uname -p" contains detailed processor info
1.1 misho 3960: so check "uname -m" first and then "uname -p" if needed. Recognize
3961: PLD Linux.
1.1.1.2 ! misho 3962: [b8535cb9012e]
1.1 misho 3963:
3964: 2011-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
3965:
1.1.1.2 ! misho 3966: * plugins/sudoers/redblack.c:
! 3967: Don't need all sudoers.h here.
! 3968: [8c0929f42dab]
1.1 misho 3969:
1.1.1.2 ! misho 3970: * src/sudo.c:
! 3971: Print sudo version early, in case policy plugin init fails.
! 3972: [47cddc4358bc]
1.1 misho 3973:
3974: 2011-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
3975:
1.1.1.2 ! misho 3976: * plugins/sudoers/regress/sudoers/test4.toke.ok:
! 3977: Update to match change in input.
! 3978: [4a3af8e68790]
1.1 misho 3979:
1.1.1.2 ! misho 3980: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 3981: Make an empty group or netgroup a syntax error.
! 3982: [66f51ddc2ff6]
1.1 misho 3983:
1.1.1.2 ! misho 3984: * plugins/sudoers/regress/sudoers/test7.in,
! 3985: plugins/sudoers/regress/sudoers/test7.out.ok,
! 3986: plugins/sudoers/regress/sudoers/test7.toke.ok:
! 3987: An empty group or netgroup should be a syntax error.
! 3988: [bd5bf1e2edce]
! 3989:
! 3990: * plugins/sudoers/regress/sudoers/test6.in,
! 3991: plugins/sudoers/regress/sudoers/test6.out.ok,
! 3992: plugins/sudoers/regress/sudoers/test6.toke.ok:
! 3993: Check that uids work in per-user and per-runas Defaults Check that
1.1 misho 3994: uids and gids work in a Command_Spec
1.1.1.2 ! misho 3995: [c5e848e6082b]
1.1 misho 3996:
1.1.1.2 ! misho 3997: * plugins/sudoers/regress/sudoers/test5.in,
! 3998: plugins/sudoers/regress/sudoers/test5.out.ok,
! 3999: plugins/sudoers/regress/sudoers/test5.toke.ok:
! 4000: Test empty string in User_Alias and Command_Spec
! 4001: [3a084d777e03]
1.1 misho 4002:
1.1.1.2 ! misho 4003: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 4004: Allow a group ID in the User_Spec.
! 4005: [bc2859eb71dc]
1.1 misho 4006:
4007: 2011-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
4008:
1.1.1.2 ! misho 4009: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 4010: Return an error for the empty string when a word is expected. Allow
! 4011: an ID for per-user or per-runas Defaults.
! 4012: [915c259b00ff]
! 4013:
! 4014: * plugins/sudoers/testsudoers.c:
! 4015: Fix printing "User_Alias FOO = ALL"
! 4016: [ba58c3d548b3]
1.1 misho 4017:
4018: 2011-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
4019:
1.1.1.2 ! misho 4020: * src/parse_args.c:
! 4021: Better error message about invalid -C argument
! 4022: [c9a8d15bbf5d]
1.1 misho 4023:
1.1.1.2 ! misho 4024: * NEWS:
! 4025: fix typo
! 4026: [cdcfbafed013]
1.1 misho 4027:
1.1.1.2 ! misho 4028: * doc/sudoers.pod:
! 4029: Fix placement of equal size ('=') in user specification summary.
! 4030: [5ad7178b230d]
1.1 misho 4031:
4032: 2011-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
4033:
1.1.1.2 ! misho 4034: * MANIFEST:
! 4035: update to match sudoers regress
! 4036: [e04db0648717]
1.1 misho 4037:
1.1.1.2 ! misho 4038: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 4039: Restore ability to define TRACELEXER and have trace output go to
1.1 misho 4040: stderr.
1.1.1.2 ! misho 4041: [d9531e4d1b20]
1.1 misho 4042:
1.1.1.2 ! misho 4043: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 4044: Restore old behavior of setting sawspace = TRUE for command line
1.1 misho 4045: args when a line continuation character is hit to avoid causing
4046: problems for existing sudoers files.
1.1.1.2 ! misho 4047: [fd930ad25550]
1.1 misho 4048:
1.1.1.2 ! misho 4049: * plugins/sudoers/regress/sudoers/test4.in,
! 4050: plugins/sudoers/regress/sudoers/test4.out.ok,
! 4051: plugins/sudoers/regress/sudoers/test4.toke.ok:
! 4052: Add test for line continuation and aliases
! 4053: [29ab538ca6bb]
1.1 misho 4054:
1.1.1.2 ! misho 4055: * plugins/sudoers/Makefile.in:
! 4056: Make test output line up nicely for parse vs. toke
! 4057: [257ef82c1434]
1.1 misho 4058:
1.1.1.2 ! misho 4059: * plugins/sudoers/Makefile.in,
! 4060: plugins/sudoers/regress/sudoers/test1.in,
! 4061: plugins/sudoers/regress/sudoers/test1.out.ok,
! 4062: plugins/sudoers/regress/sudoers/test1.toke.ok,
! 4063: plugins/sudoers/regress/sudoers/test2.in,
! 4064: plugins/sudoers/regress/sudoers/test2.out.ok,
! 4065: plugins/sudoers/regress/sudoers/test2.toke.ok,
! 4066: plugins/sudoers/regress/sudoers/test3.in,
! 4067: plugins/sudoers/regress/sudoers/test3.out.ok,
! 4068: plugins/sudoers/regress/sudoers/test3.toke.ok,
! 4069: plugins/sudoers/regress/testsudoers/test1.ok,
! 4070: plugins/sudoers/regress/testsudoers/test1.out.ok,
! 4071: plugins/sudoers/regress/testsudoers/test1.sh,
1.1 misho 4072: plugins/sudoers/regress/testsudoers/test2.out,
4073: plugins/sudoers/regress/testsudoers/test2.sh,
4074: plugins/sudoers/regress/testsudoers/test3.ok,
4075: plugins/sudoers/regress/testsudoers/test3.sh,
4076: plugins/sudoers/regress/visudo/test1.ok,
4077: plugins/sudoers/regress/visudo/test1.sh:
4078: Move parser tests to sudoers directory and test the tokenizer output
4079: too.
1.1.1.2 ! misho 4080: [44f529b3cdb6]
1.1 misho 4081:
1.1.1.2 ! misho 4082: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 4083: If we match a rule anchored to the beginning of a line after parsing
1.1 misho 4084: a line continuation character, return an ERROR token. It would be
4085: nicer to use REJECT instead but that substantially slows down the
4086: lexer.
1.1.1.2 ! misho 4087: [355478293f8c]
! 4088:
! 4089: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
! 4090: plugins/sudoers/toke.c, plugins/sudoers/toke.h,
! 4091: plugins/sudoers/toke.l:
! 4092: Move LEXTRACE macro to toke.h so we can use it in yyerror().
! 4093: [72ee7a06d3ca]
1.1 misho 4094:
1.1.1.2 ! misho 4095: 2011-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 4096:
1.1.1.2 ! misho 4097: * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
! 4098: plugins/sudoers/toke.l:
! 4099: Make lex tracing settable at run-time in testsudoers via the -t
1.1 misho 4100: flag. Trace output goes to stderr. Will be used by regress tests
4101: to check lexer.
1.1.1.2 ! misho 4102: [93bd53c413c8]
1.1 misho 4103:
1.1.1.2 ! misho 4104: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 4105: Allow whitespace after the modifier in a Defaults entry. E.g.
1.1 misho 4106: "Defaults: username set_home"
1.1.1.2 ! misho 4107: [9dfcf8dd8a3a]
1.1 misho 4108:
4109: 2011-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
4110:
1.1.1.2 ! misho 4111: * mkpkg:
! 4112: Don't set CC when cross-compiling.
! 4113: [4b95b0c04e1c]
1.1 misho 4114:
1.1.1.2 ! misho 4115: * NEWS:
! 4116: Credit Matthew Thomas for the sudoers_search_filter changes.
! 4117: [a65998ab09f7]
1.1 misho 4118:
1.1.1.2 ! misho 4119: * MANIFEST:
! 4120: Add the .sym files to the MANIFEST
! 4121: [f599225cc861]
1.1 misho 4122:
1.1.1.2 ! misho 4123: * NEWS:
! 4124: Update for sudo 1.8.1 beta
! 4125: [71021e854c49]
1.1 misho 4126:
1.1.1.2 ! misho 4127: * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c:
! 4128: user_shell -> run_shell to avoid confusion with the user's SHELL
1.1 misho 4129: variable.
1.1.1.2 ! misho 4130: [dc0ac6dafc21]
1.1 misho 4131:
1.1.1.2 ! misho 4132: * src/exec_pty.c:
! 4133: Save the controlling tty process group before suspending in pty
1.1 misho 4134: mode. Previously, we assumed that the child pgrp == child pid
4135: (which is usually, but not always, the case).
1.1.1.2 ! misho 4136: [10b2883b7875]
1.1 misho 4137:
1.1.1.2 ! misho 4138: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
! 4139: Add support for sudoers_search_filter setting in ldap.conf. This
1.1 misho 4140: can be used to restrict the set of records returned by the LDAP
4141: query.
1.1.1.2 ! misho 4142: [b0f1b721d102]
1.1 misho 4143:
4144: 2011-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
4145:
4146: * configure, configure.in:
4147: Remove the hack to disable -g in CFLAGS unless --with-devel
1.1.1.2 ! misho 4148: [89822cf84ef4]
1.1 misho 4149:
1.1.1.2 ! misho 4150: * doc/sudoers.pod:
! 4151: The '@' character does not normally need to be quoted.
! 4152: [7823f5ed829a]
1.1 misho 4153:
1.1.1.2 ! misho 4154: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 4155: We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
1.1 misho 4156: if that whitespace is followed by a comma, we want to treat it as
4157: part of a list and not transition.
1.1.1.2 ! misho 4158: [1ca6943e1824]
1.1 misho 4159:
1.1.1.2 ! misho 4160: * plugins/sudoers/regress/testsudoers/test3.ok,
! 4161: plugins/sudoers/regress/testsudoers/test3.sh:
! 4162: Add check for whitespace when a User_List is used for a per-user
1.1 misho 4163: Defaults entry.
1.1.1.2 ! misho 4164: [91f75e6dd19a]
1.1 misho 4165:
1.1.1.2 ! misho 4166: * plugins/sudoers/regress/testsudoers/test2.out,
! 4167: plugins/sudoers/regress/testsudoers/test2.sh:
! 4168: Expand quoted name checks to cover recent fixes.
! 4169: [ce4f76bca146]
1.1 misho 4170:
1.1.1.2 ! misho 4171: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
! 4172: Fix parsing of double-quoted names in Defaultd and Aliases which was
1.1 misho 4173: broken in 601d97ea8792.
1.1.1.2 ! misho 4174: [424b0d6c1dc4]
1.1 misho 4175:
1.1.1.2 ! misho 4176: * plugins/sudoers/Makefile.in:
! 4177: toke_util.c lives in $(srcdir) not $(devdir)
! 4178: [94866bebee83]
1.1 misho 4179:
4180: 2011-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
4181:
4182: * configure, configure.in:
1.1.1.2 ! misho 4183: Change trunk version to 1.8.x to distinguish from real 1.8.0.
! 4184: [a9781e61d064]
1.1 misho 4185:
1.1.1.2 ! misho 4186: * NEWS, doc/UPGRADE:
! 4187: Document major changes in 1.8.1 and add upgrade notes.
! 4188: [f2cf51b0d9ce]
1.1 misho 4189:
1.1.1.2 ! misho 4190: * plugins/sudoers/match.c:
! 4191: Be careful not to deref user_stat if it is NULL. This cannot
1.1 misho 4192: currently happen in sudo but might in other programs using the
4193: parser.
1.1.1.2 ! misho 4194: [06a2334dd674]
1.1 misho 4195:
1.1.1.2 ! misho 4196: * mkpkg:
! 4197: configure will not add -O2 to CFLAGS if it is already defined to add
1.1 misho 4198: -O2 to the CFLAGS we pass in when PIE is being used.
1.1.1.2 ! misho 4199: [1ce6481ece59]
1.1 misho 4200:
1.1.1.2 ! misho 4201: * doc/sudoers.pod:
! 4202: Warn about the dangers of log_input and mention iolog_file and
1.1 misho 4203: iolog_dir in the log_input and log_output descriptions.
1.1.1.2 ! misho 4204: [ae854ffb0768]
1.1 misho 4205:
1.1.1.2 ! misho 4206: * pp:
! 4207: sync with git version
! 4208: [a993e39ce3cb]
1.1 misho 4209:
1.1.1.2 ! misho 4210: * doc/sudoers.pod:
! 4211: It seems that h comes after i
! 4212: [0f621109220d]
1.1 misho 4213:
1.1.1.2 ! misho 4214: * doc/sudoers.pod:
! 4215: Move log_input and log_output to their proper, sorted, location.
1.1 misho 4216: Document set_utmp and utmp_runas.
1.1.1.2 ! misho 4217: [273b234b9c34]
1.1 misho 4218:
1.1.1.2 ! misho 4219: * src/exec.c:
! 4220: Save the controlling tty process group before suspending so we can
1.1 misho 4221: restore it when we resume. Fixes job control problems on Linux
4222: caused by the previous attemp to fix resuming a shell when I/O
4223: logging not enabled.
1.1.1.2 ! misho 4224: [f03a660315ee]
1.1 misho 4225:
1.1.1.2 ! misho 4226: * common/lbuf.c:
! 4227: Fix printing of the remainder after a newline. Fixes "sudo -l"
1.1 misho 4228: output corruption that could occur in some cases.
1.1.1.2 ! misho 4229: [25d83fb501fc]
! 4230:
! 4231: 2011-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 4232:
1.1.1.2 ! misho 4233: * config.h.in, configure, configure.in, src/exec_pty.c,
! 4234: src/sudo_exec.h, src/utmp.c:
! 4235: Add support for ut_exit
! 4236: [b574c13f1bba]
1.1 misho 4237:
1.1.1.2 ! misho 4238: * doc/sudo_plugin.pod, plugins/sudoers/def_data.c,
! 4239: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
! 4240: plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c,
! 4241: src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c:
! 4242: Add support for controlling whether utmp is updated and which user
1.1 misho 4243: is listed in the entry.
1.1.1.2 ! misho 4244: [44a81632133f]
1.1 misho 4245:
1.1.1.2 ! misho 4246: * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h,
! 4247: plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults,
! 4248: plugins/sudoers/parse.c:
! 4249: Fix typo; tupple vs. tuple
! 4250: [697744acb710]
1.1 misho 4251:
1.1.1.2 ! misho 4252: * src/utmp.c:
! 4253: For legacy utmp, strip the /dev/ prefix before trying to determine
1.1 misho 4254: slot since the ttys file does not include the /dev/ prefix.
1.1.1.2 ! misho 4255: [7ad5b81ff90c]
! 4256:
! 4257: * aclocal.m4, configure, configure.in, pathnames.h.in:
! 4258: Add check for _PATH_UTMP
! 4259: [21e638029bfd]
1.1 misho 4260:
1.1.1.2 ! misho 4261: 2011-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 4262:
1.1.1.2 ! misho 4263: * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
! 4264: Adapt check_iolog_path to sessid changes
! 4265: [728b5fe2be6f]
1.1 misho 4266:
1.1.1.2 ! misho 4267: * config.h.in, configure, configure.in, src/Makefile.in,
! 4268: src/exec_pty.c, src/sudo_exec.h, src/utmp.c:
! 4269: Redo utmp handling. If no getutent()/getutxent() is available,
1.1 misho 4270: assume a ttyslot-based utmp. If getttyent() is available, use that
4271: directly instead of ttyslot() so we don't have to do the stdin dup2
4272: dance.
1.1.1.2 ! misho 4273: [18aa455cd140]
1.1 misho 4274:
1.1.1.2 ! misho 4275: 2011-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
1.1 misho 4276:
1.1.1.2 ! misho 4277: * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h,
! 4278: src/utmp.c:
! 4279: Move utmp handling into utmp.c
! 4280: [f6eae6c8e012]
1.1 misho 4281:
1.1.1.2 ! misho 4282: * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
! 4283: common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c,
! 4284: compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c,
! 4285: compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
! 4286: compat/utimes.c, doc/sudo.pod, doc/visudo.pod,
! 4287: include/sudo_plugin.h, plugins/sample/sample_plugin.c,
! 4288: plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
! 4289: plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
! 4290: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
! 4291: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
! 4292: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
! 4293: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
! 4294: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
! 4295: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
! 4296: plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c,
! 4297: plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
! 4298: plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
! 4299: plugins/sudoers/logging.c, plugins/sudoers/parse.c,
! 4300: plugins/sudoers/parse.h, plugins/sudoers/redblack.c,
! 4301: plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c,
! 4302: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c,
! 4303: src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c,
! 4304: src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c,
! 4305: src/sudo_plugin_int.h, src/tgetpass.c:
! 4306: Update copyright years.
! 4307: [16aa39f9060a]
1.1 misho 4308:
1.1.1.2 ! misho 4309: * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c,
! 4310: plugins/sudoers/sudoers.h, src/parse_args.c:
! 4311: Add "user_shell" boolean as a way to indicate to the plugin that the
1.1 misho 4312: -s flag was given.
1.1.1.2 ! misho 4313: [fb1ef0897b32]
1.1 misho 4314:
1.1.1.2 ! misho 4315: * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
! 4316: plugins/sudoers/sudoers.h:
! 4317: Move sessid out of sudo_user.
! 4318: [ba298ddb57f4]
1.1 misho 4319:
1.1.1.2 ! misho 4320: * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
! 4321: plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
! 4322: plugins/sudoers/sudoers.h:
! 4323: Log the TSID even if it is not a simple session ID.
! 4324: [d7cc1b9c513c]
1.1 misho 4325:
1.1.1.2 ! misho 4326: * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod:
! 4327: Document noexec in sample.sudo.conf and add back noexec_file section
1.1 misho 4328: in sudoers with a note that it is deprecated.
1.1.1.2 ! misho 4329: [4a6e961e494d]
1.1 misho 4330:
1.1.1.2 ! misho 4331: * plugins/sudoers/set_perms.c:
! 4332: Fix running commands as non-root on systems where setreuid() changes
1.1 misho 4333: the saved uid based on the effective uid we are changing to.
1.1.1.2 ! misho 4334: [df0769b71b34]
1.1 misho 4335:
4336: 2011-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
4337:
1.1.1.2 ! misho 4338: * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c,
! 4339: src/sudo.h:
! 4340: Move noexec path into sudo.conf now that sudo itself handles noexec.
1.1 misho 4341: Currently can be configured in sudoers too but is now undocumented
4342: and will be removed in a future release.
1.1.1.2 ! misho 4343: [6fa8befdc110]
1.1 misho 4344:
1.1.1.2 ! misho 4345: * doc/sudo.pod, doc/sudoers.pod:
! 4346: Document "Path noexec ..." in sudo.conf. No longer document
1.1 misho 4347: noexec_file in sudoers, it will be removed in a future release.
1.1.1.2 ! misho 4348: [24eee3a0b3e5]
1.1 misho 4349:
1.1.1.2 ! misho 4350: * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
! 4351: plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h:
! 4352: Move noexec handling to sudo front-end where it is documented as
1.1 misho 4353: being.
1.1.1.2 ! misho 4354: [3ed4f10d7052]
1.1 misho 4355:
1.1.1.2 ! misho 4356: * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
! 4357: src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
! 4358: src/sudo_exec.h:
! 4359: Add support for disabling exec via solaris privileges. Includes
1.1 misho 4360: preparation for moving noexec support out of sudoers and into front
4361: end as documented.
1.1.1.2 ! misho 4362: [dec843ed553e]
1.1 misho 4363:
1.1.1.2 ! misho 4364: * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym,
! 4365: plugins/sample_group/Makefile.in,
! 4366: plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
! 4367: plugins/sudoers/sudoers.sym:
! 4368: Only export the symbols corresponding to the plugin structs.
! 4369: [8d8d03b0ca54]
! 4370:
! 4371: * configure, configure.in, plugins/sample/Makefile.in,
! 4372: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
! 4373: Install plugins manually instead of using libtool. This works
1.1 misho 4374: around a problem on AIX where libtool will install a .a file
4375: containing the .so file instead of the .so file itself.
1.1.1.2 ! misho 4376: [796971cfbddb]
1.1 misho 4377:
4378: * Makefile.in:
4379: Move check into its own rule since some versions of make will run
4380: both targets as the default rule.
1.1.1.2 ! misho 4381: [34d759979176]
1.1 misho 4382:
1.1.1.2 ! misho 4383: * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
! 4384: m4/ltversion.m4, m4/lt~obsolete.m4:
! 4385: Update to libtool 2.2.10
! 4386: [34c130de6af7]
1.1 misho 4387:
1.1.1.2 ! misho 4388: 2011-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
! 4389:
! 4390: * src/exec.c:
! 4391: In handle_signals(), restart the read() on EINTR to make sure we
1.1 misho 4392: keep up with the signal pipe. Don't return -1 on EAGAIN, it just
4393: means we have emptied the pipe.
1.1.1.2 ! misho 4394: [d5b9c8eb9000]
1.1 misho 4395:
1.1.1.2 ! misho 4396: * compat/mktemp.c:
! 4397: Reorder functions to quiet a compiler warning.
! 4398: [c9e9a23729f0]
1.1 misho 4399:
1.1.1.2 ! misho 4400: * mkpkg:
! 4401: Use the Sun Studio C compiler on Solaris if possible
! 4402: [11a86e27891e]
1.1 misho 4403:
4404: 2011-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
4405:
1.1.1.2 ! misho 4406: * mkpkg:
! 4407: Fix default setting of osversion variable.
! 4408: [52e49ca1cedd]
1.1 misho 4409:
1.1.1.2 ! misho 4410: * doc/sudo_plugin.pod:
! 4411: Make two login_class entris consistent.
! 4412: [18ff1fa94a91]
1.1 misho 4413:
1.1.1.2 ! misho 4414: * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c,
! 4415: src/sudo_exec.h:
! 4416: Add support for adding a utmp entry when allocating a new pty.
1.1 misho 4417: Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
4418: Currently only creates a new entry if the existing tty has a utmp
4419: entry.
1.1.1.2 ! misho 4420: [32db72b81d80]
1.1 misho 4421:
1.1.1.2 ! misho 4422: * plugins/sudoers/boottime.c:
! 4423: Avoid pulling in headers we don't need on Linux For getutx?id(),
1.1 misho 4424: call setutx?ent() first and always call endutx?ent().
1.1.1.2 ! misho 4425: [5dad21e1ee1b]
1.1 misho 4426:
1.1.1.2 ! misho 4427: * configure, configure.in:
! 4428: Add some more libs to SUDOERS_LIBS instead of relying on them to be
1.1 misho 4429: pulled in by SUDO_LIBS.
1.1.1.2 ! misho 4430: [18a7c21c09a7]
1.1 misho 4431:
1.1.1.2 ! misho 4432: * plugins/sudoers/sudoers.c:
! 4433: Fix return value of "sudo -l command" when command is not allowed,
1.1 misho 4434: broken in [c7097ea22111]. The default return value is now TRUE and
4435: a bad: label is used when permission is denied. Also fixed missing
4436: permissions restoration on certain errors. On error()/errorx(), the
4437: password and group files are now closed before returning.
1.1.1.2 ! misho 4438: [4f2d0e869ae5]
1.1 misho 4439:
4440: 2011-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
4441:
1.1.1.2 ! misho 4442: * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
! 4443: Fix passing of login class back to sudo front end.
! 4444: [6f70a784ce48]
1.1 misho 4445:
1.1.1.2 ! misho 4446: * mkpkg:
! 4447: Add --osversion flag to specify OS instead of running "pp
1.1 misho 4448: --probeonly"
1.1.1.2 ! misho 4449: [a8efdccb7bc1]
1.1 misho 4450:
1.1.1.2 ! misho 4451: * sudo.pp:
! 4452: Fix expr usage w/ GNU expr
! 4453: [48895599ee63]
1.1 misho 4454:
4455: 2011-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
4456:
1.1.1.2 ! misho 4457: * plugins/sudoers/sudoers.c:
! 4458: Fix exit value for validate and list mode.
! 4459: [c7097ea22111]
1.1 misho 4460:
1.1.1.2 ! misho 4461: * plugins/sudoers/sudoers.c:
! 4462: Fix non-interactive mode with sudoers plugin.
! 4463: [172f29597bd2]
1.1 misho 4464:
4465: 2011-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
4466:
1.1.1.2 ! misho 4467: * doc/sudoreplay.pod:
! 4468: sudoreplay can now find IDs other than %{seq} and display the
1.1 misho 4469: session.
1.1.1.2 ! misho 4470: [fc3dd3be67e9]
1.1 misho 4471:
4472: 2011-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
4473:
1.1.1.2 ! misho 4474: * plugins/sudoers/sudoreplay.c:
! 4475: Add support for replaying sessions when iolog_file is set to
! 4476: something other than %{seq}.
! 4477: [ca3131243874]
! 4478:
! 4479: * plugins/sudoers/visudo.c:
! 4480: If we are killed by a signal, display the name of the signal that
1.1 misho 4481: got us.
1.1.1.2 ! misho 4482: [994bb76a990e]
1.1 misho 4483:
1.1.1.2 ! misho 4484: * configure, configure.in:
! 4485: Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
1.1 misho 4486: where they belong.
1.1.1.2 ! misho 4487: [40f94b936fa4]
1.1 misho 4488:
1.1.1.2 ! misho 4489: * configure.in:
! 4490: Fix bug in skey/opie check that could cause a shell warning.
! 4491: [83c043072be5]
1.1 misho 4492:
1.1.1.2 ! misho 4493: * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
! 4494: No longer need sudo_getepw() stubs.
! 4495: [bbee15c36912]
1.1 misho 4496:
4497: 2011-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
4498:
1.1.1.2 ! misho 4499: * plugins/sudoers/sudo_nss.c:
! 4500: Fix exit value of "sudo -l command" in sudoers module.
! 4501: [a6541867521b]
1.1 misho 4502:
4503: 2011-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
4504:
1.1.1.2 ! misho 4505: * compat/regress/glob/globtest.c:
! 4506: Use fgets() not fgetln() for portability.
! 4507: [df1bb67fb168]
1.1 misho 4508:
1.1.1.2 ! misho 4509: * sudo.pp:
! 4510: Don't use the beta or release candidate version as the rpm release.
! 4511: [d661ef78021a]
1.1 misho 4512:
4513: 2011-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
4514:
4515: * configure, configure.in:
4516: version 1.8.0
4517: [f6530d56f6ae] [SUDO_1_8_0]
4518:
4519: * NEWS:
4520: update sudo 1.8 section
4521: [f2ee2cf95d18]
4522:
4523: 2011-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
4524:
4525: * plugins/sudoers/regress/testsudoers/test2.sh:
4526: fix test description
4527: [cd5730fa9f09]
4528:
4529: * plugins/sudoers/regress/testsudoers/test2.out,
4530: plugins/sudoers/regress/testsudoers/test2.sh,
4531: plugins/sudoers/regress/visudo/test2.out,
4532: plugins/sudoers/regress/visudo/test2.sh:
4533: convert test2 to use testsudoers
4534: [b5ec3f0b69f1]
4535:
4536: * include/sudo_plugin.h, src/sudo_plugin_int.h:
4537: Move struct generic_plugin to sudo_plugin_int.h
4538: [6f7bc629329c]
4539:
4540: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
4541: plugins/sudoers/parse.c, plugins/sudoers/parse.h,
4542: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
4543: plugins/sudoers/sudoers.h:
4544: Allow sudoers file name, mode, uid and gid to be specified in the
4545: settings list. The sudo front end does not currently set these but
4546: may in the future.
4547: [22f38a0fda2a]
4548:
4549: 2011-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
4550:
4551: * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
4552: doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
4553: doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
4554: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
4555: doc/visudo.man.in:
4556: 1.8.0rc1
4557: [5d4588b9c057]
4558:
4559: * doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
4560: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
4561: src/parse_args.c, src/sudo.h:
4562: add help text to sudo, visudo and sudoreplay for the -h option
4563: [52e7378d8476]
4564:
4565: 2011-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
4566:
4567: * compat/snprintf.c:
4568: avoid using "howmany" for a parameter name since it is a select-
4569: related macro
4570: [a14d565401a1]
4571:
4572: * doc/sudoers.pod:
4573: mention group_plugin when describing nonunix_group
4574: [e0d1d0034b17]
4575:
4576: * doc/sudo_plugin.pod:
4577: Add missing period at end of sentence
4578: [6744d7e9056d]
4579:
4580: * Makefile.in, doc/Makefile.in, include/Makefile.in,
4581: plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
4582: plugins/sudoers/Makefile.in, src/Makefile.in:
4583: add localstatedir; closes bug 471
4584: [7aefcab85088]
4585:
4586: * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
4587: src/exec.c, src/exec_pty.c:
4588: The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
4589: Bug 470
4590: [927ed6740f32]
4591:
4592: * configure.in:
4593: add missing AH_TEMPLATE for ENV_RESET
4594: [16300010c986]
4595:
4596: * src/exec.c:
4597: SVR5 systems return non-zero for success on socketpair(), check for
4598: -1 instead. Closes Bug 469
4599: [4d276494bf8e]
4600:
4601: 2011-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
4602:
4603: * configure, configure.in:
4604: 1.8.0b5
4605: [d611cd5d73d3]
4606:
4607: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
4608: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
4609: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
4610: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
4611: regen
4612: [85e96eeaed82]
4613:
4614: * doc/sudo.pod:
4615: Document that a sudo.conf file with no Pligin lines uses the default
4616: sudoers plugins.
4617: [88bd52da977f]
4618:
4619: * src/load_plugins.c:
4620: If sudo.conf contains no Plugin lines, use the default sudoers
4621: policy and I/O plugins.
4622: [fd8f4cb811ab]
4623:
4624: 2011-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
4625:
4626: * plugins/sudoers/sudo_nss.c:
4627: Avoid printing empty "Runas and Command-specific defaults for user"
4628: line.
4629: [2dd330fe4f8b]
4630:
4631: * common/lbuf.c:
4632: Truncate the buffer at buf.len before printing in the non-wordwrap
4633: case.
4634: [901e9833f80d]
4635:
4636: * common/lbuf.c:
4637: Remove extra newline when the tty width is very small or unavailable
4638: [245c05506c0e]
4639:
4640: 2011-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
4641:
4642: * plugins/sudoers/alias.c:
4643: Remove unneeded variable.
4644: [2c086d30b796]
4645:
4646: 2011-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
4647:
4648: * configure, configure.in:
4649: Prefer getutxid over getutid
4650: [3f3322e9c93e]
4651:
4652: * plugins/sudoers/boottime.c:
4653: Include utmp.h / utmpx.h before missing.h as apparently including it
4654: afterwards causes a compilation problem on GNU Hurd.
4655: [a528029ae962]
4656:
4657: 2011-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
4658:
4659: * plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
4660: #include "foo.h", not <foo.h> for local includes.
4661: [f65ec693998e]
4662:
4663: * src/parse_args.c:
4664: remove bogus XXX
4665: [9136c17d53ce]
4666:
4667: * compat/mksiglist.c:
4668: Fix typo
4669: [1a3bb7b455c9]
4670:
4671: * compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
4672: plugins/sudoers/match.c:
4673: return foo not return(foo)
4674: [5c9e0647359a]
4675:
4676: 2011-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
4677:
4678: * src/exec.c:
4679: Remove duplicate FD_SET of signal_pipe[0]
4680: [3096527d2215]
4681:
4682: 2011-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
4683:
4684: * compat/mksiglist.c:
4685: Use "missing.h" not <missing.h> in generated code.
4686: [d8e09cffbe09]
4687:
4688: 2011-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
4689:
4690: * aclocal.m4, configure:
4691: fix --with-iologdir=no
4692: [a89699cb5f5f]
4693:
4694: * aclocal.m4, configure:
4695: fix typo that broke --with-iologdir
4696: [91b54eb22403]
4697:
4698: 2011-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
4699:
4700: * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
4701: doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
4702: doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
4703: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
4704: doc/visudo.man.in:
4705: Bump version to 1.8.0b4
4706: [e2b7f2cdc02e]
4707:
4708: * NEWS:
4709: sync
4710: [decf5a0a8a33]
4711:
4712: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4713: Attempt to clarify how users and groups interact in Runas_Specs
4714: [e6fb3a2dbd77]
4715:
4716: * plugins/sudoers/regress/visudo/test2.out,
4717: plugins/sudoers/regress/visudo/test2.sh:
4718: Add test for quoted group that contains escaped double quotes
4719: [44596c48c629]
4720:
4721: * src/exec.c, src/exec_pty.c:
4722: Pass SIGUSR1/SIGUSR2 through to the child.
4723: [c3108a827b01]
4724:
4725: * src/exec_pty.c, src/sudo_exec.h:
4726: Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
4727: SIGUSR2 to indicate whether the child should be continued in the
4728: foreground or background.
4729: [35ca47cc6785]
4730:
4731: * src/exec.c:
4732: Use pid_t not int and check the return value of kill()
4733: [36ae7d37d7f9]
4734:
4735: 2011-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
4736:
4737: * src/exec_pty.c:
4738: Remove obsolete comment
4739: [baebef4919f6]
4740:
4741: * src/exec.c:
4742: In non-pty mode before continuing the child, make it the foreground
4743: pgrp if possible. Fixes resuming a shell.
4744: [fef5b1d02ddb]
4745:
4746: * src/exec_pty.c:
4747: If we get a signal other than SIGCHLD in the monitor, pass it
4748: directly to the child.
4749: [b3ecb28163a0]
4750:
4751: * src/exec.c, src/exec_pty.c, src/sudo.h:
4752: Save signal state before changing handlers and restore before we
4753: execute the command.
4754: [faf7475dc4bf]
4755:
4756: 2011-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
4757:
4758: * plugins/sudoers/iolog.c:
4759: Use a char array to map a number to a base36 digit.
4760: [257576c51f8b]
4761:
4762: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
4763: Be clear about what versions of sudo support new LDAP attributes.
4764: Fix up some formatting of attribute names. Minor other tweaks.
4765: [39f65df71f65]
4766:
4767: 2011-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
4768:
4769: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
4770: match quoted strings the same way whether in a Defaults line or as a
4771: user/group/netgroup name. Fixes escaped double quotes in quoted
4772: user/group/netgroup names.
4773: [601d97ea8792]
4774:
4775: * plugins/sudoers/Makefile.in:
4776: 'make check' depends on visudo and testsudoers
4777: [127c5a24df8f]
4778:
4779: * plugins/sudoers/sudoers2ldif:
4780: Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
4781: [9029163a58c3]
4782:
4783: 2011-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
4784:
4785: * doc/UPGRADE:
4786: Mention LDAP attribute compatibility status.
4787: [2c3595aaec63]
4788:
4789: 2011-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
4790:
4791: * README.LDAP:
4792: Mention phpQLAdmin
4793: [9304c9064fbe]
4794:
4795: * INSTALL, NEWS, config.h.in, configure, configure.in,
4796: doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
4797: Add --disable-env-reset configure option.
4798: [8a753aa13a46]
4799:
4800: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4801: Document that sudoers_locale also affects logging and email.
4802: [998d6ac11277]
4803:
4804: * NEWS, config.h.in, configure, configure.in,
4805: plugins/sudoers/logging.c:
4806: Do logging and email sending in the locale specified by the
4807: "sudoers_locale" setting ("C" by default). Email send by sudo
4808: includes MIME headers when the sudoers locale is not "C".
4809: [cb7e55408400]
4810:
4811: 2011-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
4812:
4813: * plugins/sudoers/check.c:
4814: Fix indentation
4815: [65ae7e92b9e4]
4816:
4817: 2011-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
4818:
4819: * NEWS, src/parse_args.c, src/sudo.c:
4820: Perform command escaping for "sudo -s" and "sudo -i" after
4821: validating sudoers so the sudoers entries don't need to have all the
4822: backslashes.
4823: [4e168c103f4b]
4824:
4825: 2011-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
4826:
4827: * plugins/sudoers/logging.c:
4828: Prepend "list " to the command logged when "sudo -l command" is used
4829: to make it clear that the command was listed, not run.
4830: [f392a6056cd6]
4831:
4832: * plugins/sudoers/parse.c:
4833: cosmetic change
4834: [7c0951dbc2dd]
4835:
4836: * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
4837: common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
4838: compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
4839: compat/nanosleep.c, compat/regress/glob/globtest.c,
4840: compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
4841: compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
4842: plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
4843: plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
4844: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
4845: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
4846: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
4847: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
4848: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
4849: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
4850: plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
4851: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
4852: plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
4853: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
4854: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
4855: plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
4856: plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
4857: plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
4858: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
4859: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4860: plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
4861: plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
4862: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
4863: src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
4864: src/sudo_noexec.c, src/tgetpass.c:
4865: standardize on "return foo;" rather than "return(foo);" or "return
4866: (foo);"
4867: [32d76c5aaf8c]
4868:
4869: * plugins/sudoers/sudoers.c:
4870: Do not reject sudoers file just because it is root-writable.
4871: [0febc579185b]
4872:
4873: 2011-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
4874:
4875: * NEWS:
4876: sync
4877: [1ab03f8278ff]
4878:
4879: * plugins/sudoers/sudo_nss.c:
4880: For "sudo -U user -l" if user is not authorized on the host, say so.
4881: [289afe6dd15c]
4882:
4883: * plugins/sudoers/ldap.c:
4884: In sudo_ldap_lookup(), always do the initial sudoers check as the
4885: invoking user. If we are listing another user's privs we will do a
4886: separate lookup using list_pw later.
4887: [e52bc15de76d]
4888:
4889: 2011-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
4890:
4891: * MANIFEST:
4892: add parser fill tests
4893: [4f65140d3515]
4894:
4895: * compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
4896: Don't test features not supported by the bundled glob()
4897: [8ec7ace11949]
4898:
4899: * Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
4900: compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
4901: doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
4902: doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
4903: doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
4904: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
4905: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
4906: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
4907: plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
4908: plugins/sudoers/ldap.c, plugins/sudoers/match.c,
4909: plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
4910: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
4911: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
4912: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
4913: plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
4914: Update copyright year to 2011
4915: [ac1b45cb1809]
4916:
4917: * plugins/sudoers/sudo_nss.c:
4918: When listing, use separate lbufs for the defaults and the privileges
4919: and only print something if the number of privileges is non-zero.
4920: Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
4921: [d0854d39f8ef]
4922:
4923: * plugins/sudoers/ldap.c:
4924: Stash pointer to user group vector in LDAP handle and only reuse the
4925: query if it has not changed. We always allocate a new buffer when
4926: we reset the group vector so a simple pointer check is sufficient.
4927: [88861d4eba69]
4928:
4929: * plugins/sudoers/sudo_nss.c:
4930: Check initgroups() return value.
4931: [3bdaf58408a7]
4932:
4933: * plugins/sudoers/Makefile.in,
4934: plugins/sudoers/regress/parser/check_fill.c:
4935: Add tests for the fill functions in toke_util.c
4936: [bca587ab4956]
4937:
4938: 2011-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
4939:
4940: * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
4941: fix copyright year
4942: [e2038cdaf055]
4943:
4944: * NEWS:
4945: sync
4946: [56ca5d5eaebe]
4947:
4948: 2011-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
4949:
4950: * common/term.c:
4951: Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
4952: [b91f266624ec]
4953:
4954: 2011-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
4955:
4956: * mkpkg, sudo.pp:
4957: Add Requires line for audit-libs >= 1.4 for RHEL5+
4958: [6c02f976171b]
4959:
4960: * pp:
4961: sync with git version
4962: [d301c32d5865]
4963:
4964: 2011-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
4965:
4966: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
4967: fix typo
4968: [39353f92976f]
4969:
4970: 2011-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
4971:
4972: * NEWS:
4973: Update for sudo 1.7.4p5
4974: [b444da76901f]
4975:
4976: * doc/schema.OpenLDAP, doc/schema.iPlanet:
4977: Add sudoNotBefore and sudoNotAfter attributes as optional attributes
4978: to the sudoRole object class. From Andreas Mueller
4979: [dacfad7e7a95]
4980:
4981: 2011-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
4982:
4983: * NEWS:
4984: Mention "sudo -g group" password check fix.
4985: [1eb8fb14e53b]
4986:
4987: * plugins/sudoers/sudoers.c:
4988: Fix "sudo -g" support in the sudoers module.
4989: [07d1b0ce530e]
4990:
4991: * plugins/sudoers/check.c:
4992: If the user is running sudo as himself but as a different group we
4993: need to prompt for a password.
4994: [caf1fcc9a117]
4995:
4996: 2011-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
4997:
4998: * NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
4999: doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
5000: plugins/sudoers/ldap.c:
5001: Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
5002: LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
5003: derived LDAP SDKs but we can pass the timeout parameter to
5004: ldap_search_ext_s() or ldap_search_st() when possible.
5005: [5537049991f7]
5006:
5007: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
5008: regen
5009: [5b361c3c4324]
5010:
5011: * NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
5012: Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
5013: with OpenLDAP ldap.conf files.
5014: [e97843bd16fb]
5015:
5016: * plugins/sudoers/pwutil.c:
5017: If user has no supplementary groups, fall back on checking the group
5018: file expliticly.
5019: [5223ad4eb690]
5020:
5021: 2011-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
5022:
5023: * plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
5024: constify
5025: [6e132a4cca61]
5026:
5027: * plugins/sudoers/toke.c, plugins/sudoers/toke.h,
5028: plugins/sudoers/toke.l:
5029: Move fill macro to toke.h
5030: [623d430798cf]
5031:
5032: * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
5033: plugins/sudoers/toke.h, plugins/sudoers/toke.l,
5034: plugins/sudoers/toke_util.c:
5035: Split tokenizer utility functions out into toke_util.c
5036: [89a97bd51618]
5037:
5038: * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
5039: plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5040: ANSIfy
5041: [ca0eba1dfaa9]
5042:
5043: 2011-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
5044:
5045: * MANIFEST:
5046: sync
5047: [a43f94064bb3]
5048:
5049: * plugins/sudoers/Makefile.in:
5050: Add visudo tests to check target
5051: [8c82fb4ed40f]
5052:
5053: * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
5054: compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
5055: compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
5056: Add my regress tests for fnmatch() and glob() from OpenBSD.
5057: [6e8c1f211723]
5058:
5059: * plugins/sudoers/regress/testsudoers/test1.sh,
5060: plugins/sudoers/regress/visudo/test1.ok,
5061: plugins/sudoers/regress/visudo/test1.sh:
5062: Add regress test for command tags using visudo -c
5063: [18b0ef207c0f]
5064:
5065: * plugins/sudoers/Makefile.in,
5066: plugins/sudoers/regress/testsudoers/test1.ok,
5067: plugins/sudoers/regress/testsudoers/test1.sh:
5068: Add support for regress tests using testsudoers
5069: [1fa94bd2671b]
5070:
5071: * plugins/sudoers/testsudoers.c:
5072: Need to set user_name explicitly due to internal changes made when
5073: converting sudoers to a plugin.
5074: [1fa54e86a364]
5075:
5076: 2011-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
5077:
5078: * MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
5079: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
5080: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
5081: plugins/sudoers/regress/iolog_path/check_iolog_path.c,
5082: plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
5083: zlib/Makefile.in:
5084: Add regression tests for iolog_path()
5085: [afa4b416e559]
5086:
5087: * Makefile.in, common/Makefile.in, compat/Makefile.in,
5088: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
5089: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
5090: src/Makefile.in, zlib/Makefile.in:
5091: Add support for "make Makefile" to regenerate Makefile from
5092: Makefile.in
5093: [98bd2dda3294]
5094:
5095: * plugins/sudoers/iolog_path.c:
5096: Quiest a bogus compiler warning.
5097: [5ff932a7ad67]
5098:
5099: 2011-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
5100:
5101: * plugins/sudoers/iolog_path.c:
5102: Protect call to setlocale() with HAVE_SETLOCALE
5103: [2c29ee3ccc81]
5104:
5105: 2011-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
5106:
5107: * MANIFEST:
5108: mkstemps.c was renamed mktemp.c
5109: [ae299c3b1827]
5110:
5111: * NEWS:
5112: Update from 1.7 branch
5113: [20817d79717b]
5114:
5115: * Makefile.in:
5116: Use "mv -f" when regenerating ChangeLog
5117: [c163635206c6]
5118:
5119: * plugins/sudoers/match.c:
5120: Fix NULL dereference with "sudo -g group" when the sudoers rule has
5121: no runas user or group listed. Fixes RedHat bug Bug 667103.
5122: [41a6a1243d9e]
5123:
5124: 2011-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
5125:
5126: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5127: Correct the default sudo.conf example
5128: [4e791698cad1]
5129:
5130: 2010-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
5131:
5132: * plugins/sudoers/iolog_path.c:
5133: Reset slashp if we allocate a new buffer for strftime()
5134: [e491daa4203b]
5135:
5136: * plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
5137: plugins/sudoers/sudoers.h:
5138: Add extra out parameter to expand_iolog_path() to allow the caller
5139: to split the path into dir and file components if needed.
5140: [88346bc5ae39]
5141:
5142: 2010-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
5143:
5144: * plugins/sudoers/iolog.c:
5145: mkdir_iopath() returns size_t now that it uses strlcpy() and not
5146: snprintf()
5147: [3c4c64d265eb]
5148:
5149: * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
5150: Trim leading slashes from iolog_file and trailing slashes from
5151: iolog_dir
5152: [a803b51f8948]
5153:
5154: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
5155: plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
5156: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5157: Pass a single I/O log file name in command_details instead of
5158: separate dir + file parameters.
5159: [d672a3e46e80]
5160:
5161: * plugins/sudoers/sudoreplay.c:
5162: change an error() to errorx()
5163: [8013dcfdd69d]
5164:
5165: * plugins/sudoers/iolog.c:
5166: Add missing cwd line to I/O log info file that got dropped when
5167: iolog_deserialize_info() was added
5168: [7cf84f208423]
5169:
5170: 2010-12-29 Todd C. Miller <Todd.Miller@courtesan.com>
5171:
5172: * plugins/sudoers/iolog.c:
5173: Avoid relying on globals filled in by the sudoers policy module for
5174: the sudoers I/O log module. The I/O log open function now pulls the
5175: bits it needs out of user_info and command_info.
5176: [c02f6951b0cc]
5177:
5178: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
5179: plugins/sudoers/sudoers.h:
5180: If no iolog file is specified by the policy plugin, use io_nextid()
5181: to determine the next file in the sequence.
5182: [faa1130b1020]
5183:
5184: 2010-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
5185:
5186: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
5187: Document iolog_compress in command_info
5188: [58895c7d12f5]
5189:
5190: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
5191: Add support for the iolog_compress variable in command_info.
5192: [36f13a2fd1c1]
5193:
5194: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
5195: Add sigsetjmp() calls to all plugin entry points just to be safe.
5196: [3fa482355bc4]
5197:
5198: * src/sudo.c, src/sudo.h:
5199: Don't need iolog variables in struct command_details, they are for
5200: the I/O log plugins to handle.
5201: [5111579ffd9d]
5202:
5203: 2010-12-27 Todd C. Miller <Todd.Miller@courtesan.com>
5204:
5205: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
5206: Document use of mkdtemp() for iolog path teplates
5207: [5db6101408a9]
5208:
5209: * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
5210: doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
5211: doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
5212: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
5213: regen
5214: [1ee11fd6d4eb]
5215:
5216: * doc/sudo_plugin.pod, doc/sudoers.pod:
5217: Document iolog_file and supported escape sequences for sudoers.
5218: Clarify that iolog_file can contain directories.
5219: [da611dedcbdb]
5220:
5221: * compat/Makefile.in, configure, configure.in:
5222: Fix building of mkstemps/mkdtemp replacements.
5223: [793a5e303122]
5224:
5225: * compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
5226: configure.in, include/missing.h:
5227: Provide mkdtemp() for systems without it.
5228: [b0527dfa965c]
5229:
5230: * plugins/sudoers/iolog_path.c:
5231: Fix typo
5232: [277f6c514cba]
5233:
5234: * plugins/sudoers/iolog.c:
5235: Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
5236: glibc mkdtemp() returns EINVAL.
5237: [2e7323b05579]
5238:
5239: * plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
5240: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
5241: plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
5242: plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
5243: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
5244: Allow sudoers to specify the iolog file in addition to the iolog
5245: dir. Add escape sequence support to iolog file and dir: sequence
5246: number, user, group, runas_user, runas_group, hostname and
5247: command in addition to any escape sequence recognized by
5248: strftime(3).
5249: [75cd32ee0435]
5250:
5251: * plugins/sudoers/iolog.c:
5252: Add missing sigsetjmp() call in I/O plugin open function. Fixes a
5253: crash when the I/O plugin calls error(), errorx() or log_error().
5254: [1a6718bd817d]
5255:
5256: 2010-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
5257:
5258: * doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
5259: plugins/sudoers/sudoers.c:
5260: Give the policy module fine-grained control over what the I/O plugin
5261: logs.
5262: [d29784fd2a66]
5263:
5264: * common/term.c:
5265: Clear OPOST from c_oflag like we used to. Fixes screen-based
5266: editors such as vi.
5267: [506ad5ae9b4e]
5268:
5269: * doc/sudoers.pod:
5270: Clarify umask option description. From Reuben Thomas.
5271: [1294ac84222b]
5272:
5273: 2010-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
5274:
5275: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
5276: Pick last match in LDAP sudoers too
5277: [fbfd8e85703b]
5278:
5279: * doc/sudo_plugin.pod:
5280: Document iolog_file, iolog_dir and use_pty
5281: [26120a59c20e]
5282:
5283: * plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
5284: plugins/sudoers/sudoers.c:
5285: Adapt plugins to version I/O logging ABI 1.1
5286: [880dd64bc1e8]
5287:
5288: * src/exec.c, src/sudo.h:
5289: Add use_pty command_info flag for policies to indicate that a pty
5290: should be allocated even if no I/O logging is performed.
5291: [e7b167f8a6e5]
5292:
5293: * src/sudo.c:
5294: Add remaining plugin convenience functions
5295: [ffeaf96da031]
5296:
5297: * include/sudo_plugin.h, src/sudo.c, src/sudo.h,
5298: src/sudo_plugin_int.h:
5299: Change I/O log API to pass in command info to the I/O log open
5300: function. Add iolog_file and iolog_dir parameters to command info.
5301: This allows the policy plugin to specify the I/O log pathname. Add
5302: convenience functions for calling plugin functions that handle ABI
5303: backwards compatibility.
5304: [9b81dce76ce5]
5305:
5306: * compat/dlopen.c:
5307: Remove useless cast
5308: [7cecce969739]
5309:
5310: 2010-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
5311:
5312: * configure, configure.in:
5313: Bump version to 1.8.0b3
5314: [1dc9f040aae0]
5315:
5316: 2010-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
5317:
5318: * configure.in:
5319: Remove extraneous newline
5320: [71c94551eea5]
5321:
5322: 2010-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
5323:
5324: * doc/sudoers.pod, plugins/sudoers/def_data.c,
5325: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
5326: plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
5327: Make I/O log dir configurable.
5328: [99b576667a38]
5329:
5330: * aclocal.m4, configure, configure.in, doc/sudoers.pod:
5331: Rename io_logdir to iolog_dir
5332: [0731662acc8d]
5333:
5334: 2010-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
5335:
5336: * pp:
5337: Add missing '*' that prevented the generic ELF case from matching.
5338: [be77ca26bfb2]
5339:
5340: * pp:
5341: If file(1) can't identify the ELF binary type, try readelf(1).
5342: [38a18d32a9e3]
5343:
5344: 2010-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
5345:
5346: * plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
5347: plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
5348: plugins/sudoers/sudoers.c, src/sudo.c:
5349: Use %u to print uid/gid, not %lu and adjust casts to match.
5350: [03c43b8749cf]
5351:
5352: * doc/sudoers.ldap.pod:
5353: Clarify ordering of entries and attributes.
5354: [924e2a6bb603]
5355:
5356: * doc/sudoers.ldap.pod:
5357: Fix typo and editing goof.
5358: [79dc7ccd85a8]
5359:
5360: * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
5361: doc/sudoers.ldap.pod:
5362: Merge in ordered LDAP entry support from Andreas Mueller.
5363: [ea5885989bad]
5364:
5365: * plugins/sudoers/ldap.c:
5366: Make sure we don't dereference a NULL handle.
5367: [1a9f9ee15371]
5368:
5369: 2010-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
5370:
5371: * pp:
5372: Add support for RHEL 6 file modes that include a trailing dot on
5373: files with an SELinux security context
5374: [dc09be959547]
5375:
5376: 2010-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
5377:
5378: * src/sudo.c:
5379: exec_setup() does not need to setuid(0), the Ubuntu issue was in the
5380: sudoers module.
5381: [d6dd99fc6062]
5382:
5383: * plugins/sudoers/sudoers.c:
5384: create_admin_success_flag() should use restore_perms() rather than
5385: set_perms() to restore the uid.
5386: [eba7a91c1f57]
5387:
5388: * src/sudo.c:
5389: In exec_setup() call setuid(0) to make certain the subsequent uid
5390: and gid changes will succeed. Fixes a problem on Ubuntu.
5391: [c5d32abf0645]
5392:
5393: * src/sudo_edit.c:
5394: Error out if we cannot change to root's uid so we catch the failure
5395: early.
5396: [7a2e7f8f2c80]
5397:
5398: 2010-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
5399:
5400: * doc/sudoers.pod:
5401: fix typo; from Michael T Hunter
5402: [a574a9d0db5b]
5403:
5404: * plugins/sudoers/match.c:
5405: In sudoedit mode, assume command line arguments are paths and pass
5406: FNM_PATHNAME to fnmatch().
5407: [ce0abff8ce9f]
5408:
5409: 2010-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
5410:
5411: * configure, configure.in:
5412: Add workaround for an error in sys/types.h on HP-UX 11.23 when large
5413: file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
5414: broken bits of the header file.
5415: [e337217f097a]
5416:
5417: * aclocal.m4:
5418: Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
5419: [fbbcee28961f]
5420:
5421: * sudo.pp:
5422: For Tru64, strip off beta version.
5423: [eeccd762df5e]
5424:
5425: * MANIFEST, plugins/sudoers/testsudoers.c,
5426: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
5427: Avoid conflicts with system definitions in grp.h and pwd.h
5428: [b219ffe1da09]
5429:
5430: * zlib/gzguts.h:
5431: Include stdio.h after zlib.h, not before. We need the large file
5432: defines to come first.
5433: [21d6df39790f]
5434:
5435: 2010-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
5436:
5437: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
5438: regen
5439: [3ff8750d0aac]
5440:
5441: * Makefile.in:
5442: Don't clean ChangeLog
5443: [ab0d30d289d4]
5444:
5445: * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
5446: Add prototype for cleanup()
5447: [75626fd3769a]
5448:
5449: 2010-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
5450:
5451: * plugins/sudoers/group_plugin.c:
5452: Avoid deferencing group_plugin if it is NULL in
5453: group_plugin_query(). This should not happen.
5454: [4f2933c8da7e]
5455:
5456: * plugins/sudoers/group_plugin.c:
5457: group plugin init function return TRUE when successful
5458: [198024477030]
5459:
5460: 2010-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
5461:
5462: * plugins/sudoers/ldap.c:
5463: Enlarge the array of entry wrappers int blocks of 100 entries to
5464: save on allocation time. From Andreas Mueller
5465: [375c916bb03b]
5466:
5467: * plugins/sudoers/ldap.c:
5468: Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
5469: that was mistakenly dropped.
5470: [1555f5bc132d]
5471:
5472: 2010-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
5473:
5474: * doc/TROUBLESHOOTING:
5475: Mention that sudo needs "ar" to build.
5476: [65582ace2d09]
5477:
5478: * configure, configure.in:
5479: Fail with a more useful error if "ar" is not found.
5480: [d1cb83719c17]
5481:
5482: 2010-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
5483:
5484: * plugins/sudoers/ldap.c:
5485: Merge in ordered LDAP entry support from Andreas Mueller and add
5486: local changes from the 1.7 branch.
5487: [bca29e461618]
5488:
5489: 2010-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
5490:
5491: * doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
5492: doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
5493: Add timed entry support from Andreas Mueller.
5494: [e18d1df46a8d]
5495:
5496: * plugins/sudoers/group_plugin.c:
5497: Don't try to unload if group_plugin is NULL. Don't call dlclose() if
5498: group_handle is NULL
5499: [de2273da37d5]
5500:
5501: * plugins/sudoers/sudoers.h:
5502: It is now plugin_cleanup(), not cleanup()
5503: [da62a4e1a78c]
5504:
5505: * plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
5506: Call plugin_cleanup(), not cleanup()
5507: [e800ad8b33ad]
5508:
5509: 2010-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
5510:
5511: * plugins/sudoers/ldap.c:
5512: Use efree() not free() and remove malloc.h include since we never
5513: directly call malloc() or free().
5514: [107fffd134bb]
5515:
5516: 2010-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
5517:
5518: * sudo.pp:
5519: set PSTAMP for Solaris and move the backend-specific bits to their
5520: own %if [xxx] %endif blocks in %set.
5521: [a94ebe8920c1]
5522:
5523: * pp:
5524: sync with git repo
5525: [75ff509696b4]
5526:
5527: * configure, configure.in:
5528: Only substitute file zlib files when using the builtin zlib
5529: [6c8145b2deb4]
5530:
5531: * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
5532: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
5533: src/Makefile.in, zlib/Makefile.in:
5534: Give up on using VPATH to find sources as it is implemented
5535: inconsistenly in different versions of make.
5536: [60517c69aaee]
5537:
5538: * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
5539: plugins/sudoers/gram.c, plugins/sudoers/toke.c:
5540: Include config.h before any other includes to make sure we get the
5541: right value for _FILE_OFFSET_BITS.
5542: [8fb007ca832e]
5543:
5544: * MANIFEST:
5545: Add zlib
5546: [04a3e23dfaa9]
5547:
5548: * zlib/Makefile.in:
5549: Add missing targets
5550: [40e45a177168]
5551:
5552: * src/Makefile.in:
5553: g/c unused $(GENERATED)
5554: [c8758068c1bc]
5555:
5556: 2010-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
5557:
5558: * plugins/sudoers/group_plugin.c:
5559: Zero out group_plugin on unload just to be safe.
5560: [0b10f4d101ca]
5561:
5562: * plugins/sudoers/group_plugin.c:
5563: Unload group plugin if its init function fails.
5564: [6552cdac4b7c]
5565:
5566: * src/sudo.c:
5567: Only chdir to cwd if it is different from the current cwd or there
5568: is a new root (chroot).
5569: [b8203e875e84]
5570:
5571: * configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
5572: doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
5573: doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
5574: Bump version to 1.8.0b2
5575: [6dadeb75a878]
5576:
5577: 2010-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
5578:
5579: * INSTALL:
5580: Better --enable-zlib description
5581: [e0da54fa59a6]
5582:
5583: * mkpkg:
5584: Use system zlib on Linux Let configure decide on Solaris For all
5585: others, use builtin zlib
5586: [3d52eddb523c]
5587:
5588: * zlib/zconf.h.in:
5589: Add large file support.
5590: [bec01215270d]
5591:
5592: * config.h.in:
5593: Add large file support.
5594: [244e95b034ec]
5595:
5596: * Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
5597: zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
5598: zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
5599: zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
5600: zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
5601: zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
5602: zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
5603: zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
5604: Add local copy of zlib for systems that lack it.
5605: [7542ca465c5a]
5606:
5607: 2010-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
5608:
5609: * src/exec.c:
5610: If perform_io() fails, kill the child before exiting so it doesn't
5611: complain about connection reset. We can get an I/O error if, for
5612: example, and we get EIO reading from stdin.
5613: [e59a05fa729f]
5614:
5615: 2010-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
5616:
5617: * plugins/sudoers/sudoers.c, src/sudo.c:
5618: Fix complilation on systems with set_auth_parameters() Sprinkle
5619: volatile to quiet warnings from gcc 2.8.0
5620: [a34c2b924ba7]
5621:
5622: * compat/dlfcn.h, compat/dlopen.c:
5623: Avoid potential namespace issues with dlopen() emulation.
5624: [aedfababd6ca]
5625:
5626: * MANIFEST:
5627: sync
5628: [6afb97e6d308]
5629:
5630: * plugins/sudoers/interfaces.c:
5631: Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
5632: exist).
5633: [ddfca5af1a36]
5634:
5635: * Makefile.in:
5636: Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
5637: [e9d04bfa4505]
5638:
5639: * configure, configure.in:
5640: HP-UX 10.20 libc has an incompatible getline
5641: [2e7bc202e78d]
5642:
5643: * plugins/sudoers/visudo.c:
5644: Quiet an HP-UX compiler warning.
5645: [55b9d587ac8c]
5646:
5647: * configure, configure.in:
5648: Check for vi even with --with-editor specified; the sample plugin
5649: needs it.
5650: [94dfc3643f76]
5651:
5652: 2010-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
5653:
5654: * compat/dlopen.c:
5655: Fix remaining syntax errors.
5656: [9d729b5b577e]
5657:
5658: * src/Makefile.in:
5659: sudo binary depends on the libtool-generated libs
5660: [9e6148406adb]
5661:
5662: * plugins/sudoers/group_plugin.c, src/load_plugins.c:
5663: Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
5664: include the local or system dlfcn.h
5665: [68cfe4c1089b]
5666:
5667: * pp:
5668: Don't use run_as_superuser=false on HP-UX
5669: [532242370b09]
5670:
5671: * src/net_ifs.c:
5672: Use memset() instead of zero_bytes() since we don't include
5673: sudoers.h
5674: [a187c18c2472]
5675:
5676: * plugins/sudoers/interfaces.c:
5677: Fix pasto; AF_INET not AF_INET6
5678: [2d2e9d7dc6f9]
5679:
5680: * compat/dlopen.c:
5681: Actually call shl_load()
5682: [ed8153b8a3cd]
5683:
5684: * pp:
5685: Update from git repo. Debian: version numbers now compliant with
5686: policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
5687: 10.20
5688: [ecf2692bceeb]
5689:
5690: * configure, configure.in:
5691: Fix dlopen() detection for systems where dlopen() is in a separate
5692: library.
5693: [fa6b175582b6]
5694:
5695: * plugins/sudoers/auth/pam.c:
5696: If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
5697: useful message and return AUTH_FATAL so sudo does not keep trying to
5698: validate the user.
5699: [1be8857e5291]
5700:
5701: * src/preload.c:
5702: sudo_preload_table is an array
5703: [b7704e72a9da]
5704:
5705: * compat/dlopen.c:
5706: Quiet a compiler warning and fix sudo_preload_table external
5707: definition.
5708: [8234987664cc]
5709:
5710: * compat/dlfcn.h:
5711: Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
5712: [8bab6a4053cc]
5713:
5714: * plugins/sudoers/group_plugin.c:
5715: Make this compile correctly when no dlopen is available.
5716: [57643879bd2b]
5717:
5718: 2010-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
5719:
5720: * plugins/sudoers/check.c:
5721: Having a timestamp file defined is no longer indicative of tty
5722: tickets being enabled. Check def_tty_tickets directly.
5723: [efcc11ad157f]
5724:
5725: * src/exec_pty.c, src/sudo.h, src/ttysize.c:
5726: Fix TCGETWINSZ compat.
5727: [da3a8b17cf7a]
5728:
5729: 2010-10-02 Todd C. Miller <Todd.Miller@courtesan.com>
5730:
5731: * src/exec_pty.c, src/ttysize.c:
5732: Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
5733: [926492dd10a6]
5734:
5735: 2010-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
5736:
5737: * plugins/sudoers/sudoers.c, src/sudo.c:
5738: Move set_project() from sudoers module into sudo proper.
5739: [beabafac03b4]
5740:
5741: * configure, configure.in:
5742: Fix typo and regenerate
5743: [4a3caf4234f3]
5744:
5745: * plugins/sudoers/ldap.c:
5746: When iterating over returned LDAP entries, keep looking at remaining
5747: matches even if we have a positive match. This catches negative
5748: matches that may exist in other entries and more closely match the
5749: sudoers file behavior.
5750: [f47db6e609b0]
5751:
5752: * pp:
5753: Add support for multiple package instances on Solaris.
5754: [7f2a8b942545]
5755:
5756: * src/exec.c:
5757: Add missing signal_pipe[0] to fdsr for the non-pty case.
5758: [79d01e11b19c]
5759:
5760: * mkpkg:
5761: Add --with-project for Solaris
5762: [ffa4c2bb93f7]
5763:
5764: * README:
5765: Need ar and ranlib too
5766: [5c2f679172ef]
5767:
5768: 2010-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
5769:
5770: * plugins/sudoers/env.c:
5771: Preserve ODMDIR environment variable by default on AIX.
5772: [bd47cb1e804f]
5773:
5774: 2010-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
5775:
5776: * Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
5777: config.h.in, configure, configure.in, plugins/sample/Makefile.in,
5778: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
5779: plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
5780: plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
5781: src/preload.c:
5782: Add dlopen() emulation for systems without it. For HP-UX 10, emulate
5783: using shl_load(). For others, link sudoers plugin statically and use
5784: a lookup table to emulate dlsym().
5785: [e92edfb3c642]
5786:
5787: 2010-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
5788:
5789: * compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
5790: compat/nanosleep.c, compat/utimes.c:
5791: When including compat headers, use the compat dir as part of the
5792: path so we are sure to get the correct header.
5793: [6c2a45da6af5]
5794:
5795: 2010-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
5796:
5797: * plugins/sudoers/linux_audit.c:
5798: Ignore ECONNREFUSED from audit_log_user_command() which will occur
5799: if auditd is not running.
5800: [d314fe4c8d03]
5801:
5802: 2010-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
5803:
5804: * pp:
5805: Sync with git version
5806: [1c0357744222]
5807:
5808: 2010-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
5809:
5810: * common/fileops.c, plugins/sudoers/defaults.c:
5811: Cast isblank argument to unsigned char.
5812: [c822dbb3ca54]
5813:
5814: 2010-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
5815:
5816: * INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
5817: doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
5818: Implement --with-umask-override configure flag.
5819: [863e3047df22]
5820:
5821: * plugins/sudoers/env.c:
5822: Take MODE_LOGIN_SHELL into account when initially setting reset_home
5823: instead of special-casing it later.
5824: [5d6b16480fd6]
5825:
5826: * plugins/sudoers/sudoers.c:
5827: In login mode, make a copy of the runas user's pw_shell for
5828: NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
5829: freed before exec.
5830: [1d1ccb568dfa]
5831:
5832: * plugins/sudoers/env.c:
5833: Reset HOME for "sudo -i" even if HOME was listed in env_keep.
5834: [c1c1c65a2d63]
5835:
5836: * src/sudo.c:
5837: Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
5838: [7443454e5f88]
5839:
5840: * src/sudo.c:
5841: Reset signal mask at sudo startup time; we need to be able to rely
5842: on normal signal delivery to control the child process.
5843: [95800163ff94]
5844:
5845: 2010-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
5846:
5847: * install-sh:
5848: Use sed instead of expr to split a flag from its argument. Fixes a
5849: problem with expr interpreting its arguments as a flag when they
5850: start with a dash.
5851: [736065e14301]
5852:
5853: * common/lbuf.c:
5854: Do not need sys/time.h after all
5855: [91f6f668ccda]
5856:
5857: * common/lbuf.c:
5858: Include sys/time.h for utimes() and struct timeval. No longer need
5859: ioctl.h or termios.h
5860: [2d75273d3213]
5861:
5862: * compat/snprintf.c:
5863: Quiet bogus compiler warnings.
5864: [fe252e1968f5]
5865:
5866: * include/missing.h:
5867: Declare innetgr() for HP-UX which is missing a declaration. Declare
5868: domainname() for HP-UX and Solaris which are missing a declaration.
5869: [b37c50751138]
5870:
5871: * plugins/sudoers/bsm_audit.c:
5872: Use __sun for consistency with the rest of the sources.
5873: [6b086b61ccb6]
5874:
5875: * plugins/sudoers/group_plugin.c:
5876: Quiet a bogus compiler warning.
5877: [ebc069842c4a]
5878:
5879: * plugins/sudoers/pwutil.c:
5880: Don't try to delref a NULL group.
5881: [f6ff0838be21]
5882:
5883: * common/alloc.c, common/lbuf.c:
5884: Include memory.h on systems that need it.
5885: [4e676da81c6f]
5886:
5887: 2010-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
5888:
5889: * src/exec.c:
5890: Quiet gcc warnings on glibc systems that use warn_unused_result for
5891: write(2).
5892: [0532da0b7cf7]
5893:
5894: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
5895: sudo_plugin is in section 8; from Ted Percival
5896: [b4506a0de87e]
5897:
5898: * plugins/sudoers/Makefile.in:
5899: testsudoers depends on libsudoers.la, not sudoreplay
5900: [cdb1cc3bf06a]
5901:
5902: 2010-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
5903:
5904: * src/exec.c:
5905: Read as many signals on the signal pipe as we can before returning.
5906: [b181671da047]
5907:
5908: * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
5909: Instead of using a array to store received signals, open a pipe and
5910: have the signal handler write the signal number to one end and
5911: select() on the other end. This makes it possible to handle signals
5912: similar to I/O without race conditions.
5913: [ee84d65c16b6]
5914:
5915: 2010-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
5916:
5917: * doc/visudo.pod, plugins/sudoers/visudo.c:
5918: Make "visudo -c -f -" check the standard input.
5919: [195a3d2a9a26]
5920:
5921: * doc/sudoers.pod:
5922: set_home and always_set_home have an effect if HOME is present in
5923: the env_keep list.
5924: [159d0b9dc5c8]
5925:
5926: * plugins/sudoers/env.c:
5927: Make -H flag work when HOME is listed in env_keep. Also makes
5928: "set_home" and "always_set_home" override override HOME in env_keep.
5929: [a3e5b966193f]
5930:
5931: 2010-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
5932:
5933: * plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
5934: plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
5935: plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
5936: plugins/sudoers/visudo.c, src/net_ifs.c:
5937: Convert sudoers plugin to use interface list passed in settings.
5938: [87d9b5f4f586]
5939:
5940: * doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
5941: src/parse_args.c, src/sudo.h:
5942: Query local network interfaces in the main sudo driver and pass to
5943: the plugin as "network_addrs" in the settings list.
5944: [7f35bcfe77a7]
5945:
5946: * plugins/sudoers/bsm_audit.c:
5947: Solaris BSM audit return EINVAL when auditing is not enabled,
5948: whereas OpenBSM returns ENOSYS.
5949: [411b980ec58b]
5950:
5951: 2010-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
5952:
5953: * compat/fnmatch.c:
5954: missing.h should come before most local includes
5955: [53921a7b8b5b]
5956:
5957: * plugins/sudoers/sudoreplay.c:
5958: missing.h should come before most local includes
5959: [e9abb0db1aac]
5960:
5961: * plugins/sudoers/sudoers.h:
5962: Make local includes consistent; use double quotes for local includes
5963: except for generated ones where we use angle brackets.
5964: [09de4faa9547]
5965:
5966: * plugins/sudoers/sudoers.c:
5967: Always fill in NewArgv for audit code.
5968: [7c3aca60519f]
5969:
5970: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
5971: Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
5972: [007cf6560f92]
5973:
5974: * common/alloc.c, common/atobool.c, common/fileops.c,
5975: common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
5976: common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
5977: compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
5978: compat/getprogname.c, compat/glob.c, compat/isblank.c,
5979: compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
5980: compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
5981: compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
5982: compat/unsetenv.c, compat/utimes.c, include/compat.h,
5983: plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
5984: plugins/sample_group/plugin_test.c,
5985: plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
5986: plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
5987: plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
5988: plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
5989: plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
5990: plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
5991: src/sudo_noexec.c, src/ttysize.c:
5992: Make local includes consistent; use double quotes for local includes
5993: except for generated ones where we use angle brackets. Also g/c
5994: unused compat.h.
5995: [e57070dc8f04]
5996:
5997: 2010-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
5998:
5999: * plugins/sudoers/match.c:
6000: When matching the runas user and runas group (-u and -g command line
6001: options), keep track of runas group and runas user matches
6002: separately. Only return a positive match if we have a match for
6003: both runas user and runas group (if specified).
6004: [815219e04cc8]
6005:
6006: 2010-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
6007:
6008: * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
6009: Add support for multiple URI lines by joining the contents and
6010: passing the result to ldap_initialize.
6011: [a47cae3b72e8]
6012:
6013: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
6014: Do not return -1 on error from the display functions; the caller
6015: expects a return value >= 0.
6016: [101456a7dd00]
6017:
6018: * plugins/sudoers/sudoers.c:
6019: Do not set both MODE_EDIT and MODE_RUN
6020: [8faa36694d54]
6021:
6022: 2010-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
6023:
6024: * include/missing.h:
6025: Move includes to the top of the file.
6026: [a51436798e8c]
6027:
6028: 2010-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
6029:
6030: * plugins/sudoers/Makefile.in:
6031: Add missing definition of timedir
6032: [458a749c2c5e]
6033:
6034: * compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
6035: compat/mksiglist.c, compat/strsignal.c,
6036: plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
6037: Add #include of sys/types.h for .c files that include missing.h to
6038: be sure that size_t and ssize_t are defined.
6039: [08e3132dbf4f]
6040:
6041: * plugins/sudoers/Makefile.in:
6042: Install sudoers file from the build dir not hte src dir.
6043: [ca89e962dbf4]
6044:
6045: 2010-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
6046:
6047: * plugins/sudoers/set_perms.c:
6048: If runas_pw changes, reset the stashed runas aux group vector.
6049: Otherwise, if runas_default is set in a per-command Defaults
6050: statement, the command runs with root's aux group vector (i.e. the
6051: one that was used when locating the command).
6052: [24f9107cedd2]
6053:
6054: * plugins/sudoers/Makefile.in:
6055: Add target to generate sudoers file Remove generated sudoers file as
6056: part of distclean
6057: [fb7422e90f03]
6058:
6059: 2010-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
6060:
6061: * src/exec.c:
6062: When not logging I/O install a handler for SIGCONT and deliver it to
6063: the command upon resume. Fixes bugzilla #431
6064: [495dce52a5aa]
6065:
6066: 2010-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
6067:
6068: * plugins/sudoers/sudoers.h:
6069: g/c unused auth_pw extern definition
6070: [40eb7477ba17]
6071:
6072: * plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
6073: Move get_auth() into check.c where it is actually used.
6074: [e31db0ce3a61]
6075:
6076: 2010-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
6077:
6078: * common/lbuf.c:
6079: Convert a remaining puts() and putchar() to use the output function.
6080: [d69e363a506b]
6081:
6082: * plugins/sudoers/plugin_error.c:
6083: Plug memory leak
6084: [68895469ea8d]
6085:
6086: 2010-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
6087:
6088: * plugins/sudoers/env.c:
6089: Set dupcheck to TRUE when setting new HOME value if !env_reset but
6090: always_set_home is true. Prevents a duplicate HOME in the
6091: environment (old value plus the new one) introduced in f421f8827340.
6092: [9ca19183794f]
6093:
6094: * configure, configure.in, plugins/sudoers/sudoers,
6095: plugins/sudoers/sudoers.in:
6096: Substitute sysconfdir in the installed sudoers file to get the
6097: correct path for sudoers.d.
6098: [86072b6cd55d]
6099:
6100: 2010-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
6101:
6102: * src/get_pty.c:
6103: Fix typo that prevented compilation on Irix; Friedrich Haubensak
6104: [b48be51b65fc]
6105:
6106: 2010-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
6107:
6108: * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
6109: common/atobool.c, common/fileops.c, common/fmt_string.c,
6110: common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
6111: compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
6112: compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
6113: compat/getprogname.c, compat/glob.c, compat/isblank.c,
6114: compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
6115: compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
6116: compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
6117: compat/unsetenv.c, compat/utimes.c, include/compat.h,
6118: include/missing.h, plugins/sample/sample_plugin.c,
6119: plugins/sample_group/getgrent.c,
6120: plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
6121: plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
6122: plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
6123: plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
6124: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
6125: plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
6126: src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
6127: Merge compat.h and missing.h into missing.h
6128: [572909ae9716]
6129:
6130: 2010-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
6131:
6132: * plugins/sudoers/auth/pam.c:
6133: If the user hits ^C while a password is being read, error out before
6134: reading any further passwords in the pam conversation function.
6135: Otherwise, if multiple PAM auth methods are required, the user will
6136: have to hit ^C for each one.
6137: [23782631748c]
6138:
6139: 2010-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
6140:
6141: * plugins/sudoers/check.c:
6142: Update comment
6143: [a5296cb3a20a]
6144:
6145: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6146: Document sudo_conv_t function and sudo_printf_t return values.
6147: [745c0017814c]
6148:
6149: * src/conversation.c:
6150: Make _sudo_printf return the number of characters printed on success
6151: like printf(3).
6152: [8eeefe8d7e77]
6153:
6154: 2010-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
6155:
6156: * plugins/sudoers/sudoers.c:
6157: sudoers.h includes sudo_plugin.h for us
6158: [cabe68e07807]
6159:
6160: * common/Makefile.in, common/gettime.c, compat/mkstemps.c,
6161: plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
6162: src/sudo_edit.c:
6163: Use gettimeofday() directly instead of via the gettime() wrapper.
6164: [7490426c99ae]
6165:
6166: * common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
6167: compat/strerror.c, config.h.in, configure, configure.in,
6168: include/compat.h, include/missing.h, plugins/sudoers/logging.c,
6169: plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
6170: Remove some obsolete configure tests, ancient Unix systems are no
6171: longer supported.
6172: [2be6218c3a36]
6173:
6174: 2010-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
6175:
6176: * sudo.pp:
6177: Set pp_kit_version and strip off patch level
6178: [aacfda1b676d]
6179:
6180: * sudo.pp:
6181: Better handling of versions with a patchlevel. For rpm and deb, use
6182: the patchlevel+1 as the release. For AIX, use the patchlevel as the
6183: 4th version number. For the rest, just leave the patchlevel in the
6184: version string.
6185: [638bd35f2346]
6186:
6187: 2010-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
6188:
6189: * plugins/sudoers/auth/sudo_auth.c:
6190: For non-standalone auth methods, stop reading the password if the
6191: user enters ^C at the prompt.
6192: [82c2911bb264]
6193:
6194: * configure, configure.in, plugins/sudoers/Makefile.in,
6195: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
6196: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
6197: plugins/sudoers/pwutil.c:
6198: No need to look up shadow password unless we are doing password-
6199: style authentication. This moves the shadow password lookup to the
6200: auth functions that need it.
6201: [ba9e3eba2b72]
6202:
6203: * plugins/sudoers/sudoers.c:
6204: Retain final passwd/group refs until the policy close() function.
6205: Note that this doesn't get called in all cases so putting this in a
6206: cleanup function is probably better.
6207: [bbe214cb4119]
6208:
6209: * plugins/sudoers/check.c:
6210: Fix mismerge
6211: [395115f89dd6]
6212:
6213: * plugins/sudoers/check.c:
6214: When removing/resetting the timestamp file ignore the tty ticket
6215: contents.
6216: [b709f5667a0b]
6217:
6218: * plugins/sudoers/sudoers.c:
6219: delref sudo_user.pw, runas_pw and runas_gr immediately before we
6220: return.
6221: [4d67d15dfd3b]
6222:
6223: 2010-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
6224:
6225: * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
6226: plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
6227: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
6228: Reference count cached passwd and group structs. The cache holds
6229: one reference itself and another is added by sudo_getgr{gid,nam} and
6230: sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
6231: group structs are persistent for now.
6232: [e544685523c3]
6233:
6234: * doc/UPGRADE:
6235: fix typo
6236: [e32f2d35e6c9]
6237:
6238: 2010-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
6239:
6240: * plugins/sudoers/check.c:
6241: Do not produce a warning for "sudo -k" if the ticket file does not
6242: exist.
6243: [1598f6061b75]
6244:
6245: * plugins/sudoers/pwutil.c:
6246: Instead of caching struct passwd and struct group in the red-black
6247: tree, store a struct cache_item which includes both the key and
6248: datum. This allows us to user the actual name that was looked up as
6249: the key instead of the contents of struct passwd or struct group.
6250: This matters because the name in the database may not match what we
6251: looked up, due either to case folding or truncation (historically at
6252: 8 characters). Also mark the disabled calls to sudo_freepwcache()
6253: and sudo_freegrcache() as broken since we use cached data for things
6254: like set_perms() and the logging functions. Fixing this would
6255: require making a copy of the structs for user and runas or adding a
6256: reference count (better).
6257: [225d4a22f60e]
6258:
6259: * plugins/sudoers/Makefile.in:
6260: Fix path to mkinstalldirs
6261: [b4968379b12d]
6262:
6263: * plugins/sudoers/check.c, plugins/sudoers/logging.c,
6264: plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
6265: src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
6266: Quiet gcc warnings on glibc systems that use warn_unused_result for
6267: write(2) and others.
6268: [c99f138960e0]
6269:
6270: 2010-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
6271:
6272: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
6273: Add %option noinput
6274: [72b9cd49b4f1]
6275:
6276: * aclocal.m4, configure, configure.in:
6277: Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
6278: back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
6279: cross-compiling.
6280: [e385c176d0ee]
6281:
6282: 2010-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
6283:
6284: * aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
6285: Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
6286: and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
6287: [cf3e60d9c440]
6288:
6289: 2010-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
6290:
6291: * pp:
6292: Update to latest version
6293: [32f93be33961]
6294:
6295: 2010-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
6296:
6297: * sudo.pp:
6298: Let pp determine pp_aix_version itself.
6299: [7cf0245d84ed]
6300:
6301: * INSTALL, config.h.in, configure, configure.in, mkpkg,
6302: plugins/sudoers/sudoers.c:
6303: Add support for Ubuntu admin flag file and enable it when building
6304: Ubuntu packages.
6305: [00e27cff2dfb]
6306:
6307: * plugins/sudoers/sudoers, sudo.pp:
6308: Add commented out SuSE-like targetpw settings
6309: [4605d47b7413]
6310:
6311: * configure, configure.in:
6312: Only try to use +DAportable for non-GCC on hppa
6313: [75d0f284ccf7]
6314:
6315: * configure, configure.in:
6316: Prevent configure from adding the -g flag unless in devel mode
6317: [b1fd3f8d45c0]
6318:
6319: 2010-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
6320:
6321: * sudo.pp:
6322: Go back to sudo-flavor to match existing packages and only use an
6323: underscore for those that need it.
6324: [d737069d1e1c]
6325:
6326: * sudo.pp:
6327: Use sudo_$flavor instead of sudo-$flavor since that causes the least
6328: amount of trouble for the various package managers.
6329: [71f547af35fc]
6330:
6331: * mkpkg:
6332: Fix handling of the ldap flavor Remove destdir unless --debug was
6333: specified Make distclean before running configure if there is a
6334: Makefile present
6335: [6316f08de7d3]
6336:
6337: * sudo.pp:
6338: Add back include file.
6339: [195627bf68b8]
6340:
6341: * mkpkg:
6342: Pass extra args on to configure on HP-UX, if we don't have the HP C
6343: compiler, disable zlib to prevent gcc from finding it in
6344: /usr/local/lib.
6345: [473efa0e2bac]
6346:
6347: * mkpkg:
6348: Use the HP ANSI C compiler on HP-UX if possible
6349: [fb249b6b175d]
6350:
6351: * plugins/sudoers/sudoreplay.c:
6352: Some getline() implementations (FreeBSD 8.0) do not ignore the
6353: length pointer when the line pointer is NULL as they should.
6354: [2410a1a3543c]
6355:
6356: * plugins/sudoers/sudoreplay.c:
6357: Don't need to check for *cp being non-zero, isdigit() will do that.
6358: [7df11ea8a487]
6359:
6360: * plugins/sudoers/sudoreplay.c:
6361: Add setlocale() so the command line arguments that use floating
6362: point work in different locales. Since sudo now logs the timing
6363: data in the C locale we must Parse the seconds in the timing file
6364: manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
6365: the number of seconds with the user's locale so if the decimal point
6366: is not '.' try using the locale-specific version.
6367: [4d385765f23b]
6368:
6369: * src/exec.c:
6370: Do I/O logging in the C locale so the floating point numbers in the
6371: timing file are not locale-dependent.
6372: [5961cec044ec]
6373:
6374: * plugins/sudoers/sudoreplay.c:
6375: Use errorx() not error() for thingsthat don't set errno.
6376: [0fe5e692af84]
6377:
6378: 2010-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
6379:
6380: * pp:
6381: Better support for 1.2.3 style versions in Tru64 kits
6382: [997c549bb777]
6383:
6384: * sudo.pp:
6385: Add Tru64 kit support
6386: [e273a954f981]
6387:
6388: * pp:
6389: Remove apparently unnecessary use of sudo
6390: [be8840d85125]
6391:
6392: * Makefile.in, plugins/sudoers/Makefile.in:
6393: Create timedir as part of install-dirs target.
6394: [c736bc2fb14f]
6395:
6396: * src/exec_pty.c:
6397: Handle ENXIO from read/write which can occur when reading/writing a
6398: pty that has gone away.
6399: [fa2e8059879f]
6400:
6401: * plugins/sudoers/pwutil.c:
6402: sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
6403: [3a045475d5ee]
6404:
6405: * mkpkg:
6406: platform is a pp flag not a variable
6407: [12eba39a47c1]
6408:
6409: * Makefile.in, mkpkg, sudo.pp:
6410: Add simple arg parsing for mkpkg so we can set debug, flavor or
6411: platform.
6412: [ada839fe252d]
6413:
6414: * pp:
6415: Make rpm backend work on AIX 5.x
6416: [549a76d11393]
6417:
6418: 2010-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
6419:
6420: * plugins/sudoers/sudoers:
6421: Add commented out Defaults entry for log_output
6422: [7e67d7588900]
6423:
6424: 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
6425:
6426: * doc/Makefile.in:
6427: Remove sudo docdir completely
6428: [dce8e82878ef]
6429:
6430: * doc/sample.sudo.conf:
6431: Add sample sudo.conf
6432: [aafdba3fc411]
6433:
6434: 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
6435:
6436: * plugins/sudoers/Makefile.in:
6437: Add PACKAGE_TARNAME for docdir
6438: [930c92b8f8f0]
6439:
6440: 2010-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
6441:
6442: * src/Makefile.in:
6443: Pass install-sh -b~ here too.
6444: [c3f5eb446c38]
6445:
6446: * plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
6447: plugins/sudoers/Makefile.in, src/Makefile.in:
6448: Install binary files with -b~ to make a backup. Fixes "text file
6449: busy" error on HP-UX during install.
6450: [81f306f54f8c]
6451:
6452: * install-sh:
6453: "mv -f" on HP-UX doesn't unlink the destination first so add an
6454: explicit rm before moving the temporary into place.
6455: [fb719a79582d]
6456:
6457: * configure, configure.in:
6458: Some more ${foo} -> $(foo) conversion for consistent Makefiles.
6459: [0aa098770074]
6460:
6461: * doc/Makefile.in, plugins/sudoers/Makefile.in:
6462: Install sudoers2ldif in the doc dir
6463: [33ac3b53d7f5]
6464:
6465: 2010-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
6466:
6467: * pathnames.h.in:
6468: Add missing include of maillock.h for Solaris
6469: [5a58883be23a]
6470:
6471: * NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE,
6472: doc/sample.syslog.conf, doc/sudoers.cat:
6473: Change the default syslog facility from local2 to authpriv (or auth
6474: if the operating system doesn't support authpriv).
6475: [3b70ba514f49]
6476:
6477: * Makefile.in, sudo.pp:
6478: Install sudoers as /etc/sudoers on RPM and debian systems where the
6479: package manager will not replace a user-modified configuration file.
6480: This fixes upgrades from the vendor sudo packages.
6481: [d886b6d60b5b]
6482:
6483: * pp:
6484: RPM: use %config(noreplace) instead of %config for volatile This
6485: results in the new file being installed with a .rpmnew suffix
6486: instead of the file being replaced and the old one renamed with a
6487: .rpmsave suffix.
6488: [58be2119f8e8]
6489:
6490: 2010-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
6491:
6492: * compat/mkstemps.c, plugins/sudoers/boottime.c:
6493: Include time.h for struct timeval
6494: [ddf8b04f0276]
6495:
6496: * src/exec_pty.c:
6497: The return value of strsignal() may be const and should be treated
6498: as const regardless.
6499: [620074ae1e77]
6500:
6501: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6502: Mention that 127.0.0.1 will not match, nor will localhost unless
6503: that is the actual host name.
6504: [8b574122eb8f]
6505:
6506: * MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE:
6507: Rename WHATSNEW -> NEWS
6508: [d1a2c8c47d89]
6509:
6510: * pp:
6511: Updated pp with latest patches
6512: [98e16b9b8f62]
6513:
6514: * WHATSNEW:
6515: Sync with 1.7.4
6516: [65ac4dafeef7]
6517:
6518: * doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
6519: plugins/sudoers/sudoers:
6520: Add commented out line to add HOME to env_keep and add a warning to
6521: the note about the HOME change in UPGRADE.
6522: [0d6a775bb6c8]
6523:
6524: 2010-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
6525:
6526: * plugins/sudoers/sudoreplay.c:
6527: Add LINE_MAX define for those without it.
6528: [446d9dbe7859]
6529:
6530: * INSTALL, WHATSNEW, config.h.in, configure, configure.in,
6531: doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
6532: plugins/sudoers/defaults.c:
6533: The tty_tickets option is now on by default.
6534: [a01c48206d80]
6535:
6536: * WHATSNEW:
6537: Mention that AIX authdb support has been fixed.
6538: [87bd7f4eba6a]
6539:
6540: * common/aix.c:
6541: setauthdb() only sets the "old" registry if it was set by a previous
6542: call to setauthdb(). To restore the original value, passing NULL
6543: (or an empty string) to setauthdb() is sufficient.
6544: [470da190a254]
6545:
6546: 2010-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
6547:
6548: * WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod,
6549: doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
6550: plugins/sudoers/env.c:
6551: Reset HOME when env_reset is enabled unless it is in env_keep
6552: [f421f8827340]
6553:
6554: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6555: The default for set_logname has been "true" for some time now.
6556: [f489da5674c3]
6557:
6558: * plugins/sudoers/boottime.c:
6559: Add missing include of time.h
6560: [624d7014932f]
6561:
6562: * plugins/sudoers/logging.c:
6563: Fix check for dup2() return value.
6564: [140ea2d50d20]
6565:
6566: * plugins/sudoers/env.c:
6567: Add PYTHONUSERBASE to initial_badenv_table
6568: [3149aae5b12c]
6569:
6570: * plugins/sudoers/visudo.c:
6571: Treat an unknown defaults entry as a parse error.
6572: [b3ebad73efb2]
6573:
6574: * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
6575: Check return value of setdefs() but don't stop setting defaults if
6576: we hit an unknown one.
6577: [945e752239ab]
6578:
6579: * WHATSNEW, aclocal.m4, config.h.in, configure, configure.in,
6580: doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
6581: doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in,
6582: plugins/sudoers/env.c:
6583: If env_reset is enabled, set the MAIL environment variable based on
6584: the target user unless MAIL is explicitly preserved in sudoers.
6585: [a1b03e2e0e96]
6586:
6587: 2010-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
6588:
6589: * pp:
6590: decode debian code names
6591: [8741280d9960]
6592:
6593: * WHATSNEW:
6594: fix typo
6595: [a8a19451110b]
6596:
6597: 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
6598:
6599: * WHATSNEW:
6600: Merge with 1.7.4
6601: [9348fa7e15b8]
6602:
6603: * src/sudo.c:
6604: Restore RLIMIT_NPROC after the uid switch if it appears that
6605: runas_setup() did not do it for us. Fixes a bash script problem on
6606: SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
6607: [786fb272e5fd]
6608:
6609: 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
6610:
6611: * mkpkg, pp, sudo.pp:
6612: Restore the dot removal in the os version reported by polypkg. Adapt
6613: mkpkg and sudo.pp to the change.
6614: [dcafdd53b88f]
6615:
6616: 2010-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
6617:
6618: * INSTALL:
6619: document --with-pam-login
6620: [ea93e4c6873c]
6621:
6622: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6623: The tag is NOSETENV, not UNSETENV. From Petr Uzel.
6624: [2ac90d8de36e]
6625:
6626: 2010-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
6627:
6628: * sudo.pp:
6629: Include flavor in solaris package name
6630: [e605f6364c9f]
6631:
6632: * mkpkg:
6633: Older shells don't support IFS= so set explictly to space, tab,
6634: newline.
6635: [7773960bc8a0]
6636:
6637: * mkpkg:
6638: Use '=' not '==' in test
6639: [c99d42bc48e6]
6640:
6641: * mkpkg:
6642: Fix typo that prevented debian from matching
6643: [84421078fcb7]
6644:
6645: * mkpkg:
6646: Add missing prefix setting for debian
6647: [6466f23de4aa]
6648:
6649: * sudo.pp:
6650: Use tab indents to reduce the chance of problem with <<- Fix the
6651: debian %set section, pp does not set pp_deb_distro Uncomment %sudo
6652: line in sudoers for debian Uncomment some env_keep lines for RHEL,
6653: SLES and debian to more closely match the vendor sudoers files.
6654: Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
6655: debian for ldap flavor
6656: [c5b49feb1a0c]
6657:
6658: * plugins/sudoers/sudoers:
6659: Add commented out env_keep entries, sample Aliases and a %sudo line
6660: for debian.
6661: [387719e52d0f]
6662:
6663: * configure, configure.in:
6664: Move zlib check later on in the script to avoid a strange shell
6665: problem on SLES11.
6666: [1a3153bb1291]
6667:
6668: * configure.in:
6669: Remove check for egrep; configure has its own
6670: [a3b9d98cb5d2]
6671:
6672: 2010-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
6673:
6674: * mkpkg:
6675: Enable zlib for linux distros
6676: [8fa51a1405a4]
6677:
6678: * mkpkg:
6679: Add ldap flavor to default build
6680: [97644f5a555f]
6681:
6682: * mkpkg, sudo.pp:
6683: Simplify rpm linux distro settings
6684: [b9dcf10cdf20]
6685:
6686: * aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat:
6687: Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
6688: [2c549c1acde9]
6689:
6690: * Makefile.in:
6691: Fix ChangeLog creation from build dir
6692: [3d0c7904f173]
6693:
6694: * plugins/sudoers/sudoers.c:
6695: Handle getcwd() failure.
6696: [aef7bef87394]
6697:
6698: * doc/Makefile.in, mkpkg, sudo.pp:
6699: Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
6700: environment variable.
6701: [be6ed611b7a8]
6702:
6703: * sudo.pp:
6704: Create sudo group on debian
6705: [6ed6c032042e]
6706:
6707: * mkpkg, sudo.pp:
6708: Add debian 4/5/6 and use the dot when doing version matches
6709: [6bcb664d1f4f]
6710:
6711: * aclocal.m4, configure:
6712: Use a loop when searching for mv, sendmail and sh
6713: [d5e9369f8d13]
6714:
6715: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6716: Remove spurious "and"; from debian
6717: [a21e6f7c5b99]
6718:
6719: * aclocal.m4, configure, configure.in, doc/sudoers.cat,
6720: doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat,
6721: doc/visudo.man.in, doc/visudo.pod:
6722: Substitute the value of EDITOR into the sudoers and visudo manuals.
6723: [cd79e587dd7f]
6724:
6725: 2010-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
6726:
6727: * mkpkg, pp, sudo.pp:
6728: Initial support for debian 4.0
6729: [ac6707915fa8]
6730:
6731: * mkpkg:
6732: Some platforms need -fPIE instead of -fpie
6733: [fd6be19e5bc2]
6734:
6735: * plugins/sudoers/auth/pam.c:
6736: Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
6737: On Linux it causes a DNS lookup via libaudit.
6738: [1e10105ade5b]
6739:
6740: * MANIFEST:
6741: Update MANIFEST to match packaging changes
6742: [ef86ee557b5b]
6743:
6744: * sudo.psf:
6745: We now use pp to generate HP-UX packages
6746: [f7aa8da7844e]
6747:
6748: * INSTALL.binary, plugins/sudoers/Makefile.binary.in:
6749: Remove vestiges of old binary package bits.
6750: [afffd005452f]
6751:
6752: * INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in,
6753: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
6754: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6755: src/Makefile.in:
6756: install-man -> install-doc
6757: [99b5fa05567c]
6758:
6759: * Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg,
6760: plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp:
6761: Use http://rc.quest.com/topics/polypkg/ for packaging
6762: [5ca8eb75b223]
6763:
6764: * install-sh:
6765: Just ignore the -c option, it is the default Add support for -d
6766: option
6767: [a8b6b0a131e8]
6768:
6769: 2010-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
6770:
6771: * pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c:
6772: Use _PATH_STDPATH instead of _PATH_DEFPATH
6773: [137fa911908e]
6774:
6775: * plugins/sudoers/Makefile.in, src/Makefile.in:
6776: Do not strip binaries.
6777: [20166e287176]
6778:
6779: * INSTALL, configure, configure.in:
6780: Add --insults=disabled configure option to allow people to build in
6781: insult support but have the insults disabled unless explicitly
6782: enabled in sudoers.
6783: [523b8c552e90]
6784:
6785: * compat/mkstemps.c:
6786: Add prototype for gettime()
6787: [275eee40473b]
6788:
6789: * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c,
6790: plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
6791: plugins/sudoers/sudoers.h:
6792: Add support for a sudo-i pam.d file to be used for "sudo -i".
6793: Adapted from a RedHat patch.
6794: [06d34f16520b]
6795:
6796: 2010-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
6797:
6798: * include/missing.h:
6799: Fix mkstemps() prototype
6800: [2421841e815b]
6801:
6802: * MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c,
6803: config.h.in, configure, configure.in, include/missing.h,
6804: src/sudo_edit.c:
6805: Use mkstemps() instead of mkstemp() in sudoedit. This allows
6806: sudoedit to preserve the file extension (if any) which may be used
6807: by the editor (like emacs) to choose the editing mode.
6808: [d33172d2c086]
6809:
6810: 2010-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
6811:
6812: * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
6813: plugins/sudoers/ldap.c:
6814: TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
6815: TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
6816: code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
6817: should avoid disabling TLS_CHECKPEER is possible.
6818: [196622436212]
6819:
6820: 2010-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
6821:
6822: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6823: Make sudo_plugin format a bit more like a man page
6824: [048d596e32da]
6825:
6826: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
6827: Add suport for negated user/host/command lists in a Defaults entry.
6828: E.g. Defaults:!baduser noexec
6829: [d41112cf0342]
6830:
6831: * Makefile.in, common/Makefile.in, compat/Makefile.in,
6832: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
6833: plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
6834: src/Makefile.in:
6835: Add uninstall target
6836: [fea66ebf136a]
6837:
6838: * common/Makefile.in, compat/Makefile.in:
6839: Remove unused AR, SED and RANLIB variables
6840: [2ff9928bfdb3]
6841:
6842: * Makefile.in:
6843: Do not install sample plugins
6844: [5443b87bd1c3]
6845:
6846: 2010-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
6847:
6848: * MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure,
6849: configure.in, plugins/sudoers/env.c:
6850: Now that sudoers is a dynamically loaded module we cannot override
6851: the libc environment functions because the symbols may already have
6852: been resolved via libc. Remove getenv/putenv/setenv/unsetenv
6853: replacements from sudoers and add replacements for setenv/unsetenv
6854: for systems that lack them.
6855: [3f2b43cb8851]
6856:
6857: * configure, configure.in, plugins/sudoers/Makefile.in:
6858: Link testsudoers with -ldl when needed
6859: [f79606f9fcd7]
6860:
6861: * plugins/sample_group/plugin_test.c:
6862: Remove unused time.h and add limits.h for PATH_MAX
6863: [3f5d0074d621]
6864:
6865: * doc/sudoers.ldap.pod:
6866: Fix typo.
6867: [bc855fd57397]
6868:
6869: 2010-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
6870:
6871: * plugins/sample_group/plugin_test.c:
6872: Do not depend on strlcpy/strlcat
6873: [6e7e2b5af051]
6874:
6875: * plugins/sample_group/plugin_test.c:
6876: Standalone test driver for sudoers group plugin.
6877: [eb1235fc3b8e]
6878:
6879: 2010-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
6880:
6881: * plugins/sudoers/group_plugin.c, src/load_plugins.c:
6882: Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging
6883: aid.
6884: [2a34e616229b]
6885:
6886: * plugins/sample_group/sample_group.c:
6887: Fix style nit in function declarations
6888: [ab87c7c76bf9]
6889:
6890: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
6891: Document group_plugin syntax.
6892: [ed1faf72ddcb]
6893:
6894: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
6895: Document the sudoers group plugin.
6896: [f19a62dc8cfc]
6897:
6898: * INSTALL, MANIFEST, Makefile.in, config.h.in, configure,
6899: configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h,
6900: plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
6901: plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
6902: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
6903: plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c,
6904: plugins/sudoers/match.c, plugins/sudoers/nonunix.h,
6905: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
6906: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
6907: plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c:
6908: Replace built-in non-unix group support with a sudoers group plugin.
6909: Include a sample plugin that can read Unix-format group files.
6910: [8fc58ce0b1a8]
6911:
6912: * configure, configure.in, src/load_plugins.c:
6913: Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage.
6914: [5c491dddb8ef]
6915:
6916: 2010-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
6917:
6918: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
6919: doc/sudoers.man.in, doc/sudoers.pod:
6920: Move sudoers-specific bits out of sudo(8) and into sudoers(5)
6921: [e8a5a5830cfe]
6922:
6923: * aclocal.m4, configure, configure.in:
6924: Substitute @io_logdir@ for the sudoers I/O log directory.
6925: [21a75ca7b0ab]
6926:
6927: 2010-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
6928:
6929: * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
6930: common/atobool.c, common/fileops.c, common/fmt_string.c,
6931: common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
6932: compat/getgrouplist.c, compat/getline.c, compat/glob.c,
6933: compat/snprintf.c, config.h.in, configure, configure.in,
6934: include/fileops.h, plugins/sample/sample_plugin.c,
6935: plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
6936: plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
6937: plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
6938: plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
6939: plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
6940: plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
6941: plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
6942: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
6943: plugins/sudoers/boottime.c, plugins/sudoers/check.c,
6944: plugins/sudoers/defaults.c, plugins/sudoers/env.c,
6945: plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
6946: plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
6947: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
6948: plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
6949: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
6950: plugins/sudoers/logging.c, plugins/sudoers/match.c,
6951: plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
6952: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
6953: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
6954: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
6955: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
6956: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
6957: src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c,
6958: src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
6959: src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
6960: Set usrinfo for AIX Set adminstrative domain for the process when
6961: looking up user's password or group info and when preparing for
6962: execve(). Include strings.h even if string.h exists since they may
6963: define different things. Fixes warnings on AIX and others.
6964: [cf8b93e872c9]
6965:
6966: * Makefile.in:
6967: Add a separate all target for AIX make which was using the entire
6968: LHS (not just the first entry) of the first target as the implicit
6969: target.
6970: [a45b980a01ef]
6971:
6972: * plugins/sudoers/env.c:
6973: Do not rely on env.env_len when unsetting a variable, just use the
6974: NULL terminator.
6975: [ca6eb239c829]
6976:
6977: * plugins/sudoers/env.c:
6978: In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
6979: [7046ba7caa4e]
6980:
6981: 2010-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
6982:
6983: * plugins/sudoers/vasgroups.c:
6984: Use warningx() instead of log_error() since the latter is not
6985: available to visudo or testsudoers. This does mean that they don't
6986: end up in syslog.
6987: [152b7c50f426]
6988:
6989: * plugins/sudoers/sudoers.c:
6990: Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
6991: closed the sudoers sources. From Quest sudo.
6992: [c1cd573bab94]
6993:
6994: * plugins/sudoers/pwutil.c:
6995: Ignore case when matching user/group names in the cache. From Quest
6996: sudo.
6997: [2aa4ecc7d7f5]
6998:
6999: 2010-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
7000:
7001: * config.h.in, configure, configure.in, src/selinux.c:
7002: Add check for setkeycreatecon() when --with-selinux is specified.
7003: [affae247b4e0]
7004:
7005: * configure, configure.in:
7006: Error out if libaudit.h is missing or ununable when --with-linux-
7007: audit was specified
7008: [d82e743fac04]
7009:
7010: * doc/HISTORY, doc/history.pod:
7011: Add =head3 entries, mostly for the html version
7012: [ee93112d0308]
7013:
7014: 2010-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
7015:
7016: * doc/HISTORY, doc/history.pod:
7017: Mention when LDAP was incorporate.
7018: [2923dc17f79c]
7019:
7020: 2010-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
7021:
7022: * configure, configure.in:
7023: Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
7024: not covered by _ALL_SOURCE.
7025: [c92fd69809d0]
7026:
7027: 2010-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
7028:
7029: * plugins/sudoers/iolog.c:
7030: Add a cast to quiet a compiler warning.
7031: [a200e07ee1bc]
7032:
7033: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
7034: Quiet a compiler warning.
7035: [c9acfc927cea]
7036:
7037: * plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
7038: Call set_fqdn() after sudoers has parsed instead of inline as a
7039: callback.
7040: [5f4e5d075f2d]
7041:
7042: * WHATSNEW, plugins/sudoers/sudoers.c:
7043: Do not call set_fqdn() until sudoers parses (where is gets run as a
7044: callback).
7045: [09040fca6d40]
7046:
7047: * WHATSNEW:
7048: mention the change in tty ticket behavior when there is no tty
7049: [575a1fd98f05]
7050:
7051: * plugins/sudoers/check.c:
7052: Do not update tty ticket if there is no tty.
7053: [63f9c33ce6a7]
7054:
7055: * doc/LICENSE, doc/license.pod:
7056: Update copyright year
7057: [0722ab5d404b]
7058:
7059: * doc/Makefile.in:
7060: Do not rely on BSD make's $>
7061: [936a86398bd9]
7062:
7063: * configure, configure.in:
7064: Set timedir to /var/db/sudo for darwin to match Apple sudo's
7065: location
7066: [d5b9b03096f1]
7067:
7068: 2010-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
7069:
7070: * plugins/sudoers/sudoers.h:
7071: Add stub declarations for struct stat and struct timeval
7072: [f6d90551a4fd]
7073:
7074: * MANIFEST:
7075: Remove compat/sigaction.c
7076: [d0ed6d9a770e]
7077:
7078: * config.h.in, configure, configure.in, plugins/sudoers/defaults.c,
7079: plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
7080: Check for zlib.h in addition to libz.
7081: [6e191b4a6065]
7082:
7083: * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h,
7084: src/sudo_exec.h:
7085: Move functions and symbols shared between exec.c and exec_pty.c into
7086: sudo_exec.h.
7087: [14ae63403544]
7088:
7089: * doc/Makefile.in:
7090: Comment out rules to build .man.in and .cat files unless --with-
7091: devel
7092: [3cf7e5606a85]
7093:
7094: * doc/Makefile.in:
7095: Comment out rules to build .man.in and .cat files unless --with-
7096: devel
7097: [d30495b0e29e]
7098:
7099: * src/parse_args.c:
7100: Quote any non-alphanumeric characters other than '_' or '-' when
7101: passing a command to be run via the shell for the -s and -i options.
7102: [d633f74fe2d9]
7103:
7104: * doc/Makefile.in:
7105: Add back .man suffix
7106: [6e63b60a2739]
7107:
7108: * INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in,
7109: plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
7110: plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
7111: plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
7112: src/selinux.c:
7113: Add Linux audit support.
7114: [5a2f445e0bd4]
7115:
7116: 2010-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
7117:
7118: * plugins/sudoers/iolog.c:
7119: Remove an XXX
7120: [a170cbe651d1]
7121:
7122: * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
7123: plugins/sudoers/sudoreplay.c:
7124: Add -f (filter) option to sudoreplay to allow certain streams to be
7125: replayed and others ignored.
7126: [62e51b432ea1]
7127:
7128: * src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
7129: src/tgetpass.c:
7130: Fix -A flag when askpass is specified in sudo.conf or if sudo
7131: doesn't need to read a password.
7132: [2e401e4a00e3]
7133:
7134: * src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c,
7135: src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
7136: Clean up some XXXs
7137: [689f0b002d3d]
7138:
7139: * WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
7140: doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
7141: Add support for multiple sudoers_base entries in ldap.conf. From
7142: Joachim Henke
7143: [e3e4a3c2bd5b]
7144:
7145: * config.h.in, configure, configure.in, plugins/sudoers/logging.c,
7146: src/exec_pty.c:
7147: remove setsid check, we require a POSIX system
7148: [cc73cb9e22c0]
7149:
7150: * plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c,
7151: src/sudo.c, src/tgetpass.c:
7152: Check for dup2() failure.
7153: [5d46d66794f5]
7154:
7155: * config.h.in, configure, configure.in:
7156: Remove dup2() check, it is not optional.
7157: [5f1d56de4384]
7158:
7159: 2010-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
7160:
7161: * WHATSNEW:
7162: sync with sudo 1.7.3
7163: [88e5c0bd6d59]
7164:
7165: * INSTALL:
7166: SunOS does not ship with an ANSI compiler
7167: [f13c85c67069]
7168:
7169: * INSTALL:
7170: Update OS specific notes. Delete some really ancient ones and move
7171: older ones to the end of the list.
7172: [59ce592c4c52]
7173:
7174: * README:
7175: Sudo can be downloaded from the web site too Mention "OS dependent
7176: notes" section in INSTALL
7177: [191871538984]
7178:
7179: * src/exec_pty.c, src/selinux.c:
7180: Call selinux_restore_tty() as part of cleanup() so it gets called
7181: from error()/errorx()
7182: [bb017da6b6da]
7183:
7184: * MANIFEST, doc/PORTING:
7185: Remove obsolete porting guide
7186: [321e35591344]
7187:
7188: * plugins/sudoers/interfaces.h, plugins/sudoers/match.c:
7189: Move union sudo_in_addr_un into interfaces.h
7190: [b2c8b19ee094]
7191:
7192: * doc/Makefile.in:
7193: Remove useless circular dependencies
7194: [5682181b59cf]
7195:
7196: * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
7197: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
7198: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
7199: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
7200: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
7201: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
7202: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c:
7203: Convert to ANSI C function declarations
7204: [a4f76927d034]
7205:
7206: * common/alloc.c, common/fileops.c, common/gettime.c, common/list.c,
7207: common/zero_bytes.c, compat/charclass.h, compat/closefrom.c,
7208: compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c,
7209: compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c,
7210: compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
7211: compat/strlcpy.c, compat/timespec.h, compat/utime.h,
7212: compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod,
7213: include/alloc.h, include/error.h, include/lbuf.h, include/list.h,
7214: include/missing.h, pathnames.h.in, plugins/sudoers/alias.c,
7215: plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h,
7216: plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
7217: plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
7218: plugins/sudoers/defaults.h, plugins/sudoers/find_path.c,
7219: plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
7220: plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
7221: plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
7222: plugins/sudoers/logging.h, plugins/sudoers/match.c,
7223: plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c,
7224: plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
7225: plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
7226: plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
7227: plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
7228: plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c,
7229: src/conversation.c, src/error.c, src/load_plugins.c,
7230: src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c,
7231: src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c:
7232: Update copyright year
7233: [26ac7991f7d8]
7234:
7235: * doc/Makefile.in:
7236: Fix commented DEVDOCS when not in devel mode.
7237: [e0a97eaf3793]
7238:
7239: * plugins/sudoers/match.c:
7240: Quiet a compiler warning.
7241: [b2a17ebd5d38]
7242:
7243: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
7244: Quiet a compiler warning.
7245: [687843bc593d]
7246:
7247: * plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h:
7248: Make all functions in ldap.c static
7249: [b2111e89eeba]
7250:
7251: * doc/schema.ActiveDirectory:
7252: Updates from Alain Roy to provide better examples for importing the
7253: schema and to fix problems caused by Windows validating attributes
7254: which have not yet been added before committing the changes.
7255: [69f4c5ccaf89]
7256:
7257: 2010-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
7258:
7259: * configure, configure.in, doc/Makefile.in, doc/sudo.cat,
7260: doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
7261: doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
7262: doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
7263: doc/visudo.cat, doc/visudo.man.in:
7264: Leave rules to build .man.in and .cat files uncommented but only
7265: make them part of the "all" rule in devel mode. Generate .cat files
7266: directly from .man.in instead of .man using default values in
7267: configure.in
7268: [c3054a44f6a5]
7269:
7270: * configure, configure.in:
7271: Bump sudo version to 1.8.0b1
7272: [8f79c85135e1]
7273:
7274: * configure, configure.in, src/sudo.c, src/sudo_usage.h.in:
7275: Print configure args with verbose version information.
7276: [1ce690660ed2]
7277:
7278: * TODO, plugins/sudoers/visudo.c:
7279: Remove tfd from struct sudoersfile; it is not used. Add prev pointer
7280: to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
7281: Use tq_append to append sudoers entries to the tail queue.
7282: [1743f9a286e4]
7283:
7284: 2010-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
7285:
7286: * WHATSNEW:
7287: Describe tty timestamp improvements
7288: [e214e863a313]
7289:
7290: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7291: A comment character may not be part of a command line argument
7292: unless it is quoted with a backslash. Fixes parsing of:
7293: testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
7294: [ea2e990f85ed]
7295:
7296: * doc/sudoers.pod:
7297: Make this read a little bit better when passwd_timeout is 0.
7298: [39d362757f31]
7299:
7300: * doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod:
7301: Attempt to handle a default password prompt timeout of zero more
7302: gracefully.
7303: [ea47d43acf5b]
7304:
7305: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7306: Do not override value of keepopen global, instead restore it to the
7307: value we pushed onto the stack when popping.
7308: [fe282e5a3402]
7309:
7310: * plugins/sudoers/Makefile.in:
7311: Add dependency for utility programs on libreplace and libcommon
7312: [2339aba64928]
7313:
7314: * compat/sigaction.c, config.h.in, configure.in, include/compat.h,
7315: plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
7316: src/exec.c, src/exec_pty.c, src/tgetpass.c:
7317: Remove sigaction emulation Use SA_INTERRUPT in sa_flags
7318: [7dd61f1bd8d2]
7319:
7320: * MANIFEST, config.h.in, configure, configure.in, include/missing.h:
7321: We don't use getgrouplist() at the moment so there's no need to
7322: provide a compat version.
7323: [1597536fbada]
7324:
7325: * TODO:
7326: sync with reality
7327: [9e1a874e7885]
7328:
7329: * include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
7330: src/conversation.c, src/sudo.h, src/tgetpass.c:
7331: Fix visiblepw sudoers option; the plugin API portion still needs
7332: documenting
7333: [60b6933ef5e0]
7334:
7335: * src/sudo.c:
7336: Print sudo version as well.
7337: [987ed459b459]
7338:
7339: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
7340: Use sudo_printf for I/O log version Clarify policy plugin version
7341: string
7342: [5a58b7e8c80b]
7343:
7344: * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
7345: plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c:
7346: Silence some compiler warnings
7347: [afb1eba90915]
7348:
7349: * src/load_plugins.c, src/tgetpass.c:
7350: Store askpass path in a global instead of uses setenv() which many
7351: systems lack.
7352: [b440bcc0e660]
7353:
7354: 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
7355:
7356: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
7357: doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
7358: plugins/sudoers/check.c, plugins/sudoers/def_data.c,
7359: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
7360: plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c,
7361: plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c,
7362: src/tgetpass.c:
7363: Move askpass path specification from sudoers to sudo.conf.
7364: [5507ab867c26]
7365:
7366: * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
7367: Use a flag bit in struct command_details for selinux instead of a
7368: separate field.
7369: [c59ca4acded9]
7370:
7371: * src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
7372: Implement background mode. If I/O logging we use pipes instead of a
7373: pty.
7374: [c07a4b356cbd]
7375:
7376: * compat/mksiglist.c, compat/strsignal.c, include/compat.h,
7377: src/exec.c, src/exec_pty.c, src/tgetpass.c:
7378: Move compat definition of NSIG to compat.h
7379: [ab0385467f25]
7380:
7381: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
7382: doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
7383: Mention plugins in the sudo manual and add some missing path
7384: substitution in the sudo_plugin manual.
7385: [570f831f47a3]
7386:
7387: * src/Makefile.in:
7388: Set _PATH_SUDO_CONF based on $(sysconfdir)
7389: [fde51869cf07]
7390:
7391: * common/lbuf.c, common/term.c, config.h.in, configure, configure.in,
7392: src/exec.c, src/exec_pty.c, src/ttysize.c:
7393: Require POSIX termios to build sudo
7394: [9ec6b41f3f95]
7395:
7396: * src/tgetpass.c:
7397: Ignore SIGPIPE for "sudo -S"
7398: [7ad27fde0c06]
7399:
7400: * src/tgetpass.c:
7401: Fix uninitialized variable in TGP_ECHO case and print a newline if
7402: the user interrupted password input.
7403: [ce19204d8dd4]
7404:
7405: * src/tgetpass.c:
7406: Make TGP_ECHO override TGP_MASK and don't try to restore the
7407: terminal if we didn't modify it.
7408: [a7e11abfe7e4]
7409:
7410: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
7411: include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
7412: src/conversation.c, src/sudo.h, src/tgetpass.c:
7413: Add SUDO_CONV_PROMPT_MASK define which corresponds to the
7414: "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is
7415: set.
7416: [e0550590cabe]
7417:
7418: * src/exec_pty.c:
7419: Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
7420: [762448182fe3]
7421:
7422: 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
7423:
7424: * src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
7425: Add selinux_enabled flag into struct command_details and set it in
7426: command_info_to_details(). Return an error from selinux_setup()
7427: instead of exiting. Call selinux_setup() from exec_setup().
7428: [011bea23a5a0]
7429:
7430: 2010-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
7431:
7432: * src/exec_pty.c:
7433: Remove commented out copy of old sudo_execve() function.
7434: [9c5e21380472]
7435:
7436: 2010-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
7437:
7438: * plugins/sudoers/sudoers.c:
7439: Fix setting selinux type on command line.
7440: [814b20a0b3be]
7441:
7442: * plugins/sudoers/iolog.c:
7443: In sudoers_io_close(), skip NULL io_fds[] elements.
7444: [4011ff7d4daf]
7445:
7446: * include/compat.h:
7447: No longer need NGROUPS_MAX define
7448: [cae4c49d7077]
7449:
7450: * compat/nanosleep.c, config.h.in, configure, configure.in,
7451: include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c,
7452: plugins/sudoers/visudo.c, src/sudo_edit.c:
7453: Replace timerfoo macros with timevalfoo since the timer macros are
7454: known to be busted on some systems.
7455: [4f97d79f2d41]
7456:
7457: * src/exec_pty.c:
7458: Remove duplicate call to selinux_setup().
7459: [82bd52764e21]
7460:
7461: * plugins/sudoers/auth/pam.c:
7462: If pam_open_session() fails, pass its status to pam_end.
7463: [1d8de4cf8ff3]
7464:
7465: * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
7466: If a file in a #includedir has improper permissions or owner just
7467: skip it. This prevents packages that incorrectly install a file
7468: into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
7469: #includedir files still result in a parse error (for now).
7470: [ade99a4549a4]
7471:
7472: * WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
7473: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
7474: plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
7475: Add use_pty sudoers option to force use of a pty even when not
7476: logging I/O.
7477: [b280a8972a79]
7478:
7479: * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
7480: Make env_init() void as it never fails.
7481: [d3890e55daa7]
7482:
7483: * plugins/sudoers/env.c:
7484: No longer use _NSGetEnviron so don't need crt_externs.h
7485: [9b4e0e139881]
7486:
7487: * plugins/sudoers/env.c:
7488: Remove unused VNULL define
7489: [a42cacb263e3]
7490:
7491: 2010-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
7492:
7493: * plugins/sudoers/iolog.c:
7494: Add #define for maximum session id
7495: [9e18c17a28c2]
7496:
7497: * MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h:
7498: Split exec.c into exec.c and exec_pty.c
7499: [d52376327332]
7500:
7501: * MANIFEST:
7502: Sync with source file moves.
7503: [4a62c6c9e846]
7504:
7505: * src/Makefile.in, src/get_pty.c, src/pty.c:
7506: Rename pty.c -> get_pty.c
7507: [5696a12bd29b]
7508:
7509: 2010-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
7510:
7511: * plugins/sudoers/iolog.c:
7512: Only use I/O input log file if def_log_input is set and output file
7513: if def_log_output is set.
7514: [d866992f1681]
7515:
7516: 2010-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
7517:
7518: * compat/strsignal.c:
7519: Update copyright year
7520: [a96f2593fd4e]
7521:
7522: * src/pty.c:
7523: uid -> ttyuid
7524: [c3454d74ebcb]
7525:
7526: * plugins/sudoers/sudoers.c:
7527: For sudoedit, make a local copy of editor string si become part of
7528: argv. If no editor environment variable, split def_editor on ':'
7529: since it may be a colon-delimited path.
7530: [2ee298506a6e]
7531:
7532: * src/sudo_edit.c:
7533: Remove unneeded endpwent()/endgrent()
7534: [623f6743d101]
7535:
7536: * doc/Makefile.in:
7537: Use value of nroff from configure
7538: [b2ce649125ab]
7539:
7540: * src/exec.c:
7541: Add missing const to I/O log action function
7542: [d764a3955e04]
7543:
7544: * plugins/sudoers/check.c:
7545: Update copyright year and fix whitespace
7546: [e648c35b16be]
7547:
7548: * configure, configure.in:
7549: Fix typo
7550: [8e0bdfc47da4]
7551:
7552: * plugins/sudoers/iolog.c:
7553: Remove redundant tty signal blocking in log function.
7554: [f17f575dabd4]
7555:
7556: 2010-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
7557:
7558: * plugins/sudoers/iolog.c:
7559: Place static keyword where it belongs
7560: [b01aec7c86b4]
7561:
7562: * plugins/sudoers/logging.c:
7563: Always use a printf format string for send_mail()
7564: [13b1ada644c9]
7565:
7566: * common/atobool.c, plugins/sudoers/ldap.c:
7567: Extend atobool() so we can use it in the LDAP code.
7568: [73f8e6807044]
7569:
7570: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
7571: Sudo now stashes tty ctime for tty_tickets on Solaris too.
7572: [e82df13ad3fd]
7573:
7574: * plugins/sudoers/boottime.c:
7575: Fix dummy version of get_boottime()
7576: [01d69c06013b]
7577:
7578: 2010-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
7579:
7580: * plugins/sudoers/check.c:
7581: Enable tty_is_devpts() support for Solaris with the "devices"
7582: filesystem.
7583: [237c6b25fa84]
7584:
7585: * src/exec.c:
7586: Unbreak the non-io logging case.
7587: [4822b9f709fb]
7588:
7589: * src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
7590: Fix symbol name conflict with sudo_printf.
7591: [0d44eab0a8f6]
7592:
7593: * plugins/sudoers/auth/pam.c:
7594: Fix OpenPAM detection for newer versions.
7595: [1b2abed232d8]
7596:
7597: * plugins/sudoers/vasgroups.c:
7598: Sync with Quest sudo git repo
7599: [f1d98b3cba02]
7600:
7601: * aclocal.m4, configure, configure.in:
7602: HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
7603: Add missing template for ENV_DEBUG Adapted from Quest sudo
7604: [695dbd7b28f4]
7605:
7606: * README.LDAP:
7607: Fix typos; from Quest Sudo
7608: [4eba9da33b8e]
7609:
7610: 2010-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
7611:
7612: * plugins/sudoers/Makefile.in:
7613: Add back -I$(top_srcdir); we need it for including compat/foo.h
7614: since we cannot rely on "foo.h" being found relative to the source
7615: file when the cwd is different.
7616: [bbf24695f325]
7617:
7618: * src/exec.c:
7619: Fix a bug where we could treat EAGAIN as a permanent error. Also set
7620: cstat if perform_io() returns an error.
7621: [200475c4326f]
7622:
7623: * common/alloc.c, plugins/sudoers/boottime.c,
7624: plugins/sudoers/sudoers.c:
7625: Add casts to quiet compiler warnings.
7626: [85eb1c336697]
7627:
7628: * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
7629: plugins/sudoers/visudo.c:
7630: Fix typo in ternary operator usage.
7631: [6492ac1450e2]
7632:
7633: 2010-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
7634:
7635: * INSTALL, configure, configure.in:
7636: Add --enable-warnings and fix typo in SUDO_IO_LOGDIR
7637: [92121d693b30]
7638:
7639: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
7640: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
7641: Update docs to match sudoers I/O logging changes
7642: [18d651989e49]
7643:
7644: * INSTALL, WHATSNEW, aclocal.m4, configure, configure.in,
7645: pathnames.h.in, plugins/sudoers/def_data.c,
7646: plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
7647: plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
7648: plugins/sudoers/gram.h, plugins/sudoers/gram.y,
7649: plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
7650: plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
7651: plugins/sudoers/sudoreplay.c:
7652: Break sudoers transcript feature up into log_input and log_output.
7653: [db3c1248d2ad]
7654:
7655: * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
7656: plugins/sudoers/visudo.c:
7657: Use setprogname() as needed.
7658: [6beee63a4553]
7659:
7660: * plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
7661: Adapt sudoreplay to iolog changes.
7662: [581f52c05f0f]
7663:
7664: 2010-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
7665:
7666: * plugins/sudoers/iolog.c:
7667: Log all input and output into separate files and store a number on
7668: each timing file line to indicate which file the data is in.
7669: [fb460c5273dd]
7670:
7671: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
7672: plugins/sudoers/sudoers.h:
7673: Make sudoers_io functions static to iolog.c
7674: [b2df3cc3eecb]
7675:
7676: 2010-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
7677:
7678: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
7679: src/sudo_usage.h.in:
7680: Completely remove the -L flag from the sudo front end.
7681: [3d220030b720]
7682:
7683: * plugins/sudoers/sudoreplay.c:
7684: Fix EAGAIN handling when writing to stdout.
7685: [4766d77cea49]
7686:
7687: * plugins/sudoers/sudoers.c:
7688: Eliminate unused variables
7689: [83bd711e79c4]
7690:
7691: * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c:
7692: Re-enable cleanup functions in sudoers plugin and sudo driver for
7693: error()/errorx().
7694: [43093f937dd8]
7695:
7696: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
7697: plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
7698: plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
7699: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
7700: Use sudo_printf to display verbose version information.
7701: [435cc9f8d4a2]
7702:
7703: * common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
7704: plugins/sudoers/Makefile.in, src/Makefile.in:
7705: Minor Makefile cleanup: fix a typo, change the removal order in the
7706: clean targets, and remove a superfluous include path for the sudoers
7707: plugin.
7708: [6e3b2d6b4437]
7709:
7710: * plugins/sudoers/env.c:
7711: Handle duplicate variables in the environment. For unsetenv(), keep
7712: looking even after remove the first instance. For sudo_putenv(),
7713: check for and remove dupes after we replace an existing value.
7714: [c1bbb88d0435]
7715:
7716: 2010-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
7717:
7718: * plugins/sudoers/Makefile.in:
7719: Use explicit path to source file instead of $< for files that live
7720: in devdir and top_srcdir.
7721: [358ab7f6cc64]
7722:
7723: * plugins/sudoers/Makefile.in:
7724: Add explicit rules to compile gram.c and toke.c for HP-UX Pevent
7725: ending LIBSUDOERS_OBJS with a backslash
7726: [481a5c96d47e]
7727:
7728: * plugins/sudoers/Makefile.in, src/Makefile.in:
7729: Link libcommon before libreplace since libcommon may use functions
7730: only present in libreplace.
7731: [1847c496ff5b]
7732:
7733: * common/Makefile.in:
7734: Move code common to sudo and the sudoers plugin to a convenience
7735: library, libcommon. Removes the need to make links in the sudoers
7736: plugin dir and reduces re-compilation of duplicate object files.
7737: [4c8986352937]
7738:
7739: * Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c,
7740: common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c,
7741: common/term.c, common/zero_bytes.c, configure, configure.in,
7742: plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
7743: src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c,
7744: src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c,
7745: src/zero_bytes.c:
7746: Move code common to sudo and the sudoers plugin to a convenience
7747: library, libcommon. Removes the need to make links in the sudoers
7748: plugin dir and reduces re-compilation of duplicate object files.
7749: [1d1d98bd55b9]
7750:
7751: * src/exec.c, src/sudo.c, src/sudo.h:
7752: Rename script_execve to sudo_execve and rename script_foo in exec.c
7753: [a35ec80de96a]
7754:
7755: * MANIFEST, src/Makefile.in, src/exec.c, src/script.c:
7756: rename script.c exec.c and fix up the MANIFEST file
7757: [36bc3bff9578]
7758:
7759: * src/script.c, src/sudo.c, src/sudo.h:
7760: Rename script_setup() to pty_setup() and call from script_execve()
7761: directly.
7762: [899b0fb2a14d]
7763:
7764: * configure, configure.in:
7765: bump version to 1.8.0a2
7766: [0b1c1ca9d4e5]
7767:
7768: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
7769: Document init_session
7770: [b5324785a406]
7771:
7772: * plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
7773: plugins/sudoers/auth/sudo_auth.h:
7774: Clean up the sudoers auth API a bit and update the docs.
7775: [c40fd4cb6e68]
7776:
7777: * include/sudo_plugin.h, plugins/sudoers/auth/pam.c,
7778: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
7779: plugins/sudoers/sudoers.h, src/script.c, src/sudo.c:
7780: Add init_session function to struct policy_plugin that gets called
7781: before the uid/gid/etc changes. A struct passwd pointer is passed
7782: in,which may be NULL if the user does not exist in the passwd
7783: database.The sudoers module uses init_session to open the pam
7784: session as needed.
7785: [d71723320ee8]
7786:
7787: 2010-05-26 Todd C. Miller <Todd.Miller@courtesan.com>
7788:
7789: * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
7790: plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c,
7791: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
7792: Add open/close session to sudo auth, only used by PAM. This allows
7793: us to open (and close) the PAM session from sudoers.
7794: [2665e2920d0d]
7795:
7796: * plugins/sudoers/Makefile.in:
7797: Add explicit rule to build getdate.o for HP-UX make.
7798: [7f049e989956]
7799:
7800: * plugins/sudoers/Makefile.in:
7801: Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c
7802: rules as an alternate way to prevent HP-UX make (and others) from
7803: trying to rebuild the parser in non-dev mode.
7804: [f84badad98c5]
7805:
7806: * plugins/sudoers/sudoers.c:
7807: Re-enable PATH_MAX check for command
7808: [40d8a50da136]
7809:
7810: * Makefile.in:
7811: For distclean, clean the main directory last since the subdirs need
7812: to be able to run libtool to clean things.
7813: [8949a9861634]
7814:
7815: * compat/Makefile.in:
7816: Fix generation of mksiglist.h
7817: [b7cdc9b36650]
7818:
7819: * src/script.c:
7820: Now that we defer sending cstat until the end of script_child() we
7821: cannot reuse cstat when reading command status from parent.
7822: [25c882643466]
7823:
7824: 2010-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
7825:
7826: * configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl,
7827: doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
7828: doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat,
7829: doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
7830: Use numeric registers to handle conditionals instead of trying to do
7831: it all with text processing.
7832: [478079c3fd4b]
7833:
7834: * doc/sudoers.pod:
7835: Document per-command SELinux settings
7836: [13840d566805]
7837:
7838: * plugins/sudoers/sudoers.c:
7839: Repair "sudo -l -U username"
7840: [10a0dcdf2ddf]
7841:
7842: * plugins/sudoers/sudoers.c:
7843: Set selinux role and type in command details.
7844: [8ae6d35a126d]
7845:
7846: * src/script.c, src/selinux.c, src/sudo.h:
7847: Rework SELinux support.
7848: [83279cc94bf2]
7849:
7850: 2010-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
7851:
7852: * src/script.c, src/selinux.c, src/sudo.h:
7853: Make SELinux support compile again. Needs more work to be complete.
7854: [3d3addebcf82]
7855:
7856: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
7857: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
7858: src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c,
7859: src/sudo.h:
7860: Bring back closefrom settings.
7861: [b1c6257d4bbb]
7862:
7863: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
7864: plugins/sudoers/sudoers.h:
7865: If running a command or sudoedit in transcript mode, call
7866: io_nextid() before log_allowed() so the session id is logged.
7867: [c42f3ae40150]
7868:
7869: * configure, configure.in:
7870: Use mandoc(1) if nroff(1) is not present.
7871: [daad4bbd04af]
7872:
7873: * doc/Makefile.in:
7874: Use the --file argument to config.status instead of setting
7875: CONFIG_FILES in the environment.
7876: [c89411a8bf70]
7877:
7878: * plugins/sudoers/Makefile.in:
7879: We cannot conditionally update gram.h or the dependency ordering
7880: gets messed up in devel mode.
7881: [c938953231d9]
7882:
7883: 2010-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
7884:
7885: * Makefile.in, compat/Makefile.in, configure, configure.in,
7886: doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
7887: plugins/sudoers/Makefile.in, src/Makefile.in:
7888: Substitute @SHELL@ into Makefiles
7889: [36aa6a095335]
7890:
7891: * config.sub:
7892: Fix typo
7893: [16d294d26b58]
7894:
7895: * config.guess, config.sub, configure, configure.in:
7896: Update to autoconf 2.65
7897: [4fa6ea8caea3]
7898:
7899: * Makefile.in:
7900: Fix libtool target (space vs. tabs)
7901: [755cf3892618]
7902:
7903: * config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c:
7904: Remove use of RETSIGTYPE; all modern systems have signal handlers
7905: that return void.
7906: [42b4e3aee668]
7907:
7908: * Makefile.in, aclocal.m4, acsite.m4, configure, configure.in,
7909: ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
7910: m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in,
7911: plugins/sudoers/Makefile.in, src/Makefile.in:
7912: Update to libtool-2.2.6b. I haven't made any local modifications
7913: this time, which should be OK since we install sudo_noexec.so by
7914: hand now.
7915: [6f79ced593bb]
7916:
7917: * compat/Makefile.in, plugins/sample/Makefile.in,
7918: plugins/sudoers/Makefile.in, src/Makefile.in:
7919: Use libtool to clean objects
7920: [1581057d6472]
7921:
7922: * include/Makefile.in:
7923: Install sudo_plugin.h as part of "make install" and make other
7924: install targets callable from the top-level Makefile
7925: [aaaeb027d774]
7926:
7927: * configure, configure.in:
7928: regen with autoupdate to eliminate AC_TRY_LINK
7929: [5d5541c230f5]
7930:
7931: * Makefile.in, compat/Makefile.in, configure, configure.in,
7932: doc/Makefile.in, plugins/sample/Makefile.in,
7933: plugins/sudoers/Makefile.in, src/Makefile.in:
7934: Install sudo_plugin.h as part of "make install" and make other
7935: install targets callable from the top-level Makefile
7936: [b258b8401b1c]
7937:
7938: * plugins/sample/sample_plugin.c:
7939: The sample plugin doesn't support being run with no args so return a
7940: usage error in this case.
7941: [473b3cf965be]
7942:
7943: * plugins/sudoers/iolog.c:
7944: Set close on exec flag for descriptors used for I/O logging so they
7945: are not present in the command being run.
7946: [2c7e8708df76]
7947:
7948: * plugins/sudoers/tsgetgrpw.c:
7949: Set close on exec flag in private versions of setpwent() and
7950: setgrent().
7951: [64fef78cb833]
7952:
7953: * src/script.c:
7954: Close the I/O pipes aftering dup2()ing them to std{in,out,err}.
7955: Fixes extra fds being present in the command when it is part of a
7956: pipeline.
7957: [060451617713]
7958:
7959: * plugins/sudoers/sudoers.c:
7960: Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it
7961: is used when logging). Note that user_ttypath will still be NULL if
7962: there is no tty.
7963: [31b69a6ecda7]
7964:
7965: * src/script.c, src/sudo.h:
7966: Cosmetic changes: add comments, remove orphaned prototype and
7967: make a global static.
7968: [f7851af0143e]
7969:
7970: 2010-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
7971:
7972: * src/script.c:
7973: Move check for maxfd == -1 to flush_output where it belongs.
7974: [b826a95b4491]
7975:
7976: * src/script.c:
7977: Break out of select loop if all the fds we want to select on are -1.
7978: [f5b387024238]
7979:
7980: * src/sudo.c:
7981: Avoid possible malloc(0) if plugin returns an empty groups list.
7982: [9765a8fe5ce7]
7983:
7984: * src/sudo.c:
7985: Add debugging info when calling plugin close function
7986: [95a273c7ff66]
7987:
7988: * src/script.c:
7989: Avoid closing stdin/stdout/stderr when we are piping output.
7990: [330e76423caf]
7991:
7992: * src/script.c:
7993: When execve() of the command fails, it is possible to receive
7994: SIGCHLD before we've read the error status from the pipe. Re-order
7995: things such that we send the final status at the very end and prefer
7996: error status over wait status.
7997: [b0dcf825244f]
7998:
7999: 2010-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
8000:
8001: * plugins/sudoers/auth/sudo_auth.c:
8002: Fix compilation for non PAM/BSD auth/AIX auth
8003: [e382b39d2e4f]
8004:
8005: 2010-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
8006:
8007: * src/script.c:
8008: Additional checks to make sure we don't close /dev/tty by mistake.
8009: When flushing, sleep in select as long as we have buffers that need
8010: to be written out.
8011: [8139cbd3dd54]
8012:
8013: * src/script.c:
8014: Now that we can use pipes for stdin/stdout/stderr there is no longer
8015: a need to error out when there is no tty. We just need to make sure
8016: we don't try to use the tty fd if it is -1.
8017: [666621635d26]
8018:
8019: 2010-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
8020:
8021: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
8022: include/sudo_plugin.h, plugins/sample/sample_plugin.c,
8023: plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c:
8024: Add argc and argv to I/O logger open function.
8025: [0d7faa007d27]
8026:
8027: * doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h,
8028: plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
8029: src/parse_args.c, src/sudo.c, src/sudo_edit.c:
8030: Remove check_sudoedit function pointer in struct sudo_policy.
8031: Instead, sudo will set sudoedit=true in the settings array. The
8032: plugin should check for this and modify argv_out as appropriate in
8033: check_policy.
8034: [c0328e3276b8]
8035:
8036: 2010-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
8037:
8038: * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
8039: src/sudo_edit.c:
8040: If plugin sets "sudoedit=true" in the command info, enable sudoedit
8041: mode even if not invoked as sudoedit. This allows a plugin to
8042: enable sudoedit when the user runs an editor.
8043: [96d67b99e42e]
8044:
8045: 2010-05-15 Todd C. Miller <Todd.Miller@courtesan.com>
8046:
8047: * plugins/sudoers/Makefile.in:
8048: gram.h must not depend on gram.y if we want to avoid unnecessary
8049: rebuilding of targets dependent on gram.h when gram.y changes.
8050: [9db4b767fdca]
8051:
8052: * plugins/sample/sample_plugin.c:
8053: Refactor common bits of check_policy and check_edit
8054: [ac4d366a04cf]
8055:
8056: * plugins/sample/sample_plugin.c:
8057: Add sudoedit support
8058: [a1a6cc4c0cef]
8059:
8060: 2010-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
8061:
8062: * plugins/sudoers/Makefile.in:
8063: Rely more on VPATH; fixes a dependency issue with the parser.
8064: [45e406ebdea2]
8065:
8066: * include/compat.h:
8067: Fix typo introduced in last commit
8068: [3ccb0f853d11]
8069:
8070: * include/compat.h:
8071: Emulate seteuid using setreuid() or setresuid() as needed. There are
8072: still a few places that call seteuid() directly.
8073: [36e8efa3a99d]
8074:
8075: * src/parse_args.c, src/sudo_edit.c:
8076: Attempt to fix building on systems that only have setuid.
8077: [8e9ba4083318]
8078:
8079: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8080: Clarify sudoedit a tad.
8081: [d39dfaa14ade]
8082:
8083: 2010-05-13 Todd C. Miller <Todd.Miller@courtesan.com>
8084:
8085: * src/sudo_edit.c:
8086: Fix compilation on HP-UX
8087: [f6e47843d139]
8088:
8089: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8090: Document sudoedit
8091: [4cbf5196d993]
8092:
8093: * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
8094: Change how we handle the sudoedit argv. We now require that there
8095: be a "--" in argv to separate the editor and any command line
8096: arguments from the files to be edited.
8097: [20623d549a3c]
8098:
8099: * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
8100: plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
8101: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
8102: src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c,
8103: src/sudo.h, src/sudo_edit.c:
8104: Work in progress support for sudoedit. The actual interface used by
8105: the plugin for sudoedit is likely to change.
8106: [c31262a31997]
8107:
8108: * plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
8109: plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
8110: Make find_path() a little more generic by not checking def_foo
8111: variables inside it. Instead, pass in ignore_dot as a function
8112: argument.
8113: [9c23101a094d]
8114:
8115: * plugins/sudoers/env.c:
8116: Add version of getenv(3) that uses our own environ pointer.
8117: [0e3783e63534]
8118:
8119: 2010-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
8120:
8121: * src/script.c:
8122: Avoid a potential race condition if SIGCHLD is received immediately
8123: before we call select().
8124: [99adc5ea7f0a]
8125:
8126: * plugins/sudoers/sudoers.c:
8127: Call env_init() before we open the sudoers sources as those may call
8128: our setenv() replacement.
8129: [5f82601f5ab0]
8130:
8131: * plugins/sudoers/env.c:
8132: Initialize env_len in env_init()
8133: [7ae02b3029b5]
8134:
8135: 2010-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
8136:
8137: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
8138: Document time stamp shortcomings under SECURITY NOTES Use "time
8139: stamp" instead of timestamp.
8140: [2b86120815b2]
8141:
8142: * doc/Makefile.in:
8143: Make sed substitution of mansectsu and mansectform global.
8144: [94588632dba0]
8145:
8146: * plugins/sudoers/check.c:
8147: If the tty lives on a devpts filesystem, stash the ctime in the tty
8148: ticket file, as it is not updated when the tty is written to. This
8149: helps us determine when a tty has been reused without the user
8150: authenticating again with sudo.
8151: [0e62a31bceb0]
8152:
8153: * src/tgetpass.c:
8154: Fix pasto in mulitple signal fix and use _NSIG not NSIG since that
8155: is what our compat checks set.
8156: [df50f0a040c9]
8157:
8158: * configure, configure.in:
8159: Add check for whether sudo need to link with -ldl to get dlopen().
8160: This is a bit of a hack that will get reworked when libtool is
8161: updated.
8162: [63bdcf579533]
8163:
8164: * plugins/sudoers/check.c:
8165: Fix timestamp removal with -k/-K
8166: [6b4639fef973]
8167:
8168: * plugins/sudoers/Makefile.in:
8169: audit.c is now private to the sudoers plugin
8170: [1974f342ae0b]
8171:
8172: * configure, configure.in:
8173: Link with -lpthread on HP-UX since a plugin may be linked with
8174: -lpthread and dlopen() will fail if the shared object has a
8175: dependency on -lpthread but the main program is not linked with it.
8176: [d42139391263]
8177:
8178: * config.h.in, configure, configure.in, plugins/sudoers/set_perms.c:
8179: Add separate test for getresuid() since HP-UX has setresuid() but no
8180: getresuid().
8181: [910fe727a374]
8182:
8183: * doc/Makefile.in:
8184: Remove errant backslash
8185: [dd5464257c69]
8186:
8187: * src/script.c:
8188: Fix SIGPIPE handling. Now that we use may use pipes for
8189: stdin/stdout we need to pass any SIGPIPE we receive to the running
8190: command.
8191: [3f6b1991f4fd]
8192:
8193: * src/script.c:
8194: Also start the command in the background if stdin is not a tty.
8195: [d93bc33a3740]
8196:
8197: 2010-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
8198:
8199: * plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c:
8200: No need to use pseudo-cbreak mode now that we use pipes when stdout
8201: is not a tty. Instead, check whether stdin is a tty and if not,
8202: delay setting the tty to raw mode until the command tries to access
8203: it itself (and receives SIGTTIN or SIGTTOU).
8204: [e68315cf8c6b]
8205:
8206: * src/tgetpass.c:
8207: Use an array for signals received instead of a single variable so we
8208: don't lose any when there are multiple different signals.
8209: [2ac726dac864]
8210:
8211: * src/tgetpass.c:
8212: Do signal setup after turning off echo, not before. If we are using
8213: a tty but are not the foreground pgrp this will generate SIGTTOU so
8214: we want the default action to be taken (suspend process).
8215: [bebb6209c795]
8216:
8217: 2010-05-07 Todd C. Miller <Todd.Miller@courtesan.com>
8218:
8219: * src/script.c:
8220: Flush the iobufs on suspend or child exit using the same logic as
8221: the main event loop.
8222: [c627feee1035]
8223:
8224: * src/script.c:
8225: Free memory after we are done with it.
8226: [8db9b611b45a]
8227:
8228: 2010-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
8229:
8230: * doc/HISTORY:
8231: Quest now sponsors Sudo development
8232: [6cc490083bc7]
8233:
8234: 2010-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
8235:
8236: * doc/Makefile.in:
8237: Install sudo_plugin man page.
8238: [c253729790b2]
8239:
8240: * src/script.c:
8241: Go back to reseting io_buffer offset and length (and now also the
8242: EOF handling) in the loop we do the FD_SET, not after we drain the
8243: buffer after write() since we don't know what order reads and writes
8244: will occur in.
8245: [5f38bfa8497f]
8246:
8247: * MANIFEST:
8248: audit files moved to sudoers plugin directory
8249: [b1ead182428e]
8250:
8251: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8252: Document plugin_printf and new logging functions.
8253: [fe9430b60ab5]
8254:
8255: * src/script.c:
8256: Add support for logging stdin when it is not a tty. There is still a
8257: bug where "cat | sudo cat" has problems because both cat and sudo
8258: are trying to read from the tty.
8259: [04c9c59fcfba]
8260:
8261: * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
8262: plugins/sudoers/sudoers.c, src/script.c:
8263: Add separate I/O logging functions for tty in/out and
8264: stdin/stdout/stderr. NOTE: stdin logging does not currently work and
8265: is disabled for now.
8266: [a36dfd4ca935]
8267:
8268: 2010-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
8269:
8270: * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
8271: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
8272: plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
8273: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
8274: src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
8275: Add pointer to a printf like function to plugin open functon. This
8276: can be used instead of the conversation function to display info and
8277: error messages.
8278: [98734eea8ef1]
8279:
8280: * Makefile.in:
8281: Stop if make in a subdir fails
8282: [228bb3ad2dbc]
8283:
8284: * src/script.c:
8285: Only set user's tty to blocking mode when doing the final flush.
8286: Flush pipes as well as pty master when the process is done.
8287: [20ff67218666]
8288:
8289: 2010-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
8290:
8291: * plugins/sudoers/ldap.c:
8292: Use print_error() when displaying ldap config info in debugging
8293: mode.
8294: [d142e0cacb22]
8295:
8296: * compat/Makefile.in, compat/strdup.c, compat/strndup.c:
8297: No longer need strdup() or strndup() replacements.
8298: [df53697174ec]
8299:
8300: * plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
8301: plugins/sudoers/sudoers.h:
8302: Add print_error() function that uses the conversation function to
8303: print a variable number of error strings and use it in log_error().
8304: [b1fa2861b575]
8305:
8306: * src/script.c, src/sudo.h, src/term.c:
8307: Do not need the opost flag to term_copy() now that we use pipes for
8308: stdout/stderr when they are not a tty.
8309: [f42811f70a19]
8310:
8311: * src/script.c:
8312: Use pipes to the sudo process if stdout or stderr is not a tty.
8313: Still needs some polishing and a decision as to whether it is
8314: desirable to add additonal entry points for logging
8315: stdout/stderr/stdin when they are not ttys. That would allow a
8316: replay program to keep things separate and to know whether the
8317: terminal needs to be in raw mode at replay time.
8318: [1a945e0ab2da]
8319:
8320: 2010-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
8321:
8322: * plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
8323: plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
8324: src/audit.c, src/bsm_audit.c, src/bsm_audit.h:
8325: Move audit sources into the sudoers plugin dir; the driver does not
8326: use them.
8327: [50ec36422cd0]
8328:
8329: * compat/getline.c, compat/mksiglist.c, compat/nanosleep.c,
8330: compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c,
8331: plugins/sudoers/boottime.c, plugins/sudoers/getdate.c,
8332: plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
8333: plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c,
8334: src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c,
8335: src/term.c, src/ttysize.c:
8336: Use angle brackets when including headers that can only be found
8337: when an -I flag is specified. The files in the compat dir could get
8338: away with double quotes here but I've converted all the source files
8339: to use angle brackets for consistency.
8340: [9e30a8fc6d4b]
8341:
8342: * plugins/sudoers/Makefile.in:
8343: Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat
8344: dir can be found when building outside the source tree.
8345: [1150934b79dd]
8346:
8347: * plugins/sudoers/Makefile.in:
8348: Clean up links in distclean
8349: [78595028be8b]
8350:
8351: * plugins/sudoers/Makefile.in:
8352: Hack around VPATH semantic differences by symlinking files we need
8353: from ../../src into the current directory and build those. A better
8354: fix would be to either make a .a or .la file with those files in it
8355: or simply use a single, flat, Makefile instead of per-subdirs
8356: Makefiles.
8357: [892c332d3f05]
8358:
8359: * plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c:
8360: fmt_string is used by the sudoers plugin too so do not include
8361: sudo.h (which is not really needed here anyway)
8362: [231c35e3941f]
8363:
8364: * compat/Makefile.in, plugins/sample/Makefile.in,
8365: plugins/sudoers/Makefile.in, src/Makefile.in:
8366: Fix building with non-BSD versions of make such as GNU make.
8367: Requires VPATH support, which should be in any non-neolithic make.
8368: [dc174f135919]
8369:
8370: * configure, configure.in, plugins/sudoers/Makefile.in,
8371: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
8372: src/Makefile.in:
8373: Re-enable bsm audit. Currently auditing is done within the sudoers
8374: plugin itself. If possible, this should really be done in the main
8375: driver but we don't presently have the needed data to do that. This
8376: will be re-evaluated when Linux audit support is added.
8377: [1d05a3236bfe]
8378:
8379: * compat/Makefile.in, plugins/sample/Makefile.in,
8380: plugins/sudoers/Makefile.in, src/Makefile.in:
8381: Remove extraneous $srcdir and use more .c.lo and .c.o rules instead
8382: of explicit rules in the dependency.
8383: [88f80efd25f0]
8384:
8385: * plugins/sudoers/visudo.c:
8386: Fix mismerge; alias_remove_recursive() now returns int
8387: [6257a4849641]
8388:
8389: 2010-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
8390:
8391: * plugins/sudoers/visudo.c:
8392: Fix a crash when checking a sudoers file that has aliases that
8393: reference themselves. Based on a diff from David Wood.
8394: [545d194484a7]
8395:
8396: * src/script.c:
8397: Print signal info after restoring the tty mode, not before.
8398: [a68618e67435]
8399:
8400: * src/script.c:
8401: Defer call to alarm() until after we fork the child. Pass correct
8402: pid to terminate_child() If the command exits due to signal, set
8403: alive to false like we do when it exits normally. Add missing
8404: check for errpipe[0] != -1 before using it in FD_ISSET
8405: [22f0a1549391]
8406:
8407: 2010-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
8408:
8409: * plugins/sudoers/boottime.c:
8410: Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h
8411: [0e627170c6e8]
8412:
8413: 2010-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
8414:
8415: * src/Makefile.in:
8416: Simplify dependencies by using .c.o and .c.lo rules.
8417: [6abcaef5d1ac]
8418:
8419: * configure, configure.in, plugins/sudoers/Makefile.in,
8420: src/Makefile.in:
8421: Substitute in @PROGS@ into src/Makefile to add sesh
8422: [cc46d3b6208f]
8423:
8424: 2010-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
8425:
8426: * plugins/sudoers/sudoers.c:
8427: Add back calls to log_denial() if sudoers does not allow the
8428: command.
8429: [9783316207f0]
8430:
8431: * plugins/sudoers/sudoers.c:
8432: Pass in correct pwflag for list and validate.
8433: [973dd56d4b81]
8434:
8435: * plugins/sudoers/env.c:
8436: Add missing check for NULL in validate_env_vars
8437: [1d6eb6957824]
8438:
8439: * src/Makefile.in:
8440: Add sudo_noexec.la to "all" target, otherwise it only gets built at
8441: install time.
8442: [644a9694d2ef]
8443:
8444: * plugins/sudoers/sudoers.c:
8445: Only set sudo_user.env_vars if the env_add list is empty.
8446: [fccdf6f0e0e2]
8447:
8448: * plugins/sudoers/sudoers.c:
8449: Set sudo_user.env_vars so that environment variables specified on
8450: the command line get logged correctly.
8451: [9b51012c491e]
8452:
8453: * plugins/sudoers/env.c, plugins/sudoers/logging.c,
8454: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
8455: Re-enable environment files and setting environment variables on the
8456: command line.
8457: [5662d5645dbd]
8458:
8459: 2010-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
8460:
8461: * plugins/sudoers/check.c:
8462: Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime()
8463: a pointer to time_t as tv_sec in struct timeval may be long.
8464: [4de0c46e788e]
8465:
8466: * plugins/sudoers/check.c:
8467: Don't stash ctime in on-disk tty ticket info for now; on many
8468: (most?) systems the ctime is updated when the tty is written to.
8469: Once I have a better idea of what systems do not update ctime on
8470: ttys (and have a way to test for this) the ctime stash will be
8471: conditionally re-enabled.
8472: [a90eeec0f648]
8473:
8474: 2010-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
8475:
8476: * MANIFEST, Makefile.in:
8477: Add back "dist" target, this time using a MANIFEST file
8478: [29277c05499f]
8479:
8480: * Makefile.in:
8481: Remove Makefile in distclean target
8482: [83d695f4f450]
8483:
8484: * Makefile.in, src/Makefile.in:
8485: Update clean and cleandir targets
8486: [ad7b2afeb9c1]
8487:
8488: * include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c,
8489: src/sudo.h:
8490: Move fileops.c defines and prototypes to filesops.h
8491: [4545e9b6892d]
8492:
8493: * plugins/sudoers/check.c:
8494: Lock the tty timestamp when writing. We shouldn't have to lock when
8495: reading since the file is updated via a single write system call.
8496: [0c7276f02696]
8497:
8498: 2010-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
8499:
8500: * plugins/sudoers/alias.c, plugins/sudoers/check.c,
8501: plugins/sudoers/defaults.c, plugins/sudoers/find_path.c,
8502: plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c,
8503: plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c,
8504: plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
8505: plugins/sudoers/logging.c, plugins/sudoers/match.c,
8506: plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
8507: plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
8508: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
8509: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
8510: plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c,
8511: plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
8512: Convert to ANSI C function declarations
8513: [9c45def57cf7]
8514:
8515: * plugins/sudoers/sudoers.h:
8516: Remove extraneous bits and classify by source file.
8517: [e8ea9f109ebb]
8518:
8519: * include/compat.h:
8520: Add timercmp macro for systems without it
8521: [d3bf87b1d08e]
8522:
8523: * plugins/sudoers/boottime.c, plugins/sudoers/check.c,
8524: plugins/sudoers/sudoers.h:
8525: get_boottime() now fills in a timeval struct
8526: [3573c3f44e11]
8527:
8528: * plugins/sudoers/check.c:
8529: Store info from stat(2)ing the tty in the tty ticket when tty
8530: tickets are in use. On most systems, this closes the loophole
8531: whereby a user can log out of a tty, log back in and still have the
8532: timestamp be valid.
8533: [53380f9f5242]
8534:
8535: * config.h.in, configure.in:
8536: Add timespec2timeval and use it when getting ctime/mtime
8537: [4cb7f7caec2c]
8538:
8539: 2010-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
8540:
8541: * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c,
8542: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
8543: plugins/sudoers/testsudoers.c:
8544: Convert perm setting to push/pop model; still needs some work Use
8545: the stashed runas groups instead of using getgrouplist() Reset perms
8546: to the initial value on error
8547: [09c072ebde8b]
8548:
8549: * config.h.in, configure.in:
8550: fix ctim_get and mtim_get macros
8551: [58773dc1e360]
8552:
8553: * config.h.in, configure, configure.in, include/compat.h,
8554: plugins/sudoers/check.c, plugins/sudoers/gettime.c,
8555: plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c:
8556: Use timeval directly instead of converting to timespec when dealing
8557: with file times and time of day.
8558: [a0ce1ae00a67]
8559:
8560: * plugins/sudoers/Makefile.in:
8561: Don't like sudoreplay with libsudoers.la due to a yacc symbol
8562: conflict.
8563: [f1a59cc63a15]
8564:
8565: 2010-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
8566:
8567: * configure, configure.in:
8568: Darwin >= 9.x has real setreuid(2)
8569: [7ec942a64275]
8570:
8571: 2010-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
8572:
8573: * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
8574: Ansify env.c
8575: [f58551bad10a]
8576:
8577: * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
8578: plugins/sudoers/sudoers.h:
8579: Remove remaining references to the environ pointer.
8580: [96faa530816a]
8581:
8582: 2010-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
8583:
8584: * config.h.in, configure, configure.in, plugins/sudoers/env.c:
8585: Don't change the environ directly in the sudoers plugin
8586: [6db48ed3f7e0]
8587:
8588: 2010-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
8589:
8590: * plugins/sudoers/sudoers.c:
8591: Fix typo
8592: [4aa452b07f8f]
8593:
8594: * plugins/sudoers/alias.c:
8595: Fix use after free in error message when a duplicate alias exists.
8596: [ce1d2812ee34]
8597:
8598: 2010-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
8599:
8600: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
8601: src/parse_args.c:
8602: Add a "noninteractive" boolean to the settings passed in to the
8603: plugin's open function that is set when the user specifies the -n
8604: flag.
8605: [68f8d9d6d4d0]
8606:
8607: * config.h.in, configure, configure.in, plugins/sudoers/env.c:
8608: Add workaround for the lack of the environ pointer on Mac OS X in
8609: dlopen()ed modules. Use of environ in the sudoers plugin should
8610: ultimately be removed but this will do for the moment.
8611: [80c61647434f]
8612:
8613: * plugins/sudoers/visudo.c:
8614: Set errorfile to the sudoers path if we set parse_error manually.
8615: This prevents a NULL dereference in printf() when checking a sudoers
8616: file in strict mode when alias errors are present.
8617: [45e249ca99f7]
8618:
8619: * plugins/sudoers/sudoers.c:
8620: Main sudo no longer print "unable to execute" on exec failure so do
8621: it here.
8622: [50aaf62b43b5]
8623:
8624: 2010-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
8625:
8626: * src/script.c:
8627: Use a pipe to pass back errno to the parent if execve() fails. If we
8628: get an error in script_child(), kill the command and exit.
8629: [dc3bf870f91b]
8630:
8631: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
8632: src/parse_args.c, src/sudo.c:
8633: Handle plugin's open function returning -2 (usage error).
8634: [aadf900c1de8]
8635:
8636: * src/script.c:
8637: If execve() fails, leave it to the plugin to print an error string.
8638: [e25748f2d5b9]
8639:
8640: * src/script.c:
8641: If execve fails in logging mode, pass the errno directly to the
8642: grandparent on the backchannel and exit. The immediate parent will
8643: get SIGCHLD and try to report that status but its parent will no
8644: longer be listening. It would probably be cleaner to pass this over
8645: a pipe in script_child().
8646: [cb122acc81a8]
8647:
8648: * plugins/sudoers/sudoers.c:
8649: Don't override rval with results of check_user() unless it failed.
8650: [46fb7e87ac7d]
8651:
8652: 2010-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
8653:
8654: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
8655: Fix typo
8656: [ccd0b693f3da]
8657:
8658: * src/parse_args.c:
8659: NULL-terminate env_add
8660: [2c534368a0c3]
8661:
8662: 2010-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
8663:
8664: * src/sudo.c:
8665: Call the I/O log open function before the I/O version function.
8666: [e88bf898990b]
8667:
8668: * plugins/sudoers/iolog.c:
8669: Remove io_conv and just use sudo_conv
8670: [a280052468eb]
8671:
8672: * plugins/sudoers/set_perms.c:
8673: Fix set/restore perms for systems w/o setresuid
8674: [4160517f6666]
8675:
8676: 2010-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
8677:
8678: * plugins/sudoers/check.c, plugins/sudoers/logging.c,
8679: plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
8680: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
8681: Primitive set/restore permissions. Will be replaced by a push/pop
8682: model.
8683: [aae102290866]
8684:
8685: * src/script.c:
8686: Only need to take action on SIGCHLD in parent if no I/O logger. If
8687: there is an I/O logger we will receive ECONNRESET or EPIPE when we
8688: try to read from the socketpair.
8689: [e1e4560401f6]
8690:
8691: 2010-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
8692:
8693: * compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in,
8694: doc/sudoers.pod, plugins/sudoers/find_path.c:
8695: Merge fb4d571495fa from the 1.7 branch to trunk.
8696: [c8fb424ad4d2]
8697:
8698: 2010-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
8699:
8700: * src/script.c:
8701: Don't set SA_RESTART when registering SIGALRM handler. Do set
8702: SA_RESTART when registering SIGWINCH handler.
8703: [173472b76525]
8704:
8705: * doc/Makefile.in:
8706: Add dev targets for *.man.in and *.cat that don't specfify the
8707: $(srcdir) prefix.
8708: [b62f425da2e4]
8709:
8710: * src/script.c:
8711: If log_input or log_output returns false, terminate the command.
8712: [074f4c0c34a0]
8713:
8714: * src/script.c:
8715: Better signal handling. Instead of using a single variable to store
8716: the received signal, use an array so we can't lose a signal when
8717: multiple are sent. Fix process termination by SIGALRM in non-I/O
8718: logger mode. Fix relaying terminal signals to the child in non-I/O
8719: logger mode.
8720: [7a4723aca99d]
8721:
8722: * src/script.c:
8723: Fix a race between when we get the child pid in the parent and when
8724: the child process exits. The problem exhibited as a hang after a
8725: short-lived process, e.g. "sudo id" when no IO logger was enabled.
8726: [80bcc0aca70b]
8727:
8728: 2010-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
8729:
8730: * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
8731: Add a note about the security implications of the fast_glob option.
8732: [c37a92ab7c93]
8733:
8734: 2010-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
8735:
8736: * config.h.in, configure, configure.in:
8737: Fix up some AC_DEFINE descriptions and regen config.h.in
8738: [f4655adc0db3]
8739:
8740: 2010-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
8741:
8742: * include/missing.h:
8743: No longer check for strdup or strndup for LIBOBJ replacement.
8744: [fdc764ee8109]
8745:
8746: * src/script.c:
8747: Avoid installing signal handlers that are io-logger specific. Fixes
8748: job control when no io logger is enabled.
8749: [0853dd0906d4]
8750:
8751: * doc/Makefile.in:
8752: Only regen man pages from pod when configured with --with-devel
8753: [ab1995f8103d]
8754:
8755: 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
8756:
8757: * Makefile, Makefile.in, configure, configure.in:
8758: Top-level Makefile.in. Nothing is currently substituted but this is
8759: needed for separate build dirs.
8760: [e80873cbd201]
8761:
8762: * compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in,
8763: plugins/sudoers/Makefile.in, src/Makefile.in:
8764: Fix out-of-tree builds
8765: [59a35bef07b8]
8766:
8767: * Merge
8768: [386b848047e9]
8769:
8770: * doc/Makefile.in:
8771: We always install sudoreplay in 1.8
8772: [ce52ba6617c9]
8773:
8774: 2010-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
8775:
8776: * compat/siglist.in:
8777: SIGPOLL is sometimes the same as SIGIO (like on HP-UX)
8778: [6d69e1b05faf]
8779:
8780: 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
8781:
8782: * configure, configure.in:
8783: No need to provide strdup() or strndup(), sudo uses estrdup() and
8784: estrndup()
8785: [57ec23b72958]
8786:
8787: 2010-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
8788:
8789: * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
8790: Free str after using it in the version method. Use sudo_conv, not
8791: io_conv since we don't have the IO conversation function pointer in
8792: the I/O version method anymore now that io_open is delayed.
8793: [f2ed132adeb0]
8794:
8795: 2010-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
8796:
8797: * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
8798: compat/siglist.in:
8799: Add license to mksiglist.c and note that the bits from pdksh are
8800: public domain
8801: [d8121a2467e8]
8802:
8803: * compat/Makefile.in:
8804: Fix LIBOBJDIR vs. srcdir wrt the siglist bits
8805: [164160148421]
8806:
8807: * plugins/sudoers/Makefile.in:
8808: Add sudoreplay testsudoers and visudo to clean target
8809: [138a17e51c0c]
8810:
8811: * compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
8812: compat/siglist.in, compat/strsignal.c, configure, configure.in,
8813: include/missing.h, src/script.c:
8814: Create our own sys_siglist for systems without it for use by
8815: strsignal()
8816: [2e5da011ebc3]
8817:
8818: * compat/Makefile.in:
8819: Remove duplicate $(LIBOBJDIR)
8820: [adf9abc9432f]
8821:
8822: 2010-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
8823:
8824: * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c:
8825: Main sudo should not block signals; the plugin should do this in
8826: check_policy.
8827: [3f3736a7c5ed]
8828:
8829: 2010-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
8830:
8831: * src/script.c:
8832: Fix a sizeof(ptr) vs. sizeof(*ptr)
8833: [aa1bcf5afcce]
8834:
8835: * src/script.c:
8836: Unlike most operating systems, HP-UX select() is not interrupted by
8837: SIGCHLD when the signal is registered with SA_RESTART. If we clear
8838: SA_RESTART when calling sigaction() for SIGCHLD we get the expected
8839: behavior and the code in the select() loops already handles EINTR
8840: correctly.
8841: [9eba0115e35a]
8842:
8843: * compat/getprogname.c:
8844: progname should be const
8845: [130228f062b7]
8846:
8847: * plugins/sudoers/Makefile.in:
8848: Move --tag=disable-static to when we link sudoers.la, not when we
8849: install.
8850: [ceb5e6c3b78b]
8851:
8852: * src/load_plugins.c:
8853: Load the sudoers I/O plugin by default too now that it is hooked up.
8854: [ea38befd0742]
8855:
8856: 2010-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
8857:
8858: * src/pty.c:
8859: It looks like AIX doesn't need to push STREAMS modules for ptys.
8860: [22da618ba0a1]
8861:
8862: 2010-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
8863:
8864: * src/parse_args.c, src/sudo.c:
8865: Delay calling the I/O plugin open function until the policy plugin
8866: returns success.
8867: [f3297c325b48]
8868:
8869: 2010-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
8870:
8871: * plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
8872: plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
8873: plugins/sudoers/sudoers.h:
8874: Add back io logging (transcript) support. Currently, the open
8875: function runs too early and it is not possible to use the io module
8876: independently of the policy module.
8877: [9bd932f66226]
8878:
8879: * plugins/sudoers/set_perms.c:
8880: Comment out dead code; will be removed when set_perms is rewritten.
8881: [af7a995284f8]
8882:
8883: 2010-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
8884:
8885: * plugins/sudoers/sudoers.c:
8886: Fix off by one error when allocating user_groups.
8887: [6281fcf9c3bb]
8888:
8889: 2010-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
8890:
8891: * configure, configure.in, plugins/sudoers/Makefile.in:
8892: Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris.
8893: [fbce3e9eda3a]
8894:
8895: * plugins/sudoers/sudoers.c:
8896: Fix typo in preserve groups case
8897: [1fd72024fb5a]
8898:
8899: * plugins/sudoers/sudoers.c:
8900: In command_info it is "runas_groups" not "groups".
8901: [5c64dce4f285]
8902:
8903: * src/sudo.c:
8904: Fix iteration over runas_groups list.
8905: [b3c45a0cd643]
8906:
8907: * configure, configure.in, plugins/sudoers/env.c,
8908: plugins/sudoers/match.c, src/script.c:
8909: Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch.
8910: [a8108a0776c2]
8911:
8912: * compat/getgrouplist.c:
8913: getgrouplist(3) for those without it
8914: [4ab4d21e3b16]
8915:
8916: * plugins/sudoers/sudoers.c:
8917: Set preserve_groups or groups list in command_info
8918: [1266119ad654]
8919:
8920: * src/sudo.c:
8921: Fix setting of groups list
8922: [e75315e40bd4]
8923:
8924: * config.h.in, configure, configure.in, include/compat.h,
8925: include/missing.h:
8926: Add checks for getgrset and getgrouplist and use replacement
8927: getgrouplist if the system doesn't support it.
8928: [a62b8ba50863]
8929:
8930: * src/parse_args.c:
8931: Pass in preserve_groups when the -P flag is specified as per the
8932: design
8933: [7420c5d15474]
8934:
8935: * plugins/sudoers/sudoers.c:
8936: Check preserve_groups and ignore_ticket args with atobool instead of
8937: assuming they are true if present.
8938: [71c905702697]
8939:
8940: 2010-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
8941:
8942: * plugins/sudoers/Makefile.in, plugins/sudoers/error.c,
8943: plugins/sudoers/plugin_error.c:
8944: Rename plugin-specific error.c to plugin_error.c Wire up visudo,
8945: sudoreplay and testsudoers in the build
8946: [9d581d5fa4d4]
8947:
8948: * src/Makefile.in, src/term.c:
8949: term.c does not needto include sudo.h
8950: [f6683cdcd2dd]
8951:
8952: * TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
8953: doc/sudo_plugin.pod:
8954: Document the -2 return in the check_policy section too
8955: [e9cb4c34bbcf]
8956:
8957: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
8958: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
8959: src/parse_args.c, src/sudo.c, src/sudo.h:
8960: Fix the -s and -i flags and add support for the "implied_shell"
8961: option. If the user does not specify a command, sudo will now pass
8962: in the path to the user's shell and set impied_shell=true. The
8963: plugin can them either check the command normally or return -2 to
8964: cause sudo to print a usage message and exit.
8965: [bf889c38f229]
8966:
8967: 2010-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
8968:
8969: * config.h.in, configure, configure.in, src/load_plugins.c:
8970: Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for
8971: Darwin where libraries end in .dylib but modules end in .so
8972: [2c56aaa38e21]
8973:
8974: * plugins/sudoers/parse.c:
8975: Better prefix determination now that we can't rely on len==0 to tell
8976: the beginning on an entry.
8977: [622bf18179e9]
8978:
8979: * plugins/sudoers/ldap.c:
8980: display_bound_defaults() stub should return 0, not 1 since it is a
8981: count, not a boolean.
8982: [0327a6c3d55d]
8983:
8984: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
8985: Document progname in settings
8986: [42031d56a2e3]
8987:
8988: * compat/getprogname.c, include/compat.h,
8989: plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
8990: src/parse_args.c, src/sudo.c:
8991: Rewrite compat/getprogname.c and add setprogname(). The progname is
8992: now passed to the plugin via the settings array.
8993: [25d8663e6006]
8994:
8995: * configure, configure.in, plugins/sudoers/Makefile.in:
8996: Fix --with-ldap
8997: [b64b633f426d]
8998:
8999: * plugins/sudoers/sudo_nss.c:
9000: Add missing whitespace for Runas and Command-specific defaults
9001: [65f4ddf5545e]
9002:
9003: * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
9004: plugins/sudoers/sudo_nss.c:
9005: Use embedded newlines in lbuf instead of multiple calls to
9006: lbuf_print.
9007: [eed3af9cc3e1]
9008:
9009: * src/lbuf.c:
9010: Add support for embedded newlines.
9011: [e11f79b18deb]
9012:
9013: 2010-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
9014:
9015: * compat/getprogname.c:
9016: If system doesn't support getprogname or __programe and we are
9017: building a shared object don't bother with Argc/Argv, just return
9018: "sudo"
9019: [aebde9062be7]
9020:
9021: * config.h.in, configure, configure.in, src/load_plugins.c:
9022: Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool
9023: appears to always install a shared object with the .so suffix.
9024: [f9bbd0c0e9d3]
9025:
9026: * compat/Makefile.in, configure, configure.in,
9027: plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
9028: src/Makefile.in:
9029: Play more nicely with libtool and let it build libreplace (was
9030: libmissing) for us.
9031: [a4c6ebb2495c]
9032:
9033: * include/missing.h:
9034: Include stdarg.h for va_list rather than requiring all consumers of
9035: missing.h to include stdarg.h themselves.
9036: [37382df948de]
9037:
9038: * include/lbuf.h, plugins/sudoers/auth/sudo_auth.c,
9039: plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c,
9040: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
9041: src/parse_args.c:
9042: Pass in output function to lbuf_init() instead of writing to stdout.
9043: A side effect is that the usage info can now go to stderr as it
9044: should.
9045: [6d261261a072]
9046:
9047: 2010-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
9048:
9049: * include/lbuf.h, plugins/sudoers/sudo_nss.c,
9050: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
9051: src/parse_args.c, src/sudo.c:
9052: Use number of tty columns that is passed in user_info instead of
9053: getting it directly in the lbuf code.
9054: [8a16635c2638]
9055:
9056: * plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
9057: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
9058: plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h,
9059: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
9060: plugins/sudoers/defaults.h, plugins/sudoers/env.c,
9061: plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
9062: plugins/sudoers/gram.c, plugins/sudoers/gram.y,
9063: plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
9064: plugins/sudoers/logging.h, plugins/sudoers/match.c,
9065: plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c,
9066: plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
9067: plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
9068: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h,
9069: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
9070: plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
9071: plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
9072: plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c,
9073: plugins/sudoers/visudo.c:
9074: Kill __P in sudoers
9075: [63601e6cb171]
9076:
9077: * config.h.in, configure, configure.in, src/load_plugins.c:
9078: Set the sudoers plugin name in configure so we get the extension
9079: right.
9080: [edad89924cd1]
9081:
9082: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9083: Document lines/cols in user_info
9084: [a808872394f3]
9085:
9086: * src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c:
9087: Add tty size to user info
9088: [23f3d27e77a7]
9089:
9090: * src/script.c:
9091: Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ
9092: [a2208dd09051]
9093:
9094: 2010-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
9095:
9096: * plugins/sudoers/sudoers.c:
9097: Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error
9098: out if we fail to lookup the user's name that is passed in
9099: [e4e3728ed482]
9100:
9101: * plugins/sudoers/error.c:
9102: Pass the error value back via siglongjmp.
9103: [667b8ad575ce]
9104:
9105: * plugins/sudoers/check.c:
9106: Use conversation function for lecture.
9107: [1ab4719f509b]
9108:
9109: * plugins/sudoers/check.c:
9110: Don't update ticket file if verify_user returns FALSE.
9111: [2bbc46a39a2b]
9112:
9113: 2010-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
9114:
9115: * plugins/sudoers/sudoers.c, src/sudo.c:
9116: Wire up invalidate and validate methods for sudoers
9117: [c0630c7bca47]
9118:
9119: * plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
9120: plugins/sudoers/sudoers.h:
9121: Add support for -k flag with a command.
9122: [edad239b098b]
9123:
9124: * src/parse_args.c:
9125: Allow -k to be specified with a command.
9126: [43a45add9974]
9127:
9128: * plugins/sudoers/sudoers.c:
9129: Wire up policy_list
9130: [27cc35699eca]
9131:
9132: * plugins/sudoers/error.c:
9133: Add newline at the end of message and space after the colon in
9134: warning message
9135: [5a591aa8e744]
9136:
9137: * plugins/sudoers/auth/sudo_auth.c:
9138: Add missing newline after pass password warning
9139: [337dba3870a7]
9140:
9141: * plugins/sudoers/sudoers.c:
9142: Set user_groups and user_ngroups based on user_info
9143: [61bee85128c8]
9144:
9145: * plugins/sudoers/error.c:
9146: Make this compile
9147: [7041c441e1c8]
9148:
9149: * plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
9150: Make _warning in error.c use the conversation function and remove
9151: commented out warning/warningx in sudoers.c.
9152: [7c9b09024b63]
9153:
9154: * plugins/sudoers/logging.c:
9155: Use siglongjmp() in log_error for fatal errors
9156: [b50e26f1c73f]
9157:
9158: * plugins/sample/Makefile.in, plugins/sudoers/Makefile.in:
9159: Quiet a libtool warning
9160: [b2331fb006bc]
9161:
9162: * Makefile:
9163: Build sudoers plugin
9164: [5cdf06e66978]
9165:
9166: * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
9167: Use warningx in yyerror() so the conversation function gets used
9168: when built as part of sudoers.
9169: [85f964215eef]
9170:
9171: 2010-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
9172:
9173: * plugins/sudoers/auth/pam.c:
9174: Rename sudo_conv to conversation to avoid a namespace conflict.
9175: [1ad359d36be9]
9176:
9177: * plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
9178: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
9179: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
9180: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
9181: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
9182: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
9183: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
9184: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
9185: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
9186: plugins/sudoers/check.c, plugins/sudoers/defaults.c,
9187: plugins/sudoers/env.c, plugins/sudoers/error.c,
9188: plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
9189: plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
9190: plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
9191: plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
9192: plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
9193: plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
9194: plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
9195: plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
9196: plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
9197: plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c,
9198: plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
9199: Initial bits of sudoers plugin; still needs work.
9200: [af2a2c59a952]
9201:
9202: * config.h.in:
9203: Add HAVE_STRDUP and HAVE_STRNDUP
9204: [50a3c0dd510f]
9205:
9206: * compat/Makefile.in, configure, configure.in:
9207: Build libmissing in two flavors (one PIC one non-PIC) and link with
9208: the appropriate one.
9209: [b62f411a4c18]
9210:
9211: * Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
9212: compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in:
9213: Build libmissing in two flavors (one PIC one non-PIC) and link with
9214: the appropriate one.
9215: [e1e04972b5fe]
9216:
9217: 2010-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
9218:
9219: * include/missing.h:
9220: Add strdup and strndup and fix strsignal
9221: [c159babe2896]
9222:
9223: 2010-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
9224:
9225: * compat/strdup.c, compat/strndup.c, configure, configure.in,
9226: plugins/sample/Makefile.in, src/Makefile.in:
9227: Add strdup and strndup to compat
9228: [25c9fd399a4d]
9229:
9230: * plugins/sample/sample_plugin.c:
9231: Need to include compat.h before missing.h
9232: [c94f7aad380f]
9233:
9234: * compat/strsignal.c:
9235: Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if
9236: it doesn't exist configure will set it to 0.
9237: [384580566389]
9238:
9239: * compat/glob.c:
9240: Fix botched ANSI C coversion of globexp2()
9241: [4a344b8cbe49]
9242:
9243: * configure, configure.in:
9244: Remove redundant getgroups check
9245: [0b16ec210c81]
9246:
9247: * configure, configure.in, src/lbuf.c, src/script.c, src/term.c:
9248: Require either termios or termio, no more sgtty.
9249: [9b2fa2f17a1c]
9250:
9251: * compat/strsignal.c, config.h.in, configure, configure.in:
9252: Change the sys_siglist check to use AC_CHECK_DECLS and also check
9253: for _sys_siglist and__sys_siglist
9254: [2e078fed2408]
9255:
9256: 2010-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
9257:
9258: * configure, configure.in, src/Makefile.in:
9259: Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now
9260: use SUDO_OBJS for the main driver as part of OBJS.
9261: [9ae4a80a5ade]
9262:
9263: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9264: Mention in the conversation function section that a newline is not
9265: implicit.
9266: [04a233b6c491]
9267:
9268: * include/compat.h:
9269: Add definition of WCOREDUMP for systems without it. This is known
9270: to work on AIX and SunOS 4, but may be incorrect on other systems
9271: that lack WCOREDUMP.
9272: [c85b3ce6b77d]
9273:
9274: 2010-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
9275:
9276: * plugins/sample/sample_plugin.c, src/conversation.c:
9277: conversation function no longer puts a newline at the end of info or
9278: error messages.
9279: [c534cae1ac4a]
9280:
9281: 2010-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
9282:
9283: * src/script.c:
9284: Use parent process group id instead of parent process id when
9285: checking foreground status and suspending parent. Fixes an issue
9286: when running commands under /usr/bin/time and others.
9287: [564f528c3bb7]
9288:
9289: 2010-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
9290:
9291: * aclocal.m4:
9292: transcript option is now --with not --enable
9293: [0646fac4cf93]
9294:
9295: * plugins/sample/sample_plugin.c:
9296: Add support to -u and -g flags Check fmt_string retval Add timeout
9297: for debugging purposes
9298: [cfefa4fa60b5]
9299:
9300: * src/script.c, src/sudo.c:
9301: Wire up SIGALRM handler Set close on exec flag for child side of the
9302: socketpair Fix signal handling when not doing I/O logging
9303: [379581ec7272]
9304:
9305: * src/sudo.c:
9306: g/c unused SIGCHLD handler
9307: [0afa03912dce]
9308:
9309: * src/fmt_string.c, src/parse_args.c, src/sudo.c:
9310: Don't use emalloc() in fmt_string(); we want to be able to use it
9311: from a plugin.
9312: [ade64d368147]
9313:
9314: * include/list.h:
9315: tq_remove not list_remove
9316: [0e0e1fd5c31c]
9317:
9318: * configure, configure.in:
9319: AUTH_OBJS should contain .lo files not .o files.
9320: [c64c82c9d5a2]
9321:
9322: 2010-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
9323:
9324: * src/parse_args.c:
9325: Simplify conversion of command line args to name=value pairs.
9326: [75ab127c6a94]
9327:
9328: * plugins/sample/sample_plugin.c:
9329: Handle NULL reply from conversation function
9330: [6ce09b6cb204]
9331:
9332: * compat/getline.c:
9333: Don't depend on emalloc/erealloc
9334: [73df09e2109f]
9335:
9336: * plugins/sample/Makefile.in:
9337: Use $(OBJS) instead of sample_plugin.lo
9338: [2d995db9aa99]
9339:
9340: * plugins/sample/sample_plugin.c:
9341: runas_user is in settings not user_info
9342: [7ee12068bc57]
9343:
9344: * src/parse_args.c:
9345: Fix a mismatch between sudo_settings and settings_pairs that causes
9346: some settings to get the wrong values.
9347: [b1bc6d81a65f]
9348:
9349: 2010-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
9350:
9351: * src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c,
9352: src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c,
9353: src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c:
9354: Convert to ANSI C
9355: [d03b6e4a3b75]
9356:
9357: * src/load_plugins.c:
9358: Fix strlcpy() return value check.
9359: [7cd66999a374]
9360:
9361: * INSTALL, configure, configure.in:
9362: No longer need to substitute in script.o and pty.o; I/O logging
9363: support is always built.
9364: [45250024c5dc]
9365:
9366: 2010-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
9367:
9368: * src/script.c:
9369: Add fallback to /bin/sh when execve() fails with ENOEXEC.
9370: [7684a15a1352]
9371:
9372: * include/alloc.h, src/alloc.c:
9373: Add estrndup()
9374: [47621c83bed9]
9375:
9376: 2010-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
9377:
9378: * src/script.c, src/sudo.c:
9379: Refactor script_execve() a bit so that it can be used in non-script
9380: mode. Needs more cleanup.
9381: [f09e022d547c]
9382:
9383: * src/sudo.c:
9384: Ignore empty entries in command_info list
9385: [1eea9a8de21c]
9386:
9387: * include/list.h, src/list.c:
9388: Add tq_remove
9389: [40908a617cb2]
9390:
9391: * src/conversation.c:
9392: Pass timeout to tgetpass()
9393: [9e66c918b771]
9394:
9395: * Makefile:
9396: Add ChangeLog target
9397: [da4a39150838]
9398:
9399: * README, WHATSNEW:
9400: Bump version and update things slightly for sudo 1.8.0
9401: [4b73cc45e2d4]
9402:
9403: * configure, configure.in:
9404: Sudo now requires an ANSI/ISO C compiler
9405: [1e51f72e6964]
9406:
9407: * src/alloc.c, src/audit.c, src/error.c, src/lbuf.c,
9408: src/sudo_noexec.c:
9409: Convert to ANSI C
9410: [5cbd315dbde8]
9411:
9412: * include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
9413: include/list.h, include/missing.h:
9414: Convert to ANSI C
9415: [3f5016ff64f4]
9416:
9417: * compat/charclass.h, compat/closefrom.c, compat/fnmatch.c,
9418: compat/fnmatch.h, compat/getcwd.c, compat/getline.c,
9419: compat/getprogname.c, compat/glob.c, compat/glob.h,
9420: compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
9421: compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
9422: compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
9423: compat/strlcpy.c, compat/strsignal.c, compat/utime.h,
9424: compat/utimes.c:
9425: Convert to ANSI C
9426: [0d635c85461c]
9427:
9428: 2010-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
9429:
9430: * src/sudo.c, src/tgetpass.c:
9431: Make user_details extern so tgetpass can get at the uid and gid. Set
9432: uid/gid to user before executing askpass program. Check environment
9433: for SUDO_ASKPASS and use that if set. TODO: a way for the policy to
9434: set the askpass program itself
9435: [d33606396176]
9436:
9437: * src/sudo.c:
9438: No longer need sudo_usage.h in sudo.c
9439: [063e2946c382]
9440:
9441: * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in,
9442: doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c,
9443: src/sudo_usage.h.in:
9444: Document -D level command line flag which maps to the debug_level
9445: setting.
9446: [61f1e2ab3ac1]
9447:
9448: * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9449: Document debug_level in plugin doc. Still need to document the -D
9450: flag in sudo itself.
9451: [8c62daea3e9b]
9452:
9453: 2010-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
9454:
9455: * plugins/sample/sample_plugin.c:
9456: include missing,h for vasprintf
9457: [92503de49b39]
9458:
9459: * doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat,
9460: doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
9461: Rename plugin.pod -> sudo_plugin.pod and wire into Makefile
9462: [14cfb4775238]
9463:
9464: * plugins/sample/sample_plugin.c:
9465: Need to include limits.h
9466: [bda7f74343d2]
9467:
9468: * compat/glob.c:
9469: No more sudo_getpw*
9470: [232e52907634]
9471:
9472: * plugins/sample/Makefile.in, src/Makefile.in:
9473: Add missing compat bits
9474: [4843dd000e08]
9475:
9476: * compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in:
9477: compat files should not include sudo.h wire up compat in sample
9478: plugin
9479: [a175b8185e0f]
9480:
9481: * Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in:
9482: Fix up compat dependencies. Fix distclean target in doc/Makefile.in
9483: [57e49bc20857]
9484:
9485: * configure, configure.in:
9486: Fix typo
9487: [333655e3d5fe]
9488:
9489: * plugins/sample/sample_plugin.c:
9490: Log input and output to temp files for proof of concept.
9491: [ae1dfc34f7d6]
9492:
9493: * Makefile, configure, configure.in, doc/Makefile.in:
9494: Add doc Makefile.in and wire it up
9495: [6a310443c87d]
9496:
9497: * src/script.c:
9498: Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with
9499: suspending a shell with the "suspend" builtint.
9500: [3d65f182819a]
9501:
9502: * src/script.c:
9503: In child, handle parent side of the pipe going away.
9504: [a29c14d78cd9]
9505:
9506: * src/script.c:
9507: No longer need to check for explicit death of the child (process #2)
9508: since if it dies we will get EPIPE from the socketpair. Fix a
9509: sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to
9510: sudo_debug.
9511: [24c55dd4ff60]
9512:
9513: * src/sudo.c:
9514: Make sudo_debug do a single vfprintf() which will result in a single
9515: write call on most systems. Avoids problems with interleaved debug
9516: printf from different processes. Also remove an extraneous error
9517: case since recv() can't return a short read and add some more XXX.
9518: [b37a8533ef1e]
9519:
9520: 2010-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
9521:
9522: * src/script.c:
9523: Fix uninitialized variable.
9524: [e012a0a30890]
9525:
9526: * src/Makefile.in:
9527: Fix sudo install target
9528: [1417fa4b4ab9]
9529:
9530: * src/parse_args.c, src/sudo.c, src/sudo.h:
9531: Wire up debug_level
9532: [144fab289c73]
9533:
9534: * src/Makefile.in:
9535: Fix dependencies
9536: [5170940af2ce]
9537:
9538: * configure, configure.in:
9539: Fix setting of plugin dir
9540: [144eda170a72]
9541:
9542: * Makefile:
9543: add clean targets
9544: [d53f6f6f5c3a]
9545:
9546: * src/atobool.c:
9547: Add missing source for sudo front end
9548: [42487de9c489]
9549:
9550: * plugins/sample/Makefile.in, plugins/sample/sample_plugin.c:
9551: Sample plugin demonstrating the sudo plugin API
9552: [f1fd62d7644f]
9553:
9554: * Makefile, configure, configure.in, install-sh, pathnames.h.in,
9555: plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c,
9556: src/fileops.c, src/fmt_string.c, src/load_plugins.c,
9557: src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h,
9558: src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c,
9559: sudo_usage.h.in:
9560: Modular sudo front-end which loads policy and I/O plugins that do
9561: most the actual work. Currently relies on dynamic loading using
9562: dlopen(). See doc/plugin.pod for the plugin API.
9563: [924f6eb2fbba]
9564:
9565: * doc/plugin.pod, include/sudo_plugin.h:
9566: Sudo plugin API
9567: [374ccbbd24ae]
9568:
9569: * compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
9570: compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c,
9571: plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
9572: plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
9573: src/fileops.c, src/sudo_edit.c:
9574: Replace emul/include.h with compat/include.h to match new source
9575: tree layout.
9576: [7eccd10449a1]
9577:
9578: * src/lbuf.c:
9579: Include missing.h for memrchr() proto
9580: [03abd63a8a33]
9581:
9582: * HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING,
9583: TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c,
9584: alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c,
9585: auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
9586: auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
9587: auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
9588: auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c,
9589: closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c,
9590: compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c,
9591: compat/getline.c, compat/getprogname.c, compat/glob.c,
9592: compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
9593: compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
9594: compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
9595: compat/strlcpy.c, compat/strsignal.c, compat/timespec.h,
9596: compat/utime.h, compat/utimes.c, def_data.c, def_data.h,
9597: def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE,
9598: doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod,
9599: doc/license.pod, doc/sample.pam, doc/sample.sudoers,
9600: doc/sample.syslog.conf, doc/schema.ActiveDirectory,
9601: doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat,
9602: doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat,
9603: doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
9604: doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod,
9605: doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
9606: doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h,
9607: emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c,
9608: error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c,
9609: getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c,
9610: gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod,
9611: include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
9612: include/list.h, include/missing.h, ins_2001.h, ins_classic.h,
9613: ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c,
9614: interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod,
9615: list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h,
9616: mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c,
9617: nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in,
9618: plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp,
9619: plugins/sudoers/alias.c, plugins/sudoers/auth/API,
9620: plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
9621: plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
9622: plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
9623: plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
9624: plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
9625: plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
9626: plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
9627: plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
9628: plugins/sudoers/boottime.c, plugins/sudoers/check.c,
9629: plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
9630: plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
9631: plugins/sudoers/defaults.h, plugins/sudoers/env.c,
9632: plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
9633: plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
9634: plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c,
9635: plugins/sudoers/gram.c, plugins/sudoers/gram.h,
9636: plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h,
9637: plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
9638: plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh,
9639: plugins/sudoers/insults.h, plugins/sudoers/interfaces.c,
9640: plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
9641: plugins/sudoers/logging.c, plugins/sudoers/logging.h,
9642: plugins/sudoers/match.c, plugins/sudoers/mkdefaults,
9643: plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h,
9644: plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
9645: plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
9646: plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
9647: plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
9648: plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers,
9649: plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
9650: plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c,
9651: plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
9652: plugins/sudoers/toke.c, plugins/sudoers/toke.l,
9653: plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c,
9654: plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h,
9655: sample.pam, sample.sudoers, sample.syslog.conf,
9656: schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c,
9657: selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c,
9658: src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h,
9659: src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c,
9660: src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c,
9661: src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c,
9662: strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
9663: sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c,
9664: sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat,
9665: sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
9666: sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif,
9667: sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod,
9668: term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
9669: tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat,
9670: visudo.man.in, visudo.pod, zero_bytes.c:
9671: Rework source layout in preparation for modular sudo.
9672: [7fc1978c6ad5]
9673:
9674: 2010-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
9675:
9676: * Avoid a duplicate fclose() of the sudoers file.
9677: [5dba851088c1]
9678:
9679: * Fix size arg when realloc()ing include stack. From Daniel Kopecek
9680: [0a2935061e33]
9681:
9682: * Use setrlimit64(), if available, instead of setrlimit() when setting
9683: AIX resource limits since rlim_t is 32bits.
9684: [353db89bac61]
9685:
9686: * Fix use after free when sending error messages. From Timo Juhani
9687: Lindfors
9688: [e50dbd902382]
9689:
9690: * ChangeLog, Makefile.in:
9691: Generate the ChangeLog as part of "make dist" instead of having it
9692: in the repo.
9693: [251b70964673]
9694:
9695: 2010-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
9696:
9697: * Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
9698: auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
9699: auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
9700: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
9701: auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
9702: closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
9703: emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
9704: fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
9705: gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
9706: ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
9707: isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
9708: logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
9709: mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
9710: pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
9711: sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
9712: sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
9713: strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
9714: sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
9715: sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
9716: sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
9717: term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
9718: utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
9719: Remove CVS $Sudo$ tags.
9720: [de683a8b31f5]
9721:
9722: 2010-01-18 convert-repo <convert-repo>
9723:
9724: * .hgtags:
9725: update tags
9726: [9b7aa44ae436]
9727:
9728: 2009-12-26 Todd C. Miller <Todd.Miller@courtesan.com>
9729:
9730: * sudo_usage.h.in:
9731: make this match sudoers SYNOPSIS
9732: [c74ba66944c2]
9733:
9734: * lbuf.c, parse.c:
9735: Print a newline between Runas and Command-specific defaults in sudo
9736: -l.
9737: [b5bdfcc9ce4b]
9738:
9739: * term.c:
9740: Use SET and CLR macros in term_raw
9741: [50ca42609d6c]
9742:
9743: * sudoreplay.c:
9744: Set stdin to non-blocking mode early instead of in check_input. Use
9745: term_raw instead of term_cbreak since the data we get has already
9746: been expanded via OPOST.
9747: [51c47e803d62]
9748:
9749: 2009-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
9750:
9751: * script.c, term.c:
9752: Enable/disable all postprocessing instead of just nl->crnl
9753: processing since things like tab expansion matter too. However, if
9754: stdout is a tty leave postprocessing on in the pty since we run into
9755: problems doing it only on the real stdout with .e.g nvi.
9756: [62666e309673]
9757:
9758: 2009-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
9759:
9760: * check.c:
9761: If tty_tickets is enabled and there is no tty, prompt for a
9762: password. Do not lecture user for "sudo -k command" if user has a
9763: timestamp.
9764: [5880200c5f6b]
9765:
9766: * INSTALL:
9767: Document missing options: --with-efence and --with-bsm-audit
9768: [d83afcdf9ff3]
9769:
9770: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
9771: sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
9772: sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
9773: visudo.man.in, visudo.pod:
9774: username -> user name groupname -> group name hostname -> host name
9775: [10c85646f45d]
9776:
9777: * INSTALL, README.LDAP, sudoers.pod:
9778: filename -> file name like the rest of the docs
9779: [1ef8ab5a9018]
9780:
9781: 2009-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
9782:
9783: * parse.c:
9784: Fix printing of entries with multiple host entries on a single line.
9785: [226ceaf91d8d]
9786:
9787: 2009-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
9788:
9789: * sudoers.pod:
9790: Mention that targetpw affects the timestamp file name.
9791: [a26e22e4f72e]
9792:
9793: * def_data.c, def_data.h, def_data.in, defaults.c, script.c,
9794: sudoers.pod:
9795: Add compress_transcript option.
9796: [6e94f8cb9dfb]
9797:
9798: 2009-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
9799:
9800: * configure, configure.in:
9801: bump to 1.7.3b2
9802: [906d7e347d15]
9803:
9804: * pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
9805: Better split of membership vs. traditional group check in
9806: user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
9807: [6ebc55d4716b]
9808:
9809: 2009-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
9810:
9811: * pwutil.c:
9812: Fix pasto and add default return value.
9813: [7973b5e4599c]
9814:
9815: * check.c, match.c, pwutil.c, sudo.h:
9816: refactor group member checking into user_in_group()
9817: [48ca8c2eddf8]
9818:
9819: * check.c, config.h.in, configure, configure.in, match.c, sudo.c,
9820: sudo.h:
9821: Add support for mbr_check_membership() as present in darwin.
9822: [5501aed02b9f]
9823:
9824: 2009-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
9825:
9826: * match.c:
9827: Rename label to be accurate
9828: [3af17dd960f7]
9829:
9830: * Makefile.in, boottime.c, check.c, config.h.in, configure,
9831: configure.in, sudo.h:
9832: Treat timestamp files from before we booted as old. Idea from and
9833: Apple patch.
9834: [5c96e484c05a]
9835:
9836: 2009-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
9837:
9838: * sudo.c, sudo.pod, sudo_usage.h.in:
9839: Allow the -u flag to be used in conjunction with the -v flag as per
9840: older versions of sudo.
9841: [591e9fc13c1a]
9842:
9843: * logging.c:
9844: fix typo in last commit
9845: [4fd0c692dcf0]
9846:
9847: 2009-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
9848:
9849: * logging.c:
9850: Convert fmt_first and fmt_confd into macros.
9851: [32e870158b29]
9852:
9853: * sudoers.pod:
9854: timeouts can be floats now
9855: [89de639a9679]
9856:
9857: * WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
9858: defaults.h, mkdefaults:
9859: Add support for floating point timeout values (e.g. 2.5 minutes).
9860: [210ffa291733]
9861:
9862: 2009-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
9863:
9864: * sudo.pod:
9865: The -L flag will be removed in sudo 1.7.4
9866: [ffd026084333]
9867:
9868: 2009-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
9869:
9870: * sudoreplay.c:
9871: Fix a bug due to order of operators.
9872: [938d34464283]
9873:
9874: 2009-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
9875:
9876: * match.c:
9877: cmnd_matches() already deals with negation so _cmndlist_matches()
9878: does not need to do so itself. Fixes a bug with negated entries in
9879: a Cmnd_List.
9880: [71c845f6ce73]
9881:
9882: 2009-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
9883:
9884: * sudo.c:
9885: Don't exit() from open_sudoers, just return NULL for all errors.
9886: [8cfa832f972a]
9887:
9888: * script.c:
9889: Can't rely on the shell sending us SIGCONT when transitioning from
9890: backgroup to foreground process.
9891: [3c6c5b6cb4b3]
9892:
9893: * toke.c, toke.l:
9894: Add missing extern def for parse_error
9895: [45b7b59d03b7]
9896:
9897: 2009-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
9898:
9899: * toke.c, toke.l:
9900: Avoid a parse error when #includedir doesn't find any files. Closes
9901: bug #375
9902: [1ce1b850e9e6]
9903:
9904: * Makefile.in:
9905: Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
9906: [6a22e32da108]
9907:
9908: 2009-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
9909:
9910: * script.c:
9911: Start command out in foreground mode if stdout is a tty. Works
9912: around issues with some curses-based programs that don't handle
9913: tcsetattr getting interrupted by a signal. Still allows us to avoid
9914: hogging the tty if the command is part of a pipeline.
9915: [1c32f2b94769]
9916:
9917: * script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
9918: Use a socketpair to pass signals from parent to child. Child will
9919: now pass command status change info back via the socketpair. This
9920: allows the parent to distinguish between signals it has been sent
9921: directly and signals the command has received. It also means the
9922: parent can once again print the signal notifications to the tty so
9923: all writes to the pty master occur in the parent. The command is
9924: now always started in background mode with tty signals handled by
9925: the parent.
9926: [c6790b82986d]
9927:
9928: 2009-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
9929:
9930: * configure, configure.in:
9931: Fix a few typos in the descriptions; from Jeff Makey Only do the
9932: check for krb5_get_init_creds_opt_free() taking two arguments if we
9933: find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
9934: positive when using our own krb5_get_init_creds_opt_free which takes
9935: only a single argument.
9936: [845a9ff6f93d]
9937:
9938: 2009-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
9939:
9940: * configure, configure.in:
9941: Remove a spurious comma in the kerb5 bits.
9942: [3433eab083db]
9943:
9944: * auth/kerb5.c:
9945: Call krb5_get_init_creds_opt_init() in our emulated
9946: krb5_get_init_creds_opt_alloc() for MIT kerberos.
9947: [7ffb40bf43e9]
9948:
9949: 2009-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
9950:
9951: * config.h.in:
9952: Add HAVE_ZLIB
9953: [9297bde61ecc]
9954:
9955: * script.c:
9956: Need to ignore SIGTT{IN,OU} in child when running the command in the
9957: background. Also some minor cleanup.
9958: [dc208d982319]
9959:
9960: 2009-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
9961:
9962: * script.c:
9963: Instead of calling sigsuspend when waiting for SIGUSR[12] from
9964: parent, install the signal handlers w/o SA_RESTART and let them
9965: interrupt waitpid().
9966: [759c7d18203b]
9967:
9968: * script.c:
9969: Pass along SIGHUP and SIGTERM from parent to child.
9970: [035b0e254568]
9971:
9972: * script.c:
9973: Close unused bits of script_fds in processes that don't need them.
9974: Restore default SIGCONT handler in child.
9975: [e037378ab0c1]
9976:
9977: * script.c:
9978: Update foreground/background status in SIGCONT handler in parent
9979: process.
9980: [3f7f91333264]
9981:
9982: 2009-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
9983:
9984: * script.c:
9985: Defer setting terminal into raw mode until just before we fork() and
9986: only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
9987: and sudo is already in the foreground be sure to set raw mode before
9988: continuing the child.
9989: [1102ef40832c]
9990:
9991: 2009-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
9992:
9993: * script.c:
9994: Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
9995: give the command the controlling tty if the main sudo process is the
9996: foreground process.
9997: [cf3a91cb5682]
9998:
9999: * script.c:
10000: Don't bother with sudo_waitpid() here for now.
10001: [9086de480c2d]
10002:
10003: * script.c:
10004: fix non-zlib case
10005: [a258bff0f9a6]
10006:
10007: 2009-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
10008:
10009: * script.c:
10010: Remove non-wroking code that crept into rev 1.55
10011: [2802dd55cff5]
10012:
10013: 2009-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
10014:
10015: * INSTALL, configure, configure.in, script.c, sudoreplay.c:
10016: First pass at zlib support for transcript data files
10017: [5d10260807da]
10018:
10019: * Makefile.in:
10020: remove vestiges of ZLDFLAGS
10021: [1fa0caf1c0fb]
10022:
10023: * script.c:
10024: Add missing variable declaration for when TIOCSCTTY is not defined.
10025: Need to include sys/termio.h for TIOCSCTTY on some systems.
10026: [ee7f41ac2709]
10027:
10028: * script.c:
10029: when resuming command, send SIGCONT to its pgrp not just pid
10030: [5cd63c1d565b]
10031:
10032: * selinux.c:
10033: remove unused variable
10034: [df67df4be228]
10035:
10036: * script.c:
10037: include selinux.h for is_selinux_enabled() proto
10038: [85ebaa880cc1]
10039:
10040: * script.c:
10041: Don't use log_error() in the child process.
10042: [def65fe2a433]
10043:
10044: * script.c:
10045: Do I/O in parent instead of child since the parent can have both
10046: /dev/tty as well as the pty fds open. The child just sets things up
10047: and waits for its grandchild and writes the signal description to
10048: the pty master if the command was killed by a signal.
10049: [95e473208982]
10050:
10051: 2009-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
10052:
10053: * missing.h, sudo.h:
10054: Move two struct forward declarations from sudo.h to missing.h
10055: [90ad28294a8c]
10056:
10057: * script.c:
10058: Make comment at the top of script_exec() match reality.
10059: [c5042d27dbe0]
10060:
10061: * sudo.c:
10062: if neither stdin nor stdout is a tty, check stderr
10063: [c532ff20c8d8]
10064:
10065: * Makefile.in:
10066: Add back dependecy of gram.h on gram.y
10067: [c58382b7fcca]
10068:
10069: * script.c:
10070: Make transcript mode work as long as we can figure out our tty, even
10071: if it is not stdin. We'd like to use /dev/tty but that won't be
10072: valid after the setsid().
10073: [7b8bba8d99e7]
10074:
10075: 2009-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
10076:
10077: * config.h.in, configure, configure.in, pty.c:
10078: Add support for IRIX-style dynamic ptys
10079: [bedc9bac44c1]
10080:
10081: * Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
10082: Move alloc.c protos into alloc.h
10083: [b6a90649617d]
10084:
10085: * missing.h:
10086: Move prototypes for missing libc functions to missing.h
10087: [dda9ae1ccaf8]
10088:
10089: * Makefile.in, sudo.h, sudoreplay.c:
10090: Move prototypes for missing libc functions to missing.h
10091: [7483166b577b]
10092:
10093: 2009-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
10094:
10095: * config.h.in, configure, configure.in:
10096: Disable transcript support if no tcsetpgrp until we support older
10097: BSD-style job control.
10098: [27ac1d8163df]
10099:
10100: * configure, configure.in, pty.c, script.c:
10101: Break out pty code into pty.c
10102: [e85509b25d41]
10103:
10104: * compat.h, config.h.in, configure, configure.in:
10105: add killpg macro if no killpg function
10106: [3a125f4a51f0]
10107:
10108: * config.h.in, configure, configure.in, script.c:
10109: Push ptem and ldterm for STERAMS-based systems when allocating a
10110: pty.
10111: [36bb39b30ff2]
10112:
10113: 2009-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
10114:
10115: * script.c:
10116: Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
10117: [d94bd5c9bf4e]
10118:
10119: * script.c:
10120: Call tcgetpgrp() in the parent, not the child and have the child
10121: spin until it is granted. Fixes a race on darwin.
10122: [6e8d435339ce]
10123:
10124: * script.c:
10125: Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
10126: reopen slave.
10127: [0bdc63c019ca]
10128:
10129: 2009-10-14 Todd C. Miller <Todd.Miller@courtesan.com>
10130:
10131: * script.c:
10132: In script mode, if the command is killed by a signal, print the
10133: signal description as well as a core dump notification like the
10134: shell does.
10135: [9df61738df07]
10136:
10137: * Makefile.in, config.h.in, configure, configure.in, strsignal.c,
10138: sudo.h:
10139: Add check for strsignal() and a simple implementation if it is not
10140: there but sys_siglist is
10141: [61421a188ef4]
10142:
10143: * script.c:
10144: Add missing WUNTRACED and store the signal that stopped the
10145: grandchild in suspended, not signo.
10146: [df65042b200e]
10147:
10148: * script.c:
10149: g/c unused code
10150: [40d8cb5c9203]
10151:
10152: * script.c:
10153: Associate the grandchild's pgrp with the tty instead of the child's
10154: and just get suspend notifications via SIGCHLD instead of directly.
10155: This fixes a hang with programs that try to set terminal attributes
10156: and is more consistent with how the shell handles things.
10157: [6865abff7e94]
10158:
10159: 2009-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
10160:
10161: * script.c:
10162: Move setpgid() of child into the parent side of the fork() where it
10163: belongs.
10164: [3defa782777c]
10165:
10166: 2009-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
10167:
10168: * script.c:
10169: fix typo
10170: [b6a612b3622c]
10171:
10172: * script.c:
10173: Run command in its own pgrp (like the shell does) for easier
10174: signalling. No need to relay SIGINT or SIGQUIT to parent, just send
10175: to grandchild. Don't want grandchild stopped events in the child
10176: (only termination). Flush output after suspending grandchild before
10177: signalling parent.
10178: [db556bf2176f]
10179:
10180: * script.c:
10181: Back out revision 1.34; the problem lies elsewhere.
10182: [85f590a03275]
10183:
10184: * script.c:
10185: Don't set stdout to blocking mode when flushing remaining output.
10186: It can cause us to hang when trying to exit. Need to investigate
10187: why.
10188: [6f803a3e33ca]
10189:
10190: * script.c:
10191: Handle SIGTTOU and remove some debugging.
10192: [52d17279053e]
10193:
10194: * term.c:
10195: Back out revision 1.10 as the signal that interrupts us may be
10196: SIGTTOU or SIGTTIN which the caller must handle.
10197: [7e2fa9107975]
10198:
10199: * script.c:
10200: Apparently we need to send SIGSTOP to the command as well as ourself
10201: when we get SIGTSTP, the kernel doesn't automatically stop the
10202: process for us.
10203: [1a936e9309c4]
10204:
10205: * script.c:
10206: Use an extra process to act as the glue bewteen the sessions
10207: associated with the user's controlling tty (what the shell uses) and
10208: the tty that sudo is using to do its logging. Basically, this means
10209: that if we get, e.g. SIGTSTP from the process sudo is running, we
10210: relay the signal to the parent so it's shell can do the job control.
10211: [6dd296988060]
10212:
10213: * term.c:
10214: Handle getting/setting terminal attributes when the fd is in non-
10215: blocking mode.
10216: [ae5ae535ea7b]
10217:
10218: 2009-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
10219:
10220: * sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
10221: Add support for pausing and changing the speed in interactive mode.
10222: [72a2063780a7]
10223:
10224: * script.c:
10225: Already define O_NOCTTY in compat.h, don't need it here
10226: [b5d80ed3e5ce]
10227:
10228: 2009-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
10229:
10230: * sudoreplay.c:
10231: Add missing protos
10232: [c4cb4e7f4d8a]
10233:
10234: 2009-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
10235:
10236: * sudo_edit.c:
10237: Always update the stashed mtime of the temp file instead of using
10238: what we have for the original because the time resolution of the
10239: filesystem the temporary is on may not match that of the filesystem
10240: that holds the original. Should fix bz #371 found by Philippe Levan.
10241: [c86ca4bec60c]
10242:
10243: * sudoreplay.c:
10244: Use cbreak mode instead of raw mode and add signal handlers to
10245: restore the tty on interrupt.
10246: [84dd283da41c]
10247:
10248: * script.c, sudo.h, term.c:
10249: Retain NL to NLCR conversion on the real tty and skip it on the pty
10250: we allocate. That way, if stdout is not a pty there are no extra
10251: carriage returns.
10252: [32e4f570414e]
10253:
10254: * script.c:
10255: Fix log_output(); just pass in a string and a length.
10256: [ca980cc0a3fb]
10257:
10258: 2009-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
10259:
10260: * script.c:
10261: do not use errno when complaining out lack of a tty
10262: [8f9b8c55ab8e]
10263:
10264: 2009-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
10265:
10266: * Makefile.in, sudoreplay.c, term.c:
10267: Instead of messing with line endings, just set terminal to raw mode
10268: in sudoreplay.
10269: [90943fa87acb]
10270:
10271: * term.c:
10272: When copying the terminal attributes to the pty, be sure not to set
10273: ONLCR. This prevents extra carriage returns from ending up in the
10274: script output file.
10275: [e6b5475ac2aa]
10276:
10277: * script.c:
10278: Convert a do {} while into a while
10279: [e461310d2c77]
10280:
10281: * Makefile.in:
10282: Use if then instead of test && when installing binaries that may not
10283: exist.
10284: [ad4f9490d971]
10285:
10286: * script.c:
10287: Add O_NOCTTY when opening a tty device. Explicitly disconnect from
10288: old tty before associatng with new one.
10289: [0e0ca634b80c]
10290:
10291: * script.c, selinux.c, sudo.c, sudo.h:
10292: First cut at refactoring some of the selinux code so it can be used
10293: in conjunction with sudo's transcript support.
10294: [779b0d8f9d29]
10295:
10296: 2009-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
10297:
10298: * aclocal.m4, configure, configure.in:
10299: Fix default case of transcript_enabled being unset.
10300: [f8aa96186e6b]
10301:
10302: * script.c, sudoreplay.c:
10303: Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
10304: [2844a7a851fa]
10305:
10306: * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
10307: Hook up --disable-transcript and --enable-transcript=DIR
10308: [b3fa7e6b2480]
10309:
10310: 2009-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
10311:
10312: * aclocal.m4, configure, configure.in, pathnames.h.in:
10313: _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
10314: transcript=DIR option to specify the directory
10315: [b0bb76d43cda]
10316:
10317: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
10318: regen
10319: [c7a8a0a9027c]
10320:
10321: * configure, configure.in, sudoers.man.pl, sudoers.pod:
10322: Substitute in default value for secure_path
10323: [c8f9ac6dbf93]
10324:
10325: * sudo.pod:
10326: Mention that the password must be followed by a newline with the -S
10327: option.
10328: [2fc589a3ee7e]
10329:
10330: 2009-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
10331:
10332: * script.c:
10333: Go back to dropping out of the select() loop when the process dies;
10334: Linux ptys apparently don't behave the same as BSD in regards to
10335: select(). No need to flush remaining output to the transcript, only
10336: to stdout. Add back code to check the master pty for additional data
10337: when we exit the main select loop.
10338: [abed9a9cbc6b]
10339:
10340: 2009-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
10341:
10342: * Makefile.in:
10343: Add getline.o to COMMON_OBJS
10344: [04ef7643cbc2]
10345:
10346: * Makefile.in:
10347: sudoreplay depends on libsudo.a
10348: [142bd0472631]
10349:
10350: * Makefile.in:
10351: More pwutil.o into COMMON_OBJS
10352: [4a016b933629]
10353:
10354: * pwutil.c, testsudoers.c, tsgetgrpw.c:
10355: Remove my_* redirection in pwutil.c for testsudoers and just use the
10356: normal libc get{pw,gr}* names.
10357: [9b76d637d86b]
10358:
10359: * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
10360: More time and date examples
10361: [c6ee0175ec56]
10362:
10363: * Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
10364: Move nanosleep() emulation into its own file Check librt.a for
10365: nanosleep if we don't find it in libc
10366: [4da0cc26aad7]
10367:
10368: * Makefile.in, configure, configure.in:
10369: Build libsudo with the common bits and link things against that.
10370: [2b53bc0b081a]
10371:
10372: * script.c:
10373: Fix final flush.
10374: [6da287d833da]
10375:
10376: * script.c:
10377: Keep reading from the pty master -> log file until read returns <=
10378: 0. Do our best to write everything to stdout when flushing any
10379: remaining bits.
10380: [2a45d4ae280c]
10381:
10382: * sudoreplay.c:
10383: Use unbuffered I/O when writing to stdout and make sure we write the
10384: entire buffer.
10385: [f39ef9844a47]
10386:
10387: 2009-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
10388:
10389: * sudoreplay.c:
10390: Only use max_wait if it is non-zero
10391: [f6c10604d2e8]
10392:
10393: * getdate.c, getdate.y, getline.c:
10394: Need compat.h here
10395: [5d6722e225a0]
10396:
10397: * sudoreplay.c:
10398: Fix nanosleep emulation
10399: [34e5e5d72a76]
10400:
10401: * script.c:
10402: Fix comment after #endif
10403: [bd1347718b25]
10404:
10405: * sudoreplay.c:
10406: Add protos for missing libc bits
10407: [644f496427a2]
10408:
10409: * configure, configure.in:
10410: add missing line continuation char
10411: [db13c0d402cd]
10412:
10413: * config.h.in, configure, configure.in, getline.c:
10414: Implement getline() in terms of fgetln() if we have it.
10415: [3ab786eaadc5]
10416:
10417: * sudoreplay.c:
10418: Print year when formatting log line
10419: [90be669e3443]
10420:
10421: * sudoreplay.pod:
10422: Document cwd, attempt to document time/date formats.
10423: [6290fb9b65c6]
10424:
10425: * sudoreplay.c:
10426: Fix getline return value check.
10427: [d696d6657261]
10428:
10429: * Makefile.in, config.h.in, configure, configure.in, getline.c,
10430: sudoreplay.c:
10431: Use getline() if the system has it, else use provide our own for
10432: sudoreplay.
10433: [afca1d6fbe5e]
10434:
10435: * script.c:
10436: Refactor code to update output and timing files.
10437: [361491332b1a]
10438:
10439: 2009-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
10440:
10441: * sudoreplay.c:
10442: Make sudo_getln() behave more like glibc getline.
10443: [40c9f2ea29e6]
10444:
10445: * script.c:
10446: When flushing remaining output, also update timing file.
10447: [5a9a5a627549]
10448:
10449: * sudoreplay.c:
10450: Use get_timestr() and make the -l output look like the regular sudo
10451: log.
10452: [452ba9d436c9]
10453:
10454: * logging.c, sudo.h, timestr.c:
10455: Make get_timestr() take a time_t so we can use it properly in
10456: sudoreplay.
10457: [82e67cc53c9c]
10458:
10459: * script.c:
10460: Create session dir earlier now that we update the seq number early.
10461: [797fe8d6dc61]
10462:
10463: 2009-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
10464:
10465: * sudoreplay.c:
10466: Use fromdate and todate as the keywords instead of from and to; the
10467: short forms will still be accepted.
10468: [d14d9b116df4]
10469:
10470: * sudoreplay.c:
10471: Fix reading long liensin sudo_getln()
10472: [58dadd74118c]
10473:
10474: * script.c, sudoreplay.c:
10475: Log the cwd in the script log file. Add sudo_getln() to read
10476: arbitrarily long lines.
10477: [faceb802ab8f]
10478:
10479: * Makefile.in, logging.c, sudo.h, timestr.c:
10480: Move get_timestr() into its own source file so sudoreplay can use
10481: it.
10482: [99b054bfa20a]
10483:
10484: 2009-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
10485:
10486: * sudoreplay.c:
10487: Add to and from perdicates (date ranges); needs documentation
10488: [1d629174dcf4]
10489:
10490: 2009-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
10491:
10492: * Makefile.in, getdate.c, getdate.y:
10493: Fix warning and add generated getdate.c
10494: [b877a86b5a03]
10495:
10496: * Makefile.in, getdate.y:
10497: Add getdate.y to be used for sudoreplay date parsing.
10498: [b8e26fbb7a40]
10499:
10500: 2009-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
10501:
10502: * sudoreplay.c:
10503: Check more than just the first character of a predicate
10504: [4fe53728adb1]
10505:
10506: * sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
10507: Add examples, sort predicates
10508: [70f8075cbccc]
10509:
10510: * Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
10511: sudoreplay.pod:
10512: Implement search expressions in sudoreplay similar in concept to
10513: what find or tcpdump uses. TODO: date ranges
10514: [f7ce4fb4cf3a]
10515:
10516: 2009-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
10517:
10518: * script.c:
10519: Remove vhangup as it was hanging up the wrong tty. Should really
10520: vhangup in the child after it as set its tty.
10521: [2eed9df73010]
10522:
10523: * sudoers.pod:
10524: Fix cut at documenting transcript support.
10525: [e6c533a5568a]
10526:
10527: * logging.c:
10528: ID= -> TSID= for transcript ID
10529: [1bf755a35333]
10530:
10531: 2009-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
10532:
10533: * sudoers.pod:
10534: Move fast_glob description to where it belongs in sorted order
10535: [5901cfb0d25f]
10536:
10537: * def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
10538: parse.c, parse.h, sudo.c:
10539: Rename script -> transcript
10540: [e06cf823122c]
10541:
10542: 2009-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
10543:
10544: * compat.h:
10545: Add timeradd and timersub for those without them
10546: [929f8aa06c2b]
10547:
10548: * script.c:
10549: Sanity check sessid before using it.
10550: [aa8ca5211d43]
10551:
10552: * sudo.c:
10553: Only set the session id if we are running a command or editing a
10554: file.
10555: [7205d717c098]
10556:
10557: * script.c:
10558: Actually. qsort is fine since most versions fal back to a cheaper
10559: sort when the number of elements to sort is small (like in our
10560: case).
10561: [d11c7cd352fe]
10562:
10563: * config.h.in, configure, configure.in, script.c:
10564: Check for dup2 and use dup instead if we don't have it.
10565: [98bd89830f8a]
10566:
10567: * script.c, sudo.c, sudo.h:
10568: Move the code to dup2 the script fds to low numbered descriptors
10569: into script_duplow() and fix the fd sorting.
10570: [9453fdc5fba6]
10571:
10572: * script.c, sudo.c, sudo.h:
10573: Move script_setup() back to immediately before we drop privs and
10574: call the new script_nextid() in its place, which will set
10575: sudo_user.sessid for the logging functions.
10576: [8434d0c8ff08]
10577:
10578: 2009-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
10579:
10580: * Makefile.in:
10581: Install sudoreplay
10582: [6acf2cdb4d3f]
10583:
10584: * sudoreplay.c:
10585: remove unused variable
10586: [2316360bb992]
10587:
10588: 2009-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
10589:
10590: * logging.c, script.c, sudo.c, sudo.h:
10591: Log the session ID, if there is one. Currently logs ID=XXXXXX,
10592: perhaps should be SESSIONID or SESSID.
10593: [53976905b0a6]
10594:
10595: * Makefile.in, configure, configure.in, sudoreplay.cat,
10596: sudoreplay.man.in, sudoreplay.pod:
10597: Add sudoreplay docs
10598: [da4f14f0e64c]
10599:
10600: * sudoreplay.c:
10601: add -V (version) flag
10602: [b5e743639ee3]
10603:
10604: * sudoreplay.c:
10605: Hook up max_wait.
10606: [2ec5697a92ba]
10607:
10608: * script.c, sudoreplay.c:
10609: Use base36 number for the ID and store script files with paths like
10610: /var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
10611: (2,176,782,336) unique IDs.
10612: [6aab019d07aa]
10613:
10614: 2009-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
10615:
10616: * config.h.in, configure.in:
10617: Add check for regcomp
10618: [44c3ebd7ff34]
10619:
10620: * sudoreplay.c:
10621: Add support for selecting by pattern and tty when listing.
10622: [66189f840c52]
10623:
10624: 2009-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
10625:
10626: * sudoreplay.c:
10627: The beginnings of a list mode.
10628: [8d0150b4a52c]
10629:
10630: 2009-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
10631:
10632: * Makefile.in:
10633: fix pasto
10634: [616b4640b8a8]
10635:
10636: * Makefile.in, config.h.in, configure.in:
10637: Add scaffolding for building sudoreplay
10638: [a32958505dbe]
10639:
10640: * sudoreplay.c:
10641: include error.h first arg to nanotime is const
10642: [fe5a7bb31bc5]
10643:
10644: * sudoreplay.c:
10645: Initial cut at sudoreplay; replay a sudo session.
10646: [f149fba372bd]
10647:
10648: 2009-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
10649:
10650: * script.c:
10651: Fix wait() usage and use correct wait status.
10652: [f4745ed7ad05]
10653:
10654: * sudo.c, sudo.h, tgetpass.c:
10655: Add protos for term_* to sudo.h
10656: [14fe1abd7e7b]
10657:
10658: * script.c:
10659: Fix detection of the child process exiting. Since the child is in
10660: its own session we should only ever get SIGCHLD for that process but
10661: better safe than sorry.
10662: [7edfdadd8505]
10663:
10664: * config.h.in:
10665: Add UNIX98 pty support.
10666: [82f4b53a0e8f]
10667:
10668: * configure, configure.in, script.c:
10669: Add UNIX98 pty support.
10670: [795b8bb0a3a1]
10671:
10672: 2009-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
10673:
10674: * term.c:
10675: For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
10676: if it is defined.
10677: [40f8b83baf69]
10678:
10679: * auth/pam.c:
10680: Set PAM_RUSER and PAM_RHOST early so they can be used during
10681: authentication. Based on a patch from Jamie Beverly.
10682: [3d567b453a6a]
10683:
10684: * match.c:
10685: Close dir before returning if strlcpy() reports overflow. From
10686: Martynas Venckus.
10687: [6a82f96473e5]
10688:
10689: * config.h.in, configure, configure.in, script.c:
10690: On Linux, the openpty proto libes in pty.h
10691: [98643a018d1c]
10692:
10693: * script.c:
10694: Call vhangup on exit if the system has it Use setpgrp() if no
10695: setsid()
10696: [3a9e13149829]
10697:
10698: 2009-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
10699:
10700: * config.h.in, configure, configure.in:
10701: Add checks for revoke and vhangup if we don't have openpty
10702: [fcb04572e994]
10703:
10704: * script.c:
10705: Session logging guts that got forgotten in the previous commit.
10706: [c2af08a63ea9]
10707:
10708: * Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
10709: configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
10710: gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
10711: tgetpass.c:
10712: First cut at session logging for sudo. Still need to write
10713: get_pty() for Unix 98 and old-style BSD ptys. Also needs
10714: documentation and general cleanup.
10715: [77e3f5e25738]
10716:
10717: 2009-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
10718:
10719: * sudo.c, sudo_edit.c:
10720: Fix a bug introduced with def_closefrom. The value of def_closefrom
10721: already includes the +1.
10722: [7291c136300d]
10723:
10724: 2009-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
10725:
10726: * Makefile.in:
10727: Generate sudo distributions with pax in ustar mode. No longer need
10728: to use a temp file or have the source dir name match the version.
10729: [9778177a8272]
10730:
10731: 2009-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
10732:
10733: * toke.c, toke.l:
10734: Fix expansion of %h in #include names. Fixes bugzilla 363
10735: [6e346879ba24]
10736:
10737: 2009-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
10738:
10739: * mkdefaults:
10740: If no arg assume def_data.in
10741: [c1dd28c0e675]
10742:
10743: * README, WHATSNEW:
10744: Update for 1.7.2
10745: [f5ad45f69f05] [SUDO_1_7_2]
10746:
10747: * ChangeLog:
10748: sync
10749: [6283549396ff]
10750:
10751: 2009-06-30 Todd C. Miller <Todd.Miller@courtesan.com>
10752:
10753: * sudoers.cat, sudoers.man.in, sudoers.pod:
10754: Add missing single quotes around a colon in Runas_Spec definition.
10755: From Elias Benali.
10756: [ccc6ee4fca83]
10757:
10758: 2009-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
10759:
10760: * sudo.man.in, sudoers.man.in:
10761: regen
10762: [546e75304ebf]
10763:
10764: * redblack.c:
10765: In rbrepair, re-color the root or the first non-block node we find
10766: to be black. Re-coloring the root is probably not needed but won't
10767: hurt.
10768: [34d01ebe241b]
10769:
10770: * sudo.cat, sudoers.cat:
10771: regen
10772: [bebf5a39f54f]
10773:
10774: 2009-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
10775:
10776: * redblack.c:
10777: When repairing the tree, don't touch the root node.
10778: [9841f0d5d789]
10779:
10780: 2009-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
10781:
10782: * set_perms.c:
10783: Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
10784: Reported by Josef Schmid.
10785: [ed044b1eb879]
10786:
10787: 2009-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
10788:
10789: * sudoers.pod:
10790: Document that we accept env_pam-style environment files
10791: [e3b545456352]
10792:
10793: * env.c:
10794: Adapt to accept pam_env-style /etc/environment which allows shell-
10795: style lines such as: export EDITOR="/usr/bin/vi"
10796: [752eb75bf007]
10797:
10798: * sudoers.pod:
10799: Make it clear that env_delete only works when !env_reset. From Lo??c
10800: Minier
10801: [3bd3f8e351ba]
10802:
10803: 2009-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
10804:
10805: * sudo.pod, sudoers.pod:
10806: Add non-unix group bits, adapted from Quest
10807: [8ce427de8dea]
10808:
10809: * Makefile.in:
10810: build the .cat page in the current working dir, not the src dir
10811: [00e87a307674]
10812:
10813: * env.c:
10814: Return EINVAL in setenv() if var is NULL or the empty string to
10815: match glibc behavior.
10816: [23fd7c247142]
10817:
10818: 2009-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
10819:
10820: * configure, configure.in:
10821: Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
10822: [fedd4a3e2a85]
10823:
10824: 2009-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
10825:
10826: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
10827: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
10828: regen
10829: [7b9f461a40b3]
10830:
10831: 2009-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
10832:
10833: * INSTALL:
10834: Document --with-libvas and --with-libvas-rpath
10835: [a071e6d96c89]
10836:
10837: 2009-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
10838:
10839: * ldap.c, sudoers.ldap.pod:
10840: For netscape-derived LDAP SDKs the cert and key paths may be a
10841: directory or a file. However, version 5.0 of the SDK only seems to
10842: support using a directory. If ldapssl_clientauth_init fails and the
10843: cert or key paths look like they could be files, strip off the last
10844: path element and try again.
10845: [ac4e49d83043]
10846:
10847: * Makefile.in:
10848: Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
10849: [4547cc1a335f]
10850:
10851: 2009-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
10852:
10853: * configure, configure.in, match.c, sudo.c, vasgroups.c:
10854: Update non-Unix group support from Quest, as reworked by me.
10855: [1abafce29dc6]
10856:
10857: * toke.c:
10858: regen
10859: [01bfca9148b7]
10860:
10861: * toke.l:
10862: Add support for escaped hex chars in names, e.g. \x20 for space.
10863: [3c7be8e58a39]
10864:
10865: 2009-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
10866:
10867: * LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
10868: auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
10869: fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
10870: logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
10871: set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
10872: sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
10873: tgetpass.c, toke.l, visudo.c:
10874: Update copyright years.
10875: [e615f676c764]
10876:
10877: 2009-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
10878:
10879: * interfaces.c, lbuf.c:
10880: Minor fixes for Minix-3
10881: [898c510d23f9]
10882:
10883: 2009-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
10884:
10885: * set_perms.c:
10886: Handle getgroups() returning 0. Also add missing check for
10887: HAVE_GETGROUPS.
10888: [d73b958f9ffd]
10889:
10890: 2009-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
10891:
10892: * Makefile.in, config.h.in, configure, configure.in, sudo.c,
10893: version.h, visudo.c:
10894: Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
10895: [5050579a264d]
10896:
10897: 2009-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
10898:
10899: * set_perms.c:
10900: Remove group setting code in setusercontext case, we will do it
10901: ourselves later on in runas_setup. Set the gid after
10902: initgroups/setgroups is called, since on Mac OS X it seems to change
10903: the egid.
10904: [09dc21d8b42d]
10905:
10906: 2009-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
10907:
10908: * LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
10909: vasgroups.c:
10910: Initial bits of non-unix group support using Quest Authentication
10911: Services
10912: [1eecab0ff27e]
10913:
10914: * toke.c, toke.l:
10915: Accept %:foo as a non-Unix group
10916: [4c4b5dd899a6]
10917:
10918: * toke.c, toke.l:
10919: Allow user/group to be double quoted in the case of non-Unix groups
10920: which contain spaces.
10921: [47a3d568b7e8]
10922:
10923: 2009-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
10924:
10925: * match.c:
10926: Don't allow the user to specify the default runas user if their
10927: sudoers entry only allows them to run as a group.
10928: [4d726177227c]
10929:
10930: 2009-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
10931:
10932: * sudo.c:
10933: Must call audit_success before we change uids.
10934: [04a9e6ce6e55]
10935:
10936: * logging.c, set_perms.c, sudo.h, testsudoers.c:
10937: Add option for set_perm to not exit on failure and use this in the
10938: logging routines.
10939: [833dce7b7f42]
10940:
10941: * parse.c:
10942: In -l mode, if the user is only allowed to run as a group, display
10943: the user's name, not root's before the allowed group.
10944: [ef92ff99d265]
10945:
10946: * sudo.c:
10947: Fix -g mode, broken by rev 1.503 which had the side effect of
10948: setting the runas user to root unilaterally.
10949: [50a2f7df4385]
10950:
10951: 2009-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
10952:
10953: * fileops.c:
10954: When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
10955: [30fbe832dcf3]
10956:
10957: * pwutil.c:
10958: Only cache by the method we fetched for pwd and grp lookups.
10959: Previously we cached both by namd and id but this can cause problems
10960: for entries that share the same id. Also add more info in the error
10961: message in case the insert fails (which should now be impossible).
10962: [ef95a4f0bab5]
10963:
10964: 2009-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
10965:
10966: * sudoers.pod:
10967: Add a clarification from Nick Sieger
10968: [1eadad329561]
10969:
10970: 2009-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
10971:
10972: * env.c:
10973: Inline the setting of the environment string.
10974: [9515d11c6295]
10975:
10976: 2009-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
10977:
10978: * env.c:
10979: setenv(3) in Linux treats a NUL value as the empty string setenv(3)
10980: in BSD doesn't return an error if the name has '=' in it, it just
10981: treats the '=' as end of string.
10982: [941260bf94d2]
10983:
10984: 2009-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
10985:
10986: * toke.c, toke.l:
10987: Not all systems have d_namlen
10988: [e377b18d8e2d]
10989:
10990: 2009-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
10991:
10992: * sudoers.pod:
10993: Fix up some pod2html issues.
10994: [823a1f10ab60]
10995:
10996: 2009-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
10997:
10998: * interfaces.c:
10999: Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
11000: Quest Software.
11001: [73de36653131]
11002:
11003: * sudoers.pod:
11004: Ignore files ending in '~' in sudo.d (emacs backup files)
11005: [7871fad702db]
11006:
11007: * toke.c, toke.l:
11008: Ignore files ending in '~' in sudo.d (emacs backup files)
11009: [53fded2a469f]
11010:
11011: 2009-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
11012:
11013: * sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
11014: For #includedir, ignore any file containing a dot
11015: [a7daa1bce6c2]
11016:
11017: * Makefile.in, version.h:
11018: Bump version
11019: [ef60f14ffc44]
11020:
11021: * gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
11022: sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
11023: visudo.c:
11024: Implement #includedir directive. Files in an includedir are not
11025: edited by visudo unless they contain a syntax error.
11026: [3923d85a6c79]
11027:
11028: * ChangeLog:
11029: sync
11030: [8741ed61a78b] [SUDO_1_7_1]
11031:
11032: * WHATSNEW:
11033: Forgot umask_override
11034: [7c86a21a5504]
11035:
11036: * ChangeLog, TODO:
11037: sync
11038: [57339ca6bccf]
11039:
11040: 2009-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
11041:
11042: * visudo.c:
11043: Rewind stream if we fdopen sudoers since it may not be at the
11044: beginning. Set the keepopen flag on already-open files too so the
11045: lexer doesn't close them out from under us.
11046: [61292d819aff]
11047:
11048: * visudo.c:
11049: Print the proper file name when there is a parse error in an include
11050: file.
11051: [b0e85d4aedde]
11052:
11053: 2009-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
11054:
11055: * WHATSNEW:
11056: Sync
11057: [997e5d485ea3]
11058:
11059: 2009-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
11060:
11061: * configure, configure.in:
11062: Fix a warning when --without-ldap is specified.
11063: [d91fd9481b30]
11064:
11065: 2009-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
11066:
11067: * alias.c, parse.h, visudo.c:
11068: Store aliases that we remove during check_aliases in a freelist and
11069: free them at the end so we don't leak memory.
11070: [805e2272f6a3]
11071:
11072: 2009-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
11073:
11074: * visudo.c:
11075: Check aliases in -c mode too.
11076: [9199e188d9f2]
11077:
11078: * alias.c, parse.h, visudo.c:
11079: Make alias_remove return the alias struct instead of freeing it
11080: directly. Fixes a use after free in alias_remove_recursive, the only
11081: consumer.
11082: [a04b61804800]
11083:
11084: * alias.c, match.c, parse.c, parse.h, visudo.c:
11085: Rename find_alias -> alias_find for consistency.
11086: [48b0a82924f3]
11087:
11088: 2009-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
11089:
11090: * visudo.c:
11091: When checking for unused aliases, recurse if the alias points to
11092: another alias.
11093: [2d4d1a7f3a41]
11094:
11095: 2009-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
11096:
11097: * ldap.c:
11098: Back out rev 1.105 for now. Real ldapux_client.conf support will be
11099: done later after some refactoring.
11100: [8ad72e69b277]
11101:
11102: 2009-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
11103:
11104: * ldap.c:
11105: Treat ldap_hostport the same as "host" for ldapux.
11106: [3281dcc66da8]
11107:
11108: * configure, configure.in:
11109: Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
11110: Fixes compilation with ldapux.
11111: [ca1ed585ef0e]
11112:
11113: 2009-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
11114:
11115: * fileops.c:
11116: fix char subscript
11117: [41e51f080d00]
11118:
11119: 2009-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
11120:
11121: * Makefile.in:
11122: remove errant carriage returns
11123: [e9e258a31c7b]
11124:
11125: * audit.c, env.c:
11126: fix K&R compilation
11127: [d182e8920f13]
11128:
11129: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
11130: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
11131: regen
11132: [791a5cbf04e5]
11133:
11134: 2009-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
11135:
11136: * config.h.in:
11137: Add missing HAVE_BSM_AUDIT
11138: [49ad1bb96f04]
11139:
11140: * WHATSNEW:
11141: Add 1.7.1 features
11142: [f107f1604c61]
11143:
11144: * INSTALL:
11145: Mention --with-netsvc
11146: [d1e90d147795]
11147:
11148: * sudoers.ldap.pod:
11149: Document netsvc.conf support
11150: [e78f8abce6af]
11151:
11152: * configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
11153: sudo_nss.h:
11154: Add support for AIX netsvc.conf (like nsswitch.conf).
11155: [1df56a84dee5]
11156:
11157: 2009-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
11158:
11159: * config.h.in, configure, configure.in, env.c:
11160: Add --enable-env-debug flag to enable environment sanity checks.
11161: [128cdd8832e7]
11162:
11163: * sudoers.ldap.pod, sudoers.pod:
11164: Work around some pod2html issue.
11165: [e733b9609bd2]
11166:
11167: 2009-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
11168:
11169: * env.c:
11170: Only sync environ for putenv, setenv, and unsetenv. We need to make
11171: sure that sudo_putenv and sudo_setenv only modify env.envp, not
11172: environ.
11173: [be3ac732243c]
11174:
11175: 2009-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
11176:
11177: * env.c:
11178: Really fix UNSETENV_VOID
11179: [08ab7e882507]
11180:
11181: * env.c:
11182: Fix unsetenv when UNSETENV_VOID
11183: [d3038b3f2f15]
11184:
11185: * aclocal.m4, configure:
11186: Fix SUDO_FUNC_PUTENV_CONST
11187: [de35569c572b]
11188:
11189: * ldap.c:
11190: tivoli-based ldap does not have ldapssl_err2string
11191: [c63fd90d5e99]
11192:
11193: * configure:
11194: regen
11195: [f38f1ee828ad]
11196:
11197: 2009-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
11198:
11199: * config.h.in, configure, configure.in, ldap.c:
11200: Add support for Tivoli-based LDAP start TLS as seen in AIX.
11201: Untested.
11202: [8f8771829f85]
11203:
11204: * env.c:
11205: Add sanity checks for setenv/unsetenv
11206: [adbd1d95856b]
11207:
11208: * Makefile.in:
11209: Include bsm_audit.h in the tarball
11210: [4a4aa02b2c32]
11211:
11212: * Makefile.in, version.h:
11213: bump version for sudo 1.7.1
11214: [362c71d21595]
11215:
11216: * aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
11217: env.c, ldap.c, sudo.h:
11218: Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
11219: provide our own setenv/unsetenv/putenv that operates on own env
11220: pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
11221: [276edcd23032]
11222:
11223: 2009-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
11224:
11225: * sudo.c:
11226: Make "sudoedit -h" work as expected
11227: [2bcbbb45d389]
11228:
11229: * auth/pam.c:
11230: Make sure def_prompt is always defined. This is a workaround for
11231: pam configs that prompt for a password in the session but don't have
11232: an auth line. A better fix is to expand the sudo prompt earlier and
11233: set def_prompt to that when initializing.
11234: [ee073c04aec3]
11235:
11236: * sudo.pod:
11237: Mention that the helper for -A may be graphical.
11238: [b64a940c4082]
11239:
11240: * TROUBLESHOOTING:
11241: Document what happens if there is no tty.
11242: [313d58a856a5]
11243:
11244: * sudo.c:
11245: cosmetic changes
11246: [894f5e3b0c3e]
11247:
11248: * term.c:
11249: Fix term_restore
11250: [6c6315ff14bc]
11251:
11252: * sudo.c:
11253: Fix "sudo -k" with no other args
11254: [59e94dc419c6]
11255:
11256: 2009-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
11257:
11258: * check.c, sudo.c, sudo.pod, sudo_usage.h.in:
11259: Allow the -k flag to be specified in conjunction with a command or
11260: another option that may require authentication.
11261: [5960ff20355d]
11262:
11263: 2009-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
11264:
11265: * configure, configure.in:
11266: Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
11267: [e86ab69c4a57]
11268:
11269: * Makefile.in:
11270: Parallel make fix. From Diego E. 'Flameeyes'
11271: [1289d7ee27db]
11272:
11273: 2009-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
11274:
11275: * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
11276: Implement umask_override
11277: [8b87a3f7c5aa]
11278:
11279: * toke.c:
11280: regen
11281: [79d7ca9ac873]
11282:
11283: * sudoers.pod, toke.l, visudo.c:
11284: Implement %h escape in sudoers include filenames.
11285: [a7f288dd64f0]
11286:
11287: * audit.c:
11288: Need to include compat.h
11289: [c0dc07ce2f70]
11290:
11291: * Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
11292: Make audit_success and audit_failure generic functions in
11293: preparation for integrating linux audit support.
11294: [7df020a8fd6f]
11295:
11296: * term.c:
11297: remove duplicate include
11298: [1dfcd01a7e46]
11299:
11300: 2009-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
11301:
11302: * bsm_audit.c:
11303: Add missing include
11304: [fb56e08c37ee]
11305:
11306: * sudo.c:
11307: May need to update the runas user after parsing command-based
11308: defaults.
11309: [246f130d7802]
11310:
11311: 2009-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
11312:
11313: * glob.c:
11314: Add missing pair of braces introduced with character class support.
11315: [0e2afa2e03e9]
11316:
11317: 2009-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
11318:
11319: * def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
11320: Rename pwstars to pwfeedback
11321: [a9f85a57ebac]
11322:
11323: 2009-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
11324:
11325: * bsm_audit.c, bsm_audit.h:
11326: Add const to make MacOS happy.
11327: [4274432d6627]
11328:
11329: * Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
11330: configure.in, sudo.c:
11331: Add bsm audit support from Christian S.J. Peron
11332: [bef61cd8693d]
11333:
11334: * term.c:
11335: This is new code, no DARPA notice.
11336: [ec6ad09b9c23]
11337:
11338: 2009-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
11339:
11340: * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
11341: Rename simple_glob -> fast_glob
11342: [68d9ed803cc1]
11343:
11344: * match.c:
11345: g/c unused var
11346: [693fa0464eb6]
11347:
11348: * def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
11349: Add simple_glob option to use fnmatch() instead of glob(). This is
11350: useful when you need to specify patterns that reference network file
11351: systems.
11352: [77ba634f6949]
11353:
11354: * tgetpass.c:
11355: add term_* proto
11356: [520f5149d073]
11357:
11358: * sudoers.pod:
11359: mention glob()
11360: [ddaab8e03c52]
11361:
11362: 2009-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
11363:
11364: * tgetpass.c:
11365: Delete any pwstars we wrote after the user hits return. That way
11366: there is no record on screen as to the user's password length.
11367: [fae25cda762b]
11368:
11369: 2009-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
11370:
11371: * term.c:
11372: Move terminal setting bits from tgetpass.c to term.c
11373: [03d43325ee99]
11374:
11375: * Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
11376: tgetpass.c:
11377: Add pwstars sudoers option that causes sudo to print a star every
11378: time the user presses a key.
11379: [7aab417e184d]
11380:
11381: 2009-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
11382:
11383: * Makefile.in:
11384: Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
11385: [64f70e879816]
11386:
11387: 2009-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
11388:
11389: * ldap.c:
11390: For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
11391: indicate no limit. From Mark Janssen.
11392: [e2c5732d54f5]
11393:
11394: 2009-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
11395:
11396: * toke.c, toke.l:
11397: Comments that begin with #- should not be parsed as uids.
11398: [a72a50f12f41]
11399:
11400: 2009-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
11401:
11402: * sudo.c:
11403: Do not try to set the close on exec flag if we didn't actually open
11404: sudoers.
11405: [ece3ca256904]
11406:
11407: 2008-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
11408:
11409: * ChangeLog:
11410: regen
11411: [e11f0e4c1bdd] [SUDO_1_7_0]
11412:
11413: 2008-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
11414:
11415: * TODO:
11416: sync
11417: [5b8954462bb3]
11418:
11419: 2008-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
11420:
11421: * auth/pam.c:
11422: Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
11423: password prompt.
11424: [8563601cb3de]
11425:
11426: * configure, configure.in:
11427: Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
11428: as it cannot generate shared objects.
11429: [6d4262ef9669]
11430:
11431: * emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
11432: K&R compilation fixes
11433: [77921678d17c]
11434:
11435: * parse.c:
11436: Use tq_foreach_fwd when checking pseudo-commands to make it clear
11437: that we are not short-circuiting on last match. When pwcheck is
11438: 'all', initialize nopass to TRUE and override it with the first non-
11439: TRUE entry.
11440: [96b209f4778f]
11441:
11442: 2008-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
11443:
11444: * parse.c:
11445: Do not short circuit pseudo commands when we get a match since,
11446: depending on the settings, we may need to examine all commands for
11447: tags.
11448: [fdbaf89d6f35]
11449:
11450: 2008-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
11451:
11452: * sudoers.cat, sudoers.man.in:
11453: regen
11454: [1ecce7c1b841]
11455:
11456: * sudoers.pod:
11457: hostnames may also contain wildcards
11458: [82b76695601c]
11459:
11460: * Makefile.in:
11461: remove stamp-* files and linux core files in clean target
11462: [22003f091467]
11463:
11464: 2008-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
11465:
11466: * auth/sudo_auth.h, config.h.in, configure, configure.in:
11467: Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
11468: [6905bede8410]
11469:
11470: 2008-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
11471:
11472: * configure, configure.in:
11473: correctly enable SIA on Digital UNIX
11474: [a51881d13995]
11475:
11476: * TODO:
11477: checkpoint
11478: [af0fe8d94d42]
11479:
11480: * ChangeLog:
11481: sync
11482: [831f623cf99c]
11483:
11484: 2008-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
11485:
11486: * check.c, sudo.h, tgetpass.c:
11487: Even if neither stdin nor stdout are ttys we may still have /dev/tty
11488: available to us.
11489: [20f306ba883b]
11490:
11491: 2008-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
11492:
11493: * sudoers.cat, sudoers.man.in:
11494: regen
11495: [76d97c4c318f]
11496:
11497: * sudoers.pod:
11498: fix typos; Markus Lude
11499: [bff8bc1e2066]
11500:
11501: * ChangeLog:
11502: sync
11503: [f108552531cd]
11504:
11505: * toke.c:
11506: regen
11507: [de828413c67e]
11508:
11509: * toke.l:
11510: Fix matching of a line that only consists of a comment char
11511: [09c953d8d5ca]
11512:
11513: 2008-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
11514:
11515: * auth/pam.c:
11516: MacOS pam will retry conversation function if it fails so just treat
11517: ^C as an empty password.
11518: [d056058930bc]
11519:
11520: * visudo.c:
11521: When checking for alias use, also check defaults bindings.
11522: [2647f82c7dbd]
11523:
11524: * redblack.c:
11525: unused var
11526: [b7ff71c17c18]
11527:
11528: * redblack.c:
11529: Replace my rbdelete with Emin's version (which actually works ;-)
11530: [21b133dd0c72]
11531:
11532: 2008-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
11533:
11534: * testsudoers.c:
11535: malloc debugging
11536: [0fb446fa3279]
11537:
11538: * visudo.c:
11539: malloc options in devel mode for visudo too
11540: [98d06c6afeef]
11541:
11542: 2008-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
11543:
11544: * sudo.c:
11545: fix compilation on non-C99; from Theo
11546: [7c304e16c536]
11547:
11548: * visudo.c:
11549: fix check_aliases
11550: [83f30a3b1765]
11551:
11552: * alias.c:
11553: when destroying an alias, free the correct data pointer
11554: [6e1a8bd86c01]
11555:
11556: * auth/sudo_auth.h:
11557: add proto for aixauth_cleanup; from Dale King
11558: [eba94ffc8f63]
11559:
11560: 2008-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
11561:
11562: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
11563: visudo.man.in:
11564: regen
11565: [409fa57fff83]
11566:
11567: * sudo.pod, sudoers.pod, visudo.pod:
11568: standardize on the term 'option' for command line options (not flag)
11569: [228caefc2e36]
11570:
11571: 2008-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
11572:
11573: * INSTALL:
11574: Add note on configuring HP-UX pam
11575: [f7674a581baf]
11576:
11577: 2008-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
11578:
11579: * check.c, sudo.c:
11580: Move tty checks into check_user() so we only do them if we actually
11581: need a password.
11582: [7d997d7106d6]
11583:
11584: * sudo.c:
11585: Don't error out if no tty or askpass unless we actually need to
11586: authenticate.
11587: [9f23b83ed66c]
11588:
11589: 2008-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
11590:
11591: * ChangeLog:
11592: regen
11593: [23f9aef32da6]
11594:
11595: * pathnames.h.in, sudo.c:
11596: s/overriden/overridden/; from Tobias Stoeckmann
11597: [9f7459a8fac5]
11598:
11599: 2008-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
11600:
11601: * WHATSNEW, visudo.c:
11602: check sudoers owner and mode in strict mode
11603: [a3468c5ac1c4]
11604:
11605: * gram.c, toke.c:
11606: regen
11607: [7d6b515a5443]
11608:
11609: * sudo.man.in, sudoers.man.in, visudo.man.in:
11610: Update copyright years.
11611: [52d340cb8cba]
11612:
11613: * LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
11614: auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
11615: auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
11616: closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
11617: gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
11618: interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
11619: parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
11620: sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
11621: testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
11622: visudo.pod, zero_bytes.c:
11623: Update copyright years.
11624: [b4e6bf2beafa]
11625:
11626: * emul/charclass.h, fnmatch.c, glob.c:
11627: add my copyright
11628: [28681385014a]
11629:
11630: 2008-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
11631:
11632: * toke.c, toke.l:
11633: The loop in fill_cmnd() was going one byte too far past the end,
11634: resulting in a NUL being written immediately after the buffer end.
11635: [a5a49d603cd7]
11636:
11637: * UPGRADE, WHATSNEW:
11638: add sections on tgetpass changes
11639: [2e6929b6a102]
11640:
11641: * tgetpass.c:
11642: Treat EOF w/o newline as an error.
11643: [aa02b1db9240]
11644:
11645: 2008-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
11646:
11647: * parse.c:
11648: Fix "sudo -v" when NOPASSWD is set.
11649: [f4914711ea80]
11650:
11651: * auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
11652: auth/sudo_auth.h:
11653: No longer treat an empty password at the prompt as special. To quit
11654: out of sudo you now need to hit ^C at the password prompt.
11655: [980f760ad419]
11656:
11657: * sudoers.cat, sudoers.man.in:
11658: regen
11659: [6ca21a2cd869]
11660:
11661: * def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
11662: Sudo will now refuse to run if no tty is present unless the new
11663: visiblepw sudoers flag is set.
11664: [0cc56943252e]
11665:
11666: 2008-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
11667:
11668: * aix.c:
11669: just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
11670: defined
11671: [24fc6f712d5c]
11672:
11673: * aix.c:
11674: fix fallback value for RLIM_SAVED_MAX
11675: [e09e04e1af89]
11676:
11677: * auth/aix_auth.c, auth/sudo_auth.h:
11678: Move clearing of AUTHSTATE into aixauth_cleanup.
11679: [e14ae7bd259c]
11680:
11681: * auth/aix_auth.c, env.c:
11682: Unset AUTHSTATE after calling authenticate() as it may not be
11683: correct for the user we are running the command as.
11684: [d14f68f1b0ab]
11685:
11686: * isblank.c:
11687: Add isblank() function for systems without it. Needed for POSIX
11688: character class matching in fnmatch.c and glob.c.
11689: [16cba30b283f]
11690:
11691: 2008-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
11692:
11693: * TROUBLESHOOTING:
11694: expound on sudo and cd
11695: [8e0fa9033637]
11696:
11697: 2008-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
11698:
11699: * ChangeLog:
11700: regen
11701: [40cf320a10fc]
11702:
11703: * sudoers.cat, sudoers.man.in:
11704: regen
11705: [7cac761ae2c6]
11706:
11707: * sudoers.pod:
11708: mention defauts parse order
11709: [4e2ce86d1394]
11710:
11711: 2008-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
11712:
11713: * Makefile.in, aclocal.m4, compat.h, configure:
11714: Add isblank() function for systems without it. Needed for POSIX
11715: character class matching in fnmatch.c and glob.c.
11716: [a1ab55da8424]
11717:
11718: * Makefile.in:
11719: add emul/charclass.h to HDRS
11720: [7e8a019dcaa4]
11721:
11722: 2008-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
11723:
11724: * TODO:
11725: checkpoint
11726: [afeb9bc1baed]
11727:
11728: * defaults.c, parse.c, testsudoers.c, visudo.c:
11729: Move update_defaults into defaults.c and call it properly from
11730: visudo and testsudoers.
11731: [f4dbb369461f]
11732:
11733: * defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
11734: tsgetgrpw.c:
11735: use zero_bytes() instead of memset() for consistency
11736: [4cee0465f4a8]
11737:
11738: * logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
11739: visudo.c:
11740: Zero out sigaction_t before use in case it has non-standard entries.
11741: [120092225459]
11742:
11743: * match.c:
11744: quiet gcc
11745: [098a1df49b23]
11746:
11747: * match.c:
11748: Short circuit glob() checks if basename(pattern) !=
11749: basename(command). Refactor code that checks for a command in a
11750: directory and use it in the glob case if the resolved pattern ends
11751: in a '/'.
11752: [3c46fd317acb]
11753:
11754: 2008-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
11755:
11756: * defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
11757: Defer setting runas defaults until after runaspw/gr is setup.
11758: [12e75ee49c0c]
11759:
11760: 2008-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
11761:
11762: * match.c, sudo.c, testsudoers.c:
11763: Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
11764: systems do not include space for the NUL in the size. Also manually
11765: NUL-terminate buffer from gethostname() since POSIX is wishy-washy
11766: on this.
11767: [7266ab3296a3]
11768:
11769: 2008-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
11770:
11771: * sudo.c, sudoers.pod:
11772: When setting the umask, use the union of the user's umask and the
11773: default value set in sudoers so that we never lower the user's umask
11774: when running a command.
11775: [4e804b004e38]
11776:
11777: * sudo.c:
11778: Don't try to read from a zero-length sudoers file. Remove the bogus
11779: Solaris work-around for EAGAIN. Since we now use fgetc() it should
11780: not be a problem.
11781: [bb8e5f68d944]
11782:
11783: 2008-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
11784:
11785: * parse.c:
11786: In update_defaults() check the return value of user*_matches against
11787: ALLOW so we don't inadvertantly match on UNSPEC.
11788: [4e422fa1527e]
11789:
11790: 2008-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
11791:
11792: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
11793: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
11794: regen man pages; no more hyphenation
11795: [15de4fe2fe01]
11796:
11797: * sudo.c:
11798: Don't error out on a zero-length sudoers file. With the advent of
11799: #include the user could create a situation where sudo is unusable.
11800: [6eb461319fa5]
11801:
11802: 2008-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
11803:
11804: * auth/kerb5.c, config.h.in, configure, configure.in:
11805: Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
11806: krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
11807: all. Add configure tests to handle all the cases.
11808: [4b554a98470d]
11809:
11810: 2008-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
11811:
11812: * sudo.pod:
11813: resort ENVIRONMENT
11814: [f4f20f40653e]
11815:
11816: * sudoers.pod:
11817: document sudoers_locale
11818: [0bffd2dbe806]
11819:
11820: * sudo.pod, sudo_edit.c:
11821: add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
11822: or EDITOR
11823: [0ef8cb248cee]
11824:
11825: * toke.c, toke.l:
11826: In fill_cmnd(), collapse any escaped sudo-specific characters.
11827: Allows character classes to be used in pathnames.
11828: [5685244c8e44]
11829:
11830: 2008-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
11831:
11832: * lbuf.c:
11833: fix typo in non-C89 function declaration
11834: [99a7113b3a05]
11835:
11836: * sudoers.pod:
11837: Mention POSIX characters classes now that out fnmatch() and glob()
11838: support them.
11839: [9c916f1230c3]
11840:
11841: * sample.sudoers, sudoers.pod:
11842: Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
11843: locale agnostic.
11844: [a60a62bec244]
11845:
11846: * parse.h:
11847: use __signed char if we are going to assign a negative value since
11848: on Power, char is unsigned by default
11849: [2877b319df17]
11850:
11851: * config.h.in, configure, configure.in:
11852: Add tests for __signed char and signed char.
11853: [5eb874fdf1d4]
11854:
11855: * aix.c:
11856: Fix AIX limit setting. getuserattr() returns values in disk blocks
11857: rather than bytes. The default hard stack size in newer AIX is
11858: RLIM_SAVED_MAX. From Dale King.
11859: [3db67415ecc3]
11860:
11861: 2008-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
11862:
11863: * emul/charclass.h, fnmatch.c, glob.c:
11864: Add character class support to included glob(3) and fnmatch(3).
11865: [6b5b4ad77899]
11866:
11867: 2008-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
11868:
11869: * emul/fnmatch.h:
11870: Remove UCB advertising clause and some compatibility defines.
11871: [2ade7bee74e1]
11872:
11873: 2008-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
11874:
11875: * sudo_edit.c:
11876: Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
11877: or sudo. This allows one to set EDITOR to sudoedit without getting
11878: into an infinite loop of sudoedit running itself until the path gets
11879: too big.
11880: [aa49ab68f82d]
11881:
11882: * def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
11883: Add sudoers_locale Defaults option to override the default sudoers
11884: locale of "C".
11885: [0639886a35bf]
11886:
11887: 2008-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
11888:
11889: * sudo.c:
11890: Set locale to system default except for during sudoers parse.
11891: [016dd2736728]
11892:
11893: 2008-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
11894:
11895: * match.c:
11896: Redo change in 1.34 to use pointer arithmetic.
11897: [f9e7b63bb450]
11898:
11899: 2008-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
11900:
11901: * match.c:
11902: Fix a dereference (read) of a freed pointer. Reported by Patrick
11903: Williams.
11904: [69877b633753]
11905:
11906: 2008-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
11907:
11908: * sudo.c:
11909: Set locale to "C" to avoid interpretation issues with character
11910: ranges in sudoers. May want to make the locale a sudoers option in
11911: the future.
11912: [098a95de1746]
11913:
11914: 2008-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
11915:
11916: * config.h.in:
11917: we no longer use setproctitle
11918: [c7f20fb747ea]
11919:
11920: * sudo.h:
11921: remove #if 1
11922: [a368ee6816c6]
11923:
11924: * LICENSE, mkstemp.c:
11925: Use my replacement mkstemp() from the mktemp package.
11926: [d07c2beb0f9e]
11927:
11928: 2008-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
11929:
11930: * gram.c:
11931: regen with yacc skeleton bug fixed
11932: [24784571cbb8]
11933:
11934: * sudoers.pod:
11935: Remove duplicate "as root". From Martin Toft.
11936: [97241acfee5e]
11937:
11938: 2008-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
11939:
11940: * pwutil.c, sudo.c, sudo.h, testsudoers.c:
11941: Flesh out the fake passwd entry used for running commands as a uid
11942: not listed in the passwd database. Fixes an issue with some PAM
11943: modules.
11944: [a6648227f3f2]
11945:
11946: 2008-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
11947:
11948: * sudo.c:
11949: Error out in -i mode if the user has no shell. This can happen when
11950: running commands as a uid with no password entry.
11951: [0c174bef36ff]
11952:
11953: 2008-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
11954:
11955: * toke.c, toke.l:
11956: Better fix for line continuation inside double quotes. Now accepts
11957: whitespace between the backslash and the newline like the main
11958: lexer.
11959: [64efcdf86d31]
11960:
11961: 2008-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
11962:
11963: * toke.c, toke.l:
11964: Fix line continuation in strings. It was only being honored if
11965: preceded by whitespace.
11966: [96c21271a3e4]
11967:
11968: 2008-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
11969:
11970: * config.h.in, configure, configure.in, logging.c:
11971: Replace the double fork with a fork + daemonize.
11972: [328505441e67]
11973:
11974: 2008-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
11975:
11976: * env.c, sudo.c:
11977: The -i flag should imply env_reset. This got broken in sudo 1.6.9.
11978: [3caedfeaec87]
11979:
11980: * logging.c, sudo.c, sudo_edit.c, visudo.c:
11981: Change how the mailer is waited for. Instead of having a SIGCHLD
11982: handler, use the double fork trick to orphan the child that opens
11983: the pipe to sendmail. Fixes a problem running su on some Linux
11984: distros.
11985: [b59ce60a393d]
11986:
11987: 2008-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
11988:
11989: * configure, configure.in:
11990: Fix configure test for dirfd() on Linux where DIR is opaque.
11991: [b8f729cdfecc]
11992:
11993: 2008-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
11994:
11995: * tgetpass.c:
11996: Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
11997: this problem we'll need to revisit this again.
11998: [c17fee8ad530]
11999:
12000: 2008-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
12001:
12002: * logging.c:
12003: Ignore SIGPIPE instead of blocking it when piping to the mailer. If
12004: we only block the signal it may be delivered later when we unblock.
12005: Also, there is no need to block SIGCHLD since we no longer do the
12006: double fork. The normal SIGCHLD handler is sufficient.
12007: [e94a49e992e5]
12008:
12009: 2008-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
12010:
12011: * configure, configure.in:
12012: Add description for NO_PAM_SESSION, from a redhat patch.
12013: [b9e4c939ec09]
12014:
12015: 2008-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
12016:
12017: * sudo.cat, sudo.man.in, sudo.pod:
12018: Fix typos in -i usage
12019: [2d7ce5de0235]
12020:
12021: 2008-05-18 Todd C. Miller <Todd.Miller@courtesan.com>
12022:
12023: * configure, configure.in:
12024: Redo the test for dgettext() in a way that hopefully will work
12025: around the libintl_dgettext() undefined problem.
12026: [d27beb0cf85e]
12027:
12028: 2008-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
12029:
12030: * schema.ActiveDirectory:
12031: change filename in comment
12032: [733da4ee9ac5]
12033:
12034: 2008-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
12035:
12036: * Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
12037: sudoers.ldap.pod:
12038: Reference schema.ActiveDirectory
12039: [d6aec537800e]
12040:
12041: 2008-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
12042:
12043: * schema.OpenLDAP, schema.iPlanet:
12044: Mark sudoRunAs as deprecated.
12045: [00c50df807af]
12046:
12047: * schema.ActiveDirectory:
12048: add sudoRunAsUser and sudoRunAsGroup
12049: [19bcce6f72fb]
12050:
12051: * schema.ActiveDirectory:
12052: Active Directory schema by Chantal Paradis and Eric Paquet
12053: [06a09c92c6a5]
12054:
12055: 2008-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
12056:
12057: * parse.c:
12058: remove an XXX that was fixed
12059: [b88038062fa2]
12060:
12061: * ChangeLog:
12062: sync
12063: [8fc27c17270e]
12064:
12065: * parse.c:
12066: Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
12067: fixes a problem where the tag value printed was influenced by
12068: defaults set in the first pass through the parser.
12069: [588ccd630367]
12070:
12071: 2008-05-04 Todd C. Miller <Todd.Miller@courtesan.com>
12072:
12073: * Makefile.in, sudo.psf:
12074: No point in packaging the TODO file
12075: [9590248fffe1]
12076:
12077: * ChangeLog:
12078: sync
12079: [152acf4c6813]
12080:
12081: 2008-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
12082:
12083: * WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
12084: sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
12085: Add env_file Defaults option that is similar to /etc/environment on
12086: some systems.
12087: [1daf53d51e18]
12088:
12089: 2008-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
12090:
12091: * Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
12092: sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
12093: version.h, visudo.cat, visudo.man.in:
12094: change version to 1.7.0
12095: [d41d126b9bd8]
12096:
12097: * UPGRADE:
12098: initial valgrind pass done
12099: [c59c3876d8ca]
12100:
12101: 2008-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
12102:
12103: * ldap.c:
12104: Fix typo/think in sudo_ldap_read_secret() when storing the secret.
12105: [830d246c09b0]
12106:
12107: 2008-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
12108:
12109: * ldap.c:
12110: define LDAPS_PORT if the system headers do not
12111: [247b12325701]
12112:
12113: 2008-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
12114:
12115: * gram.c, gram.y:
12116: Fix another memory leak in init_parser().
12117: [7bba47deba11]
12118:
12119: * configure, configure.in:
12120: There was a missing space before the ldap libs in SUDO_LIBS for some
12121: configurations.
12122: [7524cfc93759]
12123:
12124: * alias.c, gram.c, gram.y, toke.c, toke.l:
12125: Clean up some memory leaks pointed out by valgrind.
12126: [a965866ece1a]
12127:
12128: 2008-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
12129:
12130: * sudo.c:
12131: fix "sudo -s" broken by mode/flags breakout
12132: [acffe984d408]
12133:
12134: * configure, configure.in:
12135: remove duplicate check for dgettext
12136: [58145529133c]
12137:
12138: 2008-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
12139:
12140: * aix.c:
12141: Fall back to default stanza if no user-specific limit is found.
12142: [7b8cb29123ee]
12143:
12144: 2008-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
12145:
12146: * snprintf.c:
12147: include stdint.h if present
12148: [f0ec38529306]
12149:
12150: * snprintf.c:
12151: Use LLONG_MAX, not the old QUAD_MAX
12152: [01041ce508fb]
12153:
12154: 2008-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
12155:
12156: * sudoers.ldap.pod:
12157: fix cut and pasto
12158: [34240fdef5ab]
12159:
12160: 2008-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
12161:
12162: * pwutil.c:
12163: Add #ifdef PURITY
12164: [ce1b571ad526]
12165:
12166: 2008-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
12167:
12168: * auth/bsdauth.c:
12169: remove useless cast
12170: [494f8a862e1d]
12171:
12172: 2008-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
12173:
12174: * ChangeLog:
12175: sync
12176: [f5c97ffaabcc]
12177:
12178: * TODO:
12179: sync
12180: [96ff1c44c182]
12181:
12182: * sudo.h:
12183: Split MODE_* defines into primary and flags.
12184: [c02ee3027cb9]
12185:
12186: 2008-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
12187:
12188: * aix.c:
12189: It turns out the logic for getting AIX limits is more convoluted
12190: than I realized and differs depending on whether the soft and/or
12191: hard limits are defined.
12192: [cf8d3f85d395]
12193:
12194: 2008-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
12195:
12196: * Makefile.in, configure, configure.in:
12197: Back out AIX-specific change to set the sudo_noexec path to the .a
12198: file, we do really want to use the .so file. Since libtool doesn't
12199: do that correctly, just install the .so file ourselves in the
12200: Makefile.
12201: [05c6f33177d9]
12202:
12203: * install-sh:
12204: If the file given to install is a path, only use the basename of the
12205: file when building the destination path.
12206: [695ba4e429ce]
12207:
12208: 2008-03-18 Todd C. Miller <Todd.Miller@courtesan.com>
12209:
12210: * sudo.c:
12211: parse_args() cleanup: Sort command line options in the getopt()
12212: switch The -U option requires a parameter Normalize a few ISSET
12213: calls Split mode into mode and flags and retire the now-obsolete
12214: excl variable
12215: [0d156835f861]
12216:
12217: * WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
12218: sudo_usage.h.in:
12219: Add -n (non-interactive) flag.
12220: [e3e50400d32d]
12221:
12222: * sudo.c:
12223: Move version printing, etc. into a separate function.
12224: [18c91b476e2c]
12225:
12226: * sudo.c:
12227: Don't try to cleanup nsswitch if it has not been initialized.
12228: [aeb1ca1b399d]
12229:
12230: 2008-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
12231:
12232: * logging.c:
12233: Block SIGPIPE in send_mail() so sudo is not killed by a problem
12234: executing the mailer.
12235: [f130e7924cca]
12236:
12237: 2008-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
12238:
12239: * configure, configure.in:
12240: AIX shared libs end in .a, not .so.
12241: [a5deb07020d8]
12242:
12243: 2008-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
12244:
12245: * env.c:
12246: Preserve HOME by default too. Matches documentation and previous
12247: behavior.
12248: [c16f17f1047c]
12249:
12250: 2008-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
12251:
12252: * sudo.c:
12253: Use getopt() to parse the command line. We need to be able to
12254: intersperse env variables and options yet still honor "--"" which
12255: complicates things slightly.
12256: [60f271ce5c16]
12257:
12258: 2008-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
12259:
12260: * ChangeLog:
12261: sync
12262: [685e67964eda]
12263:
12264: * acsite.m4, configure, ltmain.sh:
12265: update to libtool-1.5.26
12266: [4c9a8c3d3b40]
12267:
12268: * config.guess, config.sub:
12269: update from libtool-1.5.26 distribution
12270: [c6641aef2527]
12271:
12272: * aix.c, sudo.h:
12273: attempt to fix compilation errors on AIX
12274: [edb13e5b2184]
12275:
12276: * Makefile.in:
12277: fix typo in last commit
12278: [25ba7f7ceae4]
12279:
12280: * Makefile.in:
12281: Add WHATSNEW file to the distribution
12282: [213f4115de8f]
12283:
12284: * visudo.c:
12285: use warningx instead of fprintf(stderr, ...)
12286: [a3494b8ccb19]
12287:
12288: * list.c:
12289: add DEBUG to list2tq
12290: [115d24a3000c]
12291:
12292: * ChangeLog, TODO:
12293: sync
12294: [60e6f4d1fac0]
12295:
12296: * WHATSNEW:
12297: mention mailfrom
12298: [e2498f9e18d6]
12299:
12300: * Makefile.in, aix.c, config.h.in, configure, configure.in,
12301: set_perms.c, sudo.h:
12302: Add aix_setlimits() to set resource limits on AIX using a
12303: combination of getuserattr() and setrlimit(). Currently untested.
12304: [9b1441fd89ca]
12305:
12306: 2008-03-05 Todd C. Miller <Todd.Miller@courtesan.com>
12307:
12308: * def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
12309: sudoers.man.in, sudoers.pod:
12310: Add mailfrom Defaults option that sets the value of the From: field
12311: in the warning/error mail. If unset the login name of the invoking
12312: user is used.
12313: [029b9f05d3d9]
12314:
12315: * defaults.c:
12316: store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
12317: [a90e407d5e00]
12318:
12319: * gram.c, gram.y:
12320: When adding a default, only call list2tq() once to do the list to tq
12321: conversion. It is not legal to call list2tq multiple times on the
12322: same list since list2tq consumes and modifies the list argument.
12323: [fbc25d245c4a]
12324:
12325: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
12326: comment out XXXs for now
12327: [595a1d43309d]
12328:
12329: * WHATSNEW:
12330: mention askpass
12331: [b993e0837c22]
12332:
12333: 2008-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
12334:
12335: * sudo.c:
12336: Error out if both -A and -S are specified Error out if -A is
12337: specified but no askpass is configured
12338: [24f1df2638f6]
12339:
12340: * configure, configure.in:
12341: we are not going to ship a sudo-specific askpass
12342: [61949e7a3943]
12343:
12344: 2008-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
12345:
12346: * sudo.h:
12347: fix definition of TGP_ASKPASS
12348: [0447c57ba4c3]
12349:
12350: * def_data.c, def_data.in:
12351: make askpass boolean-capable
12352: [e0885893a325]
12353:
12354: * INSTALL:
12355: document --with-askpass
12356: [c76e15ba97cf]
12357:
12358: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
12359: sudoers.man.in, visudo.cat:
12360: regen
12361: [8d16242980b7]
12362:
12363: 2008-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
12364:
12365: * sudo.pod, sudo_usage.h.in, sudoers.pod:
12366: document -A and askpass
12367: [02c07505a78c]
12368:
12369: * auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
12370: def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
12371: sudo_usage.h.in, tgetpass.c:
12372: Add support for running a helper program to read the password when
12373: no tty is present (or when specified with the -A flag). TODO: docs.
12374: [05780f5f71fd]
12375:
12376: * def_data.c, def_data.in:
12377: add missing printf format to SELinux role and type strings
12378: [2b32774715e7]
12379:
12380: 2008-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
12381:
12382: * INSTALL, configure, configure.in:
12383: Disable use of gss_krb5_ccache_name() by default and add
12384: --enable-gss-krb5-ccache-name configure option to enable it. It
12385: seems that gss_krb5_ccache_name() doesn't work properly with some
12386: combinations of Heimdal and OpenLDAP.
12387: [f61ebd3b19bd]
12388:
12389: 2008-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
12390:
12391: * selinux.c:
12392: Ignore setexeccon() failing in permissive mode. Also add a call to
12393: setkeycreatecon() (though this is probably insufficient). From Dan
12394: Walsh.
12395: [52564fc1c069]
12396:
12397: * auth/pam.c:
12398: Only set std_prompt for the PAM_PROMPT_* cases. The conversation
12399: function may be called for non-password reading purposes so we must
12400: be careful not to use def_prompt in cases where it may not be set.
12401: [29d88ca575ba]
12402:
12403: 2008-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
12404:
12405: * selinux.c:
12406: Don't free the new tty context, we need to keep it around when we
12407: restore the tty context after the command completes
12408: [5b4bd39b6ea8]
12409:
12410: 2008-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
12411:
12412: * selinux.c:
12413: s/newrole/sudo/
12414: [21b8a96ff8df]
12415:
12416: * sudo.man.pl, sudo.pod:
12417: Only put login_cap(3) in SEE ALSO section if we have login.conf
12418: support
12419: [05250ddff2c0]
12420:
12421: 2008-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
12422:
12423: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
12424: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
12425: regen
12426: [301e5c5ccdbe]
12427:
12428: * sudoers.pod:
12429: Substitute in comment characters for lines partaining to login.conf,
12430: BSD auth and SELinux and only enable them if pertinent.
12431: [c1c98fa163ce]
12432:
12433: * sudoers.man.pl:
12434: Substitute in comment characters for lines partaining to login.conf,
12435: BSD auth and SELinux and only enable them if pertinent.
12436: [6c88f30b878a]
12437:
12438: * sudo.pod:
12439: Substitute in comment characters for lines partaining to login.conf,
12440: BSD auth and SELinux and only enable them if pertinent.
12441: [acdbdfd24e1d]
12442:
12443: * sudo.man.pl:
12444: Substitute in comment characters for lines partaining to login.conf,
12445: BSD auth and SELinux and only enable them if pertinent.
12446: [0c56d4750ac3]
12447:
12448: * Makefile.in, configure, configure.in:
12449: Substitute in comment characters for lines partaining to login.conf,
12450: BSD auth and SELinux and only enable them if pertinent.
12451: [9a02bd6a6658]
12452:
12453: * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
12454: Remove the =cut on the first line (above the copyright notice) to
12455: quiet pod2man. Also remove the hackery in the FILES section and
12456: just deal with the fact that there will a newline between each
12457: pathname.
12458: [2ac1ab191835]
12459:
12460: 2008-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
12461:
12462: * Makefile.in:
12463: run sudo.man.pl when generating sudo.man.in
12464: [859727369168]
12465:
12466: * configure, configure.in, sudo.man.pl:
12467: comment out SELinux manual bits unless --with-selinux was specified
12468: [97ff4212b649]
12469:
12470: * sudoers.pod:
12471: document role and type defaults for SELinux
12472: [870f303366b3]
12473:
12474: * sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
12475: Document "sudo -ll" and make "sudo -l -l" be equivalent.
12476: [3ce6dc429ea3]
12477:
12478: 2008-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
12479:
12480: * configure, configure.in:
12481: Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
12482: Debian GNU/kFreeBSD.
12483: [c4efa567a328]
12484:
12485: 2008-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
12486:
12487: * auth/kerb5.c:
12488: Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
12489: verify_krb_v5_tgt()
12490: [f80538e5a6fa]
12491:
12492: * logging.c, logging.h, sudo.c:
12493: Remove dependence on VALIDATE_NOT_OK in logging functions. Split
12494: log_auth() into log_allowed() and log_denial() Replace mail_auth()
12495: with should_mail() and a call to send_mail()
12496: [58aac9997557]
12497:
12498: 2008-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
12499:
12500: * ldap.c:
12501: Add debugging so we can tell if the krb5 ccache is accessible
12502: [c679322527bb]
12503:
12504: * INSTALL:
12505: mention --with-selinux
12506: [9efbe0b52194]
12507:
12508: 2008-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
12509:
12510: * configure:
12511: regen
12512: [467a834f867c]
12513:
12514: * selinux.c:
12515: add Sudo tag
12516: [d004ee669bed]
12517:
12518: * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
12519: sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
12520: testsudoers.c, toke.c, toke.l:
12521: Add support for SELinux RBAC. Sudoers entries may specify a role
12522: and type. There are also role and type defaults that may be used.
12523: To make sure a transition occurs, when using RBAC commands are
12524: executed via the new sesh binary. Based on initial changes from Dan
12525: Walsh.
12526: [1d4abfe2c004]
12527:
12528: * sesh.c:
12529: Add support for SELinux RBAC. Sudoers entries may specify a role
12530: and type. There are also role and type defaults that may be used.
12531: To make sure a transition occurs, when using RBAC commands are
12532: executed via the new sesh binary. Based on initial changes from Dan
12533: Walsh.
12534: [1e3b395ce049]
12535:
12536: * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
12537: def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
12538: pathnames.h.in, selinux.c:
12539: Add support for SELinux RBAC. Sudoers entries may specify a role
12540: and type. There are also role and type defaults that may be used.
12541: To make sure a transition occurs, when using RBAC commands are
12542: executed via the new sesh binary. Based on initial changes from Dan
12543: Walsh.
12544: [6b421948286e]
12545:
12546: 2008-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
12547:
12548: * lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
12549: Add long list (sudo -ll) support for printing verbose LDAP and
12550: sudoers file entries. Still need to update manual.
12551: [2875be37935c]
12552:
12553: 2008-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
12554:
12555: * ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
12556: Unify the -l output for file and ldap based sudoers and use lbufs
12557: for both. The ldap output does not currently include options that
12558: cannot be represented as tags. This will be remedied in a long list
12559: output mode to come.
12560: [b2e429456596]
12561:
12562: 2008-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
12563:
12564: * set_perms.c:
12565: Use a specific error message for errno == EAGAIN when setuid() et al
12566: fails. On Linux systems setuid() will fail with errno set to EAGAIN
12567: if changing to the new uid would result in a resource limit
12568: violation.
12569: [08d0aecd9f03]
12570:
12571: * sudo.c:
12572: Unlimit nproc on Linux systems where calling the setuid() family of
12573: syscalls causes the nroc resource limit to be checked. The limits
12574: will be reset by pam_limits.so when PAM is used. In the non-PAM
12575: case the nproc limit will remain unlimited but there doesn't seem to
12576: be a way around that other than having sudo parse
12577: /etc/security/limits.conf directly.
12578: [df024b415a8d]
12579:
12580: * env.c, sudo.c, sudo.pod:
12581: Only read /etc/environment on Linux and AIX
12582: [90669e2aefdb]
12583:
12584: 2008-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
12585:
12586: * configure, configure.in:
12587: Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
12588: ldap.conf and ldap.secret paths from going into config.h. Avoid
12589: single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
12590: since in some versions of bash they will end up literally in the
12591: resulting define.
12592: [25390f3ef10a]
12593:
12594: 2008-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
12595:
12596: * README.LDAP:
12597: mention --with-nsswitch=no
12598: [c509df927263]
12599:
12600: * configure, configure.in:
12601: ldap_ssl.h depends on ldap.h being included first
12602: [d96d90e9b21f]
12603:
12604: * config.h.in, configure, configure.in, ldap.c:
12605: Include ldap_ssl.h if we can find it. Needed for the
12606: ldapssl_set_strength defines on HP-UX at least.
12607: [9e530470948a]
12608:
12609: * sudoers.ldap.pod:
12610: sync
12611: [b9d101f4673a]
12612:
12613: * TODO:
12614: sync
12615: [2ce951b2ecd0]
12616:
12617: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
12618: sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
12619: regen
12620: [b61d793987e0]
12621:
12622: * Makefile.in:
12623: Use 78n line length when formatting cat pages.
12624: [761bee9d5759]
12625:
12626: * README.LDAP:
12627: Remove redundant info that is now in sudoers.ldap.pod
12628: [01828dcce59e]
12629:
12630: 2008-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
12631:
12632: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
12633: Reorganize the first section a bit. Substitute the proper path for
12634: /etc/sudoers.
12635: [11ae165e065d]
12636:
12637: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
12638: Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
12639: schema into EXAMPLES
12640: [ab6509d1dde7]
12641:
12642: * configure, configure.in:
12643: Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
12644: sudoers.ldap.man.
12645: [6e689972f465]
12646:
12647: * configure, configure.in:
12648: substitute for sudoers.ldap.man
12649: [5a4a25766dee]
12650:
12651: * Makefile.in:
12652: Fix cut & pasto introduced when adding sudoers.ldap man page.
12653: [a7b069af8894]
12654:
12655: * sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
12656: Fill in some of the missing pieces. Still needs some reorganization
12657: and editing.
12658: [5e7331722166]
12659:
12660: 2008-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
12661:
12662: * Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
12663: sudoers.ldap.pod:
12664: Beginnings of a sudoers.ldap man page. Currently, much of the
12665: information is adapted from README.LDAP.
12666: [aad28c8a922d]
12667:
12668: 2008-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
12669:
12670: * pwutil.c:
12671: When copying gr_mem we must guarantee that the storage space for
12672: gr_mem is properly aligned. The simplest way to do this is to
12673: simply store gr_mem directly after struct group. This is not a
12674: problem for gr_passwd or gr_name as they are simple strings.
12675: [af58fc76f1ed]
12676:
12677: * ldap.c:
12678: Fix a typo/thinko in one of the calls to
12679: sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
12680: [70b2eb8097f5]
12681:
12682: 2008-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
12683:
12684: * config.h.in, configure, configure.in, ldap.c:
12685: include <mps/ldap_ssl.h> in ldap.c if available
12686: [34346206ef16]
12687:
12688: 2008-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
12689:
12690: * gram.c, gram.y:
12691: Make sure we define SIZE_MAX for yacc's skeleton.c
12692: [d8a45c7a3c42]
12693:
12694: * tgetpass.c:
12695: Use TCSAFLUSH when restoring terminal settings (and echo) to
12696: guarantee that any pending output is discarded
12697: [549a184479e5]
12698:
12699: 2008-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
12700:
12701: * sudoers:
12702: no longer need to specify SETENV when user has sudo ALL
12703: [3051b41f8032]
12704:
12705: * testsudoers.c:
12706: sync user_args size calculation with sudo.c Add -g group option,
12707: renaming old -g to -G Add set_runasgr() and set_runaspw() and use
12708: them
12709: [0850325180f0]
12710:
12711: * sudo.c, sudo.h:
12712: Make set_runaspw static void
12713: [5d44d7a340ce]
12714:
12715: * testsudoers.c, visudo.c:
12716: g/c set_runaspw stub
12717: [79ebb5e2cc38]
12718:
12719: * configure, configure.in:
12720: Don't add -llber twice.
12721: [4356d302eef4]
12722:
12723: 2008-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
12724:
12725: * ldap.c:
12726: fix typo
12727: [249cecc557e9]
12728:
12729: 2008-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
12730:
12731: * gram.c:
12732: regen
12733: [2f94ea375b67]
12734:
12735: * configure, configure.in:
12736: Fix check that determines whether -llber is required.
12737: [6afa99523379]
12738:
12739: * README.LDAP, config.h.in, configure, configure.in, ldap.c:
12740: For netscape-based LDAP, use ldapssl_set_strength() to implement the
12741: checkpeer ldap.conf option.
12742: [16ae24d73795]
12743:
12744: * auth/kerb5.c:
12745: Delay krb5_cc_initialize() until we actually need to use the cred
12746: cache, which is what krb5_verify_user() does. Better cleanup on
12747: failure.
12748: [d12e5f1695b8]
12749:
12750: 2008-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
12751:
12752: * auth/kerb5.c:
12753: Rewrite verify_krb_v5_tgt() based on what heimdal's
12754: krb5_verify_user() does.
12755: [05b5815f86c9]
12756:
12757: 2008-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
12758:
12759: * gram.c:
12760: The U suffix on constants is an ANSI feature
12761: [c6dfce3167f1]
12762:
12763: * configure, configure.in:
12764: Add check for ber_set_option() in -llber
12765: [43d0c0566074]
12766:
12767: 2008-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
12768:
12769: * README.LDAP:
12770: default if no nsswitch.conf is files only
12771: [c13001d9c998]
12772:
12773: 2008-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
12774:
12775: * README.LDAP:
12776: don't tell people to mail aaron about LDAP stuff
12777: [8165ec1ef0c6]
12778:
12779: * README.LDAP:
12780: timelimit and bind_timelimit
12781: [44f74cbed167]
12782:
12783: * ChangeLog:
12784: sync
12785: [aba1a0ab02bd]
12786:
12787: * ldap.c:
12788: Move ldap.secret reading into a separate function.
12789: [1948acc9f7a4]
12790:
12791: * check.c:
12792: user_runas -> runas_pw
12793: [334490fc2bae]
12794:
12795: 2008-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
12796:
12797: * TODO:
12798: sync
12799: [c7b165cc47c6]
12800:
12801: * check.c, sudo.pod, sudoers.pod:
12802: Add and document the %p escape in the password prompt. Based on a
12803: patch from Patrick Schoenfeld.
12804: [3972d4f31ffa]
12805:
12806: * ldap.c:
12807: Check strlcpy() return values.
12808: [9b42f3ae8ff1]
12809:
12810: * ldap.c:
12811: refactor ldap binding code into sudo_ldap_bind_s()
12812: [cb0c66a4d955]
12813:
12814: * README.LDAP:
12815: Make it clear that host and uri can take multiple parameters. URI is
12816: now supported for more than just openldap nsswitch.conf does't
12817: accept "compat"
12818: [f610dea656d6]
12819:
12820: * sudo.c:
12821: comment cleanup and update (c) year
12822: [6cd69c810ca5]
12823:
12824: * parse.c, sudo_nss.c:
12825: Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
12826: This should make it possible to build an LDAP-only sudo binary.
12827: [61c3f27066a0]
12828:
12829: * ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
12830: Improve chaining of multiple sudoers sources by passing in the
12831: previous return value to the next in the chain
12832: [2c0b722b1b2d]
12833:
12834: * gram.y:
12835: Free up parser data structures in sudo_file_close().
12836: [2251531d4519]
12837:
12838: * gram.c, parse.c:
12839: Free up parser data structures in sudo_file_close().
12840: [8371f130f401]
12841:
12842: * ldap.c:
12843: Parse uri ourself if no ldap_initialize() is present Use
12844: ldap_create() instead of deprecated ldap_init() Use
12845: ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
12846: [85d3825b1953]
12847:
12848: * config.h.in, configure, configure.in:
12849: Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
12850: CFLAGS
12851: [240524512bc5]
12852:
12853: 2008-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
12854:
12855: * config.h.in, configure, configure.in:
12856: add check for ldap_create
12857: [3089badd73b8]
12858:
12859: 2008-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
12860:
12861: * config.h.in, configure, configure.in, ldap.c:
12862: Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
12863: dn using the mechanism appropriate for the LDAP SDK in use. Use
12864: ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
12865: ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
12866: [6deeca3d00cc]
12867:
12868: * lbuf.c:
12869: include unistd.h
12870: [8419ed0bae7f]
12871:
12872: * config.h.in, configure.in:
12873: fix typo in mtim_getnsec
12874: [2d5f21230a60]
12875:
12876: 2008-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
12877:
12878: * config.h.in, configure, configure.in:
12879: add check for st__tim in struct stat as used by SCO
12880: [587060ea2a89]
12881:
12882: * ldap.c:
12883: use ldap_search_ext_s instead of deprecated ldap_search_s
12884: [5fc44fe3b44c]
12885:
12886: * Makefile.in, TODO, sudo.cat, sudo.man.in:
12887: add sudo_nss.h to HDRS
12888: [86f01a70ff29]
12889:
12890: * ldap.c:
12891: Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
12892: ldap_rdn2str().
12893: [aa217002cfae]
12894:
12895: 2008-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
12896:
12897: * ldap.c:
12898: Use ldap_get_values_len()/ldap_value_free_len() instead of the
12899: deprecated ldap_get_values()/ldap_value_free().
12900: [e22dceb85e57]
12901:
12902: * ChangeLog:
12903: sync
12904: [adad27b36107]
12905:
12906: * TODO:
12907: sync
12908: [c449eb47e0ef]
12909:
12910: * gettime.c, sudo.c:
12911: Remove some already fixed XXXs
12912: [532788d0e6da]
12913:
12914: * ldap.c:
12915: Same return value as non-existent sudoers if LDAP was unable to
12916: connect.
12917: [5819810e8e4e]
12918:
12919: * sudo.pod:
12920: mention /etc/environment
12921: [ea8e6102f853]
12922:
12923: * README.LDAP, UPGRADE, WHATSNEW:
12924: Update to reflect recent developments.
12925: [ed1fb026fe77]
12926:
12927: * sudo.c:
12928: Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
12929: [55b68a58260d]
12930:
12931: * ldap.c:
12932: When building up a query don't list groups in the aux group vector
12933: that are the same as the passwd file group. On most systems the
12934: first gid in the group vector is the same as the passwd entry gid.
12935: [4bb51e297e0d]
12936:
12937: * env.c, ldap.c:
12938: Define LDAPNOINIT before calling ldap_init(), etc. to disable user
12939: ldaprc and system defaults that could affect how LDAP works.
12940: [ce5036440db2]
12941:
12942: * INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
12943: sudo_nss.c, sudo_nss.h:
12944: Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
12945: to specify nsswitch.conf path or disable it. If --with-nsswitch=no
12946: but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
12947: file and --with-ldap-secret-file
12948: [ea5d7704381f]
12949:
12950: * parse.c:
12951: Honor def_ignore_local_sudoers
12952: [f38e1121fae1]
12953:
12954: 2007-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
12955:
12956: * ldap.c:
12957: no longer need to check def_ignore_local_sudoers here
12958: [fce2a72f96fb]
12959:
12960: * parse.c:
12961: Refactor group vector resetting into a function and also call it
12962: from display_cmnd. Stop after the first sucessful match in
12963: display_cmnd. Print a newline between each display_privs method.
12964: [981b37b5adff]
12965:
12966: * parse.c:
12967: fix double free introduced in rev 1.218
12968: [c574b02d8747]
12969:
12970: * ldap.c:
12971: belt and suspenders; zero out result after freeing it
12972: [7732988d4620]
12973:
12974: * env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
12975: Refactor line reading into a separate function, sudo_parseln(),
12976: which removes comments, leading/trailing whitespace and newlines.
12977: May want to rethink the use of sudo_parseln() for /etc/ldap.secret
12978: [61d9068f0645]
12979:
12980: * parse.c, sudo.c:
12981: Make the inability to read the sudoers file a non-fatal error if
12982: there are other sudoers sources available. sudoers_file_lookup now
12983: returns "not OK" if sudoers was not present
12984: [643babf597a8]
12985:
12986: * ldap.c:
12987: make it clear that the global options are from LDAP
12988: [9ff950349463]
12989:
12990: * logging.c:
12991: allocate proper amount of space for error string
12992: [8bebb7d46d19]
12993:
12994: * sudo_nss.c, sudo_nss.h:
12995: actual sudo nss code
12996: [5bd7d52d7738]
12997:
12998: * ldap.c, parse.c, sudo.c, sudo.h:
12999: nss-ify display_privs and display_cmnd.
13000: [cccfdd3253f2]
13001:
13002: * defaults.c, parse.c, testsudoers.c, visudo.c:
13003: move update_defaults() to parse.c
13004: [ace144b958a9]
13005:
13006: * Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
13007: Use nsswitch to hide some sudoers vs. ldap implementation details
13008: and reduce the number of #ifdef LDAP TODO: fix display routines and
13009: error handling
13010: [6225edde89a6]
13011:
13012: 2007-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
13013:
13014: * Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
13015: First cut at nsswitch.conf support. Further reorganizaton and
13016: related changes are forthcoming.
13017: [717f59d0790b]
13018:
13019: 2007-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
13020:
13021: * env.c, pathnames.h.in, sudo.c, sudo.h:
13022: Add support for reading and /etc/environment file. Still needs to
13023: be documented and should probably only applies to OSes that have it
13024: (AIX and Linux, maybe others).
13025: [15d3edae27e4]
13026:
13027: * ldap.c:
13028: include limits.h
13029: [e19875ef0f82]
13030:
13031: 2007-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
13032:
13033: * WHATSNEW:
13034: reword LDAP SASL
13035: [7ec3c4ec31b5]
13036:
13037: 2007-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
13038:
13039: * TODO:
13040: sync
13041: [87c5a7aea7bf]
13042:
13043: * README.LDAP:
13044: Add an example sudoRole, clarify netscape vs. openldap a bit more
13045: [6f96c0ca8107]
13046:
13047: * README.LDAP:
13048: Be clear on what is OpenLDAP vs. Netscape-derived
13049: [a33c8314dec5]
13050:
13051: * config.h.in, configure, configure.in, ldap.c:
13052: Use ldapssl_init() for ldaps support instead of trying to do it
13053: manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
13054: and tls_key for cert7.db and key3.db respectively. Don't print
13055: debugging info for options that are not set. Add warning if
13056: start_tls specified when not supported.
13057: [abb62dc7e4a3]
13058:
13059: * ldap.c:
13060: fix compilation on solaris
13061: [03d449684e80]
13062:
13063: * Makefile.in:
13064: add missing .h and .c files for missing lib objs
13065: [8b37825bdfc7]
13066:
13067: 2007-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
13068:
13069: * ldap.c:
13070: fix LDAP_OPT_NETWORK_TIMEOUT setting
13071: [226eba89c0ad]
13072:
13073: * ldap.c:
13074: fix compilation on Solaris
13075: [917d47639eb6]
13076:
13077: 2007-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
13078:
13079: * configure, configure.in:
13080: fix typo
13081: [009d5c81b225]
13082:
13083: * README.LDAP:
13084: try to clear up which variables are for OpenLDAP and which are for
13085: netscape-derived SDKs
13086: [f8d9823ee73c]
13087:
13088: * config.h.in, configure, configure.in, ldap.c:
13089: Add support for "ssl on" in both netscape and openldap flavors. Only
13090: the OpenLDAP flavor has been tested.
13091: [952745829ec5]
13092:
13093: * logging.c, sudo.c, sudo.h:
13094: Call cleanup() before exit in log_error() instead of calling
13095: sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
13096: [da02d1b67a2c]
13097:
13098: * sudo.c:
13099: ld -> ldap_conn
13100: [01afa6d927cc]
13101:
13102: 2007-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
13103:
13104: * logging.c, sudo.c, sudo.h:
13105: Better ldap cleanup.
13106: [25b9abe2d617]
13107:
13108: * ldap.c:
13109: Distinguish between LDAP conf settings that are connection-specific
13110: (which take an ld pointer) and those that are default settings
13111: (which do not).
13112: [d48dc6c9c3b4]
13113:
13114: 2007-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
13115:
13116: * ldap.c:
13117: Improved warnings on error.
13118: [c8dce7b4feb4]
13119:
13120: * ldap.c:
13121: Make ldap config table driven and set the config *after* we open the
13122: connection.
13123: [d9698b5a2681]
13124:
13125: 2007-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
13126:
13127: * ldap.c:
13128: fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
13129: [598c6df06660]
13130:
13131: * configure, configure.in:
13132: some operating systems need to link with -lkrb5support when using
13133: krb5
13134: [8896365dde9e]
13135:
13136: 2007-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
13137:
13138: * WHATSNEW:
13139: minor update
13140: [acfeeb7f4886]
13141:
13142: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
13143: regen
13144: [a3c6699674f9]
13145:
13146: 2007-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
13147:
13148: * ChangeLog, TODO:
13149: sync
13150: [138e99b925ee]
13151:
13152: * ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
13153: add -g support for LDAP
13154: [8fc27dbe9287]
13155:
13156: 2007-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
13157:
13158: * WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
13159: The -i and -s flags can now take an optional command.
13160: [6afec104ee77]
13161:
13162: 2007-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
13163:
13164: * auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
13165: sudoers.pod:
13166: Add passprompt_override flag to sudoers that will cause the prompt
13167: to be overridden in all cases. This flag is also set when the user
13168: specifies the -p flag.
13169: [e4c5402131a6]
13170:
13171: * sudo.c:
13172: Move setting of login class until after sudoers has been parsed. Set
13173: NewArgv[0] for -i after runas_pw has been set.
13174: [62a48c8c56fa]
13175:
13176: * configure, configure.in:
13177: Move the dgettext check.
13178: [5fd8a4712d1c]
13179:
13180: 2007-12-01 Todd C. Miller <Todd.Miller@courtesan.com>
13181:
13182: * auth/pam.c, config.h.in, configure, configure.in:
13183: Add basic support for looking up the string "Password: " in the PAM
13184: localized text db. This allows us to determine whether the PAM
13185: prompt is the default "Password: " one even if it has been
13186: localized.
13187:
13188: TODO: concatenate non-std PAM prompts and user-specified sudo
13189: prompts.
13190: [81c25a415d41]
13191:
13192: 2007-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
13193:
13194: * Makefile.in, config.h.in, configure, configure.in, parse.c,
13195: set_perms.c, sudo.c, sudo.h:
13196: Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
13197: insufficient.
13198: [1cce6ec1a91e]
13199:
13200: * acsite.m4, configure, interfaces.c, memrchr.c:
13201: Fix typos; Martynas Venckus
13202: [be1233cca11a]
13203:
13204: 2007-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
13205:
13206: * set_perms.c:
13207: Don't assume runas_pw is set; it may not be in the -g case.
13208: [aa11bd2193ac]
13209:
13210: 2007-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
13211:
13212: * logging.c, set_perms.c:
13213: Set aux group vector for PERM_RUNAS and restore group vector for
13214: PERM_ROOT if we previously changed it. Stash the runas group vector
13215: so we don't have to call initgroups more than once. Also add no-op
13216: check to check_perms.
13217: [53837fc755f7]
13218:
13219: 2007-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
13220:
13221: * WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
13222: ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
13223: pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
13224: sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
13225: testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
13226: Add support for runas groups. This allows the user to run a command
13227: with a different effective group. If the -g option is specified
13228: without -u the command will be run as the current user (only the
13229: group will change). the -g and -u options may be used together.
13230: TODO: implement runas group for ldap improve runas group
13231: documentation add testsudoers support
13232: [9019309df6d0]
13233:
13234: * configure, configure.in:
13235: fix setting of mandir
13236: [2c60f269399f]
13237:
13238: * sudo.pod, sudoers.pod:
13239: document that ALL implies SETENV
13240: [bcc8e5b703b9]
13241:
13242: * ldap.c:
13243: s/setenv_ok/setenv_implied/g
13244: [f005df2c2eea]
13245:
13246: * ldap.c:
13247: hostname_matches() returns TRUE on match in sudo 1.7.
13248: [c3d4377b6e8b]
13249:
13250: * ldap.c:
13251: use strcmp, not strcasecmp when comparing ALL
13252: [e486024574a1]
13253:
13254: * ldap.c:
13255: Make sudo ALL imply setenv. Note that unlike with file-based
13256: sudoers this does affect all the commands in the sudoRole.
13257: [bc12f54321d1]
13258:
13259: * gram.c, gram.y, parse.c, parse.h:
13260: sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
13261: it is not passed on to other commands in the list.
13262: [026e2cb40680]
13263:
13264: * visudo.c:
13265: Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
13266: sudo_getpwuid() instead of getpwuid().
13267: [86f30a8fbd49]
13268:
13269: 2007-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
13270:
13271: * sudoers:
13272: Expand on the dangers of not using visudo to edit sudoers.
13273: [e434e8057d02]
13274:
13275: 2007-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
13276:
13277: * parse.c:
13278: Don't quote *?[]! on output since the lexer does not strip off the
13279: backslash when reading those in.
13280: [561da4a13afa]
13281:
13282: 2007-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
13283:
13284: * glob.c:
13285: expand "u_foo" types to "unsigned foo" to avoid compatibility
13286: issues.
13287: [b0d7c64d78c3]
13288:
13289: 2007-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
13290:
13291: * logging.c:
13292: Refactor log line generation in to new_logline().
13293: [6a9b9730615d]
13294:
13295: 2007-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
13296:
13297: * TROUBLESHOOTING:
13298: fix typo
13299: [9e19d4f86e47]
13300:
13301: 2007-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
13302:
13303: * config.h.in, configure, configure.in, interfaces.c, interfaces.h,
13304: match.c:
13305: Add configure check for struct in6_addr instead of relying on
13306: AF_INET6 since some systems define AF_INET6 but do not include IPv6
13307: support.
13308: [e24082c416bd]
13309:
13310: 2007-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
13311:
13312: * configure, configure.in:
13313: Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
13314: use.
13315: [76a9df4a63be]
13316:
13317: 2007-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
13318:
13319: * configure, configure.in:
13320: POSIX states that struct timespec be declared in time.h so check
13321: there regardless of the value of TIME_WITH_SYS_TIME.
13322: [e42c55ec9daf]
13323:
13324: 2007-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
13325:
13326: * tgetpass.c:
13327: Instead of defining a macro to call the appropriate method for
13328: turning on/off echo, just define tc[gs]etattr() and the related
13329: defines that use the correct terminal ioctls if needed. Also go back
13330: to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
13331: [5dfb2379d995]
13332:
13333: 2007-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
13334:
13335: * Makefile.in:
13336: g/c @ALLOCA@
13337: [e6946c2e3820]
13338:
13339: * configure:
13340: regen
13341: [9bac7159a138]
13342:
13343: * INSTALL, auth/pam.c, config.h.in, configure.in:
13344: Add --disable-pam-session configure option to disable calling
13345: pam_{open,close}_session. May work around bugs in some PAM
13346: implementations.
13347: [273d0fdb4a9d]
13348:
13349: 2007-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
13350:
13351: * tgetpass.c:
13352: quiet gcc warnings
13353: [325565c5a579]
13354:
13355: * tgetpass.c:
13356: Avoid printing the prompt if we are already backgrounded. E.g. if
13357: the user runs "sudo foo &" from the shell. In this case, the call
13358: to tcsetattr() will cause SIGTTOU to be delivered.
13359: [db2139a8d8b8]
13360:
13361: 2007-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
13362:
13363: * def_data.c, def_data.h, def_data.in:
13364: Reorder things such that the definition of env_reset come right
13365: before the env variable lists.
13366: [e0d8e22a581a]
13367:
13368: * parse.h:
13369: Shrink type and seqno in struct alias from int to u_short
13370: [9425263dd565]
13371:
13372: * alias.c, match.c, parse.c, parse.h:
13373: Add a sequence number in the aliases for loop detection. If we find
13374: an alias with the seqno already set to the current (global) value we
13375: know we've visited it before so ignore it.
13376: [301a0548ffff]
13377:
13378: 2007-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
13379:
13380: * TODO, auth/pam.c, sudo.c, sudo.h:
13381: PAM wants the full tty path so add user_ttypath which holds the full
13382: path to the tty or is NULL if no tty was present.
13383: [c7c1dd4b36c8]
13384:
13385: * auth/pam.c:
13386: Set PAM_RHOST to work around a bug in Solaris 7 and lower that
13387: results in a segv.
13388: [3a8865b3a357]
13389:
13390: 2007-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
13391:
13392: * gram.c:
13393: regen
13394: [5647be127950]
13395:
13396: * alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
13397: parse.h, testsudoers.c, visudo.c:
13398: rename lh_ -> tq_
13399: [8f500c542c4a]
13400:
13401: 2007-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
13402:
13403: * alloc.c:
13404: remove some useless casts
13405: [409a448b23f5]
13406:
13407: * alloc.c:
13408: pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
13409: predates the final C99 spec and the standard specifies that it shall
13410: include stdint.h anyway
13411: [ae478fdef61a]
13412:
13413: 2007-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
13414:
13415: * Makefile.in, alloca.c, configure.in:
13416: Since we ship with a pre-generated parser there is no need to ship a
13417: bogus alloca implementation.
13418: [3f611a7cc0e5]
13419:
13420: * configure:
13421: regen
13422: [771eccf5269c]
13423:
13424: * configure.in:
13425: remove initial setting of CHECKSIA, we require that it be unset if
13426: not used
13427: [a2e91adc5aa2]
13428:
13429: * Makefile.in:
13430: add list.c to SRCS
13431: [7db0e56cf5b9]
13432:
13433: * configure:
13434: regen
13435: [3716ec30172e]
13436:
13437: * configure.in:
13438: only do SIA checks on Digital Unix
13439: [6a96e1af2597]
13440:
13441: 2007-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
13442:
13443: * sudoers.cat, sudoers.man.in:
13444: regen
13445: [ac1dc29de72b]
13446:
13447: * ChangeLog, TODO:
13448: sync
13449: [781effce0a2d]
13450:
13451: * auth/kerb5.c:
13452: Remove call to krb5_cc_register() as it is not needed for modern
13453: kerb5.
13454: [351b8b764f16]
13455:
13456: * configure:
13457: regen
13458: [ac21dbcc9c2c]
13459:
13460: * aclocal.m4, configure.in:
13461: New method for setting the default authentication type and avoiding
13462: conflicts in auth types.
13463: [5fb15be11f78]
13464:
13465: * match.c, parse.c, testsudoers.c:
13466: Each entry in a cmndlist now has an associated runaslist so no need
13467: to keep track of the most recent non-NULL one.
13468: [582e015786b0]
13469:
13470: 2007-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
13471:
13472: * ldap.c:
13473: back out partial ldaps support mistakenly committed
13474: [357703e94b2d]
13475:
13476: * ldap.c:
13477: Add support for unix groups and netgroups in sudoRunas
13478: [2f04eb91c6d0]
13479:
13480: 2007-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
13481:
13482: * sudo_edit.c:
13483: Fix sudoedit of a non-existent file. From Tilo Stritzky.
13484: [a5488a03bddd]
13485:
13486: 2007-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
13487:
13488: * configure:
13489: regen
13490: [541177376ee1]
13491:
13492: * INSTALL:
13493: update --passprompt escape info
13494: [6d57db4cd538]
13495:
13496: * configure.in:
13497: remove now-bogus comment and update copyright date
13498: [6a4af45fa331]
13499:
13500: * configure.in:
13501: Fix up use of with_passwd
13502: [7c79d8640f77]
13503:
13504: * acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
13505: Update to autoconf-2.61 andf libtool-1.5.24
13506: [045259b0b439]
13507:
13508: * Makefile.in:
13509: "cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
13510: [f5b6a7afb817]
13511:
13512: 2007-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
13513:
13514: * gram.c:
13515: regen
13516: [b5b78e71d2cb]
13517:
13518: * gram.y:
13519: move tags and runaslist propagation to be earlier
13520: [94f7805f4489]
13521:
13522: * visudo.c:
13523: If -f flag given use the permissions of the original file as a
13524: template
13525: [9303d22bddb0]
13526:
13527: * gram.y:
13528: prevent a double free() when re-initing the parser
13529: [5b3907c4de5a]
13530:
13531: 2007-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
13532:
13533: * configure:
13534: regen
13535: [49a90b19a17d]
13536:
13537: * aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
13538: auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
13539: auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
13540: configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
13541: parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
13542: sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
13543: Remove support for compilers that don't support void *
13544: [35e1d01ae197]
13545:
13546: * gram.c:
13547: regen
13548: [70ce412a458a]
13549:
13550: * Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
13551: parse.c, parse.h, testsudoers.c, visudo.c:
13552: Move list manipulation macros to list.h and create C versions of the
13553: more complex ones in list.c. The names have been down-cased so they
13554: appear more like normal functions.
13555: [9cea0e281148]
13556:
13557: * Makefile.in:
13558: Fix cmp command when regenerating parser. Make gram.o the first
13559: dependency for all programs so gram.h will be generated before
13560: anything that needs it.
13561: [429ea065abf1]
13562:
13563: * gram.y, parse.h:
13564: Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
13565: [2f3433833589]
13566:
13567: * match.c, parse.c, testsudoers.c:
13568: Use LH_FOREACH_REV when checking permission and short-circuit on the
13569: first non-UNSPEC hit we get for the command. This means that
13570: instead of cycling through the all the parsed sudoers entries we
13571: start at the end and work backwards and quit after the first
13572: positive or negative match.
13573: [881474532f3e]
13574:
13575: * gram.c:
13576: regen
13577: [9152a19d4188]
13578:
13579: * defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
13580: Change list head macros to take a pointer, not a struct.
13581: [054f1dcce4cc]
13582:
13583: * gram.c:
13584: regen
13585: [be154aae6235]
13586:
13587: * gram.y:
13588: Propagate the runasspec from one command to the next in a cmndspec.
13589: [4957b1cb03a3]
13590:
13591: 2007-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
13592:
13593: * match.c:
13594: Replace has_meta() with a macro that calls strpbrk().
13595: [a2e58846a542]
13596:
13597: * regen
13598: [5a932a5c9451]
13599:
13600: * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
13601: testsudoers.c, visudo.c:
13602: Use a list head struct when storing the semi-circular lists and
13603: convert to tail queues in the process. This will allow us to
13604: reverse foreach loops more easily and it makes it clearer which
13605: functions expect a list as opposed to a single member.
13606:
13607: Add macros for manipulating lists. Some of these should become
13608: functions.
13609:
13610: When freeing up a list, just pop off the last item in the queue
13611: instead of going from head to tail. This is simpler since we don't
13612: have to stash a pointer to the next member, we always just use the
13613: last one in the queue until the queue is empty.
13614:
13615: Rename match functions that take a list to have list in the name.
13616: Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
13617: [7c37b271607a]
13618:
13619: * parse.c:
13620: Fix pasto, append "!" not negated (which is an int) for sudo -l
13621: output.
13622: [93a444c3997f]
13623:
13624: * Makefile.in:
13625: Remove the dependency of gram .h on gram.y, the .c dependency is
13626: enough. Only move y.tab.h to gram.h if it is different; avoids
13627: needless rebuilding.
13628: [67bf4ea2a2e5]
13629:
13630: 2007-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
13631:
13632: * sudoers.pod:
13633: Defaults lines may be associated with lists of users, hosts,
13634: commands and runas users, not just single entries.
13635: [795effacb6be]
13636:
13637: 2007-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
13638:
13639: * Makefile.in:
13640: Revert the "cmp" portion of the last diff, it doesn't make sense.
13641: [26f34bf4e2e3]
13642:
13643: * Makefile.in:
13644: Remove *.lo for clean: When generating the parser, only move the
13645: generated files into place if they differ from the existing ones.
13646: [84673fea371b]
13647:
13648: 2007-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
13649:
13650: * toke.c, toke.l:
13651: Replace IPV6 regexp with a much simpler (readable) one and add an
13652: extra check when it matches to make sure we have a valid address.
13653: [592e9f690556]
13654:
13655: * match.c:
13656: Fix thinko introduced when merging IPV6 support.
13657: [da38cd5eb8c7]
13658:
13659: 2007-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
13660:
13661: * HISTORY, LICENSE:
13662: regen
13663: [0d7b27b90634]
13664:
13665: * license.pod:
13666: add 2007
13667: [510e5048ae1a]
13668:
13669: * UPGRADE:
13670: mention #uid vs. comment pitfall
13671: [4d2861898bcc]
13672:
13673: * acsite.m4:
13674: Merge in a patch from the libtool cvs that fixes a problem with the
13675: latest autoconf. From Stepan Kasal.
13676: [0c279ae7df3e]
13677:
13678: * parse.h:
13679: Back out he XOR swap trick, it is slower than a temp variable on
13680: modern CPUs.
13681: [91c4b024e317]
13682:
13683: * gram.c:
13684: regen
13685: [cb6d4106fb74]
13686:
13687: * gram.y, parse.h:
13688: Convert the tail queue to a semi-circle queue and use the XOR swap
13689: trick to swap the prev pointers during append.
13690: [8bf4d9fbee58]
13691:
13692: 2007-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
13693:
13694: * parse.h:
13695: remove useless statement
13696: [421ec1dd73e6]
13697:
13698: * toke.c, toke.l:
13699: Refactor #include parsing into a separate function and return
13700: unparsed chars (such as newline or comment) back to the lexer.
13701: [64166917aa3d]
13702:
13703: 2007-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
13704:
13705: * WHATSNEW:
13706: mention better uid support
13707: [56f510e7f2ec]
13708:
13709: * sudoers.pod:
13710: Users may now consist of a uid.
13711: [5fd31b2c55ed]
13712:
13713: * gram.c, gram.h, toke.c:
13714: regen
13715: [599e58af6dc1]
13716:
13717: * parse.c:
13718: Use lbuf_append_quoted() for sudo -l output to quote characters that
13719: would require quoting in sudoers.
13720: [3132d05c990a]
13721:
13722: * lbuf.c, lbuf.h:
13723: Add lbuf_append_quoted() which takes a set of characters which
13724: should be quoted with a backslash when displayed.
13725: [ab09bebb1d65]
13726:
13727: * toke.l:
13728: Require that the first character after a comment not be a digit or a
13729: dash. This allows us to remove the GOTRUNAS state and treat
13730: uid/gids similar to other words. It also means that we can now
13731: specify uids in User_Lists and a User_Spec may now contain a uid.
13732: [461fe01f8392]
13733:
13734: * gram.y, toke.l:
13735: Replace RUNAS token with '(' and ')' tokens to make the runas
13736: portion of the grammar more natural.
13737: [e0c383b4684d]
13738:
13739: * BUGS:
13740: The BUGS file is history
13741: [4d9a809585c7]
13742:
13743: * Makefile.in, README:
13744: The BUGS file is history
13745: [d9500e261172]
13746:
13747: 2007-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
13748:
13749: * toke.c, toke.l:
13750: Allow comments after a RunasAlias as long as the character after the
13751: pound sign isn't a digit or a dash.
13752: [d7f3bd94eeda]
13753:
13754: * WHATSNEW:
13755: Glob support was back-ported to 1.6.9
13756: [d1d5cfd46228]
13757:
13758: 2007-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
13759:
13760: * Makefile.in:
13761: remove sudo_usage.h in distclean
13762: [df05ce9c4127]
13763:
13764: * parse.c:
13765: If a Defaults value contains a blank, double-quote the string.
13766: [9057a910daad]
13767:
13768: * toke.c, toke.l:
13769: Properly deal with Defaults double-quoted strings that span multiple
13770: lines using the line continuation char. Previously, the entire
13771: thing, including the continuation char, newline, and spaces was
13772: stored as-is.
13773: [4a4e8eacefe6]
13774:
13775: * sudo.c:
13776: Be consistent when using single quotes and backticks.
13777: [d010b83a0fa1]
13778:
13779: 2007-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
13780:
13781: * Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
13782: sudo.c, sudo_usage.h.in:
13783: Add new linebuf code to do appends of dynamically allocated strings
13784: and word-wrapped output. Currently used for sudo's usage() and sudo
13785: -l output. Sudo usage strings are now in sudo_usage.h which is
13786: generated at configure time.
13787: [4dfd0ee8d961]
13788:
13789: 2007-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
13790:
13791: * parse.c, sudo.c, sudo.h:
13792: Fix line wrapping in usage() and use the actual tty width instead of
13793: assuming 80.
13794: [700eab37c5a6]
13795:
13796: 2007-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
13797:
13798: * history.pod:
13799: some more info
13800: [8140112a8ae1]
13801:
13802: * history.pod:
13803: Mentioned Chris Jepeway's parser and also the new one that is in
13804: sudo 1.7.
13805: [2132d00f0597]
13806:
13807: 2007-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
13808:
13809: * sudo.pod, visudo.pod:
13810: For the options list, add flag args where appropriate and increase
13811: the indent level so there is room for them.
13812: [2b60fb572e12]
13813:
13814: 2007-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
13815:
13816: * parse.c:
13817: Fix some spacing in "sudo -l" and add a comment about some bogosity
13818: in the line wrapping.
13819: [b59b056f5ee2]
13820:
13821: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
13822: visudo.man.in:
13823: regen
13824: [5fb719f18ebc]
13825:
13826: * INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
13827: def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
13828: parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
13829: testsudoers.c, toke.c, toke.l:
13830: Remove monitor support until there is a versino of systrace that
13831: uses a lookaside buffer (or we have a better mechanism to use).
13832: [61ff76878e4a]
13833:
13834: * config.h.in, configure, configure.in, sudo.c:
13835: use getaddrinfo() instead of gethostbyname() if it is available
13836: [cc33c136aa6a]
13837:
13838: 2007-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
13839:
13840: * parse.c, sudo.c:
13841: Deal with OSes where sizeof(gid_t) < sizeof(int).
13842: [130a89cbdfba]
13843:
13844: * interfaces.c:
13845: repair non-getifaddrs() code after ipv6 integration
13846: [7ae7a89e2236]
13847:
13848: * sudo.c:
13849: If we can open sudoers but fail to read the first byte, close the
13850: file stream before trying again.
13851: [6f31272fae7b]
13852:
13853: 2007-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
13854:
13855: * toke.c:
13856: regen
13857: [4d7afe0aa6fa]
13858:
13859: * gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
13860: Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
13861: [4e6ff2965a42]
13862:
13863: * sudo.pod, sudoers.pod, visudo.pod:
13864: Add some missing markup Update copyright
13865: [7e6d3c686b5e]
13866:
13867: 2007-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
13868:
13869: * configure, configure.in:
13870: fix sudo_noexec extension which got broken in the libtool update
13871: [3a5b447df861]
13872:
13873: 2007-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
13874:
13875: * Makefile.in:
13876: explicitly specify -Tascii to nroff
13877: [45c8da4cbefe]
13878:
13879: 2007-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
13880:
13881: * logging.c:
13882: remove an ANSI-ism that crept in
13883: [29086f87b2ca]
13884:
13885: 2007-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
13886:
13887: * sudo.pod:
13888: Adjust list indents Prevent -- from being turned into an em dash Use
13889: a list for the environment instead of a literal paragraph
13890: [c3abcd8f76f4]
13891:
13892: * visudo.pod:
13893: Use a list for the environment instead of an indented literal
13894: paragraph.
13895: [0ffcfcb7349f]
13896:
13897: * sudoers.pod:
13898: Adjust list indentation
13899: [615c89e3123a]
13900:
13901: * license.pod:
13902: add =head3
13903: [8b2e0d38c0bd]
13904:
13905: 2007-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
13906:
13907: * sudo.pod:
13908: mention that when specifying a uid for the -u option the shell may
13909: require that the # be escaped
13910: [3e3a17bff150]
13911:
13912: 2007-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
13913:
13914: * match.c:
13915: Fix off by one in group matching.
13916: [b529602b7fba]
13917:
13918: 2007-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
13919:
13920: * env.c:
13921: Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
13922: [ffbf8907c6e7]
13923:
13924: 2007-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
13925:
13926: * configure, configure.in:
13927: Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
13928: -lgssapi_krb5 case.
13929: [2b85a89c2252]
13930:
13931: * aclocal.m4, configure, configure.in:
13932: Fix link tests such that new gcc doesn't optimize away the test.
13933: [83484ec95cba]
13934:
13935: 2007-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
13936:
13937: * sudo.pod, sudoers.pod, visudo.pod:
13938: add missing over/back
13939: [251a12c89b91]
13940:
13941: * sudo.pod, sudoers.pod, visudo.pod:
13942: Change FILES section to use =item
13943: [60b9efc3a0b2]
13944:
13945: * env.c:
13946: Add back allocation of the env struct in rebuild_env but save a copy
13947: of the old pointer and free it before returning.
13948: [1100cd4fa997]
13949:
13950: * env.c:
13951: Don't init the private environment in rebuild_env() since it may
13952: have already been done implicitly sudo_setenv/sudo_unsetenv.
13953:
13954: Multiply length by sizeof(char *) in memcpy/memmove when copying the
13955: environment so we copy the full thing.
13956:
13957: Add missing set of parens so we deref the right pointer in
13958: sudo_unsetenv when searching for a matching variable.
13959: [9086a8f756b1]
13960:
13961: 2007-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
13962:
13963: * sudo.pod, sudoers.pod, visudo.pod:
13964: Use file markup for paths in the FILES section
13965: [940d99f731f2]
13966:
13967: * sudo.pod, sudoers.pod, visudo.pod:
13968: Don't capitalize sudo/visudo
13969: [f067a455d44b]
13970:
13971: * sudoers.pod:
13972: Sort sudoers options; based on a diff from Igor Sobrado.
13973: [a9b9befe85ac]
13974:
13975: 2007-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
13976:
13977: * sudo.pod, sudoers.pod, visudo.pod:
13978: Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
13979: latter confuses pod2man. The Makefile rules for the .man.in file
13980: will add @mansectsu@ and @mansectform@ back in after pod2man is done
13981: anyway.
13982: [b50ea0db727c]
13983:
13984: 2007-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
13985:
13986: * LICENSE, Makefile.in, license.pod:
13987: Move license info to pod format
13988: [25bdd82e592b]
13989:
13990: * configure, configure.in, sudoers.pod:
13991: Substitute value of path_info into sudoers man page.
13992: [9ba661a82798]
13993:
13994: * WHATSNEW:
13995: remove features that were back-ported to 1.6.9
13996: [e76d756cbe65]
13997:
13998: * sudo.c, sudo.pod, visudo.c, visudo.pod:
13999: Sort SYNOPSIS and sync usage. From Igor Sobrado.
14000: [4970386c9e54]
14001:
14002: * env.c:
14003: Only need sudo_setenv/sudo_unsetenv if we are going to use
14004: ldap_sasl_interactive_bind_s() but don't have
14005: gss_krb5_ccache_name().
14006: [f1a73d8b35c5]
14007:
14008: * ChangeLog:
14009: rebuild without branch info
14010: [5d5a33494677]
14011:
14012: * Makefile.in:
14013: Add ChangeLog target
14014: [a702034fdd89]
14015:
14016: * auth/pam.c:
14017: Run cleanup code if the user hits ^C at the password prompt.
14018: [9cf87768e921]
14019:
14020: * auth/pam.c:
14021: Some versions of pam_lastlog have a bug that will cause a crash if
14022: PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
14023: string.
14024: [5b63f6c88866]
14025:
14026: 2007-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
14027:
14028: * Makefile.in:
14029: ChageLog not Changelog
14030: [1243d8473ceb]
14031:
14032: * ChangeLog:
14033: sync
14034: [d887df98c6b0]
14035:
14036: * Makefile.in:
14037: CHANGE -> Changelog
14038: [917738df30dd]
14039:
14040: * TODO:
14041: sync
14042: [cd382f7d1948]
14043:
14044: 2007-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
14045:
14046: * config.h.in, configure, configure.in, ldap.c:
14047: Add configure hooks for gss_krb5_ccache_name() and the gssapi
14048: headers.
14049: [139606209991]
14050:
14051: 2007-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
14052:
14053: * env.c, sudo.c:
14054: rebuild_env() and insert_env_vars() no longer return environment
14055: pointer, they set environ directly.
14056:
14057: No longer need to pass around an envp pointer since we just operate
14058: on environ now.
14059:
14060: Add dosync argument to insert_env() that indicates whether it should
14061: reset environ when realloc()ing env.envp.
14062:
14063: Use an initial size of 128 for the environment.
14064: [4735fd5fddb8]
14065:
14066: * env.c:
14067: Split sudo_setenv() into an external version and a version only for
14068: use by rebuild_env().
14069: [fda7d655adb1]
14070:
14071: 2007-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
14072:
14073: * ldap.c:
14074: Add support for using gss_krb5_ccache_name() instead of setting
14075: KRB5CCNAME. Also use sudo_unsetenv() in the non-
14076: gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
14077: original environment. TODO: configure setup for
14078: gss_krb5_ccache_name()
14079: [fcafa5a49caf]
14080:
14081: * README.LDAP:
14082: add krb5_ccname
14083: [fceb8f883886]
14084:
14085: * README.LDAP, ldap.c:
14086: Add support for sasl_secprops in ldap.conf
14087: [1f06f4bf7347]
14088:
14089: * env.c, sudo.h:
14090: Add sudo_unsetenv() and refactor private env syncing code into
14091: sync_env().
14092: [045ecb3fd22b]
14093:
14094: * README.LDAP, ldap.c:
14095: The ldap.conf variable is sasl_auth_id not sasl_authid.
14096: [a5f98491311b]
14097:
14098: 2007-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
14099:
14100: * ldap.c, sudo.c, sudo.h:
14101: Add support for krb5_ccname in ldap.conf. If specified, it will
14102: override the default value of KRB5CCNAME in the environment for the
14103: duration of the call to ldap_sasl_interactive_bind_s().
14104: [b08a10c3045b]
14105:
14106: * env.c, sudo.h:
14107: Remove format_env() Add sudo_setenv() to replace most format_env() +
14108: insert_env() combinations. insert_env() no longer takes a struct
14109: environment *
14110: [131da52f43f3]
14111:
14112: * ldap.c:
14113: Fix use_sasl vs. rootuse_sasl logic.
14114: [0c0417b6918c]
14115:
14116: * README.LDAP, config.h.in, configure, configure.in, ldap.c:
14117: Add support for SASL auth when connecting to an LDAP server. Adapted
14118: from a diff by Tom McLaughlin.
14119: [a6285f1356ea]
14120:
14121: 2007-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
14122:
14123: * configure, configure.in:
14124: Only enable AIX or BSD auth if no other exclusive auth method has
14125: been chosen. Allows people to e.g., use PAM on AIX without adding
14126: --without-aixauth. A better solution is needed to deal with default
14127: authentication since if a non-exclusive method is chosen we will
14128: still get an error.
14129: [83f7afdc0ec3]
14130:
14131: 2007-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
14132:
14133: * HISTORY, Makefile.in, history.pod:
14134: Generate HISTORY from history.pod (which is also used for web pages)
14135: [60bcd5164931]
14136:
14137: 2007-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
14138:
14139: * sudo.man.in, sudoers.man.in:
14140: regen
14141: [63956a366191]
14142:
14143: * sudo.pod:
14144: Better explanation of environment handling in the sudo man page.
14145: [6c247742f7ee]
14146:
14147: * env.c, sudo.c:
14148: Defer setting user-specified env vars until after authentication.
14149: [4750b79323ee]
14150:
14151: * env.c:
14152: honor def_default_path for PATH set on the command line
14153: [6db31d9b6d65]
14154:
14155: * env.c, sudo.c, sudo.pod, sudoers.pod:
14156: Allow user to set environment variables on the command line as long
14157: as they are allowed by env_keep and env_check. Ie: apply the same
14158: restrictions as normal environment variables. TODO: deal with
14159: secure_path
14160: [26c0da3840cf]
14161:
14162: 2007-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
14163:
14164: * sudo.c, sudo_edit.c:
14165: Call rebuild_env() in call cases. Pass original envp to sudo_edit().
14166: Don't allow -E or env var setting in sudoedit mode. More accurate
14167: usage() when called as sudoedit.
14168: [a4af20658361]
14169:
14170: * ldap.c:
14171: warn -> warning
14172: [d87d1192b048]
14173:
14174: * sudo.pod:
14175: add -c option to sudoedit synopsis
14176: [15b596a7e2db]
14177:
14178: * TODO:
14179: udpate to reality
14180: [e2f8fde89db1]
14181:
14182: * parse.c:
14183: Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
14184: value from {user,host,runas,cmnd}_matches(). Rename *matches
14185: variables -> *match. Purely cosmetic.
14186: [e54a44c00a88]
14187:
14188: * parse.c:
14189: Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
14190: in behavior.
14191: [c6272b4f2127]
14192:
14193: * sudoers:
14194: add SETENV tag
14195: [3a3066bb6788]
14196:
14197: 2007-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
14198:
14199: * parse.c:
14200: Make pwcheck local to the pwflag block. Use pwcheck even if user
14201: didn't match since Defaults options may still apply.
14202: [45da9efbbafd]
14203:
14204: * check.c, sudo.c:
14205: Do not update timestamp if user not validated by sudoers.
14206: [a4a9d4364827]
14207:
14208: * set_perms.c:
14209: for PERM_RUNAS, set the egid to the runas user's gid and restore to
14210: the user's original in PERM_ROOT
14211: [1514bfb32847]
14212:
14213: * logging.c, mon_systrace.c, set_perms.c, sudo.h:
14214: PERM_FULL_ROOT is now no different than PERM_ROOT so remove
14215: PERM_FULL_ROOT
14216: [b9d047a3178c]
14217:
14218: * check.c:
14219: don't check timestamp mtime if we are just going to remove it
14220: [5d2470bc6cbd]
14221:
14222: * sudoers.pod:
14223: Move sudoers defaults parameters into their own section.
14224: [54701fbc0ff3]
14225:
14226: * testsudoers.c:
14227: Reduce a level of indent by a few placed continue statements.
14228: [5d5a9838c8ef]
14229:
14230: * parse.c:
14231: Make matching but negated commands/hosts/runas entries override a
14232: previous match as expected. Also reduce some levels of indent by a
14233: few placed continue statements.
14234: [dd59fa4b91a1]
14235:
14236: 2007-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
14237:
14238: * parse.c:
14239: Print default runas in "sudo -l" if sudoers don't specify one.
14240: [07d408c400bd]
14241:
14242: * match.c:
14243: Less hacky way of testing whether the domain was set.
14244: [a537059776e5]
14245:
14246: 2007-07-04 Todd C. Miller <Todd.Miller@courtesan.com>
14247:
14248: * INSTALL:
14249: Mention pam-devel and openldap-devel for Linux
14250: [9e708c54ecc3]
14251:
14252: 2007-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
14253:
14254: * README.LDAP:
14255: or vs. are
14256: [abe8c0f3a410]
14257:
14258: 2007-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
14259:
14260: * sudo.c:
14261: fix typo in Solaris project support
14262: [2ffeb2d80959]
14263:
14264: * HISTORY:
14265: update
14266: [df162b36f120]
14267:
14268: * sudo.c:
14269: Make -- on the command line match the manual page. The implied shell
14270: case has been simplified as a result.
14271: [cd217a1f6694]
14272:
14273: 2007-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
14274:
14275: * sudoers2ldif:
14276: add simplistic support for sudoRunas; note that if a sudoers entry
14277: contains multiple Runas users, all will apply to the sudoRole
14278: [65b11421f5c8]
14279:
14280: * sudoers2ldif:
14281: honor SETENV and NOSETENV tags
14282: [2c0d5ba7a09b]
14283:
14284: 2007-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
14285:
14286: * mon_systrace.c:
14287: Redo setting of user_args. We now build up a private copy of argv
14288: first and then replace the NULs?with spaces.
14289: [ccbba72ea112]
14290:
14291: * mon_systrace.c:
14292: getcwd() returns NULL on failure, not 0 on success
14293: [88cd9e66e530]
14294:
14295: * mon_systrace.c:
14296: allow chunksiz to reach 1 before erroring out
14297: [619d68f14964]
14298:
14299: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
14300: visudo.man.in:
14301: regen
14302: [8db512d3caf0]
14303:
14304: 2007-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
14305:
14306: * def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
14307: logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
14308: toke.c, toke.l:
14309: Add support for setting environment variables on the command line.
14310: This is only allowed if the setenv sudoers options is enabled or if
14311: the command is prefixed with the SETENV tag.
14312: [5744caebd969]
14313:
14314: * README.LDAP:
14315: replace Aaron's email address with the sudo-workers list
14316: [2ffce5f9afc0]
14317:
14318: * configure:
14319: regen
14320: [8013dff82c0c]
14321:
14322: 2007-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
14323:
14324: * schema.OpenLDAP, schema.iPlanet:
14325: Break schema out into separate files.
14326: [15e598e4c60b]
14327:
14328: * Makefile.in, README.LDAP:
14329: Break schema out into separate files.
14330: [1a53966ca1fa]
14331:
14332: 2007-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
14333:
14334: * auth/aix_auth.c:
14335: free message if set by authenticate()
14336: [849c220c1236]
14337:
14338: * match.c:
14339: deal with NULL gr_mem
14340: [49e4d74f0bbe]
14341:
14342: 2007-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
14343:
14344: * config.h.in:
14345: regen
14346: [fead999ad3e9]
14347:
14348: * configure.in:
14349: add template for HAVE_PROJECT_H
14350: [e6c42c2eaad1]
14351:
14352: * closefrom.c:
14353: include fcntl.h
14354: [54d98b382f03]
14355:
14356: 2007-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
14357:
14358: * INSTALL:
14359: mention --with-project
14360: [d3ea3baad7c5]
14361:
14362: * config.h.in, configure.in, sudo.c:
14363: Add Solaris 10 "project" support. From Michael Brantley.
14364: [f14f3c8c6554]
14365:
14366: * sudoers.pod:
14367: fix typo
14368: [50db81a19787]
14369:
14370: * configure:
14371: regen
14372: [ea71afd3e564]
14373:
14374: * configure.in:
14375: Fix preservation of LDFLAGS in the LDAP case.
14376: [40a3a47e8059]
14377:
14378: * memrchr.c:
14379: Remove dependecy on NULL
14380: [c957ae5e1733]
14381:
14382: * configure:
14383: regen
14384: [4955ce0c6912]
14385:
14386: * aclocal.m4, configure.in:
14387: Can't use the regular autoconf fnmatch() check since we need
14388: FNM_CASEFOLD so go back to our custom one.
14389: [f10d76237486]
14390:
14391: * env.c:
14392: Fix preserving of variables in env_keep.
14393: [d040049d6b84]
14394:
14395: * env.c:
14396: add XAUTHORIZATION
14397: [0d589a5fe015]
14398:
14399: * UPGRADE:
14400: expand upon env resetting and mention that it began in 1.6.9 not
14401: 1.7.
14402: [dba251655c76]
14403:
14404: * sudoers.pod:
14405: Update descriptions of env_keep and env_check to match current
14406: reality.
14407: [dba77357954b]
14408:
14409: 2007-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
14410:
14411: * env.c:
14412: Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
14413: LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
14414: [eec4632bd190]
14415:
14416: * env.c, logging.c:
14417: Treat USERNAME environemnt variable like LOGNAME/USER
14418: [09f52dcfd70c]
14419:
14420: * env.c:
14421: Don't need to populate keepenv table with the contents of the
14422: checkenv table.
14423: [527a14afd973]
14424:
14425: * sudo.c:
14426: Don't force sudo into the C locale.
14427: [8a5bd301ef96]
14428:
14429: * env.c:
14430: Make env_check apply when env_reset it true. Environment variables
14431: are passed through unless they contain '/' or '%'. There is no need
14432: to have a variable in both env_check and env_keep.
14433: [840c802721e4]
14434:
14435: 2007-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
14436:
14437: * visudo.c:
14438: Remove an duplicate lock_file() call and add a comment.
14439: [5af9dcdf0eb6]
14440:
14441: * UPGRADE:
14442: Add sudo 1.6.9 upgrade note.
14443: [1585149f2914]
14444:
14445: 2007-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
14446:
14447: * interfaces.c:
14448: Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
14449: small. From Klaus Wagner.
14450: [d6899fc44f77]
14451:
14452: * logging.c, sudo.h:
14453: Redo the long syslog line splitting based on a patch from Eygene
14454: Ryabinkin. Include memrchr() for systems without it.
14455: [66a50e8d553a]
14456:
14457: * memrchr.c:
14458: Redo the long syslog line splitting based on a patch from Eygene
14459: Ryabinkin. Include memrchr() for systems without it.
14460: [2f6702b7d41b]
14461:
14462: * Makefile.in, config.h.in, configure, configure.in:
14463: Redo the long syslog line splitting based on a patch from Eygene
14464: Ryabinkin. Include memrchr() for systems without it.
14465: [407a46190921]
14466:
14467: * configure.in:
14468: Since we need to be able to convert timespec to timeval for utimes()
14469: the last 3 digits in the tv_nsec are not significant. This makes the
14470: sudoedit file date comparison work again.
14471: [9d0258849fa9]
14472:
14473: 2007-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
14474:
14475: * aclocal.m4, configure, configure.in:
14476: Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
14477: This deals with exclusive authentication methods in a simple way.
14478: [7d70072c0f35]
14479:
14480: 2007-06-12 Todd C. Miller <Todd.Miller@courtesan.com>
14481:
14482: * LICENSE:
14483: mkstemp.c is BSD code too.
14484: [29e236d98162]
14485:
14486: * sudo.pod, sudoers.pod, visudo.pod:
14487: No commercial support for now.
14488: [7c76b3e192dd]
14489:
14490: 2007-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
14491:
14492: * sudo.c:
14493: cleanenv() is no more.
14494: [518080514408]
14495:
14496: 2007-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
14497:
14498: * ChangeLog:
14499: Display branch info in Changelog
14500: [44e3b27427c7]
14501:
14502: * utimes.c:
14503: Include config.h early so we have it for TIME_WITH_SYS_TIME
14504: [4bf1a00d0703]
14505:
14506: * ChangeLog:
14507: Fix Changelog generation and update.
14508: [6e960dbcbece]
14509:
14510: 2007-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
14511:
14512: * closefrom.c:
14513: Use /proc/self/fd instead of /proc/$$/fd
14514:
14515: Move old-style fd closing into closefrom_fallback() and call that if
14516: /proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
14517: [faa7e4810758]
14518:
14519: * auth/kerb5.c, config.h.in, configure.in:
14520: o use krb5_verify_user() if available instead of doing it by hand o
14521: use krb5_init_secure_context() if we have it o pass an encryption
14522: type of 0 to krb5_kt_read_service_key() instead of
14523: ENCTYPE_DES_CBC_MD5 to let kerberos choose.
14524: [df7acf72bd7c]
14525:
14526: * env.c:
14527: Check TERM and COLORTERM for '%' and '/' characters. From Debian.
14528: [f92d05197e40]
14529:
14530: * configure.in:
14531: Fix closefrom() substitution in the Makefile
14532: [b642b13fcc5c]
14533:
14534: * TROUBLESHOOTING:
14535: Mention alternate sudo pronunciation.
14536: [7c71dc73409f]
14537:
14538: 2007-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
14539:
14540: * env.c:
14541: Remove KRB5_KTNAME from environment. Allow COLORTERM.
14542: [70f35a79f780]
14543:
14544: * auth/kerb5.c:
14545: If we cannot get a valid service key using the default keytab it is
14546: a fatal error. Fixes a bug where sudo could be tricked into
14547: allowing access when it should not by a fake KDC. From Thor Lancelot
14548: Simon.
14549: [a3ae6a47cb23]
14550:
14551: 2007-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
14552:
14553: * aclocal.m4, configure, configure.in:
14554: Update long long checks to use AC_CHECK_TYPES and to cache values.
14555: [047318eaaeb2]
14556:
14557: * aclocal.m4, configure.in:
14558: Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
14559: use AC_REPLACE_FNMATCH since that assumes replacing with GNU
14560: fnmatch.
14561: [80513a1003ea]
14562:
14563: 2007-05-11 Todd C. Miller <Todd.Miller@courtesan.com>
14564:
14565: * configure, configure.in:
14566: Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
14567: need it for visudo now too.
14568: [50837c7c2b5e]
14569:
14570: 2007-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
14571:
14572: * sudoers.pod:
14573: Attempt to clarify the bit talking about network numbers w/o
14574: netmasks.
14575: [211e68c1d034]
14576:
14577: * sudo.pod:
14578: Clarify timestamp dir ownership sentence.
14579: [9178f132c7f7]
14580:
14581: 2007-04-20 Todd C. Miller <Todd.Miller@courtesan.com>
14582:
14583: * auth/pam.c:
14584: Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
14585: Dmitry V. Levin.
14586: [81fce91667bc]
14587:
14588: 2007-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
14589:
14590: * sudo.c:
14591: -i is also one of the mutually exclusive options to list it in the
14592: warning message. Noted by Chris Pepper.
14593: [7da73fb248e9]
14594:
14595: 2007-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
14596:
14597: * visudo.pod:
14598: The sudoers variable is env_editor, not enveditor. From Jean-
14599: Francois Saucier.
14600: [2a86ec09a6db]
14601:
14602: 2007-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
14603:
14604: * redblack.c:
14605: I tracked down the original author so credit him and include his
14606: license info.
14607: [3733553a1bba]
14608:
14609: 2007-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
14610:
14611: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
14612: sudoers.pod:
14613: Fix typos; from Jason McIntyre.
14614: [1ee4ce2512f2]
14615:
14616: * logging.c:
14617: Restore signal mask before calling reapchild(). Fixes a possible
14618: race condition that could prevent sudo from properly waiting for the
14619: child.
14620: [9ee4192385dc]
14621:
14622: 2007-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
14623:
14624: * pwutil.c:
14625: Don't declare pw_free() if we are not going to use it.
14626: [adb79a4289ca]
14627:
14628: * env.c:
14629: Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
14630: LDR_PRELOAD64. The 64-bit version is not currently supported.
14631: Remove zero_env() prototype as it no longer exists.
14632: [b4fe65027fb6]
14633:
14634: 2006-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
14635:
14636: * logging.c:
14637: Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
14638: [78002ad90f7b]
14639:
14640: 2006-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
14641:
14642: * auth/pam.c:
14643: If the user enters ^C at the password prompt, abort instead of
14644: trying to authenticate with an empty password (which causes an
14645: annoying delay).
14646: [da3f27b747c7]
14647:
14648: 2006-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
14649:
14650: * closefrom.c, config.h.in, configure, configure.in:
14651: Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
14652: Darren Tucker.
14653: [0331b7780759]
14654:
14655: * pwutil.c:
14656: pw_free() is only used by sudo_freepwcache() so ifdef it out too.
14657: [0014c0d9eeba]
14658:
14659: 2006-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
14660:
14661: * config.guess, config.sub:
14662: Update to latest versions from cvs.savannah.gnu.org
14663: [aa0143101c20]
14664:
14665: 2006-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
14666:
14667: * pwutil.c, sudo_edit.c:
14668: Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
14669: we can close the passwd/group files early.
14670: [559074bd7eb7]
14671:
14672: * config.h.in, configure, configure.in, set_perms.c:
14673: Add seteuid() flavor of set_perms() for systems without setreuid()
14674: or setresuid() that have a working seteuid(). Tested on Darwin.
14675: [508d8da99189]
14676:
14677: 2006-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
14678:
14679: * mon_systrace.c:
14680: systrace_read() returns ssize_t
14681: [9f97d1d1a59d]
14682:
14683: * configure, configure.in:
14684: Fix typo, -lldap vs. -ldap; from Tim Knox.
14685: [a8cc43c3bb2a]
14686:
14687: 2006-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
14688:
14689: * HISTORY:
14690: Fix typo; Matt Ackeret
14691: [86964ee3dfbd]
14692:
14693: 2006-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
14694:
14695: * sudo.c:
14696: Print sudoers path in -V mode for root.
14697: [dc43f2d75bd9]
14698:
14699: 2006-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
14700:
14701: * ldap.c:
14702: Do a sub tree search instead of a base search (one level in the tree
14703: only) for sudo right objects. This allows system administrators to
14704: categorize the rights in a tree to make them easier to manage.
14705: [6d2d9abf996e]
14706:
14707: 2005-12-28 Todd C. Miller <Todd.Miller@courtesan.com>
14708:
14709: * sudo.pod:
14710: fix typo
14711: [1473413bcbda]
14712:
14713: 2005-12-04 Todd C. Miller <Todd.Miller@courtesan.com>
14714:
14715: * ldap.c:
14716: Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
14717: bind_timelimit support; adapted from gentoo.
14718: [afc816093026]
14719:
14720: 2005-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
14721:
14722: * ldap.c:
14723: Support comments that start in the middle of a line
14724: [c25df6ee3db8]
14725:
14726: * configure, configure.in:
14727: Define LDAP_DEPRECATED until we start using ldap_get_values_len()
14728: [ee249bfe230a]
14729:
14730: 2005-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
14731:
14732: * closefrom.c:
14733: Silence gcc -Wsign-compare; djm@openbsd.org
14734: [28769ce6418d]
14735:
14736: * error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
14737: cleanup() now takes an int as an arg so it can be used as a signal
14738: handler too.
14739: [2bb0df34d09c]
14740:
14741: * sudo.c:
14742: Make a copy of the shell field in the passwd struct for NewArgv to
14743: avoid a use after free situation after sudo_endpwent() is called.
14744: [5dcc9ffd362e]
14745:
14746: 2005-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
14747:
14748: * config.h.in, configure, configure.in:
14749: Add mkstemp() for those poor souls without it.
14750: [5fdd02e863e0]
14751:
14752: * mkstemp.c:
14753: Add mkstemp() for those poor souls without it.
14754: [c99401207860]
14755:
14756: * Makefile.in:
14757: Add mkstemp() for those poor souls without it.
14758: [9c1cf2678f24]
14759:
14760: 2005-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
14761:
14762: * env.c:
14763: Add PERL5DB to list of environment variables to remove.
14764: [7375c27ecf75]
14765:
14766: 2005-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
14767:
14768: * mon_systrace.c, mon_systrace.h:
14769: Instead of calling the check function twice with a state cookie use
14770: separate check/log functions.
14771:
14772: Check more ioctl() calls for failure.
14773:
14774: systrace_{read,write} now return the number of bytes read/written or
14775: -1 on error.
14776: [3dc8946d90e9]
14777:
14778: * env.c:
14779: Add more environment variables to remove; from gentoo linux Add some
14780: comments about what bad env variables go to what (more to do)
14781: [6918110a6b82]
14782:
14783: 2005-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
14784:
14785: * sudo.c, sudo_edit.c:
14786: Move sudo_end{gr,pw}ent() until just before the exec since they free
14787: up our cached copy of the passwd structs, including sudo_user and
14788: sudo_runas. Fixes a use-after-free bug.
14789: [54de3778bad0]
14790:
14791: * visudo.c:
14792: Close all fd's before executing editor.
14793: [4fcc05e1bec8]
14794:
14795: * sudo.c:
14796: Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
14797: [ef0e8ffa5c9f]
14798:
14799: * check.c:
14800: Fix fd leak when lecture file option is enabled. From Jerry Brown
14801: [ce97f9207cd8]
14802:
14803: 2005-11-07 Todd C. Miller <Todd.Miller@courtesan.com>
14804:
14805: * env.c:
14806: Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
14807: environment variables to remove. From Charles Morris
14808: [c96e1367d1c1]
14809:
14810: 2005-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
14811:
14812: * env.c:
14813: add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
14814: [72a6a1571226]
14815:
14816: 2005-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
14817:
14818: * env.c:
14819: add PS4 and SHELLOPTS to initial_badenv_table for bash
14820: [89dfb3f318f3]
14821:
14822: 2005-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
14823:
14824: * sudoers.pod:
14825: Fix typo; Toby Peterson
14826: [b7a3222b23f4]
14827:
14828: 2005-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
14829:
14830: * tsgetgrpw.c:
14831: Make return buffers static so they don't get clobbered
14832: [13323a39b9f5]
14833:
14834: 2005-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
14835:
14836: * auth/securid5.c:
14837: Fix securid5 authentication, was not checking for ACM_OK. Also add
14838: default cases for the two switch()es. Problem noted by ccon at
14839: worldbank
14840: [14091e418333]
14841:
14842: 2005-06-27 Todd C. Miller <Todd.Miller@courtesan.com>
14843:
14844: * ldap.c:
14845: Remove ncat() in favor of just counting bytes and pre-allocating
14846: what is needed.
14847: [25b8712adb61]
14848:
14849: 2005-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
14850:
14851: * ldap.c:
14852: Fix up some comments Add missing fclose() for the rootbinddn case
14853: [ae95c8a89711]
14854:
14855: * ldap.c:
14856: align struct ldap_config
14857: [35d0d64c76f8]
14858:
14859: * ldap.c:
14860: use LINE_MAX for max conf file line size
14861: [da116cb8853d]
14862:
14863: * pathnames.h.in:
14864: add _PATH_LDAP_SECRET
14865: [128b04ecfab7]
14866:
14867: * README.LDAP:
14868: Mention rootbinddn Give example ou=SUDOers container
14869: [852edc69bd1c]
14870:
14871: 2005-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
14872:
14873: * INSTALL, configure, configure.in, ldap.c:
14874: Support rootbinddn in ldap.conf
14875: [1615c91522a1]
14876:
14877: * env.c, sudo.pod, sudoers.pod:
14878: Preserve DISPLAY environment variable by default.
14879: [05f503d5f438]
14880:
14881: * acsite.m4, configure:
14882: set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
14883: [18a04dea8d05]
14884:
14885: * acsite.m4, configure:
14886: set need_version=no for all cases; this is safe for LD_PRELOAD
14887: [b542560e1a73]
14888:
14889: * aclocal.m4:
14890: typo
14891: [c040df0fcd5a]
14892:
14893: * configure, configure.in:
14894: Add dragonfly
14895: [f13794618636]
14896:
14897: * auth/pam.c:
14898: Fix call to pam_end() when pam_open_session() fails.
14899: [0be47cdfdef1]
14900:
14901: * configure:
14902: regen
14903: [7f5c13b4b800]
14904:
14905: * acsite.m4:
14906: rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
14907: ltsugar.m4 ltversion.m4
14908: [a7ba9fd1a2ab]
14909:
14910: * config.guess, config.sub, ltmain.sh:
14911: merge in local changes: config.guess: o better openbsd support
14912: config.sub: o hiuxmpp support ltmain.sh o remove requirement that
14913: libs must begin with "lib" o don't print a bunch of crap about
14914: library installs o don't run ldconfig
14915: [f4149f2c720f]
14916:
14917: * config.guess, config.sub, ltmain.sh:
14918: libtool 1.9f
14919: [82a534e7121f]
14920:
14921: * configure.in:
14922: Update with autoupdate and make minor changes for libtool 1.9f
14923: [11b5ae5c1428]
14924:
14925: 2005-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
14926:
14927: * parse.c:
14928: don't call sudo_ldap_display_cmnd if ldap not setup
14929: [8bcf6c094ffe]
14930:
14931: * sudo_edit.c, visudo.c:
14932: Move declatation of struct timespec to its own include files for
14933: systems without it since it needs time_t defined.
14934: [b95c333299a0]
14935:
14936: * gettime.c:
14937: Move declatation of struct timespec to its own include files for
14938: systems without it since it needs time_t defined.
14939: [021b4569cc0c]
14940:
14941: * fileops.c:
14942: Move declatation of struct timespec to its own include files for
14943: systems without it since it needs time_t defined.
14944: [dd8573b2ee7d]
14945:
14946: * emul/timespec.h:
14947: Move declatation of struct timespec to its own include files for
14948: systems without it since it needs time_t defined.
14949: [f95137771564]
14950:
14951: * check.c, compat.h:
14952: Move declatation of struct timespec to its own include files for
14953: systems without it since it needs time_t defined.
14954: [2ef2ace8fe85]
14955:
14956: * ldap.c:
14957: Don't set safe_cmnd for the "sudo ALL" case.
14958: [ad7fa9e07da0]
14959:
14960: 2005-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
14961:
14962: * auth/pam.c:
14963: Call pam_open_session() and pam_close_session() to give pam_limits a
14964: chance to run. Idea from Karel Zak.
14965: [fed46d471350]
14966:
14967: 2005-04-24 Todd C. Miller <Todd.Miller@courtesan.com>
14968:
14969: * check.c, sudo.c:
14970: Add explicit cast from mode_t -> u_int in printf to silence warnings
14971: on Solaris
14972: [17bb961fe22d]
14973:
14974: * parse.c:
14975: include grp.h to silence a warning on Solaris
14976: [14386fbab640]
14977:
14978: 2005-04-23 Todd C. Miller <Todd.Miller@courtesan.com>
14979:
14980: * parse.c:
14981: Fix printing of += and -= defaults.
14982: [a667604c56cd]
14983:
14984: 2005-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
14985:
14986: * mon_systrace.c:
14987: Sanity check number of syscall args with argsize. Not really needed
14988: but a little paranoia never hurts.
14989: [6bb455a2c2d6]
14990:
14991: * mon_systrace.c, mon_systrace.h:
14992: Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
14993: for systrace lengths (since it uses int)
14994: [3cafccffcffd]
14995:
14996: 2005-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
14997:
14998: * mon_systrace.c:
14999: Add some memsets for paranoia Fix namespace collsion w/ error Check
15000: rval of decode_args() and update_env() Remove improper setting of
15001: validated variable
15002: [3d385158354d]
15003:
15004: 2005-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
15005:
15006: * parse.c, sudo.c, sudo.h:
15007: In -l mode, only check local sudoers file if def_ignore_sudoers is
15008: not set and call LDAP versions from display_privs() and
15009: display_cmnd() instead of directly from main(). Because of this we
15010: need to defer closing the ldap connection until after -l processing
15011: has ocurred and we must pass in the ldap pointer to display_privs()
15012: and display_cmnd().
15013: [1dfc2e8c9f2b]
15014:
15015: * ldap.c:
15016: Reorganize LDAP code to better match normal sudoers parsing.
15017: Instead of storing strings for later printing in -l mode we do
15018: another query since the authenticating user and the user being
15019: listed may not be the same (the new -U flag). Also add support for
15020: "sudo -l command".
15021:
15022: There is still a fair bit if duplicated code that can probably be
15023: refactored.
15024: [e9568f19bde5]
15025:
15026: 2005-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
15027:
15028: * ldap.c:
15029: Replace pass variable with do_netgr for better readability.
15030: [1bba841b6e79]
15031:
15032: * ldap.c:
15033: use DPRINTF macro
15034: [02b159b66bb5]
15035:
15036: * ldap.c:
15037: estrdup, not strdup
15038: [22cdee7973c1]
15039:
15040: 2005-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
15041:
15042: * parse.c:
15043: Add macro to test if the tag changed to improve readability.
15044: [4e11b4819556]
15045:
15046: * parse.c:
15047: Avoid printing defaults header if there are no defaults to print...
15048: [41a28627df03]
15049:
15050: * glob.c:
15051: Fix a warning on systems without strlcpy().
15052: [6814e0f0e4f4]
15053:
15054: * pwutil.c:
15055: Use macros where possible for sudo_grdup() like sudo_pwdup().
15056: [30f201ff35cd]
15057:
15058: 2005-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
15059:
15060: * utimes.c:
15061: It is possible for tv_usec to hold >= 1000000 usecs so add in
15062: tv_usec / 1000000.
15063: [794ac4d53a65]
15064:
15065: 2005-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
15066:
15067: * auth/kerb5.c:
15068: The component in krb5_principal_get_comp_string() should be 1, not 0
15069: for Heimdal. From Alex Plotnick.
15070: [fefa351c5044]
15071:
15072: 2005-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
15073:
15074: * alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
15075: interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
15076: redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
15077: Add efree() for consistency with emalloc() et al. Allows us to rely
15078: on C89 behavior (free(NULL) is valid) even on K&R.
15079: [7876bb80d87c]
15080:
15081: * parse.c, sudo.c:
15082: Move initgroups() for -U option into display_privs() so group
15083: matching in sudoers works correctly.
15084: [b074428ad2ca]
15085:
15086: 2005-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
15087:
15088: * ldap.c:
15089: Removed duplicate call to ldap_unbind_s introduced along with
15090: sudo_ldap_close.
15091: [19acc1c20f7c]
15092:
15093: * parse.c:
15094: Add missing space in Defaults printing
15095: [95d2935bf6d4]
15096:
15097: 2005-03-25 Todd C. Miller <Todd.Miller@courtesan.com>
15098:
15099: * pwutil.c:
15100: Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
15101: and string copies.
15102: [6b6b241495e5]
15103:
15104: 2005-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
15105:
15106: * pwutil.c:
15107: Zero old pw_passwd before replacing with version from shadow file.
15108: [3251b349dfe1]
15109:
15110: * configure, configure.in:
15111: Only attempt shadow password detection if PAM is not being used Add
15112: shadow_* variables to make shadow password detection more generic.
15113: [d498a3423ac9]
15114:
15115: * configure.in:
15116: Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
15117: [04d55bbd5e35]
15118:
15119: 2005-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
15120:
15121: * sudoers.pod:
15122: use a non-breaking space to avoid a double space after e.g.
15123: [11cdb54bdf7b]
15124:
15125: * sudo.pod:
15126: commna, not colon after e.g.
15127: [8d5875ff72e0]
15128:
15129: 2005-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
15130:
15131: * sudo_noexec.c:
15132: Add __ variants of the exec functions. GNU libc at least uses
15133: __execve() internally.
15134: [d1880473d790]
15135:
15136: * indent.pro:
15137: Match reality a bit more.
15138: [633e3fa875a7]
15139:
15140: * pwutil.c:
15141: Missed piece from rev. 1.6, fix sudo_getpwnam() too.
15142: [128f7b21c2ee]
15143:
15144: * pwutil.c:
15145: Store shadow password after making a local copy of struct passwd in
15146: case normal and shadow routines use the same internal buffer in
15147: libc.
15148: [f806052a6ffc]
15149:
15150: 2005-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
15151:
15152: * alloc.c, logging.c:
15153: Make varargs usage consistent with the rest of the code.
15154: [3d45affc9851]
15155:
15156: 2005-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
15157:
15158: * sudo_noexec.c:
15159: Wrap more of the exec family since on Linux the others do not appear
15160: to go through the normal execve() path.
15161: [8167769b4e19]
15162:
15163: * visudo.c:
15164: make print_unused static like proto says
15165: [ecf10e1bae55]
15166:
15167: * glob.c:
15168: silence a warning on K&R systems
15169: [2e00425f1a5c]
15170:
15171: * alias.c, error.c:
15172: make this build in K&R land
15173: [156f65f8525a]
15174:
15175: * parse.c:
15176: make this build in K&R land
15177: [6fc9276889cb]
15178:
15179: 2005-03-08 Todd C. Miller <Todd.Miller@courtesan.com>
15180:
15181: * toke.c:
15182: regen
15183: [3b349748cd21]
15184:
15185: 2005-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
15186:
15187: * ldap.c:
15188: return(foo) not return foo optimize _atobool() slightly
15189: [11d09d154ed5]
15190:
15191: * ldap.c:
15192: Use TRUE/FALSE
15193: [53999320d98f]
15194:
15195: * ldap.c:
15196: Reformat to match the rest of sudo's code.
15197: [1bd0f2afa0e7]
15198:
15199: * sudo.pod:
15200: I am the primary author
15201: [5d311ecd85c6]
15202:
15203: 2005-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
15204:
15205: * Makefile.in, README, RUNSON:
15206: The RUNSON file is toast--it confused too many people and really
15207: isn't needed in a configure-oriented world.
15208: [96a6ef7bbc08]
15209:
15210: * INSTALL:
15211: alternate -> alternative
15212: [b65015c5d0a2]
15213:
15214: * tgetpass.c:
15215: Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
15216: TCSAFLUSH.
15217: [c66b4763ffdc]
15218:
15219: * toke.l:
15220: Allow leading blanks before Defaults and Foo_Alias definitions
15221: [2add513d9277]
15222:
15223: * Makefile.in:
15224: fix rules to build toke.o and gram.o in devel mode
15225: [96cbb414ebd3]
15226:
15227: 2005-02-20 Todd C. Miller <Todd.Miller@courtesan.com>
15228:
15229: * sudoers.pod:
15230: env_keep overrides set_logname
15231: [401877193a15]
15232:
15233: * env.c:
15234: Fix disabling set_logname and make env_keep override set_logname.
15235: [0906e7a5ed93]
15236:
15237: * compat.h, config.h.in, configure, configure.in:
15238: No longer need memmove()
15239: [43bdb6efe3f2]
15240:
15241: * env.c, sudo.c:
15242: Just clean the environment once. This assumes that any further
15243: setenv/putenv will be able to handle the fact that we replaced
15244: environ with our own malloc'd copy but all the implementations I've
15245: checked do.
15246: [11658fe92ba2]
15247:
15248: 2005-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
15249:
15250: * env.c, sudo.c:
15251: In -i mode, base the value of insert_env()'s dupcheck flag on
15252: DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
15253: [8365b0bd0c71]
15254:
15255: 2005-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
15256:
15257: * env.c, sudo.c:
15258: Move setting of user_path, user_shell, user_prompt and prev_user
15259: into init_vars() since user_shell at least is needed there.
15260: [37e22dce66e9]
15261:
15262: 2005-02-12 Todd C. Miller <Todd.Miller@courtesan.com>
15263:
15264: * Makefile.in:
15265: fix devel builds
15266: [9fbb15ef164c]
15267:
15268: * sudo.c:
15269: Fix some printf format mismatches on error.
15270: [ffc1c3f11740]
15271:
15272: * check.c:
15273: Fix some printf format mismatches on error.
15274: [7b3b508adf50]
15275:
15276: * configure, gram.c, toke.c:
15277: regen
15278: [aa76f9d8b02a]
15279:
15280: * Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
15281: auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
15282: auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
15283: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
15284: auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
15285: closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
15286: emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
15287: getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
15288: interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
15289: parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
15290: snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
15291: sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
15292: testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
15293: visudo.pod, zero_bytes.c:
15294: Update copyright years.
15295: [0610c3654739]
15296:
15297: * Makefile.binary.in:
15298: Update copyright years.
15299: [d78ffc9f2e2b]
15300:
15301: * LICENSE:
15302: Update copyright years.
15303: [f60473bca4b1]
15304:
15305: * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
15306: version 1.7
15307: [aa977a544ca1]
15308:
15309: * WHATSNEW:
15310: What's new in sudo 1.7, based on the 1.7 CHANGES entries.
15311: [ecfcf7269c14]
15312:
15313: 2005-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
15314:
15315: * compat.h, logging.h, sudo.h:
15316: Add __printflike and use it with gcc to warn about printf-like
15317: format mismatches
15318: [b192ad4a0548]
15319:
15320: 2005-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
15321:
15322: * CHANGES, ChangeLog:
15323: Replaced CHANGES file with ChangeLog generated from cvs logs
15324: [d9ace9dab98f]
15325:
15326: * set_perms.c:
15327: Use warning/error instead of perror/fatal.
15328: [e33259df7738]
15329:
15330: * config.guess:
15331: Update OpenBSD section
15332: [9d2c23de6801]
15333:
15334: * UPGRADE:
15335: Add upgrading noted for 1.7
15336: [1fb6b6d6df07]
15337:
15338: * env.c, sudo.c, sudoers.pod:
15339: Instead of zeroing out the environment, just prune out entries based
15340: on the env_delete and env_check lists. Base building up the new
15341: environment on the current environment and the variables we removed
15342: initially.
15343: [fc192df8fd15]
15344:
15345: * config.h.in, configure, configure.in, sudo.c:
15346: Set locale to "C" if locales are supported, just to be safe.
15347: [91fbaa98f02e]
15348:
15349: * toke.c, toke.l:
15350: Cast?argument to ctype functions to unsigned char.
15351: [e096b4d65796]
15352:
15353: 2005-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
15354:
15355: * env.c:
15356: correct value for DID_USER
15357: [b5b05d36ec15]
15358:
15359: * error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
15360: #include <compat.h> not "compat.h"
15361: [7a0ad9a0ccd7]
15362:
15363: * defaults.c:
15364: Reset the environment by default.
15365: [4ecc6423e0f0]
15366:
15367: * sudo.c:
15368: Alloc an extra slot in NewArgv. Removes the need to malloc an new
15369: vector if execve() fails.
15370: [83dfb6f584a7]
15371:
15372: 2005-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
15373:
15374: * INSTALL, config.h.in, configure, configure.in, sudo.c:
15375: Use execve(2) and wrap the command in sh if we get ENOEXEC.
15376: [c0c6af4e2a21]
15377:
15378: 2005-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
15379:
15380: * sudo_noexec.c:
15381: Only include time.h on systems that lack struct timespec which gets
15382: defind in compat.h (using time_t).
15383: [e373e518b4cb]
15384:
15385: * sudo_noexec.c:
15386: Include time.h for time_t in compat.h for systems w/o struct
15387: timespec.
15388: [a34b5637e458]
15389:
15390: * compat.h, config.h.in, configure, configure.in:
15391: use bcopy on systems w/o memmove
15392: [f835eafd78c6]
15393:
15394: * compat.h:
15395: __attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
15396: use to gcc >= 2.8.
15397: [1cb9a4e58566]
15398:
15399: * Makefile.in:
15400: Add explicit rule to build sudo_noexec.lo
15401: [df1dfcf8dd77]
15402:
15403: 2005-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
15404:
15405: * INSTALL.configure, Makefile.in:
15406: No longer depend on VPATH; pointed out a bunch of missed
15407: dependencies.
15408: [601a45d4af6b]
15409:
15410: * TROUBLESHOOTING:
15411: Help for PAM when account section is missing
15412: [9b8221256756]
15413:
15414: * auth/pam.c:
15415: Give user a clue when there is a missing "account" section in the
15416: PAM config.
15417: [2529625c0495]
15418:
15419: * auth/pam.c:
15420: Better error handling.
15421: [518c9bda23d8]
15422:
15423: * config.h.in, configure, configure.in:
15424: Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
15425: possible. Silences a warning about isblank() on linux.
15426: [19c94d7ecdc8]
15427:
15428: * auth/pam.c:
15429: Fix typo (missing comma) that caused an incorrect number of args to
15430: be passed to log_error().
15431: [0099dfec560f]
15432:
15433: 2005-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
15434:
15435: * pwutil.c:
15436: Don't try to destroy a tree we didn't create.
15437: [d43c4fe03aa4]
15438:
15439: 2005-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
15440:
15441: * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
15442: auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
15443: auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
15444: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
15445: compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
15446: fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
15447: goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
15448: match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
15449: sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
15450: strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
15451: tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
15452: Add __unused to rcsids
15453: [ad6b4ac45705]
15454:
15455: 2005-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
15456:
15457: * configure, configure.in:
15458: Fix error message when mixing invalid auth types
15459: [68069b3ff5bc]
15460:
15461: * INSTALL:
15462: PAM, AIX auth, BSD auth and login_cap are now on by default if the
15463: OS supports them.
15464: [4e44e9098cf0]
15465:
15466: * auth/sudo_auth.h, config.h.in:
15467: s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
15468: [2d569b43b23e]
15469:
15470: * configure.in:
15471: Better checking for conflicting authentication methods Display the
15472: authentication methods used at the end of configure Rename --with-
15473: authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
15474: --with-pam, --with-logincap by default on systems that support them
15475: unless disabled. Add OSMAJOR variable that replaces old OSREV; now
15476: OSREV has full version number
15477: [a21115b6fe9f]
15478:
15479: 2005-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
15480:
15481: * def_data.c, def_data.in, sudo.c, sudoers.pod:
15482: s/-O/-C/
15483: [ee73f1b81923]
15484:
15485: 2005-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
15486:
15487: * configure.in:
15488: Replace: test -n "$FOO" || FOO="bar"
15489:
15490: With: : ${FOO='bar'}
15491: [37552d9054fc]
15492:
15493: 2005-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
15494:
15495: * pwutil.c, testsudoers.c, tsgetgrpw.c:
15496: Use function pointers to only call private passwd/group routines
15497: when using a nonstandard passwd/group file.
15498: [215908681dfb]
15499:
15500: 2005-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
15501:
15502: * CHANGES:
15503: sync
15504: [2e55c03f5790]
15505:
15506: * tsgetgrpw.c:
15507: Can't use strtok() since it doesn't handle empty fields so add
15508: getpwent()/getgrent() functions and call those.
15509: [bdaa5b0db70e]
15510:
15511: 2005-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
15512:
15513: * Makefile.in:
15514: Fix dummied out toke.c and gram.c dependencies.
15515: [4b909c8b2ebe]
15516:
15517: * Makefile.in:
15518: Rename PARSESRCS -> GENERATED since it is only used in the clean
15519: target Add devdir variable and use it to specify the path to parser
15520: sources
15521: [f27b3f41ca23]
15522:
15523: * configure:
15524: regen
15525: [22c6435dbd46]
15526:
15527: * configure.in:
15528: Add a devdir variables that defaults to $(srcdir) and is set to . if
15529: --devel was specified. Allows for proper dependecies building the
15530: parser.
15531: [a36d694c6d21]
15532:
15533: * testsudoers.c:
15534: Add support for custom passwd/group files.
15535: [296549ff4b87]
15536:
15537: * Makefile.in:
15538: Build private copy of pwutil.o for testsudoers with MYPW defined so
15539: it uses our own passwd/group routines.
15540: [bafa54ec78ca]
15541:
15542: * visudo.c:
15543: Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
15544: stubs instead. We can now just use the caching sudo_*{pw,gr}*
15545: functions in pwutil.c Add comment about wanting to call
15546: sudo_endpwent/sudo_endgrent in cleanup()
15547: [7e59d6b5510d]
15548:
15549: * tsgetgrpw.c:
15550: Remove caching; we will just use what is in pwutil.c Use global
15551: buffers for passwd/group structs Rename functions from sudo_* to
15552: my_*
15553: [8c1e068f574c]
15554:
15555: * logging.c, sudo.c:
15556: g/c pwcache_init/pwcache_destroy
15557: [60a24909b947]
15558:
15559: * sudo.h:
15560: Undo last commit and add sudo_setspent and sudo_endspent instead.
15561: [bac80db08296]
15562:
15563: * getspwuid.c, pwutil.c:
15564: Move all but the shadow stuff from getspwuid.c to pwutil.c and
15565: pwcache_get and pwcache_put as they are no longer needed. Also add
15566: preprocessor magic to use private versions of the passwd and group
15567: routines if MYPW is defined (for use by testsudoers).
15568: [a16b8678a426]
15569:
15570: * tsgetgrpw.c:
15571: zero out struct passwd/group before filling it in so if there are
15572: fields we don't handle they end up as 0.
15573: [274cb6a93301]
15574:
15575: * logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
15576: Adapt to pwutil.c
15577: [43ebd04c8b82]
15578:
15579: * Makefile.in:
15580: Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
15581: readability.
15582: [7f88c6061e2d]
15583:
15584: * tsgetgrpw.c:
15585: Passwd and group lookup routines for testsudoers that support
15586: alternate passwd and group files.
15587: [d7803101d34e]
15588:
15589: * getspwuid.c, pwutil.c:
15590: Split off pw/gr cache and dup code into its own file. This allows
15591: visudo and testsudoers to use the pw/gr cache too.
15592: [ef333d3ffedf]
15593:
15594: 2005-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
15595:
15596: * parse.c:
15597: Print Defaults info in "sudo -l" output and wrap lines based on the
15598: terminal width.
15599: [e559eae4250e]
15600:
15601: 2005-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
15602:
15603: * match.c, testsudoers.c, visudo.c:
15604: Only check group vector in usergr_matches() if we are matching the
15605: invoking or list user. Always check the group members, even if
15606: there was a group vector.
15607: [d0c7ceb2a041]
15608:
15609: 2004-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
15610:
15611: * LICENSE, Makefile.in, fnmatch.3:
15612: No longer bundle fnmatch.3
15613: [72db4a4ff4e1]
15614:
15615: * CHANGES, TODO:
15616: checkpoint
15617: [e92781bfd99c]
15618:
15619: 2004-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
15620:
15621: * sudo.c:
15622: sort usage
15623: [15e3b876ec2c]
15624:
15625: * sudo.pod:
15626: Sort command line options
15627: [c1fa56584bc4]
15628:
15629: * def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
15630: sudo.pod, sudoers.pod:
15631: Add closefrom sudoers option to start closing at a point other than
15632: 3. Add closefrom_override sudoers option and -C sudo flag to allow
15633: the user to specify a different closefrom starting point.
15634: [370652b099d1]
15635:
15636: * pathnames.h.in:
15637: Add _PATH_DEVNULL for those without it.
15638: [0c4c3e0ceb8b]
15639:
15640: * LICENSE:
15641: no more UCB strcasecmp
15642: [397a6298e07f]
15643:
15644: * strcasecmp.c:
15645: replace BSD licensed one with version derived from pdksh
15646: [d7cfda8c57a2]
15647:
15648: 2004-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
15649:
15650: * sudo.c:
15651: Fix last commit.
15652: [7afb9a180532]
15653:
15654: * sudo.c:
15655: Make sure stdin, stdout and stderr are open and dup them to
15656: /dev/null if not.
15657: [590f387068bd]
15658:
15659: 2004-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
15660:
15661: * ldap.c, mon_systrace.c, sudo.c, sudo.h:
15662: add sudo_ldap_close
15663: [4273a36765a7]
15664:
15665: * fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
15666: Use TIME_WITH_SYS_TIME
15667: [c32b59bf15fb]
15668:
15669: * config.h.in, configure, configure.in:
15670: Add TIME_WITH_SYS_TIME_H
15671: [57cb146f451d]
15672:
15673: 2004-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
15674:
15675: * env.c:
15676: Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
15677: unconditionally on darwin. From Toby Peterson.
15678: [d69959681c87]
15679:
15680: * getspwuid.c:
15681: Check rbinsert() return value. In the case of faked up entries
15682: there is usually a negative response cached that we need to
15683: overwrite.
15684:
15685: In pwfree() don't try to zero out a NULL pw_passwd pointer.
15686: [00b32d1a48c1]
15687:
15688: * mon_systrace.c:
15689: Use the double fork trick to avoid the monitor process being waited
15690: for by the main program run through sudo.
15691: [e0ce556712ff]
15692:
15693: 2004-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
15694:
15695: * sudo.c:
15696: Call initgroups() in -U mode so group matches work normally.
15697: [2235bea15283]
15698:
15699: * def_data.h, mkdefaults:
15700: Don't print a trailing comma for the last entry in enum def_tupple
15701: [c43a96bb31df]
15702:
15703: 2004-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
15704:
15705: * sudoers.cat, sudoers.man.in, sudoers.pod:
15706: Mention values when lecture, listpw and verifypw are used in boolean
15707: context.
15708: [a0b5c0abaccf]
15709:
15710: * def_data.c, def_data.in:
15711: verifypw when used in a boolean TRUE context should be "all", not
15712: "any".
15713: [2eb076ddd5e2]
15714:
15715: 2004-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
15716:
15717: * def_data.in, defaults.c:
15718: Allow tuples that can be used as booleans to be used as boolean
15719: TRUE. In this case the 2nd possible value of the tuple is used for
15720: TRUE.
15721: [bd99aa77e88b]
15722:
15723: 2004-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
15724:
15725: * configure, configure.in:
15726: Correct the test for 2-parameter timespecsub
15727: [d41c9cb26b97]
15728:
15729: * sudo.h:
15730: Add strub struct definitions for passwd, timeval and timespec
15731: [c4ce5c43d8c5]
15732:
15733: * config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
15734: Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
15735: and fix a typo in the gettimeofday check.
15736: [8ac9893057ce]
15737:
15738: 2004-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
15739:
15740: * match.c, testsudoers.c:
15741: Deal with user_stat being NULL as it is for visudo and testsudoers.
15742: [3605a6ff64d0]
15743:
15744: * parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
15745: Add -U option to use in conjunction with -l instead of -u. Add
15746: support for "sudo -l command" to test a specific command.
15747: [99638789d415]
15748:
15749: * gram.c, gram.y, sudo.c:
15750: Set safe_cmnd after sudoers_lookup() if it has not been set.
15751: Previously it was set by sudo "ALL" in the parser but at that point
15752: the fully-qualified pathname has not yet been found.
15753: [ac30d98f8225]
15754:
15755: 2004-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
15756:
15757: * parse.c, testsudoers.c:
15758: Correctly handle multiple privileges per userspec and runas
15759: inheritence.
15760: [a98a965181af]
15761:
15762: 2004-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
15763:
15764: * defaults.c:
15765: Zero out sd_un for each entry in sudo_defs_table in init_defaults.
15766: [031d3cd4a848]
15767:
15768: 2004-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
15769:
15770: * toke.c, toke.l:
15771: make per-command defaults work with sudoedit
15772: [e56fe33db916]
15773:
15774: * ldap.c, parse.c, sudo.c, sudo.h:
15775: Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
15776: Instead, we just set the approriate defaults variable.
15777: [756eeecc1d86]
15778:
15779: * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
15780: Document per-command Defaults.
15781: [92a0f84b91c1]
15782:
15783: * defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
15784: sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
15785: Add support for command-specific Defaults entries. E.g.
15786: Defaults!/usr/bin/vi noexec
15787: [be3d52bf01cf]
15788:
15789: * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
15790: Change an occurence of user_matches() -> runas_matches() missed
15791: previously runas_matches(), host_matches() and cmnd_matches() only
15792: really need to pass in a list of members. user_matches() still
15793: needs to pass in a passwd struct because of "sudo -l"
15794: [833b22fc6fa0]
15795:
15796: * parse.c:
15797: Check def_authenticate, def_noexec and def_monitor when setting
15798: return flags. XXX May be better to just set the defaults directly
15799: and get rid of those flags.
15800: [b6db22b59d69]
15801:
15802: * alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
15803: auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
15804: auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
15805: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
15806: defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
15807: getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
15808: gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
15809: mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
15810: strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
15811: sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
15812: visudo.c, zero_bytes.c:
15813: Use: #include <config.h> Not: #include "config.h" That way we get
15814: the correct config.h when build dir != src dir
15815: [97e5670a442b]
15816:
15817: * Makefile.in:
15818: Back out part of rev 1.263; fix -I order
15819: [197ea01cad5d]
15820:
15821: * toke.c, toke.l:
15822: More robust parsing if #include; could be much better still.
15823: [31bc3cd8f045]
15824:
15825: * sudo_edit.c, visudo.c:
15826: Make arg splitting in visudo and sudoedit consistent.
15827: [7bc74485f246]
15828:
15829: * Makefile.in, alias.c, gram.c, gram.y, parse.h:
15830: Split alias routines out into their own file.
15831: [d90f633cf9ae]
15832:
15833: * error.h:
15834: __attribute__ is already defined in compat.h
15835: [676ed3fe9203]
15836:
15837: * visudo.c:
15838: quit() should not be __noreturn__ as it is non-void on some
15839: platforms.
15840: [e528c2b6ba10]
15841:
15842: * auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
15843: Add local error/warning functions like err/warn but that call an
15844: additional cleanup routine in the error case. This means we no
15845: longer need to compile a special version of alloc.o for visudo.
15846: [e78e8aae882e]
15847:
15848: * parse.h:
15849: Clarify comments about the data structures
15850: [ae894e266701]
15851:
15852: 2004-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
15853:
15854: * visudo.c:
15855: Add support for VISUAL and EDITOR containing command line args. If
15856: env_editor is not set any args in VISUAL and EDITOR are ignored.
15857: Arguments are also now supported in def_editor.
15858: [ff7303b8e298]
15859:
15860: 2004-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
15861:
15862: * parse.h:
15863: alias_matches() is no more
15864: [b59825e28084]
15865:
15866: * CHANGES, TODO:
15867: sync
15868: [2b8f5f63c1de]
15869:
15870: * Makefile.in:
15871: When regenerating the parser, don't replace gram.h unless it has
15872: changed.
15873: [819949668018]
15874:
15875: * Makefile.in:
15876: remove Makefile.binary for distclean
15877: [351eec8d00b2]
15878:
15879: * env.c:
15880: Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
15881: sure we can't overflow new_env.
15882: [3284d17b9c6d]
15883:
15884: * sudo_edit.c:
15885: paranoia when stripping trailing slashes from tempdir.
15886: [012f1aa2b81f]
15887:
15888: * sudo.c:
15889: Set user_ngroups to 0 if getgroups() returns an error.
15890: [c46d43e9449a]
15891:
15892: 2004-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
15893:
15894: * config.h.in, configure, configure.in, sudo.c:
15895: Add configure check for getgroups()
15896: [5d8a214e2cef]
15897:
15898: * ldap.c:
15899: Use supplementary group vector in struct sudo_user.
15900: [3d0c463c034d]
15901:
15902: * match.c:
15903: Only do string comparisons on the group members if there is no
15904: supplemental group list.
15905: [be1c8362f7ef]
15906:
15907: * CHANGES, TODO:
15908: sync
15909: [db188bc5b975]
15910:
15911: * sudo_edit.c:
15912: On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
15913: chop off any trailing slashes we see and add an explicit one.
15914: [e1b477dafee1]
15915:
15916: * match.c:
15917: remove bogus XXX comment
15918: [8aecb8a28d40]
15919:
15920: * match.c:
15921: Get rid of alias_matches and correctly fall through to the non-alias
15922: cases when there is no alias with the specified name.
15923: [2cd555246f09]
15924:
15925: * getspwuid.c:
15926: Cache non-existent passwd/group entries too.
15927: [8de9a467d271]
15928:
15929: * gram.c:
15930: regen
15931: [9ece18c58f36]
15932:
15933: * getspwuid.c:
15934: fix typo
15935: [9a7ae371eac1]
15936:
15937: * check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
15938: mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
15939: Implement group caching and use the passwd and group caches
15940: throughout.
15941: [f1d8c5015169]
15942:
15943: 2004-11-15 Todd C. Miller <Todd.Miller@courtesan.com>
15944:
15945: * match.c:
15946: Properly negate the return value of alias_matches() when
15947: appropriate.
15948: [ce59c4ce77ad]
15949:
15950: * match.c:
15951: Make hostname_matches() return TRUE for a match, else FALSE like the
15952: caller expects.
15953: [1dc03902d3a2]
15954:
15955: * Makefile.in:
15956: Add missing dependencies on gram.h
15957: [4f94bbb1d50c]
15958:
15959: * match.c:
15960: Use runas_matches in alias_matches() now that we have it.
15961: [284d22e91178]
15962:
15963: * parse.c, parse.h:
15964: Expand aliases in "sudo -l" mode
15965: [f67a38b79c44]
15966:
15967: * gram.y, match.c:
15968: Use ALIAS for the member type when storing an alias instead of
15969: HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
15970: more generic type. Expand runas_matches instead of calling
15971: user_matches() inside of it since user_matches() looks up
15972: USERALIASes, not RUNASALIASes.
15973: [52004d75232b]
15974:
15975: * CHANGES, getspwuid.c:
15976: Paranoia; zero out pw_passwd before freeing passwd entry.
15977: [bd1b22638f00]
15978:
15979: * LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
15980: configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
15981: error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
15982: sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
15983: Add local error/warning functions like err/warn but that call an
15984: additional cleanup routine in the error case. This means we no
15985: longer need to compile a special version of alloc.o for visudo.
15986: [25000b676cfe]
15987:
15988: * match.c:
15989: Use userpw_matches() to compare usernames, not strcmp(), since the
15990: latter checks for "#uid".
15991: [fcbe4b859f66]
15992:
15993: * getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
15994: Cache passwd db entries in 2 reb-black trees; one indexed by uid,
15995: the other by user name. The data returned from the cache should be
15996: considered read-only and is destroyed by sudo_endpwent().
15997: [ee2418ff3f86]
15998:
15999: * match.c:
16000: add cast to uid_t
16001: [eb6415302d84]
16002:
16003: * gram.y:
16004: missing free in alias_destroy
16005: [572ecb680ad8]
16006:
16007: * redblack.c:
16008: Can't use rbapply() for rbdestroy since the destructor is passed a
16009: data pointer, not a node pointer.
16010: [11ce713830c0]
16011:
16012: * getspwuid.c, logging.c, sudo.c, sudo.h:
16013: Create and use private versions of setpwent() and endpwent() that
16014: set/end the shadow password file too.
16015: [616bc76d23bf]
16016:
16017: * gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
16018: Store aliases in a red-black tree.
16019: [ce017d540416]
16020:
16021: * Makefile.in, redblack.c, redblack.h:
16022: red-black tree implementation
16023: [cd5586e8f48b]
16024:
16025: * visudo.c:
16026: Edit all sudoers file if there were unused or undefined aliases and
16027: we are in strict mode.
16028: [b6d5f5bb7262]
16029:
16030: 2004-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
16031:
16032: * CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
16033: find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
16034: Bring back the "secure_path" Defaults option now that Defaults take
16035: effect before the path is searched.
16036: [2e52c0e27606]
16037:
16038: 2004-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
16039:
16040: * logging.c, parse.c:
16041: A user can always list their own entries, even with -u. Better error
16042: message when failing to list another user's entries.
16043: [e2e24deb0071]
16044:
16045: * parse.c, sudo.c, sudo.h:
16046: The syntax to list another user's entries is now "-u otheruser -l".
16047: Only root or users with sudo "ALL" may list other user's entries.
16048: [3c0657e8f5fe]
16049:
16050: * sudo.cat, sudo.man.in, sudo.pod:
16051: Update env variable info in SECURITY NOTES
16052: [299716071024]
16053:
16054: * env.c:
16055: strip CDPATH too
16056: [9b97643b26f9]
16057:
16058: * env.c:
16059: strip exported bash functions from the environment.
16060: [9e5090c8284f]
16061:
16062: 2004-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
16063:
16064: * sudo.c:
16065: Only reset sudo_user.pw based on SUDO_USER environment variables for
16066: real commands and sudoedit. This avoids a confusing message when a
16067: user tries "sudo -l" or "sudo -v" and is denied.
16068: [3ea6d0053274]
16069:
16070: * gram.c, gram.y, parse.h:
16071: Extend LIST_APPEND to deal with appending lists too
16072: [d963e42f622f]
16073:
16074: 2004-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
16075:
16076: * logging.c:
16077: Convert some bitwise AND to ISSET
16078: [130dc40d268e]
16079:
16080: * lex.yy.c, toke.c:
16081: toke.c replaces lex.yy.c
16082: [048858df79e7]
16083:
16084: * CHANGES, TODO:
16085: sync
16086: [d19e7abf251c]
16087:
16088: * BUGS:
16089: new parser fixes most of the outstanding bugs
16090: [0891f66e3758]
16091:
16092: * configure:
16093: regen
16094: [1a3358cc7283]
16095:
16096: * visudo.c:
16097: Rework for the new parser. Now checks for unused aliases in sudoers.
16098: [ad462ede3094]
16099:
16100: * testsudoers.c:
16101: Rewrite for the new parser. Now supports a -d flag (dump) and adds
16102: a -h flag (host). It now defaults to the local hostname unless
16103: otherwise specified.
16104: [1b69685cc601]
16105:
16106: * sudo.h:
16107: Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
16108: [2e4fb3abfef0]
16109:
16110: * sudo.c:
16111: Update for new parse. We now call find_path() *after* we have
16112: updated the global defaults based on sudoers. Also adds support for
16113: listing other user's privs if you are root.
16114: [cf3db9fc3024]
16115:
16116: * mon_systrace.c:
16117: Working LDAP support; also remove a now-unneeded rewind().
16118: [649ecf1baf6b]
16119:
16120: * logging.c, logging.h:
16121: Add NO_STDERR flag.
16122: [6cb935af94e0]
16123:
16124: * ldap.c:
16125: Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
16126: udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
16127: connecto to LDAP, apply the default options, find the command in the
16128: user's path, and then check whether the user is allowed to run it.
16129: The important thing here is that the default runas user may be
16130: specified as a default option and that needs to be set before we
16131: search for the command.
16132: [fc0426abc6f1]
16133:
16134: * ldap.c:
16135: Add casts to unsigned char for isspace() to quiet a gcc warning.
16136: [e5358e3df439]
16137:
16138: * defaults.h:
16139: Add prototype for update_defaults()
16140: [564dac3db74e]
16141:
16142: * defaults.c:
16143: Don't warn about line numbers now that we operate on a set of data
16144: structures (or LDAP) and not a file.
16145: [bcd9ffb9b67c]
16146:
16147: * config.h.in:
16148: No long use lsearch()
16149: [9d048c587319]
16150:
16151: * Makefile.in:
16152: Update for new and changed file names.
16153: [6f424a7c4515]
16154:
16155: * LICENSE:
16156: no more BSD lsearch.c
16157: [463a96d89026]
16158:
16159: * match.c:
16160: foo_matches() routines now live in match.c Added user_matches(),
16161: runas_matches(), host_matches(), cmnd_matches() and alias_matches()
16162: that operate on the parsed sudoers file.
16163: [b14da8a0567e]
16164:
16165: * parse.lex, toke.l:
16166: Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
16167: WORD no longer needs to exclude '@' kill yywrap()
16168: [a922294eb7b7]
16169:
16170: * gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
16171: sudo.tab.h:
16172: Rewritten parser that converts sudoers into a set of data
16173: structures. This eliminates ordering issues and makes it possible to
16174: apply sudoers Defaults entries before searching for the command.
16175: [30d2ec4d203c]
16176:
16177: * configure.in, emul/search.h, lsearch.c:
16178: We won't be using lsearch() any longer.
16179: [29c4d54bfac0]
16180:
16181: * ldap.c:
16182: sudo should not send mail if someone who runs 'sudo -l' has no
16183: entry.
16184: [6fc27a69fd9c]
16185:
16186: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
16187: visudo.man.in:
16188: regen
16189: [8166347917f3]
16190:
16191: * visudo.pod:
16192: Update warnings to match new visudo
16193: [004c0766798f]
16194:
16195: * sudoers.pod:
16196: The new parser doesn't have the old ordering constraints.
16197: [ffd43bd08661]
16198:
16199: * sudo.pod:
16200: Document that -l now takes an optional username argument
16201: [278f9557de8b]
16202:
16203: 2004-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
16204:
16205: * RUNSON:
16206: AIX 5.2.0.0 works
16207: [523acd29d858]
16208:
16209: * ldap.c:
16210: If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
16211: a compilation problem with Solaris 9's native LDAP.
16212:
16213: Set FLAG_MONITOR when needed.
16214: [35824ade672d]
16215:
16216: 2004-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
16217:
16218: * mon_systrace.c:
16219: Call sudo_goodpath() *after* changing the cwd to match the traced
16220: process. Fixes relative paths.
16221: [12ee111d0ad7]
16222:
16223: 2004-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
16224:
16225: * testsudoers.c:
16226: Kill set_perms() stub--it is no longer needed.
16227: [116ed702935d]
16228:
16229: 2004-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
16230:
16231: * sudoers.cat, sudoers.man.in, sudoers.pod:
16232: stay_setuid now requires set_reuid() or setresuid()
16233: [8511f67e25d5]
16234:
16235: * INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
16236: configure.in, set_perms.c, sudo.c, sudo.h:
16237: Kill use of POSIX saved uids; they aren't worth bothering with.
16238: [b3b1f19f18c1]
16239:
16240: 2004-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
16241:
16242: * glob.c:
16243: remove call to issetugid()
16244: [63f2e492c08f]
16245:
16246: * sudoers.cat, sudoers.man.in, sudoers.pod:
16247: Remove warning about wildcards. Now that we use glob() the bug is
16248: fixed.
16249: [b15729d32266]
16250:
16251: * parse.c:
16252: Use glob(3) instead of fnmatch(3) for matching pathnames and stat
16253: each result that matches the basename of the user's command. This
16254: makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
16255: /usr/bin/blah. Fixes bug #143.
16256: [e31eb6310340]
16257:
16258: * config.h.in, configure, configure.in:
16259: Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
16260: GLOB_BRACE)
16261: [677ed6661e17]
16262:
16263: * config.h.in, configure, configure.in:
16264: Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
16265: [aaa2329dd266]
16266:
16267: * LICENSE:
16268: reference glob
16269: [bedc9a923423]
16270:
16271: * glob.c:
16272: 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
16273: removed.
16274: [81799451473c]
16275:
16276: * emul/glob.h:
16277: 4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
16278: removed.
16279: [0335cf31fb1e]
16280:
16281: 2004-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
16282:
16283: * mon_systrace.c:
16284: Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
16285: means we are out of space in the stack gap...
16286: [5b02b702021e]
16287:
16288: * CHANGES:
16289: sync
16290: [be3826273e56]
16291:
16292: * mon_systrace.c:
16293: Take a stab at ldap sudoers support here.
16294: [9d023695b0de]
16295:
16296: * mon_systrace.c, mon_systrace.h:
16297: Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
16298: doesn't cause reboot to inadvertanly kill itself.
16299: [d4aab2365610]
16300:
16301: * mon_systrace.c:
16302: put "monitor" in the proctitle, not "systrace"
16303: [9a9025767d86]
16304:
16305: * mon_systrace.c:
16306: When modifying the environment, don't replace envp when we can get
16307: away with just rewriting pointers in the traced process.
16308: [c03622f7a2e2]
16309:
16310: * mon_systrace.c, mon_systrace.h:
16311: Add environment updating via STRIOCINJECT (if available).
16312: [037291016870]
16313:
16314: * sudoers.cat, sudoers.man.in:
16315: regen
16316: [869acc511046]
16317:
16318: 2004-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
16319:
16320: * lex.yy.c:
16321: regen
16322: [4e61a9bd3c97]
16323:
16324: * parse.lex:
16325: Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
16326: [b70d7bd6e147]
16327:
16328: * mon_systrace.c:
16329: Include file is now mon_systrace.h
16330: [ead4e36d92ae]
16331:
16332: * Makefile.in, configure, configure.in, def_data.c, def_data.h,
16333: def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
16334: sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
16335: No longer call it tracing, it is now "monitoring" which should be
16336: more a obvious name to non-hackers.
16337: [aa811ded0789]
16338:
16339: 2004-10-01 Todd C. Miller <Todd.Miller@courtesan.com>
16340:
16341: * mon_systrace.c, mon_systrace.h:
16342: Fix some XXX
16343: [a271072dacc6]
16344:
16345: * mon_systrace.c, mon_systrace.h:
16346: No need to include syscall.h, use 1024 as the max # of entries (the
16347: max that systrace(4) allows).
16348:
16349: Only need to use SYSTR_POLICY_ASSIGN once
16350:
16351: Change check_syscall() -> find_handler() and have it return the
16352: handler instead of just running it. We need this since handler now
16353: have two parts: one part that generates and answer and another that
16354: gets called after the answer is accepted (to do logging).
16355:
16356: Add some missing check_exec for emul execv
16357: [a89d243f0525]
16358:
16359: * sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
16360: Add $Sudo$ tags.
16361: [6f3fedb0daba]
16362:
16363: * config.h.in:
16364: Add missing HAVE_LINUX_SYSTRACE_H
16365: [ff75ab7bfc53]
16366:
16367: * Makefile.in:
16368: add trace_systrace.o dependency
16369: [88a408668ab2]
16370:
16371: 2004-09-30 Todd C. Miller <Todd.Miller@courtesan.com>
16372:
16373: * configure, configure.in:
16374: Also look for systrace.h in /usr/include/linux
16375: [98b98b436cf3]
16376:
16377: * mon_systrace.c, mon_systrace.h:
16378: Move all struct defs and prototypes into trace_systrace.h and mark
16379: all but systace_attach() static.
16380: [85511253b570]
16381:
16382: * mon_systrace.c, mon_systrace.h:
16383: Add support for tracing emulations. At the moment, all emulations
16384: are compiled in. It might make sense to #ifdef them in the future,
16385: though this impeeds readability.
16386: [87bb50abf277]
16387:
16388: * Makefile.in, configure, configure.in:
16389: rename systrace.c -> trace_systrace.c
16390: [31cfa4407d93]
16391:
16392: * parse.yacc, sudo.tab.c:
16393: Allow this to build with a K&R compiler again
16394: [32876af5bb98]
16395:
16396: * TODO:
16397: sync
16398: [46865bd70f7c]
16399:
16400: * compat.h, sudo.c, visudo.c:
16401: Use __attribute__((__noreturn__))
16402: [65bbad71fe89]
16403:
16404: * visudo.c:
16405: Exit() takes a negative value to indicate it was not called via
16406: signal.
16407: [b93032ed7b60]
16408:
16409: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
16410: visudo.man.in:
16411: regen
16412: [45bcf4661558]
16413:
16414: * Makefile.in, visudo.c:
16415: Define Err() and Errx() that are like err() and errx() but call
16416: Exit() instead of exit(). Build private copy of alloc.o for visudo
16417: that calls Err() and Errx().
16418: [c6d02bf42edd]
16419:
16420: 2004-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
16421:
16422: * lex.yy.c, sudo.tab.c:
16423: regen
16424: [39de7e7c59da]
16425:
16426: * CHANGES:
16427: sync
16428: [ba481d9ed1aa]
16429:
16430: * visudo.c:
16431: Overhaul visudo for editing multiple files: o visudo has been
16432: broken out into functions (more work needed here) o each file is
16433: now edited before sudoers is re-parsed o if a #include line is
16434: added that file will be edited too
16435:
16436: TODO: o cleanup temp files when exiting via err() or errx() o
16437: continue breaking things out into separate functions
16438: [80c35cf534eb]
16439:
16440: * parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
16441: Add keepopen arg to open_sudoers that open_sudoers can use to
16442: indicate to the caller that the fd should not be closed when it is
16443: done with it. To be used by visudo to keep locked fds from being
16444: closed prematurely (and thus losing the lock).
16445: [f330fe632470]
16446:
16447: * parse.yacc, sudo.c:
16448: Add errorfile global that contains the name of the file that caused
16449: the error.
16450: [98079c7a37ed]
16451:
16452: * parse.lex:
16453: return COMMENT to yacc grammar for a #include line
16454: [2024a8de4fa8]
16455:
16456: * parse.lex:
16457: Remove us of unput() in favor of yyless() which is cheaper.
16458: [c61291902beb]
16459:
16460: * parse.yacc:
16461: Allow an empty sudoers file.
16462: [62fb111db2e7]
16463:
16464: 2004-09-28 Todd C. Miller <Todd.Miller@courtesan.com>
16465:
16466: * mon_systrace.c:
16467: Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
16468: [9e15869ef597]
16469:
16470: * lex.yy.c, sudo.tab.c:
16471: regen
16472: [c29bdd43bfad]
16473:
16474: * visudo.c:
16475: Do signal setup before calling edit_sudoers(). Don't shadow the
16476: "quiet" global.
16477: [74252efd09ff]
16478:
16479: * visudo.c:
16480: If a sudoers file includes other files, edit those too. Does not yes
16481: deal with creating the new includes files itself.
16482: [06af7b9c173f]
16483:
16484: * testsudoers.c:
16485: init_parser now takes a path
16486: [b5ee186eb192]
16487:
16488: * parse.c, parse.h, parse.lex, parse.yacc:
16489: More scaffolding for dealing with multiple sudoers files: o
16490: init_parser() now takes a path used to populate the sudoers global
16491: o the sudoers global is used to print the correct file in yyerror()
16492: o when switching to a new sudoers file, perserve old file name and
16493: line number
16494: [d9be4970b8bd]
16495:
16496: * Makefile.in, pathnames.h.in:
16497: Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
16498: multiple sudoers files.
16499: [6ccc4e921c43]
16500:
16501: * parse.c, sudo.c:
16502: Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
16503: we start at the right file position when reading include files.
16504: [91fcb961e7a4]
16505:
16506: * sudoers.pod:
16507: document #include
16508: [fbb92a25a726]
16509:
16510: * lex.yy.c:
16511: regen
16512: [50cd7a4c9dff]
16513:
16514: * parse.lex:
16515: Add max depth of 128 for the include stack to avoid loops.
16516:
16517: Since yyerror() doesn't stop parsing, pass return values back to
16518: yylex and call yyterminate() on error.
16519: [e79dbffb729d]
16520:
16521: 2004-09-27 Todd C. Miller <Todd.Miller@courtesan.com>
16522:
16523: * sudoers.pod:
16524: document tracing
16525: [165a467eadd8]
16526:
16527: * sudo.pod:
16528: Mention PREVENTING SHELL ESCAPES section of sudoers man page
16529: [3217ccecd834]
16530:
16531: * lex.yy.c, sudo.tab.c:
16532: regen
16533: [fbd58d1d3a76]
16534:
16535: * parse.lex:
16536: Add support for #include in sudoers (visudo support TBD)
16537: [a78015ca81af]
16538:
16539: * parse.yacc:
16540: make yyerror()'s argument const
16541: [7d8e168c019a]
16542:
16543: * testsudoers.c, visudo.c:
16544: Add open_sudoers() stubs.
16545: [087466787198]
16546:
16547: * sudo.c, sudo.h:
16548: Rename check_sudoers() open_sudoers() and make it return a FILE *
16549: [142fc511fc65]
16550:
16551: 2004-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
16552:
16553: * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
16554: version.h:
16555: Crank version
16556: [1adc3f839480]
16557:
16558: * Makefile.in, sudo.psf:
16559: Better HP-UX depot construction
16560: [2d952b000e63]
16561:
16562: 2004-09-25 Todd C. Miller <Todd.Miller@courtesan.com>
16563:
16564: * mon_systrace.c:
16565: o Made children global so check_exec() can lookup a child. o
16566: Replaced uid in struct childinfo with struct passwd * (for runas) o
16567: new_child() now takes a parent pid so the runas info can be
16568: inherited o Added find_child() to lookup a child by its pid o
16569: update_child() now fills in a struct passwd o Converted the big
16570: if/else mess in set_policy to a switch o Syscalls that change uid
16571: are now "ask" so we get SYSTR_MSG_UGID events
16572: [29b9ea3f09a3]
16573:
16574: * getspwuid.c:
16575: Add flag to sudo_pwdup that indicates whether or not to lookup the
16576: shadow password. Will be used to a struct passwd that has the
16577: shadow password already filled in.
16578: [e19d43dd7238]
16579:
16580: * mon_systrace.c:
16581: add missing increment of addr in read_string()
16582: [f9eb0f060cb6]
16583:
16584: * mon_systrace.c:
16585: Remove bogus call to update_child() and some cosmetic fixes
16586: [701ab0b97fef]
16587:
16588: * mon_systrace.c:
16589: Don't leak /dev/systrace fd to tracee Make initialized global for
16590: simplicity If STRIOCATTACH returns EBUSY we are already being traced
16591: Check for user_args == NULL in setproctitle() call Add missing calls
16592: to STRIOCANSWER
16593: [1956edf9bc3a]
16594:
16595: * sudo.c:
16596: g/c sudo_pwdup proto
16597: [b7c4d6249ecb]
16598:
16599: * Makefile.in, sudo.psf:
16600: Add target for building a depot file
16601: [357019efd99b]
16602:
16603: * mon_systrace.c:
16604: trim includes
16605: [501534428471]
16606:
16607: 2004-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
16608:
16609: * lex.yy.c, sudo.tab.c, sudo.tab.h:
16610: regen
16611: [52fd250c6986]
16612:
16613: * INSTALL:
16614: document --with-systrace
16615: [79623927c94e]
16616:
16617: * config.h.in, configure, configure.in:
16618: Add check for setproctitle
16619: [1730cf1c26ed]
16620:
16621: * mon_systrace.c:
16622: pass struct str_msg_ask in to syscall checker so it can set the
16623: error code
16624: [1703fd2fdef6]
16625:
16626: * mon_systrace.c:
16627: systrace(4) support for sudo. On systems with the systrace(4)
16628: kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
16629: intercept exec calls and check the exec args against the sudoers
16630: file. In other words, sudo can now control subcommands and shell
16631: escapes.
16632: [928c9217c386]
16633:
16634: * sudo.c, sudo.h:
16635: Call systrace_attach() if FLAG_TRACE is set.
16636: [014ba9402fa5]
16637:
16638: * parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
16639: Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
16640: [a99904db5e56]
16641:
16642: * parse.c, sudo.c:
16643: Don't close sudoers_fp, keep it open and set close on exec flag
16644: instead.
16645: [43a9fec60bee]
16646:
16647: * def_data.c, def_data.h, def_data.in:
16648: Add trace option
16649: [5b643b86730a]
16650:
16651: * Makefile.in:
16652: Add systrace
16653: [47a0519c427c]
16654:
16655: * INSTALL:
16656: SunOS /bin/sh blows up with configure
16657: [005a23cc5615]
16658:
16659: * configure, configure.in:
16660: Include sys/param.h before systrace.h
16661: [9345bc8efecf]
16662:
16663: * configure:
16664: regen
16665: [a8f53fcbb254]
16666:
16667: * pathnames.h.in:
16668: _PATH_DEV_SYSTRACE
16669: [d2ad1e492a00]
16670:
16671: * configure.in:
16672: line up options in --help
16673: [fa51f2821d09]
16674:
16675: * config.h.in, configure.in:
16676: Add --with-systrace
16677: [a264d54bc413]
16678:
16679: 2004-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
16680:
16681: * configure:
16682: regen
16683: [a4dad0bcc523]
16684:
16685: * aclocal.m4, configure.in:
16686: make this work with autoconf-2.59
16687: [c4a92b6a684a]
16688:
16689: 2004-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
16690:
16691: * sudo_edit.c:
16692: Simplify logic around open & stat of files and do sanity on edited
16693: file even if we lack fstat (still racable but worth doing).
16694: [adda65ade70c]
16695:
16696: 2004-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
16697:
16698: * HISTORY:
16699: Add support url
16700: [bf6590fbde9f]
16701:
16702: * Makefile.in:
16703: versino 1.6.8p1
16704: [b84ebfaf1552] [SUDO_1_6_8p1]
16705:
16706: * CHANGES:
16707: more changes for 1.6.8p1
16708: [e23a9c0393b6]
16709:
16710: * version.h:
16711: 1.6.8p1
16712: [872f14504b5f]
16713:
16714: * CHANGES, sudo_edit.c:
16715: Add sanity check so we don't try to edit something other than a
16716: regular file.
16717: [350134ec6d4e]
16718:
16719: 2004-09-15 Aaron Spangler <aaron777@gmail.com>
16720:
16721: * CHANGES:
16722: sync
16723: [3091ca9eae00]
16724:
16725: * INSTALL:
16726: document --with-ldap-conf-file
16727: [0e2cd6b896f1]
16728:
16729: 2004-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
16730:
16731: * CHANGES, ins_csops.h:
16732: political correctness strikes again
16733: [428e8bc77f55]
16734:
16735: * RUNSON:
16736: sync
16737: [27f44bd423dc]
16738:
16739: 2004-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
16740:
16741: * Makefile.binary.in, Makefile.in:
16742: Install sudoedit man link
16743: [19a55234fc1f]
16744:
16745: * INSTALL:
16746: Update PAM note and mention where HP-UX users can download gcc
16747: binaries.
16748: [d37cdbbabfd4]
16749:
16750: * Makefile.in:
16751: libtool wants to install stuff from .libs so fake one up for binary
16752: installations.
16753: [a681bc6fcfba]
16754:
16755: * Makefile.binary.in:
16756: rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
16757: [3e0c4b3372cc]
16758:
16759: * Makefile.in:
16760: Deal with "uname -m" having slashes in it rm -f old sudoedit link
16761: instead of using ln -f
16762: [cff33fb97e5b]
16763:
16764: * Makefile.binary, Makefile.binary.in:
16765: Makefile.binary -> Makefile.binary.in for config.status substitution
16766: Add support for installing noexec bits
16767: [37d8bb3483c6]
16768:
16769: * Makefile.in:
16770: Copy noexec bits into binary dists too No longer use my old arch
16771: script for making binary dists
16772: [e7058bab9e33]
16773:
16774: * Makefile.binary:
16775: Install sudoedit link.
16776: [417d1e101711]
16777:
16778: 2004-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
16779:
16780: * emul/utime.h:
16781: avoid __P so there is no need for compat.h to be included
16782: [6d8d1f1abf7d]
16783:
16784: * utimes.c:
16785: Don't use HAVE_UTIME_H before including config.h.
16786: [013b7bb61181]
16787:
16788: 2004-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
16789:
16790: * compat.h:
16791: Fix Solatis futimes macro
16792: [d4eda2ca0d29]
16793:
16794: 2004-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
16795:
16796: * sudo_edit.c:
16797: Rename ots -> omtim for improved readability.
16798: [127ca5bb297c]
16799:
16800: 2004-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
16801:
16802: * sudo_edit.c:
16803: Redo changes in revision 1.7. Don't really need to keep the temp
16804: file open; re-opening it with the invoking user's euid is
16805: sufficient.
16806: [55a883165a95]
16807:
16808: * CHANGES:
16809: sync
16810: [9015b291170d]
16811:
16812: * sudo.cat, sudo.man.in:
16813: regen
16814: [c0313f6ed783]
16815:
16816: * sudo.pod:
16817: back out revision 1.70; it is no long applicable
16818: [b641d503aff6]
16819:
16820: * env.c:
16821: Let the loader initialize nep
16822: [bec192139b02]
16823:
16824: * config.h.in, configure, configure.in:
16825: Removed unneed check for fchown Add check for gettimeofday Move
16826: autoheader template stuff into separate AH_TEMPLATE lines
16827: [bfc0edbd43f2]
16828:
16829: * check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
16830: Use timespec throughout.
16831: [1a178a23b69b]
16832:
16833: * Makefile.in:
16834: gettime.[co]
16835: [6aeb48a7ab7f]
16836:
16837: * gettime.c:
16838: function to return the current time in a struct timespec
16839: [bf8eb12cb63f]
16840:
16841: * utimes.c:
16842: Not a darpa-sponsored file.
16843: [121ce5e2036c]
16844:
16845: 2004-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
16846:
16847: * compat.h, config.h.in, configure, configure.in:
16848: Add a check for struct timespec and provide it for those without.
16849: [42124055030d]
16850:
16851: * config.h.in, configure, configure.in, sudo_edit.c:
16852: Add checks for st_mtim and st_mtimespec and add macros for pulling
16853: the mtime sec and nsec out of struct stat. These are used in
16854: sudo_edit() to better tell whether or not the file has changed.
16855: [23debfbb3fab]
16856:
16857: * check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
16858: Add an extra param to touch() for nsec
16859: [56f7a4ba8ddb]
16860:
16861: * sudo_edit.c:
16862: Call mkstemp() as the in invoking user so we don't have to chown the
16863: file later. Only touch() the temp file if we can do it via the file
16864: descriptor. Don't check for modification of the temp file if we lack
16865: fstat(). Catch errors read()ing the temp file.
16866: [665f52c70836]
16867:
16868: * fileops.c:
16869: If path is NULL and fd == -1 return -1.
16870: [757a518a824c]
16871:
16872: * sudo_edit.c:
16873: closefrom() is overkill, the only extra fds are the ones we opened
16874: so just close those in the child.
16875: [f361c9d2a1f4]
16876:
16877: * Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
16878: configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
16879: visudo.c:
16880: Use utimes() and futimes() instead of utime() in touch(), emulating
16881: as needed. Not all systems are able to support setting the times of
16882: an fd so touch() takes both an fd and a file name as arguments.
16883: [3d9276f29717]
16884:
16885: 2004-09-07 Aaron Spangler <aaron777@gmail.com>
16886:
16887: * env.c:
16888: Rare SEGV
16889: [8995f828782d]
16890:
16891: 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
16892:
16893: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
16894: visudo.man.in:
16895: regen
16896: [b8e9406711c5]
16897:
16898: * sudo.pod, sudoers.pod, visudo.pod:
16899: Add SUPPORT section and re-order some of the sections to match the
16900: order we use in OpenBSD.
16901: [fa37bd917e2c]
16902:
16903: 2004-09-06 Aaron Spangler <aaron777@gmail.com>
16904:
16905: * env.c:
16906: Openldap ~/.ldaprc fix
16907: [1a37afe6850f]
16908:
16909: 2004-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
16910:
16911: * sudo.pod:
16912: Talk about how the editor must write its changes to the original
16913: file and not just use rename(2).
16914: [c55ed91c5ee9]
16915:
16916: * CHANGES:
16917: sync
16918: [62af26bd37a2]
16919:
16920: * sudo_edit.c:
16921: Keep the temp file open instead of re-opening after the editor has
16922: exited.
16923: [de41eeb6dcf2]
16924:
16925: * sample.pam:
16926: Update for current redhat/fedora core.
16927: [8cf083077333]
16928:
16929: 2004-09-03 Aaron Spangler <aaron777@gmail.com>
16930:
16931: * README.LDAP:
16932: tls_ examples
16933: [ba783d88a034]
16934:
16935: 2004-09-02 Aaron Spangler <aaron777@gmail.com>
16936:
16937: * ldap.c:
16938: config tls_* options
16939: [0b0e0797b3b9]
16940:
16941: 2004-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
16942:
16943: * configure, configure.in:
16944: No need for -lcrypt when using pam.
16945: [41fff3a53e68]
16946:
16947: 2004-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
16948:
16949: * configure:
16950: regen
16951: [75820aecce2c]
16952:
16953: 2004-08-27 Aaron Spangler <aaron777@gmail.com>
16954:
16955: * configure.in, ldap.c, pathnames.h.in:
16956: Allow --with-ldap-conf-file option to override LDAP_CONF
16957: [c9909bc484a5]
16958:
16959: * ldap.c:
16960: cleanup debug message
16961: [1f6ca4824d8d]
16962:
16963: 2004-08-26 Aaron Spangler <aaron777@gmail.com>
16964:
16965: * README.LDAP:
16966: more config info
16967: [f2e7147fd507]
16968:
16969: 2004-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
16970:
16971: * TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
16972: Add cmnd_base to struct sudo_user and set it in init_vars(). Add
16973: cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
16974: longer use gross statics in command_matches(). Also rename some
16975: variables for improved clarity.
16976: [7169a6c7bea4]
16977:
16978: 2004-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
16979:
16980: * INSTALL:
16981: document HP's crippled compiler deficiency.
16982: [c405ea5a8d4c]
16983:
16984: * INSTALL:
16985: Fix some thinkos in --with-editor and --with-env-editor
16986: descriptions. Noticed by Norihiko Murase.
16987: [dd781de1c985]
16988:
16989: * configure, configure.in:
16990: --with-noexec takes an optional PATH argument.
16991: [8f6ab77f22cc]
16992:
16993: * INSTALL:
16994: document --with-noexec
16995: [50cb1fc627ce]
16996:
16997: 2004-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
16998:
16999: * RUNSON, TODO:
17000: sync
17001: [f2503bd13373] [SUDO_1_6_8]
17002:
17003: * sudo_edit.c:
17004: Better warning message when sudoedit is unable to write to the
17005: destination file.
17006: [f78c18f2ffa8]
17007:
17008: * sudo.cat, sudo.man.in:
17009: regen
17010: [7e2bf63d6d9a]
17011:
17012: * sudo.pod:
17013: Don't italicize the string "sudoedit"
17014: [c691643bd269]
17015:
17016: 2004-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
17017:
17018: * HISTORY:
17019: Mention GratiSoft.
17020: [dc53de581b2d]
17021:
17022: 2004-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
17023:
17024: * sudo.tab.c:
17025: regen
17026: [8ae0484dfc38]
17027:
17028: * parse.yacc:
17029: Reset used_runas to FALSE when re-intializing the parser.
17030: [b7403f353a02]
17031:
17032: 2004-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
17033:
17034: * config.guess:
17035: Correct OpenBSD mips support
17036: [314fc7afc165]
17037:
17038: * config.guess:
17039: Add OpenBSD/mips
17040: [ac87d0a773ef]
17041:
17042: 2004-08-07 Aaron Spangler <aaron777@gmail.com>
17043:
17044: * README.LDAP:
17045: More behavior notes
17046: [13be1d212b47]
17047:
17048: * README.LDAP:
17049: Updates on current behavior
17050: [d498a8866d6f]
17051:
17052: 2004-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
17053:
17054: * sudoers.pod:
17055: =back does not take an indentlevel (makes no difference to formatted
17056: files).
17057: [9c8523bb382a]
17058:
17059: * sudo.pod:
17060: =back does not take an indentlevel (makes no difference to formatted
17061: files).
17062: [e5f479e24fa8]
17063:
17064: * CHANGES:
17065: new
17066: [2dbd9aba8b33]
17067:
17068: * sudo.c:
17069: Consistency. Use same error for bad -u #uid when targetpw is set as
17070: we do when a bad -u username is specified.
17071: [922961c4a9d6]
17072:
17073: * TODO:
17074: Add checksum idea from Steve Mancini
17075: [e6ece1b766ba]
17076:
17077: * sudoers.cat, sudoers.man.in:
17078: regen
17079: [370d2317829f]
17080:
17081: * sudo.cat, sudo.man.in:
17082: regen
17083: [f93d41fc38b1]
17084:
17085: * sudo.pod, sudoers.pod:
17086: Document the restriction on uids specified via -u when targetpw is
17087: set.
17088: [878fedb455db]
17089:
17090: * sudo.c:
17091: Error out when targetpw is enabled and sudo is run with -u #uid but
17092: #uid does not exist in the passwd database. We can't do target
17093: authentication when the target is not in passwd!
17094: [27c5888c86eb]
17095:
17096: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
17097: regen
17098: [ceb65711050c]
17099:
17100: * TODO:
17101: Some more todo for the next release.
17102: [7b7417be7601]
17103:
17104: * INSTALL:
17105: Make it clear that PAM should be used for DCE support when possible.
17106: [7502029fd385]
17107:
17108: * sudoers.pod:
17109: o Document problems with wildcards and relative paths. o Make the
17110: order requirements more prominent. o Change a "set" to "reset" for
17111: clarity.
17112: [bacdd181b33f]
17113:
17114: 2004-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
17115:
17116: * sudo.pod:
17117: Mention --with-secure-path, not SECURE_PATH.
17118: [41283ddde5e1]
17119:
17120: 2004-08-03 Aaron Spangler <aaron777@gmail.com>
17121:
17122: * ldap.c:
17123: reflect changes to parse.c
17124: [8880fe9b724d]
17125:
17126: 2004-08-02 Todd C. Miller <Todd.Miller@courtesan.com>
17127:
17128: * sudo.tab.c:
17129: regen
17130: [a57658ca9177]
17131:
17132: * parse.c, parse.h, testsudoers.c, visudo.c:
17133: Don't pass user_cmnd and user_args to command_matches(), just use
17134: the globals there. Since we keep state with statics anyway it is
17135: misleading to pretend that passing in different cmnd and cmnd_args
17136: will work.
17137: [0a2544991fd6]
17138:
17139: * parse.yacc:
17140: Don't pass user_cmnd and user_args to command_matches(), just use
17141: the globals there. Since we keep state with statics anyway it is
17142: misleading to pretend that passing in different cmnd and cmnd_args
17143: will work.
17144: [a4910bf6032b]
17145:
17146: * parse.c:
17147: Fix a bug introduced in rev. 1.149. When checking for pseudo-
17148: commands check for a '/' anywhere in cmnd, not just the first
17149: character.
17150: [ce98142f03ca]
17151:
17152: 2004-07-31 Aaron Spangler <aaron777@gmail.com>
17153:
17154: * sudo.man.in, sudo.pod:
17155: Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
17156: [a91800e094b1]
17157:
17158: * sudoers.man.in, sudoers.pod:
17159: Add ignore_local_sudoers
17160: [741ddcbf7083]
17161:
17162: * README.LDAP:
17163: Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
17164: janth@moldung.no
17165: [742c02e07cd9]
17166:
17167: 2004-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
17168:
17169: * CHANGES:
17170: typo
17171: [e7cdefbd7a9a]
17172:
17173: 2004-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
17174:
17175: * CHANGES:
17176: sync
17177: [734dafc4a85e]
17178:
17179: * parse.c:
17180: Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
17181: PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
17182: [151b7f593568]
17183:
17184: 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
17185:
17186: * CHANGES:
17187: PAM change
17188: [d8fb6d6a22d0]
17189:
17190: 2004-07-08 Aaron Spangler <aaron777@gmail.com>
17191:
17192: * ldap.c:
17193: Better debugging of ALL command
17194: [9db3e84029dc]
17195:
17196: 2004-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
17197:
17198: * parse.c:
17199: When matching for "sudoedit" in sudoers check both the command the
17200: user typed *and* the command that is listed in the sudoers entry.
17201: [f36ca1f94095]
17202:
17203: 2004-07-04 Aaron Spangler <aaron777@gmail.com>
17204:
17205: * ldap.c:
17206: Added !command feature
17207: [ed539574611b]
17208:
17209: 2004-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
17210:
17211: * auth/pam.c:
17212: Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
17213: [2be8e0e8813a]
17214:
17215: 2004-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
17216:
17217: * LICENSE:
17218: License is ISC-style, not BSD-style
17219: [ac0589e1dd5d]
17220:
17221: * CHANGES:
17222: sync
17223: [16058a30f404]
17224:
17225: 2004-06-10 Todd C. Miller <Todd.Miller@courtesan.com>
17226:
17227: * sudo.cat, sudo.man.in:
17228: regen
17229: [8820eb9c809b]
17230:
17231: * sudo.pod:
17232: o Update some out of date bits to reality o Change the shell promt
17233: in examples to bourne-shell style o Clarify some details o Add a
17234: CAVEAT about "sudo cd /foo"
17235: [b0af373214b6]
17236:
17237: * check.c:
17238: Don't ask for a password if invoking user == target user.
17239: [dd5c96141132]
17240:
17241: * sudo.c:
17242: typo in comment
17243: [278d20f9b249]
17244:
17245: 2004-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
17246:
17247: * sudoers.cat, sudoers.man.in:
17248: regen
17249: [9036c6f39eff]
17250:
17251: * sudoers.pod:
17252: Expand on NOEXEC a little.
17253: [9a13756aebe4]
17254:
17255: * TODO:
17256: sync
17257: [8d2c1af48de8]
17258:
17259: * visudo.cat, visudo.man.in:
17260: regen
17261: [3921f01607c8]
17262:
17263: * sudo.tab.c:
17264: regen
17265: [9338c3d68250]
17266:
17267: * visudo.pod:
17268: Add a check in visudo for runas_default being set after it has
17269: already been used.
17270: [6700358d7ad8]
17271:
17272: * CHANGES, parse.yacc, visudo.c:
17273: Add a check in visudo for runas_default being set after it has
17274: already been used.
17275: [803560986a8a]
17276:
17277: * sudo.tab.c:
17278: regen
17279: [b60636e2cf63]
17280:
17281: * parse.yacc:
17282: Add a MATCHED macro for testing whether foo_matches has been set to
17283: TRUE or FALSE. This is more readable than checking for >=0 or < 0.
17284: Doesn't change the actual code generated.
17285: [f376da8ccdc8]
17286:
17287: 2004-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
17288:
17289: * sudoers.cat:
17290: regen
17291: [6cceb6d6c9bd]
17292:
17293: * sudoers.man.in:
17294: regen
17295: [5acd12b730b3]
17296:
17297: * sudoers.pod:
17298: Correct description of where Defaults specs should go.
17299: [6b11ff53d7ad]
17300:
17301: * sudoers:
17302: Correct description of where Defaults specs should go.
17303: [868db857630d]
17304:
17305: * testsudoers.c, visudo.c:
17306: update (c) year
17307: [272c8a53604c]
17308:
17309: * logging.h:
17310: update (c) year
17311: [3cec76d400ce]
17312:
17313: * ldap.c:
17314: update (c) year
17315: [f264632488a0]
17316:
17317: * find_path.c:
17318: update (c) year
17319: [40c227af9227]
17320:
17321: * auth/pam.c:
17322: update (c) year
17323: [87149e0eed50]
17324:
17325: * auth/bsdauth.c, auth/kerb5.c:
17326: update (c) year
17327: [d72eb434c068]
17328:
17329: 2004-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
17330:
17331: * sudo.tab.c:
17332: regen
17333: [83408d9e9d2e]
17334:
17335: * auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
17336: Remove trailing spaces, no actual code changes.
17337: [4c3bf2819293]
17338:
17339: * tgetpass.c:
17340: Remove trailing spaces, no actual code changes.
17341: [96f6e0a24c26]
17342:
17343: * ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
17344: Remove trailing spaces, no actual code changes.
17345: [c7075d1cbed5]
17346:
17347: * getcwd.c:
17348: Remove trailing spaces, no actual code changes.
17349: [776cc0374547]
17350:
17351: * find_path.c:
17352: Remove trailing spaces, no actual code changes.
17353: [7ed7099f3c71]
17354:
17355: * compat.h, defaults.c, env.c:
17356: Remove trailing spaces, no actual code changes.
17357: [893e83c33795]
17358:
17359: * check.c:
17360: Remove trailing spaces, no actual code changes.
17361: [f77750f8803b]
17362:
17363: * sudo.tab.c:
17364: regen
17365: [62e0ed883b31]
17366:
17367: * parse.yacc:
17368: Fix a >=0 that should be <0 that was improperly converted when
17369: UNSPEC was added.
17370: [ad1531a55a49]
17371:
17372: * parse.yacc:
17373: Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
17374: NOMATCH when resetting it.
17375: [ae017a12870a]
17376:
17377: * parse.yacc:
17378: Fix pastos introduced in SETNMATCH addition.
17379: [6ea1c9d80681]
17380:
17381: 2004-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
17382:
17383: * README.LDAP:
17384: Update for configure changes
17385: [637a635da287]
17386:
17387: * sudo.tab.c:
17388: regen
17389: [4753c2788713]
17390:
17391: * sudo.h:
17392: Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
17393: these in parse.yacc. Also in parse.yacc initialize the *_matches
17394: vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
17395: when setting *_matches to a value that may be
17396: NOMATCH/UNSPEC/TRUE/FALSE.
17397: [2ba622e15a4d]
17398:
17399: * parse.yacc:
17400: Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
17401: these in parse.yacc. Also in parse.yacc initialize the *_matches
17402: vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
17403: when setting *_matches to a value that may be
17404: NOMATCH/UNSPEC/TRUE/FALSE.
17405: [746b519e41a6]
17406:
17407: * parse.yacc:
17408: Initialize runas to -2, not -1 since we need to be able to
17409: distinguish between the initialized value and the value of a non-
17410: match when passing along the runas value to multiple commands.
17411:
17412: The result of this is that an unmatched runas is now set to -1, not
17413: 0. This is required now that parse.c treats a FALSE value for runas
17414: as being explicitly denied.
17415: [7791ed3621f6]
17416:
17417: 2004-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
17418:
17419: * sudo.c, visudo.c:
17420: Error out if argc < 1.
17421: [ce6b2a9eda3c]
17422:
17423: * getprogname.c:
17424: Error out if argc < 1.
17425: [c566cce8dc78]
17426:
17427: * configure, configure.in:
17428: Add tests for what libs we need to link with for ldap and for
17429: whether or not lber.h needs to be explicitly included.
17430: [b2e9729cc4e7]
17431:
17432: 2004-06-03 Aaron Spangler <aaron777@gmail.com>
17433:
17434: * ldap.c:
17435: Solaris native LDAP build fix
17436: [39929e40eb11]
17437:
17438: 2004-06-01 Todd C. Miller <Todd.Miller@courtesan.com>
17439:
17440: * ldap.c:
17441: Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
17442: unset variable.
17443: [6a4c20a66f98]
17444:
17445: * sudo.h:
17446: Add prototype for sudo_ldap_list_matches
17447: [443b007a8dab]
17448:
17449: * configure, configure.in:
17450: Better check for dirfd macro--we now set HAVE_DIRFD for the macro
17451: version too. Added check for dd_fd in `DIR' if no dirfd is found;
17452: this is now used to confitionally define the dirfd macro in
17453: compat.h.
17454: [567656978f7e]
17455:
17456: * config.h.in:
17457: Better check for dirfd macro--we now set HAVE_DIRFD for the macro
17458: version too. Added check for dd_fd in `DIR' if no dirfd is found;
17459: this is now used to confitionally define the dirfd macro in
17460: compat.h.
17461: [34eace4faec8]
17462:
17463: * compat.h:
17464: Better check for dirfd macro--we now set HAVE_DIRFD for the macro
17465: version too. Added check for dd_fd in `DIR' if no dirfd is found;
17466: this is now used to confitionally define the dirfd macro in
17467: compat.h.
17468: [8d50ff1bbf2a]
17469:
17470: * closefrom.c:
17471: Only check /proc/$$/fd if we have the dirfd function/macro.
17472: [15e3ccce7553]
17473:
17474: * compat.h, config.h.in, configure, configure.in:
17475: Add a check for a dirfd() function (like Linux) and add a dirfd
17476: macro in compat.h if there is no dirfd() function or macro.
17477: [1e95756edb50]
17478:
17479: * closefrom.c, getcwd.c:
17480: dirfd() is now defined in compat.h as needed.
17481: [bb1d79271188]
17482:
17483: * CHANGES:
17484: Clarify closefrom() note.
17485: [f4e4a5508dda]
17486:
17487: * parse.c:
17488: When checking for a command in the directory, only copy the base dir
17489: once.
17490: [7a3276808b87]
17491:
17492: * closefrom.c:
17493: If there is a /proc/$$/fd directory, behave like the Solaris
17494: closefrom() and only close the descriptors listed therein.
17495: [19de23779e84]
17496:
17497: * alloc.c:
17498: compat.h guarantees INT_MAX is defined.
17499: [1bf0c79d4606]
17500:
17501: * compat.h:
17502: Add definitions of OPEN_MAX and INT_MAX for those without it and
17503: remove definition of RLIM_INFINITY (now unused).
17504: [f827d1ebf96e]
17505:
17506: * CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
17507: sudo.c, sudo.h, visudo.c:
17508: Use PATH_MAX, not MAXPATHLEN since the former is standardized.
17509: [59788f211c24]
17510:
17511: 2004-05-31 Todd C. Miller <Todd.Miller@courtesan.com>
17512:
17513: * CHANGES:
17514: sync
17515: [d32fa124f1ad]
17516:
17517: * RUNSON:
17518: Add some entries that were mailed in a while ago
17519: [ff8d5bfec54e]
17520:
17521: * closefrom.c:
17522: o sysconf returns a long, not an int. o check for negative return
17523: value from sysconf/getdtablesize and use OPEN_MAX in this case. o
17524: define OPEN_MAX to 256 for those without it (a fair guess...)
17525: [ccf81ae6deb2]
17526:
17527: 2004-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
17528:
17529: * UPGRADE:
17530: Mention change in parse order for RunAs entries.
17531: [dc73b0bca617]
17532:
17533: * configure:
17534: regen
17535: [07cce8e0534e]
17536:
17537: 2004-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
17538:
17539: * INSTALL, README.LDAP, config.h.in, configure.in:
17540: o --with-ldap now takes an optional dir as a parameter o added
17541: check for ldap_initialize() and start_tls_s()
17542: [2b846c7974c6]
17543:
17544: * README.LDAP:
17545: Fix some typos, word choice and formatting issues.
17546: [00dc8ca84b10]
17547:
17548: 2004-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
17549:
17550: * tgetpass.c:
17551: Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
17552: read/write as it is simpler.
17553: [30f5446ee8b0]
17554:
17555: * configure, configure.in:
17556: Remove hack overriding cross-compiler check. It should no longer be
17557: needed.
17558: [22a6cbd88608]
17559:
17560: * compat.h:
17561: Remove select() compat bits since we no longer use select().
17562: [d7bbf7cd36f5]
17563:
17564: * CHANGES, tgetpass.c:
17565: Use alarm() instead of select() for the timeout for systems that
17566: don't fully/properly implement select().
17567: [d7cc60f15800]
17568:
17569: 2004-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
17570:
17571: * CHANGES:
17572: synbc
17573: [132a39788e07]
17574:
17575: * RUNSON:
17576: update
17577: [61ef508380c6]
17578:
17579: * set_perms.c:
17580: Deal with systems that have no way of setting the effective uid such
17581: as nsr-tandem-nsk.
17582: [306e00e9b5a4]
17583:
17584: * configure, configure.in:
17585: Define NO_SAVED_IDS if we don't find seteuid()
17586: [8588f18345cf]
17587:
17588: * config.h.in, configure, configure.in:
17589: Add back check for setreuid() since NSK doesn't have it.
17590: [43127bd703d1]
17591:
17592: * sudoers.cat, sudoers.man.in:
17593: regen
17594: [af4f4b20e422]
17595:
17596: * CHANGES:
17597: sync
17598: [29ca3b699c24]
17599:
17600: * BUGS:
17601: sync
17602: [3593f17f72ed]
17603:
17604: * parse.c:
17605: In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
17606: explicitly denied and the command matched. This fixes a long-
17607: standing bug and makes: foo machine = (ALL) /usr/bin/blah
17608: foo machine = (!bar) /usr/bin/blah
17609:
17610: equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
17611: [2f5ee244985a]
17612:
17613: * sudoers.pod:
17614: Clarify mail_noperm
17615: [3238b2d41989]
17616:
17617: 2004-05-20 Aaron Spangler <aaron777@gmail.com>
17618:
17619: * Makefile.in:
17620: Missing DESTDIR in make install for sudo_noexec.la
17621: [91431e821525]
17622:
17623: 2004-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
17624:
17625: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
17626: visudo.man.in:
17627: regen
17628: [cdfde0dcb556]
17629:
17630: * TODO:
17631: sync
17632: [4799b7d8b62c]
17633:
17634: * sudoers.pod:
17635: Remove fastboot/fasthalt (who still remembers these?) and add a
17636: minimal sudoedit example.
17637: [19d299f233cd]
17638:
17639: * sample.sudoers:
17640: Remove fastboot/fasthalt (who still remembers these?) and add a
17641: minimal sudoedit example.
17642: [b1bca73d6250]
17643:
17644: * UPGRADE, sudo.c, visudo.c:
17645: filesystem -> file system
17646: [1e1afaf30469]
17647:
17648: * TROUBLESHOOTING:
17649: filesystem -> file system
17650: [39fb594e9338]
17651:
17652: * CHANGES, INSTALL:
17653: filesystem -> file system
17654: [85948b608ffe]
17655:
17656: * sudo.pod, sudoers.pod:
17657: Fix some minor typos and formatting goofs
17658: [e94d243a0b90]
17659:
17660: * lex.yy.c:
17661: regen
17662: [2eed0ab1f4c4]
17663:
17664: * visudo.pod:
17665: remove my email addr
17666: [b63262c0389b]
17667:
17668: * sudo.pod, sudoers.pod, visudo.pod:
17669: Use @mansectform@ and @mansectsu@ everywhere Make man page
17670: references links with L<>
17671: [f459f4b9ddb9]
17672:
17673: * parse.lex:
17674: Accept quoted globbing characters and pass them verbatim for
17675: fnmatch()
17676: [8248b86e9380]
17677:
17678: * UPGRADE:
17679: Document that /tmp/.odus is gone.
17680: [3667b66af5bb]
17681:
17682: * pathnames.h.in:
17683: No longer use /tmp/.odus as a possible timestamp dir unless
17684: specifically configured to do so. Instead, if no /var/run exists,
17685: use /var/adm/sudo or /usr/adm/sudo.
17686: [48d94c9f9ad4]
17687:
17688: * configure:
17689: No longer use /tmp/.odus as a possible timestamp dir unless
17690: specifically configured to do so. Instead, if no /var/run exists,
17691: use /var/adm/sudo or /usr/adm/sudo.
17692: [058d7b8cf07b]
17693:
17694: * aclocal.m4:
17695: No longer use /tmp/.odus as a possible timestamp dir unless
17696: specifically configured to do so. Instead, if no /var/run exists,
17697: use /var/adm/sudo or /usr/adm/sudo.
17698: [cf52c4c2803f]
17699:
17700: * CHANGES:
17701: No longer use /tmp/.odus as a possible timestamp dir unless
17702: specifically configured to do so. Instead, if no /var/run exists,
17703: use /var/adm/sudo or /usr/adm/sudo.
17704: [6058c4cefcec]
17705:
17706: * set_perms.c, sudo.c, tgetpass.c, visudo.c:
17707: Preliminary changes to support nsr-tandem-nsk. Based on patches
17708: from Tom Bates.
17709: [2e5f81834383]
17710:
17711: * logging.c:
17712: Preliminary changes to support nsr-tandem-nsk. Based on patches
17713: from Tom Bates.
17714: [934bbe6872b6]
17715:
17716: * check.c, compat.h:
17717: Preliminary changes to support nsr-tandem-nsk. Based on patches
17718: from Tom Bates.
17719: [390b698b5924]
17720:
17721: 2004-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
17722:
17723: * CHANGES:
17724: There was no 1.6.7p6.
17725: [8013d2e6b062]
17726:
17727: * BUGS, CHANGES:
17728: sync
17729: [c38b41f32857]
17730:
17731: * Makefile.in:
17732: add missing files to DISTFILES
17733: [e6a80ad03039]
17734:
17735: * sudo.cat, sudoers.cat, visudo.cat:
17736: regen
17737: [027bc9746dd5]
17738:
17739: * sudoers.man.in:
17740: regen
17741: [f5e85ef686cf]
17742:
17743: * Makefile.in:
17744: Fix some line wrap and update (c) year
17745: [bad1f46aa1ca]
17746:
17747: 2004-04-28 Aaron Spangler <aaron777@gmail.com>
17748:
17749: * README.LDAP:
17750: Build Note
17751: [7a061248249b]
17752:
17753: 2004-04-07 Aaron Spangler <aaron777@gmail.com>
17754:
17755: * Makefile.in:
17756: Fix install-dirs
17757: [be0726dd92e7]
17758:
17759: 2004-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
17760:
17761: * sudo.tab.c:
17762: regen
17763: [3f4f0d1ab8b9]
17764:
17765: * visudo.c:
17766: In Exit() when used as a signal handler, emsg is a pointer so
17767: sizeof() is wrong so make it a #define instead. Also avoid using a
17768: negative exit value. Found by Aaron Campbell
17769: [78716a3a3fdc]
17770:
17771: 2004-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
17772:
17773: * sudoers.pod:
17774: Remove bogus sentence about uids in a User_List. Document usernames
17775: vs. uid parsing in a Runas_List.
17776: [7ca510b5031c]
17777:
17778: * parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
17779: If the user specified a uid with the -u flag and the uid exists in
17780: the passwd file, set runas_user to the name, not the uid.
17781:
17782: When comparing usernames in sudoers, if a name is really a uid
17783: (starts with '#') compare it numerically to pw_uid.
17784: [8d6935d04673]
17785:
17786: 2004-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
17787:
17788: * auth/kerb5.c:
17789: krb5_mcc_ops should be const; Johnny C. Lam
17790: [aa8c753e426e]
17791:
17792: 2004-02-28 Aaron Spangler <aaron777@gmail.com>
17793:
17794: * CHANGES, config.h.in, ldap.c:
17795: Added start_tls support
17796: [7ef864c15b69]
17797:
17798: 2004-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
17799:
17800: * Makefile.in:
17801: Clean up libtool stuff for 'make distclean' and add def_data.c,
17802: def_data.h to PARSESRCS.
17803: [bf9bb6bb06ab]
17804:
17805: 2004-02-14 Aaron Spangler <aaron777@gmail.com>
17806:
17807: * strlcat.c, strlcpy.c:
17808: Un-Fix last license munge
17809: [42654b77ac71]
17810:
17811: 2004-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
17812:
17813: * configure:
17814: regen
17815: [e4de6b23a4dc]
17816:
17817: * CHANGES, RUNSON, TODO:
17818: checkpoint
17819: [94e1ace84d5c]
17820:
17821: * lex.yy.c, sudo.tab.c:
17822: regen
17823: [8ce784505643]
17824:
17825: * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
17826: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
17827: emul/search.h, emul/utime.h:
17828: More to a less restrictive, ISC-style license.
17829: [a31b20e48003]
17830:
17831: * auth/kerb5.c, auth/pam.c:
17832: More to a less restrictive, ISC-style license.
17833: [e41f92b41216]
17834:
17835: * auth/dce.c, auth/fwtk.c, auth/kerb4.c:
17836: More to a less restrictive, ISC-style license.
17837: [87534c164a52]
17838:
17839: * auth/bsdauth.c:
17840: More to a less restrictive, ISC-style license.
17841: [e21be6594b58]
17842:
17843: * auth/afs.c, auth/aix_auth.c, zero_bytes.c:
17844: More to a less restrictive, ISC-style license.
17845: [6d234be91c5e]
17846:
17847: * sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
17848: visudo.man.in, visudo.pod:
17849: More to a less restrictive, ISC-style license.
17850: [b02aea324fd6]
17851:
17852: * sudo_noexec.c:
17853: More to a less restrictive, ISC-style license.
17854: [a6da7631e0b2]
17855:
17856: * strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
17857: sudo_edit.c:
17858: More to a less restrictive, ISC-style license.
17859: [71cdcc241e94]
17860:
17861: * sigaction.c, strerror.c:
17862: More to a less restrictive, ISC-style license.
17863: [4bccdedca58a]
17864:
17865: * ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
17866: set_perms.c:
17867: More to a less restrictive, ISC-style license.
17868: [64d772d70ab3]
17869:
17870: * getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
17871: ins_goons.h, insults.h, interfaces.c, interfaces.h:
17872: More to a less restrictive, ISC-style license.
17873: [520381c60a54]
17874:
17875: * find_path.c, getprogname.c:
17876: More to a less restrictive, ISC-style license.
17877: [f605d5eab6f1]
17878:
17879: * fileops.c:
17880: More to a less restrictive, ISC-style license.
17881: [4129a8b38a67]
17882:
17883: * env.c:
17884: More to a less restrictive, ISC-style license.
17885: [d5bd859757de]
17886:
17887: * defaults.h:
17888: More to a less restrictive, ISC-style license.
17889: [008f5d5743f5]
17890:
17891: * LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
17892: defaults.c:
17893: More to a less restrictive, ISC-style license.
17894: [d8d7bfc8a18b]
17895:
17896: * utime.c, version.h:
17897: More to a less restrictive, ISC-style license.
17898: [e2e038ad8209]
17899:
17900: * parse.lex, parse.yacc:
17901: More to a less restrictive, ISC-style license.
17902: [2f5942e847a1]
17903:
17904: * Makefile.binary:
17905: More to a less restrictive, ISC-style license.
17906: [1ed561734535]
17907:
17908: 2004-02-13 Aaron Spangler <aaron777@gmail.com>
17909:
17910: * sudoers2ldif:
17911: Merged in LDAP Support
17912: [3994c4d05947]
17913:
17914: * ldap.c, sudo.c, sudo.h:
17915: Merged in LDAP Support
17916: [547eaa346fcc]
17917:
17918: * def_data.c, def_data.h, def_data.in:
17919: Merged in LDAP Support
17920: [8fb255280e42]
17921:
17922: * CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
17923: Merged in LDAP Support
17924: [1038092a161e]
17925:
17926: 2004-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
17927:
17928: * sudo.h, sudo_noexec.c:
17929: Only do "extern int errno" if errno is not a macro.
17930: [b2e02a08be8b]
17931:
17932: 2004-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
17933:
17934: * set_perms.c:
17935: setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
17936: euid first, then just call setuid(0) to set the real uid too.
17937: [f08546e2e0ee]
17938:
17939: * set_perms.c:
17940: Use setresuid() and setreuid() for PERM_RUNAS when appropriate
17941: instead of seteuid() which may not exist.
17942: [ba508581befb]
17943:
17944: 2004-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
17945:
17946: * LICENSE:
17947: 2004
17948: [37425513a342]
17949:
17950: * INSTALL, config.h.in, configure, configure.in, ins_classic.h:
17951: Add --with-pc-insults configure option
17952: [7daa5294c17b]
17953:
17954: * visudo.man.in:
17955: Prefer VISUAL over EDITOR like old vipw did.
17956: [996252a4ab65]
17957:
17958: 2004-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
17959:
17960: * sudo.man.in, sudoers.man.in:
17961: regen
17962: [a247f1c52eb9]
17963:
17964: * sudoers.pod:
17965: Add a note that noexec is not a cure-all.
17966: [9e7fc535367d]
17967:
17968: * sudoers.pod:
17969: Mention that disabling "root_sudo" is pretty pointless.
17970: [f38a415afba0]
17971:
17972: * configure, configure.in:
17973: Substitute for root_sudo in sudoers.pod
17974: [ce483cfc86be]
17975:
17976: * sudo.pod:
17977: Add sudoedit to the NAME section
17978: [51bc453ec2f6]
17979:
17980: * sudoers.pod:
17981: Document that fact that setting ignore_dot in sudoers has no effect
17982: due to the fact that find_path() is called *before* sudoers is read.
17983: [6808df7e417c]
17984:
17985: 2004-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
17986:
17987: * sudo_edit.c:
17988: Do not require _PATH_USRTMP to be set.
17989: [546f3270dd10]
17990:
17991: * BUGS, CHANGES, TODO:
17992: sync
17993: [4205ddeab781]
17994:
17995: * sudo.man.in:
17996: regen
17997: [e2143690a88a]
17998:
17999: * sudo.pod:
18000: Clarify that when sudo is run by root with the SUDO_USER variable
18001: set, the sudoers lookup happens for root and not the SUDO_USER user.
18002: [47207bec1bdf]
18003:
18004: 2004-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
18005:
18006: * auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
18007: set_perms.c, sigaction.c, sudo.c, tgetpass.c:
18008: Use the SET, CLR and ISSET macros.
18009: [a8b0d7f1e8fd]
18010:
18011: * fnmatch.c:
18012: Use the SET, CLR and ISSET macros.
18013: [1afbcba22ba6]
18014:
18015: * defaults.c, env.c:
18016: Use the SET, CLR and ISSET macros.
18017: [2f39431e0a49]
18018:
18019: * interfaces.h:
18020: MAIN was replaced with _SUDO_MAIN some time ago.
18021: [ea1b38f2ac9d]
18022:
18023: * sudo.c:
18024: Don't look at prev_user until after we've parsed sudoers and done
18025: the password check. That way, if sudo/sudoedit is run from a root
18026: process that was invoked by sudo, we check sudoers for root, not the
18027: previous user. This makes sudoedit much more useful and means that
18028: for the sudo case, we get correct logging on who actually ran the
18029: command.
18030: [431dfbf20552]
18031:
18032: 2004-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
18033:
18034: * sudo_edit.c:
18035: Add a comment describing why we need to be notified about our child
18036: stopping.
18037: [0bec3ce4b49d]
18038:
18039: 2004-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
18040:
18041: * def_data.c, def_data.in:
18042: Update the noexec variable descriptions
18043: [9cb7f1aa0e57]
18044:
18045: * sudoers.man.in, sudoers.pod:
18046: noexec now replaces more than just execve()
18047: [23cbdc0ee95c]
18048:
18049: * sudo_noexec.c:
18050: Alas, all the world does not go through execve(2). Many systems
18051: still have an execv(2) system call, Linux 2.6 provides fexecve(2)
18052: and it is not uncommon for libc to have underscore ('_') versions of
18053: the functions to be used internally by the library. Instead of
18054: stubbing all these out by hand, define a macro and let it do the
18055: work. Extra exec functions pointed out by Reznic Valery.
18056: [9fa0cd871b0c]
18057:
18058: * sudo.c, sudo_edit.c:
18059: Fix suspending the editor in -e mode. Because we do a fork() first
18060: we need to be notified when the child has been stopped and then send
18061: that same signal to ourself so the shell can do its job control
18062: thing.
18063: [773165eb6057]
18064:
18065: * visudo.c:
18066: Use WIFEXITED and WEXITSTATUS macros. If there are systems out
18067: there that want to run sudo that still don't support these we can
18068: try to deal with that later.
18069: [6af68e4aff60]
18070:
18071: * lex.yy.c:
18072: regen
18073: [403435317d5d]
18074:
18075: * sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
18076: Document sudo -e / sudoedit
18077: [a80f6ea910af]
18078:
18079: * configure, configure.in:
18080: fix typo
18081: [5020fcdc27f4]
18082:
18083: * config.h.in, configure.in:
18084: Add SET/CLR/ISSET
18085: [03ff57286e7e]
18086:
18087: 2004-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
18088:
18089: * sudo.c:
18090: Allow non-exclusive flags when invoked as sudoedit. Pretty print the
18091: long usage() line to not wrap (assumes 80 char display)
18092: [3941fa4004bb]
18093:
18094: * Makefile.in, sudo.c:
18095: If sudo is invoked as "sudoedit" the -e flag is implied and no other
18096: flags are permitted.
18097: [929670b01293]
18098:
18099: * sudo.h:
18100: Add a new flag, -e, that makes it possible to give users the ability
18101: to edit files with the editor of their choice as the invoking user,
18102: not the runas user. Temporary files are used for the actual edit
18103: and the temp file is copied over the original after the editor is
18104: done.
18105: [c4051414c1f4]
18106:
18107: * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
18108: Add a new flag, -e, that makes it possible to give users the ability
18109: to edit files with the editor of their choice as the invoking user,
18110: not the runas user. Temporary files are used for the actual edit
18111: and the temp file is copied over the original after the editor is
18112: done.
18113: [37ac05c8ac3c]
18114:
18115: * env.c, sudo.c:
18116: If real uid == 0 and the SUDO_USER environment variables is set, use
18117: that to determine the invoking user's true identity. That way the
18118: proper info gets logged by someone who has done "sudo su" but still
18119: uses sudo to as root. We can't do this for non-root users since
18120: that would open up a security hole, though perhaps it would be
18121: acceptable to use getlogin(2) on OSes where this a system call (and
18122: doesn't just look in the utmp file).
18123: [c2f9198708a1]
18124:
18125: * pathnames.h.in:
18126: Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
18127: [7d9e5768df93]
18128:
18129: * config.h.in, configure, configure.in:
18130: Add check for fchown(2)
18131: [a85df18798ed]
18132:
18133: 2004-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
18134:
18135: * sudo.c:
18136: Back out portions of the -i commit that set NewArgv[0] in
18137: set_runaspw. It is far to late to set NewArgv[0] there and will have
18138: no effect anyway as cmnd and safe_cmnd have already been set.
18139: [c2d343430c1c]
18140:
18141: * visudo.c, visudo.pod:
18142: Prefer VISUAL over EDITOR like old vipw did.
18143: [ae32f477cea3]
18144:
18145: 2004-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
18146:
18147: * env.c, sudo.c:
18148: In -i mode always set new environment based on the runas user's
18149: passwd entry.
18150: [fa653b7887a8]
18151:
18152: 2004-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
18153:
18154: * sudo.man.in, sudo.pod:
18155: Document the new -i flag and sync SYNOPSIS section with usage() in
18156: sudo.c. Also sort the flags in the OPTIONS section.
18157: [6aabc0ffc47e]
18158:
18159: * sudo.c, sudo.h:
18160: o Add -i that acts similar to "su -", based on patches from David J.
18161: MacKenzie o Sort the flags in the usage message
18162: [c0fe7d6beffd]
18163:
18164: * sudoers.man.in, sudoers.pod:
18165: Add a missing @runas_default@ substitution.
18166: [60516fe2d090]
18167:
18168: 2004-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
18169:
18170: * sudo.c:
18171: Change euid to runas user before calling find_path().
18172: Unfortunately, though runas_user can be modified in sudoers we
18173: haven't parsed sudoers yet.
18174: [f469fdf2e313]
18175:
18176: * sudoers.man.in, sudoers.pod:
18177: Add missing defintion of Parameter_List and use single pipes in the
18178: Defaults EBNF definition.
18179: [f7bed6e909bf]
18180:
18181: * sudo.c:
18182: Fix a bug when set_runaspw() is used as a callback. We don't want
18183: to reset the contents of runas_pw if the user specified a user via
18184: the -u flag.
18185:
18186: Avoid unnecessary passwd lookups in set_authpw(). In most cases we
18187: already have the info in runas_pw.
18188: [efc35623ba09]
18189:
18190: 2004-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
18191:
18192: * check.c:
18193: Add Stan Lee / Uncle Ben quote to the lecture from RedHat
18194: [ebd5a76ccd7e]
18195:
18196: * sudo.h:
18197: Update sudo_getepw() proto and add one for set_runaspw()
18198: [6ed65795c17f]
18199:
18200: * parse.c:
18201: If we can't stat the command as root, try as the runas user instead.
18202: [ae713fca0e15]
18203:
18204: * testsudoers.c, visudo.c:
18205: Add stub set_runaspw() function
18206: [42aa37050053]
18207:
18208: * sudo.c:
18209: Add set_runaspw() function to fill in runas_pw. This will be used
18210: as a callback to update runas_pw when the runas user changes.
18211: [e570aa0088d0]
18212:
18213: * env.c, sudo.c:
18214: PERM_RUNAS -> PERM_FULL_RUNAS
18215: [51eec6f9e89a]
18216:
18217: * set_perms.c, sudo.h:
18218: Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
18219: changes the euid.
18220: [877c6fe4d12c]
18221:
18222: * getspwuid.c:
18223: Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
18224: one chunk for easy free()ing. Also change it from static to extern.
18225: [ab503260a7ec]
18226:
18227: * defaults.c, defaults.h:
18228: Add callback support
18229: [a61c4ca983fb]
18230:
18231: * mkdefaults:
18232: Add a callback field and use it for runas_default
18233: [96b69c27df5e]
18234:
18235: * def_data.c, def_data.in:
18236: Add a callback field and use it for runas_default
18237: [d3e9f06872b8]
18238:
18239: 2004-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
18240:
18241: * auth/fwtk.c:
18242: Add support for chalnecho and display server responses used by fwtk
18243: >= 2.0
18244: [b1870f7aaf0d]
18245:
18246: 2004-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
18247:
18248: * sudoers.man.in, sudoers.pod:
18249: ld.so is ld.so.1 on solaris
18250: [2bf9a123fa4c]
18251:
18252: * Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
18253: Use closefrom() instead of doing the equivalent inline.
18254: [7e3ef6072884]
18255:
18256: * closefrom.c:
18257: closefrom(3) for systems w/o it
18258: [35caf58bb636]
18259:
18260: 2004-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
18261:
18262: * sudoers.man.in:
18263: Update from .pod file.
18264: [d4c94fc0e0c9]
18265:
18266: * configure, configure.in:
18267: Substitute noexec_file for the sudoers man page
18268: [203d3376a551]
18269:
18270: * sudo.man.in, sudo.pod:
18271: Mention noexec
18272: [014375ddbb06]
18273:
18274: * sudoers.man.in, sudoers.pod:
18275: Document noexec
18276: [49a65d06201f]
18277:
18278: * auth/pam.c, config.h.in, configure.in:
18279: Move PAM_CONST macro definition from config.h to pam.c where it
18280: belongs. We can't have this in config.h since that gets included too
18281: early.
18282: [e64748071637]
18283:
18284: * auth/pam.c, config.h.in, configure, configure.in:
18285: Some PAM implementations put their headers in /usr/include/pam
18286: instead of /usr/include/security.
18287: [8cc749e9575c]
18288:
18289: * configure.in:
18290: I missed changing the EXEC macro -> EXECV here when I changed this
18291: in config.h.in and sudo.c a while ago.
18292: [6f5afac7789f]
18293:
18294: * acsite.m4:
18295: OpenBSD vax/m88k/hppa don't do shared libs
18296: [e4901d958bb7]
18297:
18298: * configure, configure.in:
18299: o merge the hpux case entries into a single entry w/ its own sub-
18300: case statement. o HP-UX >= 11 support getspnam(), use it in
18301: preference to getprpwuid()
18302: [0caad428894e]
18303:
18304: * configure, configure.in:
18305: eval $shrext so that it expands nicely on MacOS X
18306: [40419343eef8]
18307:
18308: * Makefile.in:
18309: Don't lie about making a module, it does the wrong thing on mach
18310: [7629b28f5688]
18311:
18312: * ltmain.sh:
18313: Remove requirement that libs must begin with "lib". They don't when
18314: we point directly at the lib using LD_PRELOAD or its equivalent.
18315: [d66f3de6ec85]
18316:
18317: * acsite.m4:
18318: Disable support for c++, f77 and java. We don't need it, it takes a
18319: lot of time, and it hosed our check for shared lib support.
18320: [4f5749c52ce4]
18321:
18322: * configure:
18323: regen
18324: [160865e9d15f]
18325:
18326: * configure.in:
18327: Call AC_ENABLE_SHARED and check the status of enable_shared to know
18328: when shared libs are available.
18329: [42504c1668fc]
18330:
18331: * acsite.m4:
18332: Duh, OpenBSD suports shared libs too
18333: [8e3cd9417475]
18334:
18335: * config.h.in, configure.in:
18336: Only OpenPAM and Linux PAM use const qualifiers.
18337: [b2f76476e866]
18338:
18339: * configure, configure.in:
18340: o No need to check for sed, libtool config does that for us o move
18341: check for --with-noexec until after libtool magic is run so we can
18342: use $can_build_shared and $shrext
18343: [668c656e89cc]
18344:
18345: * ltmain.sh:
18346: Don't print a bunch of crap about library installs since we are not
18347: really installing a library.
18348: [83fbcad29fe4]
18349:
18350: * env.c:
18351: Make format_env() varargs Add noexec support for Darwin, MacOS X,
18352: Irix, and Tru64
18353: [468885d75d10]
18354:
18355: * acsite.m4, ltconfig, ltmain.sh:
18356: Update to libtool 1.5 with local changes: o no ldconfig in the
18357: finish step o assume no libprefix or version is needed
18358: [4961cffc3797]
18359:
18360: * sudo_noexec.c:
18361: Fix compilation under K&R
18362: [8b309bf0b1b2]
18363:
18364: 2004-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
18365:
18366: * CHANGES:
18367: checkpoint
18368: [3c368badab32]
18369:
18370: * sudo_noexec.c:
18371: stub execve() that just returns EACCES; used for noexec
18372: functionality
18373: [1297acae283a]
18374:
18375: * sudo.tab.h:
18376: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
18377: generated code.
18378: [dcab78c49273]
18379:
18380: * sudo.tab.c:
18381: Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
18382: generated code.
18383: [0a61c735eabe]
18384:
18385: 2004-01-05 Todd C. Miller <Todd.Miller@courtesan.com>
18386:
18387: * def_data.c, def_data.h, def_data.in:
18388: Move the environment defaults to the end and shorten a few of the
18389: descriptions.
18390: [66787b9c612c]
18391:
18392: * configure, configure.in:
18393: no shared libs on ultris or convexos
18394: [2c5f3c456e32]
18395:
18396: * Makefile.in, configure, configure.in:
18397: Build sudo_noexec shared object using libtool; could use some
18398: cleanup.
18399: [373f483555dd]
18400:
18401: * acsite.m4, ltconfig, ltmain.sh:
18402: libtool scaffolding
18403: [c903a42e3d90]
18404:
18405: * parse.yacc, sudo.tab.c:
18406: Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
18407: important.
18408: [c6e8a34639a4]
18409:
18410: * defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
18411: parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
18412: update copyright year
18413: [a16372ae1711]
18414:
18415: * configure, configure.in, defaults.c, env.c, pathnames.h.in:
18416: Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
18417: option. The default value of noexec_file is set to this.
18418: [7d88e1d3c494]
18419:
18420: * def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
18421: parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
18422: sudo.tab.h:
18423: Add support for preloading a shared object containing a dummy
18424: execve() function that just sets error and returns -1. This adds a
18425: "noexec_file" option to load the filename as well as a "noexec" flag
18426: to enable it unconditionally. There is also a NOEXEC tag that can
18427: be attached to specific commands and an EXEC tag to disable it.
18428: [c8b6712feb91]
18429:
18430: * mkdefaults:
18431: add missing newline to usage statement
18432: [e84746618362]
18433:
18434: * config.h.in, sudo.c:
18435: Rename EXEC macro -> EXECV
18436: [ddaa0c027299]
18437:
18438: * logging.c:
18439: Don't truncate usernames to 8 characters in the log message.
18440: [f62a20f27075]
18441:
18442: * check.c, sudoers.man.in, sudoers.pod:
18443: Update copyright year
18444: [ca9964054085]
18445:
18446: * check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
18447: sudoers.pod:
18448: Add a new option, lecture_file, that can be used to point to a
18449: custom sudo lecture.
18450: [940133231216]
18451:
18452: 2003-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
18453:
18454: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
18455: auth/sudo_auth.c:
18456: Add a zero_bytes() function to do the equivalent of bzero in such a
18457: way that will heopfully not be optimized away by sneaky compilers.
18458: [161b6d74bfb4]
18459:
18460: * zero_bytes.c:
18461: Add a zero_bytes() function to do the equivalent of bzero in such a
18462: way that will heopfully not be optimized away by sneaky compilers.
18463: [d035abf0af94]
18464:
18465: * Makefile.in, sudo.h:
18466: Add a zero_bytes() function to do the equivalent of bzero in such a
18467: way that will heopfully not be optimized away by sneaky compilers.
18468: [ff136de3e255]
18469:
18470: * err.c:
18471: Use #ifdef __STDC__, not #if __STDC__.
18472: [6889dd6bc51a]
18473:
18474: 2003-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
18475:
18476: * mkdefaults:
18477: Always put at least one space between the def_* macro name and its
18478: definition.
18479: [6b3ad0e6619a]
18480:
18481: * configure, configure.in:
18482: Adjust code for --without-lecture to match new values.
18483: [062aa788a6b9]
18484:
18485: * visudo.man.in:
18486: regen after pasto fix
18487: [3deec16906c0]
18488:
18489: * sudoers.man.in, sudoers.pod:
18490: Document that "lecture" has changed from a flag to a tuple.
18491: [e2c03062b533]
18492:
18493: * check.c, def_data.c, def_data.h, def_data.in, defaults.c,
18494: defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
18495: Add support for tuples in def_data.in; these are implemented as an
18496: enum type. Currently there is only a single tuple enum but in the
18497: future we may have one tuple enum per T_TUPLE entry in def_data.in.
18498: Currently listpw, verifypw and lecture are tuples. This avoids the
18499: need to have two entries (one ival, one str) for pwflags and syslog
18500: values.
18501:
18502: lecture is now a tuple with the following values: never, once,
18503: always
18504:
18505: We no longer use both an int and string entry for syslog facilities
18506: and priorities. Instead, there are logfac2str() and logpri2str()
18507: functions that get used when we need to print the string values.
18508: [5293f946c836]
18509:
18510: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
18511: auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
18512: check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
18513: logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
18514: sudo.tab.c, visudo.c:
18515: Create def_* macros for each defaults value so we no longer need the
18516: def_{flag,ival,str,list,mode} macros (which have been removed). This
18517: is a step toward more flexible data types in def_data.in.
18518: [009c02934106]
18519:
18520: * TODO:
18521: checkpoint
18522: [0a99a4bb5d15]
18523:
18524: 2003-12-23 Todd C. Miller <Todd.Miller@courtesan.com>
18525:
18526: * sudo.c:
18527: If we are in -k/-K mode, just spew to stderr. It is not unusual for
18528: users to place "sudo -k" in a .logout file which can cause sudo to
18529: be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
18530: Previously, this would result in useless mail and logging.
18531: [d282e7ed63af]
18532:
18533: 2003-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
18534:
18535: * visudo.pod:
18536: fix pasto in VISUAL description
18537: [1c6a6148b5f9]
18538:
18539: 2003-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
18540:
18541: * configure:
18542: regen
18543: [f44312c63799]
18544:
18545: * CHANGES:
18546: checkpoint
18547: [0c42e38f78d5]
18548:
18549: * TROUBLESHOOTING:
18550: Some OSes (like Solaris) allow export w/ nosuid too
18551: [973ce85ffa12]
18552:
18553: 2003-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
18554:
18555: * compat.h:
18556: We don't use FD_ZERO anymore so just define FD_SET (if not already
18557: there).
18558: [d1c8c11905cd]
18559:
18560: 2003-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
18561:
18562: * auth/pam.c:
18563: Fix a core dump on Solaris by preserving the pam_handle_t we used
18564: during authentication for pam_prep_user(). If we didn't
18565: authenticate (ie: ticket still valid), we call pam_init() from
18566: pam_prep_user(). This is something of a hack; it may be better to
18567: change the auth API and add an auth_final() function that acts like
18568: pam_prep_user().
18569: [f787de49b175]
18570:
18571: 2003-06-21 Todd C. Miller <Todd.Miller@courtesan.com>
18572:
18573: * set_perms.c:
18574: Add explicit declaration of printerr variable in function header
18575: (was defaulting to int which is OK but oh so K&R :-). From Theo.
18576: [492c2358783f]
18577:
18578: 2003-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
18579:
18580: * config.h.in, configure.in:
18581: s/HAVE_STOW/USE_STOW/
18582: [4b99e1824ece]
18583:
18584: * logging.c:
18585: Also exit waitpid() loop when pid == 0. Fixes a problem where the
18586: sudo process would spin eating up CPU until sendmail finished when
18587: it has to send mail.
18588: [ec3d5792b9b4]
18589:
18590: 2003-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
18591:
18592: * fnmatch.c:
18593: Remove advertising clause, UCB has disavowed it
18594: [43a26bbd6628]
18595:
18596: * fnmatch.3:
18597: Remove advertising clause, UCB has disavowed it
18598: [3ff24291bcfa]
18599:
18600: 2003-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
18601:
18602: * parse.c:
18603: Don't assume that getgrnam() calls don't modify contents of struct
18604: passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
18605: Based on a patch from Kirk Webb.
18606: [5574c68f60f3]
18607:
18608: 2003-05-06 Todd C. Miller <Todd.Miller@courtesan.com>
18609:
18610: * configure.in:
18611: missing ;;
18612: [22378f2a9d31]
18613:
18614: * configure.in:
18615: darwin has a broken setreuid() in at least some versions
18616: [d572aed930d2]
18617:
18618: * env.c:
18619: Fix an off by one error when reallocating the environment; Kevin Pye
18620: [3d98e7cf097a]
18621:
18622: 2003-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
18623:
18624: * sudoers.pod:
18625: Fix User_Spec definition; SEKINE Tatsuo
18626: [49b0da65e090]
18627:
18628: 2003-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
18629:
18630: * HISTORY:
18631: More info on the early days from Coggs.
18632: [9381ca10b06b]
18633:
18634: 2003-04-21 Todd C. Miller <Todd.Miller@courtesan.com>
18635:
18636: * auth/kerb5.c:
18637: remove errant semicolon that prevented compilation under heimdal
18638: [d2f2bb73a598]
18639:
18640: 2003-04-16 Todd C. Miller <Todd.Miller@courtesan.com>
18641:
18642: * testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
18643: add DARPA credit on affected files
18644: [7020785ee50d]
18645:
18646: * sudoers.pod:
18647: add DARPA credit on affected files
18648: [83b46318750b]
18649:
18650: * sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
18651: sudoers.man.in:
18652: add DARPA credit on affected files
18653: [d8adf1c2ba22]
18654:
18655: * set_perms.c:
18656: add DARPA credit on affected files
18657: [3d79fdabb582]
18658:
18659: * pathnames.h.in:
18660: add DARPA credit on affected files
18661: [e334cdda422f]
18662:
18663: * logging.c, parse.c:
18664: add DARPA credit on affected files
18665: [8f75f822755b]
18666:
18667: * auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
18668: auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
18669: find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
18670: interfaces.h:
18671: add DARPA credit on affected files
18672: [da66e28fb3f5]
18673:
18674: * auth/kerb5.c, auth/pam.c:
18675: add DARPA credit on affected files
18676: [15da3021b49c]
18677:
18678: * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
18679: auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
18680: version.h:
18681: add DARPA credit on affected files
18682: [868d54cbddea]
18683:
18684: * env.c:
18685: add DARPA credit on affected files
18686: [90239f51ef0a]
18687:
18688: * defaults.c, defaults.h:
18689: add DARPA credit on affected files
18690: [6a64205fd1eb]
18691:
18692: * compat.h:
18693: add DARPA credit on affected files
18694: [316a735783c4]
18695:
18696: * Makefile.in, alloc.c, check.c:
18697: add DARPA credit on affected files
18698: [cd939e05c810]
18699:
18700: * LICENSE:
18701: slightly different wording for the darpa credit
18702: [e468909c4a21]
18703:
18704: 2003-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
18705:
18706: * LICENSE:
18707: Add DARPA credit
18708: [8eb20e2cd63e]
18709:
18710: 2003-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
18711:
18712: * auth/kerb5.c:
18713: Use krb5_princ_component() instead of krb5_princ_realm() for MIT
18714: Kerberos like we did before I messed things up ;-)
18715:
18716: Use krb5_principal_get_comp_string() to do the same thing w/
18717: Heimdal. I'm not sure if the component should be 0 or 1 in this
18718: case.
18719:
18720: #define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
18721: older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
18722: should be a configure check for this I guess.
18723: [74919a3933fe]
18724:
18725: 2003-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
18726:
18727: * sample.sudoers:
18728: builtin -> built-in; Jason McIntyre
18729: [027f2187923e]
18730:
18731: * TROUBLESHOOTING, config.h.in, configure, configure.in:
18732: builtin -> built-in; Jason McIntyre
18733: [70b81ac48943]
18734:
18735: * sudoers.pod:
18736: built in -> built-in; Jason McIntyre
18737: [da658ef5138d]
18738:
18739: 2003-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
18740:
18741: * CHANGES:
18742: checkpoint for 1.6.7p3
18743: [da85f989fadf]
18744:
18745: * HISTORY:
18746: Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
18747: Amazingly, sudo source from 1985 is available via groups.google.com
18748: [39e0fc85b89f]
18749:
18750: * sudo.c:
18751: Don't change rl.rlim_max for RLIMIT_CORE. We need only set
18752: rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
18753: RLIMIT_CORE restoration on some OSes.
18754: [7e2c1a7adfd8]
18755:
18756: 2003-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
18757:
18758: * auth/kerb5.c:
18759: Make this compile on Heimdal and MIT Kerberos 5
18760: [44c07d615868]
18761:
18762: * config.h.in, configure, configure.in:
18763: Check for heimdal even if we found krb5-config and define
18764: HAVE_HEIMDAL.
18765: [aba0126f0059]
18766:
18767: * auth/kerb5.c:
18768: Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
18769: no longer defined by MIT kerb5 (though it used to be and indeed
18770: remains so in Heimdal).
18771: [e5a6c64d7cd5]
18772:
18773: 2003-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
18774:
18775: * mkinstalldirs:
18776: Remove newer stuff that passes multiple (possibly duplicate)
18777: directories to "mkdir -p" since that seems to break on Tru64 Unix at
18778: least. This basically brings back what shipped with sudo 1.6.6.
18779: [f2a1abd872b3]
18780:
18781: 2003-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
18782:
18783: * auth/kerb5.c:
18784: Correct number of args to krb5_principal_get_realm() and fix an
18785: unclosed comment that hid the bug.
18786: [0b37f8ce7824]
18787:
18788: * configure:
18789: regen
18790: [1876cb840fe0]
18791:
18792: * configure.in:
18793: ++version
18794: [480aff7c048e]
18795:
18796: * README:
18797: ++version
18798: [488e0bbff613]
18799:
18800: * Makefile.in:
18801: ++version
18802: [97ef63cedc38]
18803:
18804: * INSTALL.binary:
18805: ++version
18806: [a506204e77d0]
18807:
18808: * INSTALL:
18809: ++version
18810: [555aeba5c2bf]
18811:
18812: * CHANGES, version.h:
18813: ++version
18814: [f66985a64063]
18815:
18816: * BUGS:
18817: ++version
18818: [ea3573432412]
18819:
18820: * configure.in:
18821: use krb5-config to determine Kerberos V details if it exists
18822: [7b46bbdaf774]
18823:
18824: * alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
18825: auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
18826: find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
18827: testsudoers.c, visudo.c:
18828: Use warn/err and getprogname() throughout. The main exception is
18829: openlog(). Since the admin may be filtering logs based on the
18830: program name in the log files, hard code this to "sudo".
18831: [9f180d015cfa]
18832:
18833: * Makefile.in:
18834: Add getprogname.c and err.c
18835: [d411c54a07dc]
18836:
18837: * configure:
18838: regen
18839: [6d585d391acc]
18840:
18841: * config.h.in, configure.in:
18842: Add checks for getprognam(), __progname and err.h
18843: [bcbccf61d34a]
18844:
18845: * emul/err.h:
18846: For systems withour err/warn functions.
18847: [1b33118884d9]
18848:
18849: * err.c:
18850: For systems withour err/warn functions.
18851: [26721f6b041f]
18852:
18853: * getprogname.c:
18854: For systems neither getprogname() nor __progname; uses Argv[0].
18855: [841cf42af1eb]
18856:
18857: 2003-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
18858:
18859: * CHANGES:
18860: checkpoint for 1.6.7p1
18861: [5bfdaf441dce]
18862:
18863: * sudo.c, testsudoers.c:
18864: fix strlcpy() rval check (innocuous)
18865: [e05ac7e0d1f3]
18866:
18867: * check.c:
18868: oflow detection in expand_prompt() was faulty (false positives). The
18869: count was based on strlcat() return value which includes the length
18870: of the entire string.
18871: [086c5a0acb25]
18872:
18873: 2003-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
18874:
18875: * RUNSON, TODO:
18876: checkpoint for the sudo 1.6.7 release
18877: [096bab4da29a] [SUDO_1_6_7]
18878:
18879: * CHANGES:
18880: checkpoint for the sudo 1.6.7 release
18881: [87322187ed78]
18882:
18883: 2003-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
18884:
18885: * logging.c:
18886: g/c unused variable
18887: [c57cd4a17765]
18888:
18889: * configure:
18890: regen
18891: [e7c1f581dfac]
18892:
18893: * configure.in:
18894: use man sections 8 and 5 for csops
18895: [87de581bda88]
18896:
18897: 2003-03-21 Todd C. Miller <Todd.Miller@courtesan.com>
18898:
18899: * configure:
18900: regen
18901: [cb1433a9c7a1]
18902:
18903: * configure.in:
18904: Add -lskey or -lopie directly to SUDO_LIBS instead of having
18905: AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
18906: [ac5667978939]
18907:
18908: * configure:
18909: regen
18910: [638459118a2a]
18911:
18912: * configure.in:
18913: Add --with-blibpath for AIX. An alternate libpath may be specified
18914: or
18915: -blibpath support can be disabled. Also change conifgure such that
18916: -blibpath is not specified if no -L libpaths were added to
18917: SUDO_LDFLAGS.
18918: [c7d17b480cad]
18919:
18920: * aclocal.m4:
18921: Add --with-blibpath for AIX. An alternate libpath may be specified
18922: or
18923: -blibpath support can be disabled. Also change conifgure such that
18924: -blibpath is not specified if no -L libpaths were added to
18925: SUDO_LDFLAGS.
18926: [37022e991575]
18927:
18928: * INSTALL:
18929: Add --with-blibpath for AIX. An alternate libpath may be specified
18930: or
18931: -blibpath support can be disabled. Also change conifgure such that
18932: -blibpath is not specified if no -L libpaths were added to
18933: SUDO_LDFLAGS.
18934: [4b4bbe5bbe1b]
18935:
18936: * configure.in:
18937: add AIX blibpath support
18938: [16ba788bf086]
18939:
18940: * INSTALL, configure.in:
18941: --with-skey and --with-opie now take an option directory argument
18942: This obsoletes a --with-csops hack (/tools/cs/skey)
18943:
18944: Also remove the remaining direct uses of "echo"
18945: [5b4986a90c03]
18946:
18947: 2003-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
18948:
18949: * configure.in:
18950: Detect KTH Kerberos IV and deal with it. Also make -lroken optional
18951: for KTH Kerberos IV and V.
18952: [119f97b48e18]
18953:
18954: * aclocal.m4:
18955: Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
18956: -R/path/to/dir if $with_rpath) to the specified variable.
18957: [e55e49d076ce]
18958:
18959: * INSTALL, configure.in:
18960: Add -R/path/to/libs for Solaris and SVR4. There is a new configure
18961: option, --with-rpath to control this behavior.
18962: [d4730c5399ab]
18963:
18964: * configure.in:
18965: for kerb4 put libdes after libkrb on the link line
18966: [5c566100eab6]
18967:
18968: * auth/kerb4.c:
18969: typo
18970: [6541b72b64a3]
18971:
18972: * configure.in:
18973: fix kerberos lib check when a path is specified
18974: [ae833a914c6f]
18975:
18976: * logging.c:
18977: Fix boolean thinko in SIGCHLD reaper and call reapchild after
18978: sending mail instead of doing a conditional sudo_waitpid.
18979: [86fa9a35df5a]
18980:
18981: 2003-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
18982:
18983: * configure:
18984: regen
18985: [e6275cf528ba]
18986:
18987: * configure.in:
18988: replace =DIR with [=DIR] where sensible
18989: [c39a59173b38]
18990:
18991: * configure.in:
18992: o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
18993: detection based on openssh's configure.in
18994: [5b7a340912df]
18995:
18996: * INSTALL:
18997: --with-kerb4 and --with-kerb5 now take an optional argument.
18998: [71ed87fc9c64]
18999:
19000: 2003-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
19001:
19002: * auth/securid.c:
19003: Kill remaining strcpy(), the programmer's guide says username is 32
19004: bytes.
19005: [bdba70fcd08d]
19006:
19007: * auth/kerb4.c:
19008: trat uid_t as unsigned long for printf and use snprintf, not sprintf
19009: [8072f5f8966d]
19010:
19011: * auth/rfc1938.c:
19012: use snprintf
19013: [fc0c70c665fe]
19014:
19015: 2003-03-15 Todd C. Miller <Todd.Miller@courtesan.com>
19016:
19017: * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
19018: auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
19019: auth/rfc1938.c, auth/sudo_auth.c:
19020: update copyright year
19021: [b0a10ccb1d0e]
19022:
19023: * sudo.man.in, sudoers.man.in, visudo.man.in:
19024: update copyright year
19025: [8fce0034eb51]
19026:
19027: * LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
19028: configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
19029: parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
19030: sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
19031: update copyright year
19032: [d541e75fe520]
19033:
19034: * check.c, env.c, sudo.c:
19035: Cast [ug]ids to unsigned long and printf with %lu
19036: [2ede64d3592b]
19037:
19038: * configure:
19039: regen
19040: [c7c3245bdf3e]
19041:
19042: * configure.in:
19043: correct error messages for --with-sudoers-{mode,uid,gid}
19044: [77fc15b1c9db]
19045:
19046: * alloc.c:
19047: make the malloc(0) error specific to each function to aid tracking
19048: down bugs.
19049: [a58c34374b4b]
19050:
19051: * alloc.c:
19052: deal with platforms where size_t is signed and there is no SIZE_MAX
19053: or SIZE_T_MAX
19054: [7192abb4ab4e]
19055:
19056: * auth/kerb5.c:
19057: Make this compile w/ Heimdal and fix some gcc warnings.
19058: [f52f026f31c2]
19059:
19060: * sudo.c:
19061: Use stat_sudoers macro so --with-stow can work
19062: [c3674735c139]
19063:
19064: * INSTALL, config.h.in, configure, configure.in:
19065: Add support for --with-stow based on patches from Robert Uhl
19066: [b274cc1dd52c]
19067:
19068: * env.c:
19069: fix indentation
19070: [110d9f1721b1]
19071:
19072: * configure.in:
19073: back out rev 1.352
19074: [1eee91c83f11]
19075:
19076: * lex.yy.c:
19077: regen
19078: [72fba1c9590b]
19079:
19080: * parse.lex:
19081: use strlcpy, not strncpy
19082: [4faccbaeccef]
19083:
19084: * set_perms.c:
19085: Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
19086: [33bf0d18fdc1]
19087:
19088: * logging.c:
19089: use pid_t
19090: [3e0536993d2c]
19091:
19092: 2003-03-14 Todd C. Miller <Todd.Miller@courtesan.com>
19093:
19094: * strlcat.c, strlcpy.c:
19095: Make gcc shutup about unused rcsid
19096: [1669a0c74e9e]
19097:
19098: * interfaces.c:
19099: Move the n == 0 check for the non-getifaddrs cas
19100: [2460be061b2a]
19101:
19102: * auth/rfc1938.c:
19103: skeychallenge() on NetBSD take a size parameter
19104: [05acc2012801]
19105:
19106: * configure:
19107: regen
19108: [24bccf4749e8]
19109:
19110: * configure.in:
19111: put -ldl after -lpam, not before; fixes static linking on Linux
19112: [7f06b7b2b4d8]
19113:
19114: * interfaces.c:
19115: Avoid malloc(0) and fix the loop invariant for the getifaddrs()
19116: case.
19117: [239a55068646]
19118:
19119: * sudo.cat, sudoers.cat, visudo.cat:
19120: regen
19121: [4a2eed3981ca]
19122:
19123: * sudo.man.in, sudoers.man.in, visudo.man.in:
19124: regen
19125: [2c96ea2cf930]
19126:
19127: * Makefile.in:
19128: Preserve copyright notice from .pod file in .man.in file
19129: [519fbd09aebc]
19130:
19131: * visudo.pod:
19132: Add sudoers(5) to SEE ALSO
19133: [77ecfe3aedf1]
19134:
19135: 2003-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
19136:
19137: * lex.yy.c:
19138: regen
19139: [6f5751ce0b74]
19140:
19141: * parse.lex:
19142: Don't assume libc can realloc() a NULL string. If malloc/realloc
19143: fails, make sure we just return; yyerror() is not terminal.
19144: [1b8618623708]
19145:
19146: * lex.yy.c:
19147: regen
19148: [5d31b46191c6]
19149:
19150: * parse.lex:
19151: simplify fill_args a little and use strlcpy for paranoia
19152: [0ea35a55542b]
19153:
19154: * sudo.tab.c:
19155: regen
19156: [5a8d508d708b]
19157:
19158: * check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
19159: testsudoers.c:
19160: Use strlc{at,py} for paranoia's sake and exit on overflow. In all
19161: cases the strings were either pre-allocated to the correct size of
19162: length checks were done before the copy but a little paranoia can go
19163: a long way.
19164: [e73d28f1d14e]
19165:
19166: * sudo.h:
19167: Add strlc{at,py} protos
19168: [748ffc7fc7f4]
19169:
19170: * env.c, interfaces.c:
19171: Use erealloc3()
19172: [47f2cb46aba8]
19173:
19174: * configure:
19175: regen
19176: [e7e2fb79f935]
19177:
19178: * alloc.c:
19179: Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
19180: memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
19181: [7e0fa4d6fc1d]
19182:
19183: * sudo.c:
19184: snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
19185: configure.
19186: [09ea4d3959e9]
19187:
19188: * aclocal.m4:
19189: In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
19190: [31b4fdfdb8bf]
19191:
19192: 2003-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
19193:
19194: * sudo.c:
19195: Use snprintf() for paranoia
19196: [a2659ceb46de]
19197:
19198: * parse.yacc:
19199: Use emalloc2 and erealloc3
19200: [90a069842401]
19201:
19202: * Makefile.in:
19203: strlc{at,py} for those w/o it
19204: [bac82dc916ee]
19205:
19206: * strlcat.c, strlcpy.c:
19207: stlc{at,py} for those w/o it.
19208: [ce7254f5db09]
19209:
19210: * config.h.in, configure, configure.in:
19211: Add stlc{at,py} for those w/o it.
19212: [00f08219657a]
19213:
19214: * alloc.c, sudo.h:
19215: Add erealloc3(), a realloc() version of emalloc2().
19216: [c96eaf08bbed]
19217:
19218: * interfaces.c, sudo.c:
19219: Use emalloc2() to allocate N things of a certain size.
19220: [1e0aba365555]
19221:
19222: * alloc.c, sudo.h:
19223: Add emalloc2() -- like calloc() but w/o the bzero and with
19224: error/oflow checking.
19225: [292150bc4153]
19226:
19227: * alloc.c:
19228: Error out on malloc(0); suggested by theo
19229: [995279e81326]
19230:
19231: 2003-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
19232:
19233: * configure, configure.in:
19234: fix a typo; David Krause
19235: [f161213a17ab]
19236:
19237: 2003-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
19238:
19239: * sudo.pod:
19240: fix typo
19241: [3ae5ad9a351a]
19242:
19243: 2003-03-04 Todd C. Miller <Todd.Miller@courtesan.com>
19244:
19245: * env.c:
19246: Remove DYLD_ from the environment for MacOS X; from bbraun
19247: [38caad5a3935]
19248:
19249: 2003-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
19250:
19251: * config.h.in, configure.in:
19252: not not; Anil Madhavapeddy
19253: [d4f4f0bfc66b]
19254:
19255: 2003-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
19256:
19257: * sudo.pod, sudoers.pod, visudo.pod:
19258: typos; jmc@openbsd.org
19259: [868c0f09bf9e]
19260:
19261: 2003-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
19262:
19263: * parse.yacc:
19264: Add some missing ';' rule terminators that bison warns about.
19265: [535b0b8dcce5]
19266:
19267: * config.sub:
19268: fix typo I introduced in last merge
19269: [81db4e4f43fe]
19270:
19271: * configure:
19272: regenerate with autoconf 2.57
19273: [ca0c1e9564f8]
19274:
19275: * config.h.in:
19276: Add missing "$HOME"
19277: [209186197ad1]
19278:
19279: * configure.in:
19280: Add some more square backets to make autoconf 2.57 happy
19281: [b5639c14faf7]
19282:
19283: * config.sub, mkinstalldirs:
19284: Updates from autoconf-2.57
19285: [36be35eb331b]
19286:
19287: * config.guess:
19288: Updates from autoconf-2.57
19289: [ea0f8ca622af]
19290:
19291: 2003-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
19292:
19293: * sudo.tab.h:
19294: regen
19295: [13a65a421567]
19296:
19297: * lex.yy.c, sudo.tab.c:
19298: regen
19299: [0b529db7cb6d]
19300:
19301: * parse.lex, parse.yacc, sudoers.pod:
19302: Add support for Defaults>RunasUser
19303: [20d726373175]
19304:
19305: 2003-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
19306:
19307: * visudo.c:
19308: fclose() yyin after each yyparse() is done and use fopen() instead
19309: of using freopen().
19310: [587f8a2df857]
19311:
19312: * parse.lex:
19313: Better fix for sudoers files w/o a newline before EOF. It looks
19314: like the issue is that yyrestart() does not reset the start
19315: condition to INITIAL which is an issue since we parse sudoers
19316: multiple times.
19317: [920f8326968a]
19318:
19319: 2003-01-06 Todd C. Miller <Todd.Miller@courtesan.com>
19320:
19321: * parse.lex:
19322: Work around what appears to be a flex bug when dealing with files
19323: that lack a final newline before EOF. This adds a rule to match EOF
19324: in the non-initial states which resets the state to INITIAL and
19325: throws an error.
19326: [b94943bb1f81]
19327:
19328: * visudo.c:
19329: o The parser needs sudoers to end with a newline but some editors
19330: (emacs) may not add one. Check for a missing newline at EOF and
19331: add one if needed. o Set quiet flag during initial sudoers parse (to
19332: get options) o Move yyrestart() call and always use freopen() to
19333: open yyin after initial sudoers parse.
19334: [12d12f9b07aa]
19335:
19336: 2002-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
19337:
19338: * set_perms.c:
19339: Fix pasto/thinko in setresgid()/setregid() usage. Want to set
19340: effective gid, not real gid, when reading sudoers.
19341: [c7d18b810fcd]
19342:
19343: * set_perms.c:
19344: don't compile set_perms_posix if we have setreuid or setresuid
19345: [b9cea7a81a29]
19346:
19347: 2002-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
19348:
19349: * sudo.pod, sudoers.pod:
19350: document new prompt escapes
19351: [2f088076b640]
19352:
19353: * check.c:
19354: Add %U and %H escapes and redo prompt rewriting. "%%" now gets
19355: collapsed to "%" as was originally intended. This also gets rid of
19356: lastchar (does lookahead instead of lookback) which should simplify
19357: the logic slightly.
19358: [4b707b77b3c7]
19359:
19360: 2002-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
19361:
19362: * tgetpass.c:
19363: Write the prompt *after* turning off echo to avoid some password
19364: characters being echoed on heavily-loaded machines with fast
19365: typists.
19366: [d38c57775915]
19367:
19368: * config.sub:
19369: Add support for mipseb; wiz@danbala.tuwien.ac.at
19370: [cfdac87ed5c8]
19371:
19372: * configure.in:
19373: Fix IRIX fallout from name changes in man dir/sect Makefile
19374: variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
19375: [9a7618755c23]
19376:
19377: * auth/pam.c:
19378: Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
19379: the global copy. Problem noted by Peter Pentchev.
19380: [d0a3e189cb06]
19381:
19382: 2002-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
19383:
19384: * sudo.tab.c:
19385: regen
19386: [23b931359087]
19387:
19388: * parse.yacc:
19389: Add missing yyerror() calls; YYERROR does not seem to call this for
19390: us.
19391: [0be7aeb3ac57]
19392:
19393: 2002-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
19394:
19395: * sudo.c:
19396: fix typo in comment; Pedro Bastos
19397: [d7406c460e99]
19398:
19399: 2002-11-22 Todd C. Miller <Todd.Miller@courtesan.com>
19400:
19401: * INSTALL:
19402: document --disable-setresuid
19403: [fbd03d03a027]
19404:
19405: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
19406: auth/sudo_auth.c:
19407: Sprinkle some volatile qualifiers to prevent over-enthusiastic
19408: optimizers from removing memset() calls.
19409: [5370ac0e6129]
19410:
19411: * logging.c, parse.yacc:
19412: minor sign fixes pointed out by gcc -Wsign-compare
19413: [db872438337f]
19414:
19415: * set_perms.c, sudo.c, sudo.h:
19416: Revamp set_perms. We now use a version based on setresuid() or
19417: setreuid() when possible since that allows us to support the
19418: stay_setuid option and we always know exactly what the semantics
19419: will be (various Linux kernels have broken POSIX saved uid support).
19420: [523bc212396c]
19421:
19422: * config.h.in, configure:
19423: regen from configure.in
19424: [351877ea2624]
19425:
19426: * configure.in:
19427: Add checks for setresuid() and a way to disable using it
19428: [a5b21653d169]
19429:
19430: * compat.h:
19431: No long need to emulate set*[ug]id() via setres[ug]id() or
19432: setre[ug]id(). The new set_perms stuff only uses things it knows are
19433: there.
19434: [47884bd5d1d9]
19435:
19436: * sudo.c:
19437: Before exec, restore state of signal handlers to be the same as when
19438: we were initialy invoked instead of just reseting to SIG_DFL. Fixes
19439: a problem when using sudo with nohup. Based on a patch from Paul
19440: Markham.
19441: [f8f5a1484faa]
19442:
19443: * sudo.c:
19444: o timestamp_uid should be uid_t, not int o clarify error message
19445: when sudo is run by root and no_root_sudo is set
19446: [19dda0734264]
19447:
19448: 2002-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
19449:
19450: * README:
19451: update ftp link for bison
19452: [98bc191016e3]
19453:
19454: 2002-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
19455:
19456: * set_perms.c:
19457: Error out if setusercontext() fails and the runas user is not root.
19458: [089f9ade4686]
19459:
19460: 2002-05-20 Todd C. Miller <Todd.Miller@courtesan.com>
19461:
19462: * auth/securid5.c:
19463: Fix rcsid
19464: [07e9e85dcc2f]
19465:
19466: * configure.in:
19467: Fix SecurID API test
19468: [5ec201f454a5]
19469:
19470: 2002-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
19471:
19472: * env.c:
19473: typo in comment
19474: [9d385c9ac533]
19475:
19476: * configure.in:
19477: securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
19478: but I don't see a better way at the moment.
19479: [f89e55cbb313]
19480:
19481: * Makefile.in, auth/securid5.c:
19482: SecurID API version 5 support from Michael Stroucken
19483: [68500ac7e531]
19484:
19485: * configure.in:
19486: Add check for SecurID 5.0 API
19487: [1ee242e6de6b]
19488:
19489: 2002-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
19490:
19491: * strerror.c:
19492: We actually do still need config.h to get the 'const' definition for
19493: K&R C.
19494: [d9c982032d85]
19495:
19496: 2002-05-05 Todd C. Miller <Todd.Miller@courtesan.com>
19497:
19498: * configure:
19499: regen with autoconf 2.5.3
19500: [c71fc086eef5]
19501:
19502: * configure.in:
19503: Don't set sysconfdir to '/etc' if the user has specified a --prefix.
19504: [d90da1efafd9]
19505:
19506: * configure.in:
19507: Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
19508: LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
19509: [dd67afefa90d]
19510:
19511: * env.c, sudo.c, sudo.h:
19512: No need for dump_badenv() now that dump_defaults() knows how to dump
19513: lists.
19514: [6bcda468501d]
19515:
19516: * BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
19517: version.h:
19518: ++version
19519: [44e3b8f95f0b]
19520:
19521: * sudoers.pod:
19522: document timestampowner
19523: [37ebd69e9dd1]
19524:
19525: * check.c:
19526: Don't call set_perms() when doing timestamp stuff unless
19527: timestamp_uid != 0.
19528: [63a63d41d18c]
19529:
19530: * auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
19531: sudo.h, testsudoers.c:
19532: g/c second arg to set_perms--it is no longer used
19533: [7ac4ce50c612]
19534:
19535: 2002-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
19536:
19537: * check.c, set_perms.c, sudo.c, sudo.h:
19538: Add support for non-root timestamp dirs. This allows the timestamp
19539: dir to be shared via NFS (though this is not recommended).
19540: [faa83dd2b7fb]
19541:
19542: * def_data.c, def_data.h, def_data.in:
19543: Add timestampowner, "Owner of the authentication timestamp dir"
19544: [d47640d4c86a]
19545:
19546: 2002-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
19547:
19548: * env.c:
19549: Don't try to pre-compute the size of the new envp, just allocate
19550: space up front and realloc as needed. Changes to the new env
19551: pointer must all be made through insert_env() which now keeps track
19552: of spaced used and allocates as needed.
19553: [39bc934a9f2c]
19554:
19555: 2002-04-26 Todd C. Miller <Todd.Miller@courtesan.com>
19556:
19557: * configure:
19558: regen
19559: [0e12c09bb790]
19560:
19561: * configure.in:
19562: Fix two typo/pastos; from jrj@purdue.edu
19563: [b718a4bf1181]
19564:
19565: 2002-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
19566:
19567: * INSTALL.binary, README:
19568: ++version
19569: [a1e33027278c] [SUDO_1_6_6]
19570:
19571: * configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
19572: visudo.cat, visudo.man.in:
19573: regen
19574: [19eb2be283ef]
19575:
19576: * CHANGES, RUNSON, TODO:
19577: Sync with 1.6.6
19578: [2ff9a9087f63]
19579:
19580: * check.c:
19581: The the loop used to expand %h and %u, the lastchar variable was not
19582: being initialized. This means that if the last char in the prompt
19583: is '%' and the first char is 'h' or 'u' a extra copy of the host or
19584: user name would be copied, for which space had not been allocated.
19585: [b2e27197857d]
19586:
19587: 2002-04-18 Todd C. Miller <Todd.Miller@courtesan.com>
19588:
19589: * BUGS, INSTALL, Makefile.in, configure.in, version.h:
19590: crank version to 1.6.6
19591: [cfd08689e597]
19592:
19593: * auth/afs.c:
19594: #undef VOID to get rid of an AFS warning
19595: [b40760564dc1]
19596:
19597: * env.c:
19598: Use easprintf instead of emalloc + sprintf for some things.
19599: [e7bfe2e69a03]
19600:
19601: 2002-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
19602:
19603: * lex.yy.c, sudo.tab.c:
19604: regen
19605: [35327104383d]
19606:
19607: * parse.c, parse.lex, parse.yacc, testsudoers.c:
19608: Remove Chris Jepeway's email address so people don't bug him ;-)
19609: [c03410747a69]
19610:
19611: 2002-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
19612:
19613: * sudo.c:
19614: Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
19615: endgrent() at the same time.
19616: [28b6097d5d1a]
19617:
19618: 2002-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
19619:
19620: * INSTALL:
19621: Make it clear which configure options take arguments.
19622: [38529e7efad0]
19623:
19624: 2002-01-25 Todd C. Miller <Todd.Miller@courtesan.com>
19625:
19626: * compat.h:
19627: HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
19628: RLIM_INFINITY, just pretend it is -1. This works because we only
19629: check for RLIM_INFINITY and do not set anything to that value.
19630: [53173d34e6eb]
19631:
19632: 2002-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
19633:
19634: * auth/pam.c:
19635: Zero and free allocated memory when there is a conversation error.
19636: [e342133db579]
19637:
19638: * auth/bsdauth.c:
19639: Use sigaction() not signal()
19640: [126c2790561f]
19641:
19642: * INSTALL:
19643: Mention that some linux kernels have broken POSIX saved ID support
19644: [571ef1a893d3]
19645:
19646: * CHANGES:
19647: checkpoint for 1.6.5p2
19648: [9e9e456f7f43]
19649:
19650: * configure:
19651: regen
19652: [d53703a46708]
19653:
19654: * configure.in:
19655: Add --disable-setreuid flag
19656: [3b9f2679cb55]
19657:
19658: * INSTALL:
19659: Document new --disable-setreuid option and change description for
19660: --disable-saved-ids to match new error message.
19661: [14fd3e5f60a5]
19662:
19663: * set_perms.c:
19664: fatal() now takes an argument that determines whether or not to call
19665: perror().
19666: [d826b25e62ff]
19667:
19668: * TROUBLESHOOTING:
19669: Update for new error messages from set_perms()
19670: [78007c3f76a9]
19671:
19672: * PORTING:
19673: Update for new error messages from set_perms()
19674: [60c545a6bcff]
19675:
19676: 2002-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
19677:
19678: * auth/pam.c:
19679: Make this compile w/o warnings
19680: [b90843a29af5]
19681:
19682: * auth/pam.c:
19683: Mention that we can't use pam_acct_mgmt()
19684: [1dfc5a6e0479]
19685:
19686: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
19687: The user's password was not zeroed after use when AIX
19688: authentication, BSD authentication, FWTK or PAM was in use.
19689: [b18fff30b1e7]
19690:
19691: 2002-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
19692:
19693: * auth/pam.c:
19694: Avoid giving PAM a NULL password response, use the empty string
19695: instead. This avoids a log warning when the user hits ^C at the
19696: password prompt when PAM is in use.
19697: [c3315805e4e4]
19698:
19699: * auth/pam.c:
19700: Don't check the return value of pam_setcred(). In Linux-PAM 0.75
19701: pam_setcred() returns the last saved return code, not the return
19702: code for the setcred module. Because we haven't called
19703: pam_authenticate(), this is not set and so pam_setcred() returns
19704: PAM_PERM_DENIED.
19705: [73db145fa179]
19706:
19707: * Makefile.in:
19708: Don't need a '/' between $(DESTDIR) and a directory.
19709: [0901ca618176]
19710:
19711: * Makefile.binary:
19712: Don't need a '/' between $(DESTDIR) and a directory.
19713: [cd7eb6098b87]
19714:
19715: 2002-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
19716:
19717: * configure:
19718: regen
19719: [41b12c039282]
19720:
19721: * configure.in:
19722: o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
19723: setreuid() o new NetBSD has a real setreuid() o add check for
19724: freeifaddrs() if getifaddrs() exists.
19725: [a82ee3b01733]
19726:
19727: * config.h.in, interfaces.c:
19728: Older BSDi releases lack freeifaddrs() so add a test for that and if
19729: it is not present just use free().
19730: [6270671ea9d5]
19731:
19732: 2002-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
19733:
19734: * CHANGES, RUNSON:
19735: Checkpoint for 1.6.5p1
19736: [26134ecf9b36]
19737:
19738: * auth/passwd.c:
19739: Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
19740: to normal passwords, not AUTH_FATAL (which just causes an exit).
19741: [785e0f4bc0e2]
19742:
19743: * visudo.c:
19744: Don't use memory after it has been freed.
19745: [c60492739fdb]
19746:
19747: * auth/passwd.c:
19748: skeyaccess() wants a struct passwd * not a char *; Patch from
19749: Phillip E. Lobbes
19750: [65a1d3806fcd] [SUDO_1_6_5]
19751:
19752: * BUGS:
19753: ++version
19754: [b2e1825e692e]
19755:
19756: * CHANGES, RUNSON, TODO:
19757: checkpoint for sudo 1.6.5
19758: [d730945622e7]
19759:
19760: 2002-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
19761:
19762: * configure:
19763: regen
19764: [49744c403ac9]
19765:
19766: * INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
19767: version 1.6.5
19768: [ec30a5f7fc45]
19769:
19770: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
19771: visudo.man.in:
19772: sudo version 1.6.5
19773: [458a3bed535d]
19774:
19775: * logging.c:
19776: o when invoking the mailer as root use a hard-coded environment that
19777: doesn't include any info from the user's environment. Basically
19778: paranoia.
19779:
19780: o Add support for the NO_ROOT_MAILER compile-time option and run the
19781: mailer as the user and not root if NO_ROOT_MAILER is defined.
19782: [4df351ec92ce]
19783:
19784: * set_perms.c, sudo.h:
19785: Bring back PERM_FULL_USER
19786: [edb6039bb284]
19787:
19788: * configure:
19789: regen
19790: [3eb2943afa03]
19791:
19792: * version.h:
19793: version 1.6.5
19794: [044fc9a0c72b]
19795:
19796: * INSTALL, config.h.in, configure.in:
19797: Add --disable-root-mailer option to run the mailer as the user and
19798: not root.
19799: [e9f805397963]
19800:
19801: * CHANGES:
19802: checkpoint for 1.6.4p2
19803: [b58aae5aa98a]
19804:
19805: * PORTING:
19806: Mention the "seteuid(0): Operation not permitted" problem here too
19807: just for good measure.
19808: [90135b37a691]
19809:
19810: 2002-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
19811:
19812: * env.c, getspwuid.c, sudo.c:
19813: The SHELL environment variable was preserved from the user's
19814: environment instead of being reset based on the passwd database when
19815: the "env_reset" option was used. Now it is reset as it should be.
19816: [300066ef3c71]
19817:
19818: * configure:
19819: regen
19820: [a47d779e6552]
19821:
19822: * INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
19823: sudo.c:
19824: Add a configure option to turn off use of POSIX saved IDs
19825: [fb18cc8e94d0]
19826:
19827: * configure:
19828: regen
19829: [d4f2f20025b6]
19830:
19831: * configure.in:
19832: add --with-efence option
19833: [45c4f33a8e88]
19834:
19835: * sudo.c:
19836: Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
19837: "sudo -l" would not work if always_set_home was set.
19838: [c3a6de6c4800]
19839:
19840: * lex.yy.c:
19841: regen
19842: [417424452998]
19843:
19844: * parse.lex:
19845: Quoted commas were not being treated correctly in command line
19846: arguments.
19847: [753415541b37]
19848:
19849: * sudo.c:
19850: o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
19851: Otherwise, the set_home option has no effect.
19852:
19853: o Fix use of freed memory when the "fqdn" flag is set. This was
19854: introduced by the fix for the "segv when gethostbynam() fails" bug.
19855: Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
19856: there is no need to check the "fqdn" flag in set_fqdn() itself.
19857: [4b6a4245c04e]
19858:
19859: * env.c:
19860: Add 'continue' statements to optimize the switch statement. From
19861: Solar.
19862: [a82c76975ae5]
19863:
19864: 2002-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
19865:
19866: * sudoers.cat, sudoers.man.in:
19867: Regen from new sudoers.pod
19868: [6ecc07b3d0e1] [SUDO_1_6_4]
19869:
19870: * sudoers.pod:
19871: Add caveat about stay_setuid flag
19872: [9d228a7bea1b]
19873:
19874: * sudo.c:
19875: If set_perms == set_perms_posix and the stay_setuid flag is not set,
19876: set all uids to 0 and use set_perms_fallback().
19877: [c4e54d1ec86f]
19878:
19879: * set_perms.c, sudo.h:
19880: Remove PERM_FULL_USER (which is no longer used) and add
19881: PERM_FULL_ROOT (used when exec'ing the mailer).
19882: [15406c522ea2]
19883:
19884: * logging.c:
19885: Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
19886: never want to run the mailer setuid.
19887: [2294853e0666]
19888:
19889: 2002-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
19890:
19891: * sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
19892: visudo.pod:
19893: Use sudo.ws instead of courtesan.com in URLs
19894: [55204002a308]
19895:
19896: * Makefile.binary, Makefile.in:
19897: Fix mansect substitution
19898: [b7b5cbc3aa91]
19899:
19900: * Makefile.in:
19901: Substitute man sections in Makefile.binary
19902: [040deb785e56]
19903:
19904: * Makefile.binary:
19905: Sync install targets with Makefile.in and substitute in man
19906: sections.
19907: [77882a275281]
19908:
19909: * INSTALL, INSTALL.binary:
19910: version is 1.6.4
19911: [0f87aabbcb70]
19912:
19913: * Makefile.in:
19914: Repair bindist target
19915: [8d43bfe7e2d1]
19916:
19917: * CHANGES:
19918: sync for 1.6.4
19919: [13ca3d4a0a72]
19920:
19921: 2002-01-10 Todd C. Miller <Todd.Miller@courtesan.com>
19922:
19923: * install-sh:
19924: Fix case where neither whoami nor id are found
19925: [424dd270bc47]
19926:
19927: 2002-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
19928:
19929: * install-sh:
19930: If neither whoami nor id exists, just assume we are root.
19931: [2d2644e42c53]
19932:
19933: * alloc.c:
19934: Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
19935: on AIX which for some reason isn't pulling in the malloc prototype.
19936: [231440d2ee3b]
19937:
19938: 2002-01-08 Todd C. Miller <Todd.Miller@courtesan.com>
19939:
19940: * Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
19941: (c) 2002
19942: [700e3b41a68e]
19943:
19944: * CHANGES:
19945: checkpoint
19946: [33e604bd8d5b]
19947:
19948: * sudo.c:
19949: Defer assigning new environment until right before the exec.
19950: [f13c49e75c1c]
19951:
19952: * parse.c:
19953: kill extra blank line
19954: [12ef22e9dae3]
19955:
19956: 2002-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
19957:
19958: * configure:
19959: regen
19960: [a6cd2d788f74]
19961:
19962: * configure.in:
19963: Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
19964: compiler doesn't recognise -O2.
19965: [5234aa543692]
19966:
19967: * HISTORY:
19968: Clarify origins of Root Group sudo a bit based on info from
19969: billp@rootgroup.com
19970: [4deef01c4208]
19971:
19972: 2002-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
19973:
19974: * LICENSE:
19975: 2002
19976: [6c8e089dbd1a]
19977:
19978: * CHANGES:
19979: checkpoint for 1.6.4rc1
19980: [3349eb87a49f]
19981:
19982: 2002-01-02 Todd C. Miller <Todd.Miller@courtesan.com>
19983:
19984: * config.h.in:
19985: now generated via autoheader
19986: [84657d303cb9]
19987:
19988: * configure:
19989: regen
19990: [207bfa6a13f6]
19991:
19992: * compat.h:
19993: Move in some stuff that was previously in config.h.
19994: [e576d8b6480f]
19995:
19996: * aclocal.m4, configure.in:
19997: Add info for autoheader.
19998: [0549cd5da27c]
19999:
20000: 2002-01-01 Todd C. Miller <Todd.Miller@courtesan.com>
20001:
20002: * Makefile.in:
20003: o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
20004: -g to facilitate non-root installs
20005: [619216038f56]
20006:
20007: * install-sh:
20008: Add -M option (like -m but only for root) If we can't find "whoami",
20009: use "id" w/ some sed.
20010: [b39121c8b792]
20011:
20012: * configure:
20013: regen
20014: [b39b93ff9804]
20015:
20016: * configure.in:
20017: allow user to always override mansectsu and mansectform
20018: [0fca5e63bd90]
20019:
20020: 2001-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
20021:
20022: * mkinstalldirs:
20023: update from autoconf 2.52
20024: [07bd75a508c3]
20025:
20026: * config.guess, config.sub:
20027: Update from autoconf 2.52
20028: [857b90fe31b7]
20029:
20030: * configure:
20031: regen with autoconf 2.52
20032: [08e7d1ea2aeb]
20033:
20034: * configure.in:
20035: o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
20036: mode o Remove compiler-specific checks for HP-UX now that we use
20037: AC_PROG_CC_STDC
20038: [d433a70b6208]
20039:
20040: * RUNSON:
20041: Checkpoint
20042: [babf6d2235d1]
20043:
20044: * auth/pam.c:
20045: o Add pam_prep_user function to call pam_setcred() for the target
20046: user; on Linux this often sets resource limits. o When calling
20047: pam_end(), try to convert the auth->result to a PAM_FOO value.
20048: This is a hack--we really need to stash the last PAM_FOO value
20049: received and use that instead.
20050: [6ad6f340dd2a]
20051:
20052: * set_perms.c, sudo.h:
20053: o Add pam_prep_user function to call pam_setcred() for the target
20054: user; on Linux this often sets resource limits.
20055: [67795421ac82]
20056:
20057: * env.c:
20058: Fix off by one error in number of bytes allocated via malloc (does
20059: not affected any released version of sudo).
20060: [5f5915360111]
20061:
20062: 2001-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
20063:
20064: * lex.yy.c:
20065: regen
20066: [8208c0277775]
20067:
20068: * parse.lex:
20069: Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
20070: requiring that they be quoted.
20071: [ae59bc8f68dd]
20072:
20073: * sudoers.cat, sudoers.man.in, sudoers.pod:
20074: Mention that no double quotes are needed when
20075: adding/deleting/assigning a single value to a list.
20076: [25efc940a1f0]
20077:
20078: * Makefile.in:
20079: Don't rely on mkdefaults being executable, call perl explicitly.
20080: [6edc97ba5f1d]
20081:
20082: * sudo.tab.c:
20083: regen
20084: [49130b2e7e4d]
20085:
20086: * parse.yacc:
20087: Remove some XXX that are no longer relevant.
20088: [d460ac0d3767]
20089:
20090: * defaults.c:
20091: o Roll our own loop instead of using strpbrk() for better
20092: grokability o When adding to a list we must malloc() and use
20093: memcpy(), not strdup() since we must only copy len bytes from str.
20094: [649bef08e1f0]
20095:
20096: 2001-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
20097:
20098: * sudo.tab.c:
20099: regen
20100: [f0bbf2c38c0e]
20101:
20102: * parse.yacc:
20103: typo in comment
20104: [2563711ff593]
20105:
20106: 2001-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
20107:
20108: * CHANGES:
20109: checkpoint
20110: [a6d8a29fb30e]
20111:
20112: * configure:
20113: regen
20114: [bdfcaaf3bd13]
20115:
20116: * configure.in:
20117: avoid the -g flag unless --with-devel was specified
20118: [a976707bef30]
20119:
20120: * Makefile.in:
20121: mkdefaults, def_data.in and sigaction.c were missing from the
20122: tarball
20123: [6917ffbaa412]
20124:
20125: * Makefile.in:
20126: def_data.c was missing
20127: [87c78b11453d]
20128:
20129: 2001-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
20130:
20131: * env.c:
20132: Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
20133: allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
20134: [fc8698e6a45e]
20135:
20136: * TODO:
20137: Another TODO item
20138: [6f251d6cd466]
20139:
20140: * sudoers:
20141: Add comment for Default section so folks know where it should go.
20142: [7edba626f392]
20143:
20144: 2001-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
20145:
20146: * tgetpass.c:
20147: Use TCSETAF, not TCSETA to set terminal in termio case
20148: [fbd172f6c5d3]
20149:
20150: * sudoers.cat, sudoers.man.in:
20151: regen from sudoers.pod
20152: [64edd2de816e]
20153:
20154: * sudoers.pod:
20155: o Typo, Runas_User_List should be Runas_List o a User_List can not
20156: contain a uid o mention that the Defaults section should come after
20157: Alias definitions but before the user specifications
20158: [54070ba2092b]
20159:
20160: 2001-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
20161:
20162: * sudoers.cat, sudoers.man.in:
20163: regen
20164: [e62d1d97693c]
20165:
20166: * sudoers.pod:
20167: Fix listpw and verifypw sections, they were not being formatted
20168: properly.
20169: [123868c2f3e9]
20170:
20171: * sudoers.cat, sudoers.man.in:
20172: regen
20173: [f94841f8b374]
20174:
20175: * sudoers.pod:
20176: fix typos
20177: [f278f1c1184e]
20178:
20179: * configure:
20180: regen
20181: [d2270049ba9f]
20182:
20183: * config.h.in, configure.in:
20184: use AC_SYS_POSIX_TERMIOS instead of rolling our own
20185: [c1a13f1354b9]
20186:
20187: * README:
20188: Reference sudo.ws not courtesan.com
20189: [ca13be67ebd7]
20190:
20191: * PORTING:
20192: Add notes on shadow passwords
20193: [aa13863f2314]
20194:
20195: * BUGS:
20196: In list mode (sudo -l), characters escaped with a backslash are
20197: shown verbatim with the backslash.
20198: [1a75a2858be2]
20199:
20200: * sudoers:
20201: Add simple examples from OpenBSD (Marc Espie)
20202: [3ae9a9ae4125]
20203:
20204: * tgetpass.c:
20205: Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
20206: [f8817699ee10]
20207:
20208: * CHANGES:
20209: minor prettyification
20210: [f523587929b9]
20211:
20212: * CHANGES:
20213: Updated change log
20214: [39d9010ee7a8]
20215:
20216: * testsudoers.c:
20217: Fix CIDR handling here too.
20218: [c91db8344c32]
20219:
20220: * auth/pam.c:
20221: Apparently a NULL response is OK
20222: [83bae61078d9]
20223:
20224: * TODO:
20225: Checkpoint for upcoming beta release
20226: [efb95c09df2a]
20227:
20228: * TROUBLESHOOTING:
20229: Many people believe that adding a runas spec should obviate the need
20230: for the -u flag. It does not.
20231: [c698bad85b0e]
20232:
20233: * RUNSON:
20234: checkpoint update for upcoming 1.6.4 beta
20235: [009e465a0a45]
20236:
20237: * config.h.in:
20238: o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
20239: if HAVE_STRING_H is defined -- this is safe now
20240: [d27c035f4e14]
20241:
20242: * PORTING:
20243: Add signals section
20244: [2d24c13cb3c8]
20245:
20246: * configure:
20247: regen
20248: [2b80a939e2ed]
20249:
20250: * configure.in:
20251: Fix check for sigaction_t
20252: [6fa41c89ab20]
20253:
20254: * sudo.c:
20255: XXX - should call find_path() as runas user, not root. Can't do
20256: that until the parser changes though.
20257: [f0b4f85651bd]
20258:
20259: * sudo.c:
20260: If find_path() fails as root, try again as the invoking user (useful
20261: for NFS). Idea from Chip Capelik.
20262: [e03fa7872692]
20263:
20264: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
20265: Regenerate after pod file changes
20266: [48e4bd75ec21]
20267:
20268: * def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
20269: sudo.pod, sudoers.pod:
20270: Add new sudoers option "preserve_groups". Previously sudo would not
20271: call initgroups() if the target user was root. Now it always calls
20272: initgroups() unless the -P command line option or the
20273: "preserve_groups" sudoers option is set. Idea from TJ Saunders.
20274: [4f730359f101]
20275:
20276: 2001-12-14 Todd C. Miller <Todd.Miller@courtesan.com>
20277:
20278: * compat.h, config.h.in:
20279: Use new HAVE_SIGACTION_T define
20280: [dfb25f3cae5b]
20281:
20282: * logging.c:
20283: Fix compilation on K&C
20284: [7355e3275e34]
20285:
20286: * configure:
20287: regen
20288: [a710584f92f0]
20289:
20290: * configure.in:
20291: Add check for sigaction_t -- IRIX already defines this so don't
20292: redefine it.
20293: [df9c5737f6da]
20294:
20295: * snprintf.c:
20296: fix typo
20297: [3d782b8134c8]
20298:
20299: * interfaces.c:
20300: need stdlib.h here too
20301: [c789d8973ab2]
20302:
20303: * configure:
20304: regen
20305: [44822856bf46]
20306:
20307: * configure.in:
20308: Remove redundant checks for string.h, strings.h and unistd.h
20309: [933c94f8bbf4]
20310:
20311: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
20312: visudo.man.in:
20313: Regen from pod files
20314: [ad18c590f638]
20315:
20316: * BUGS:
20317: Update for 1.6.4
20318: [26bc88b69d22]
20319:
20320: * configure, lex.yy.c, sudo.tab.c:
20321: regen
20322: [bef89fd6fa2d]
20323:
20324: * strerror.c:
20325: Return EINVAL if errnum > sys_nerr
20326: [0512374e6661]
20327:
20328: * auth/sudo_auth.h:
20329: o Update copyright year
20330: [a877016db6e2]
20331:
20332: * LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
20333: config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
20334: sudo.pod:
20335: o Update copyright year
20336: [e15a1b39039f]
20337:
20338: * configure.in:
20339: o Don't define STDC_HEADERS unconditionally for IRIX o Update
20340: copyright year
20341: [82a8cb819e07]
20342:
20343: * README:
20344: update version
20345: [d82e523a16b4]
20346:
20347: * auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
20348: auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
20349: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
20350: auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
20351: set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
20352: visudo.c:
20353: o Reorder some headers and use STDC_HEADERS define properly o Update
20354: copyright year
20355: [fe39f76b3795]
20356:
20357: * lsearch.c:
20358: o Reorder some headers and use STDC_HEADERS define properly o Update
20359: copyright year
20360: [764ba3d4fa13]
20361:
20362: * getspwuid.c, goodpath.c, interfaces.c:
20363: o Reorder some headers and use STDC_HEADERS define properly o Update
20364: copyright year
20365: [fb46d46140d4]
20366:
20367: * getcwd.c:
20368: o Reorder some headers and use STDC_HEADERS define properly o Update
20369: copyright year
20370: [b199d70ac7ab]
20371:
20372: * alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
20373: fnmatch.c:
20374: o Reorder some headers and use STDC_HEADERS define properly o Update
20375: copyright year
20376: [dab8f192a3ed]
20377:
20378: * configure:
20379: regen
20380: [156658f25cea]
20381:
20382: * tgetpass.c:
20383: flags set in signal handlers should be volatile sig_atomic_t
20384: [c22931a5535e]
20385:
20386: * config.h.in, configure.in:
20387: Add checks for volatile and sig_atomic_t
20388: [b03b3341381d]
20389:
20390: * configure, lex.yy.c:
20391: regen
20392: [ed9daba88217]
20393:
20394: * def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
20395: sudo.c, sudoers.pod:
20396: Remove "secure_path" Defaults option since it cannot work with the
20397: existing parser.
20398: [c9e54a0f5971]
20399:
20400: * find_path.c, sudo.c:
20401: Unset "secure_path" if user_is_exempt()
20402: [fb7544565ae8]
20403:
20404: * env.c, pathnames.h.in:
20405: o Remove assumption that PATH and TERM are not listed in env_keep o
20406: If no PATH is in the environment use a default value o If TERM is
20407: not set in the non-reset case also give it a default value.
20408: [c987eb7df268]
20409:
20410: * aclocal.m4, configure.in, defaults.c, pathnames.h.in:
20411: _PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
20412: systems that define in paths.h
20413: [51865b0cdebf]
20414:
20415: * auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
20416: Add support for skeyaccess(3) if it is present in libskey.
20417: [8add77c7d3e7]
20418:
20419: 2001-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
20420:
20421: * sudo.c:
20422: Only need to do 'lc = login_getclass(NULL)' if lc == NULL
20423: [5a3d3cbf2c6d]
20424:
20425: * parse.lex:
20426: '\\' is a perfectly legal character to have in a command line
20427: argument.
20428: [c15a466ef00e]
20429:
20430: * sudo.c:
20431: o Defer call to set_fqdn() until it is safe to use log_error() o
20432: Don't print errno string value if gethostbyname fails, it is not
20433: relevant
20434: [c0c6bcf08bcb]
20435:
20436: * parse.c:
20437: Fix CIDR -> in_addr_t conversion.
20438: [2f307ebeb63f]
20439:
20440: 2001-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
20441:
20442: * sudoers.pod:
20443: Remove an extra "User_List" in the User_Spec definition From
20444: ybertrand AT snoopymail.com
20445: [97bde59ea280]
20446:
20447: * parse.c:
20448: Make 'listpw=never' work for users who are not explicitly mentioned
20449: in sudoers.
20450: [258f0f30a428]
20451:
20452: * sudoers.pod:
20453: Remove gratuitous '=' in EBNF grammar; era AT iki.fi
20454: [4b0f03872ee1]
20455:
20456: * sudoers.pod:
20457: Document new list Defaults type and convert env_keep and env_delete
20458: to lists. Document new env_check option.
20459: [a07f1f079fe3]
20460:
20461: * lex.yy.c, sudo.tab.c, sudo.tab.h:
20462: regen parser
20463: [e39ac6c6581b]
20464:
20465: * parse.lex:
20466: Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
20467: to #[0-9-]+.
20468: [69c5388908f3]
20469:
20470: * configure:
20471: regen
20472: [0f1877b88cb3]
20473:
20474: * aclocal.m4:
20475: Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
20476: [6545503ae361]
20477:
20478: * config.h.in, configure.in:
20479: Add check for skeyaccess(3)
20480: [6caf69fe6359]
20481:
20482: * visudo.pod:
20483: Document new -c, -f, and -q options
20484: [13d0203c21d3]
20485:
20486: * visudo.c:
20487: o Add -f option (alternate sudoers file) o Convert to use getopt(3)
20488: [4c2b664d617d]
20489:
20490: * configure:
20491: regen
20492: [6d5bd932e7b5]
20493:
20494: * aclocal.m4, config.h.in, configure.in:
20495: Add check for isblank and a replacement macro if it doesn't exist.
20496: [b524f5e4f953]
20497:
20498: 2001-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
20499:
20500: * visudo.c:
20501: In check-only mode, don't create sudoers if it does not already
20502: exist.
20503: [c748a2d5acad]
20504:
20505: * parse.yacc:
20506: o Add a new token, DEFVAR, to indicate a Defaults variable name o
20507: Add support for "+=" and "-=" list operators o replace some 1 and 0
20508: with TRUE and FALSE for greater legibility.
20509: [554cb174b37e]
20510:
20511: * parse.lex:
20512: o Use exclusive start conditions to remove some ambiguity in the
20513: lexer. Also reorder some things for clarity. o Add support for
20514: "+=" and "-=" list operators. o Use the new DEFVAR token to denote
20515: a Defaults variable name.
20516: [3a2cf8323e26]
20517:
20518: * sudo.h:
20519: Prototype init_envtables()
20520: [b74916469dab]
20521:
20522: * env.c:
20523: o Convert environment handling to use lists instead of strings.
20524: This greatly simplifies routines that need to do "foreach" type
20525: operations. o Add new init_envtables() function to set env_check
20526: and env_delete defaults based on initial_badenv_table and
20527: initial_checkenv_table (formerly sudo_badenv_table).
20528: [0a8b404658b6]
20529:
20530: * defaults.c, defaults.h:
20531: o Add a new LIST type and functions to manipulate it. o This is for
20532: use with environment handling variables. o Call new
20533: init_envtables() routine inside init_defaults() to initialize the
20534: environment lists.
20535: [ae73e64f0902]
20536:
20537: * def_data.c, def_data.h, def_data.in:
20538: Convert environment options to use the new LIST type and add a new
20539: one, env_check that only deletes if the sanity check fails.
20540: [3019503936de]
20541:
20542: * testsudoers.c:
20543: Add dummy version of init_envtables()
20544: [9d9e3ee609d9]
20545:
20546: * parse.yacc:
20547: honor quiet mode
20548: [8330fba6167c]
20549:
20550: * visudo.c:
20551: Add check-only mode
20552: [dab411bc8c35]
20553:
20554: * mkdefaults:
20555: Fix generation of entries with NULL descriptions.
20556: [ea75b9fed02e]
20557:
20558: 2001-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
20559:
20560: * tgetpass.c:
20561: Use sigaction_t and quiet a gcc warning.
20562: [6f67d719c452]
20563:
20564: * sudo.c:
20565: Must reset signal handlers before we exec
20566: [300418120e1a]
20567:
20568: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
20569: auth/sudo_auth.c:
20570: Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
20571: version needs testing. Set SIGTSTP to SIG_DFL during password entry
20572: so user can suspend us.
20573: [00304aa58747]
20574:
20575: * tgetpass.c:
20576: Add support for interrupting/suspending tgetpass via keyboard input.
20577: If you suspend sudo from the password prompt and resume it will re-
20578: prompt you.
20579: [4af2b5101d32]
20580:
20581: * sudo.c:
20582: Don't block keyboard interrupt signals, just set them to SIG_IGN.
20583: [d46d7f67ef6b]
20584:
20585: 2001-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
20586:
20587: * config.h.in:
20588: add back HAVE_SIGACTION
20589: [c9c7702c603e]
20590:
20591: * configure:
20592: regen
20593: [09fe669d337f]
20594:
20595: * config.h.in, configure.in, logging.c, sudo.c, visudo.c:
20596: Kill POSIX_SIGNALS define and old signal support now that we emulate
20597: POSIX ones Also be sure to correctly initialize struct sigaction.
20598: [4bc2a6dbb2be]
20599:
20600: * strerror.c:
20601: Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
20602: [1ad64a19f328]
20603:
20604: * compat.h:
20605: Add scaffolding for POSIX signal emulation
20606: [945861d4c93b]
20607:
20608: * sigaction.c:
20609: o Add missing ';' so this compiles o Can't use NULL since we don't
20610: include stdio.h
20611: [04d0cac7438f]
20612:
20613: * sigaction.c:
20614: Emulate sigaction() using sigvec()
20615: [d0b54a989875]
20616:
20617: 2001-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
20618:
20619: * sudoers.pod:
20620: Document new behavior of negative values of timestamp_timeout Fix a
20621: typo
20622: [4c0716570d01]
20623:
20624: * sudo.pod:
20625: Add security note about command not being logged after 'sudo su' and
20626: friends.
20627: [43294851a33c]
20628:
20629: * sudo.pod:
20630: Mention that -V prints default values when run as root, including
20631: the list of environment variables to clear.
20632: [d9e5e550a8c3]
20633:
20634: * Makefile.in:
20635: Run pod2man with --quotes=none to avoid stupid quoting of C<>
20636: entries.
20637: [997b23c35dbe]
20638:
20639: 2001-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
20640:
20641: * auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
20642: Add mail_badpass option Also modify mail_always behavior to also
20643: send mail when the password is wrong
20644: [838d40ccafce]
20645:
20646: * env.c, sudo.c, sudo.h:
20647: Dump default bad env table when 'sudo -V' is run by root.
20648: [f67f1b8048b0]
20649:
20650: * sudoers.pod:
20651: document env_delete
20652: [d74f893663a2]
20653:
20654: * env.c:
20655: Add support for '*' in env_keep when not resetting the environment
20656: (ie: the normal case).
20657: [fd4fb62ea8fd]
20658:
20659: * env.c:
20660: Add env_delete variable that lets the user replace/add to the
20661: bad_env_table. Allow '*' wildcard in env_keep entries.
20662: [aa728bc35e29]
20663:
20664: 2001-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
20665:
20666: * mkinstalldirs:
20667: Force umask to 022 to guarantee sane directory permissions.
20668: [9ab3cfe70569]
20669:
20670: 2001-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
20671:
20672: * Makefile.in:
20673: add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
20674: [671010465e6f]
20675:
20676: * mkdefaults:
20677: fix breakage in last commit
20678: [8318f8851e56]
20679:
20680: * Makefile.in:
20681: acsite.m4 -> aclocal.m4
20682: [30c146873a01]
20683:
20684: * check.c:
20685: fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
20686: [4dc8b39954da]
20687:
20688: * def_data.c:
20689: regenerated from def_data.in
20690: [915ea16ce1eb]
20691:
20692: * check.c, defaults.c, defaults.h:
20693: Add new T_UINT type that most things use instead of T_INT If
20694: timestamp_timeout is < 0 then treat the ticket as never expiring (to
20695: be expired manually by the user).
20696: [3a3a636a2a5d]
20697:
20698: * def_data.in:
20699: change most T_INT -> T_UINT
20700: [a2228d2457af]
20701:
20702: * mkdefaults:
20703: fix warning when no args
20704: [ca70a5394af5]
20705:
20706: * visudo.c:
20707: Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
20708: we are a signal handler. We no longer print the signal number but
20709: the user can just check the exit value for that.
20710: [dc424f631fef]
20711:
20712: 2001-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
20713:
20714: * logging.c:
20715: when setting up pipes in child process check for case where stdin ==
20716: pipe fd 0
20717: [518112d76184]
20718:
20719: 2001-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
20720:
20721: * visudo.c:
20722: Ignore editor exit value since XPG4 says vi's exit value is the
20723: count of editing errors made (failed searches, etc).
20724: [b9d952284865]
20725:
20726: 2001-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
20727:
20728: * configure:
20729: regen
20730: [cb3aa586f03b]
20731:
20732: * configure.in:
20733: sco now is identified by config.guess as *-sco-*
20734: [46664bbdea61]
20735:
20736: * configure.in:
20737: Check for getspnam() in -lgen if not in -lc for UnixWare.
20738: [0f152ad1ba93]
20739:
20740: 2001-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
20741:
20742: * sudoers.pod, visudo.pod:
20743: "upper case" -> "uppercase"
20744: [f9151f232326]
20745:
20746: * sudoers.pod:
20747: fix typos and grammar; pjanzen@foatdi.harvard.edu
20748: [2855d73d0237]
20749:
20750: 2001-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
20751:
20752: * sudoers.pod:
20753: Missing word (specify); krapht@secureops.com
20754: [65523eb37a2c]
20755:
20756: 2001-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
20757:
20758: * sudo.c:
20759: If we fail to lookup a login class, apply the default one.
20760: [d4869faa6816]
20761:
20762: * logging.c:
20763: In log_error() free message, not logline unconditionally, then free
20764: logline if it is not the same as message. No function change but
20765: this mirrors how they are allocated.
20766: [565e5f6cc643]
20767:
20768: 2001-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
20769:
20770: * configure:
20771: regenerate
20772: [834a48f548a2]
20773:
20774: * configure.in:
20775: remove some backslash quotes that are unneeded
20776: [50d401d6e2ca]
20777:
20778: * configure.in:
20779: o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
20780: instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
20781: can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
20782: to AC_DEFINE things manually.
20783: [f502c5f15f92]
20784:
20785: * config.guess, config.sub:
20786: Updated from autoconf-2.50
20787: [6140205915ef]
20788:
20789: 2001-05-22 Todd C. Miller <Todd.Miller@courtesan.com>
20790:
20791: * README:
20792: Update mailing list section. We use mailman now, not majordomo.
20793: [b9a8ca45e6dc]
20794:
20795: 2001-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
20796:
20797: * getspwuid.c, logging.c, sudo.c:
20798: Use setpwent()/endpwent() + all the shadow variants to make sure we
20799: don't inadvertantly leak an fd to the child. Apparently Linux's
20800: shadow routines leave the fd open even if you don't call setspent().
20801: Reported by mike@gistnet.com; different patch used.
20802: [d33792ef6c01]
20803:
20804: 2001-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
20805:
20806: * sudoers.pod:
20807: s/eg./e.g./
20808: [bd32a0acaf93]
20809:
20810: * tgetpass.c:
20811: select() may return EAGAIN. If so, continue like we do for EINTR.
20812: [5f202c943818]
20813:
20814: * logging.c:
20815: Fix a non-exploitable buffer overflow in the word splitting code.
20816: This should really be rewritten.
20817: [4c724363863a]
20818:
20819: * Makefile.in:
20820: FAQ link goes away
20821: [1d26dd6c8972]
20822:
20823: * INSTALL:
20824: Tell people to look in sample.syslog.conf for examples, not FAQ
20825: [affcae3f43ca]
20826:
20827: * TROUBLESHOOTING:
20828: Update list of env vars that are cleared
20829: [234e56f1435a]
20830:
20831: * sudo.c:
20832: remove struct env_table decl since that stuff has all moved to env.c
20833: [5dd923148777]
20834:
20835: 2001-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
20836:
20837: * fileops.c:
20838: Fix a pasto in flock-style unlocking and include <sys/file.h> for
20839: flock on older systems; twetzel@gwdg.de
20840: [d5420d9d2861]
20841:
20842: * configure:
20843: regen to get NeXT lockf/flock fix
20844: [d3ba6ed70e15]
20845:
20846: * configure.in:
20847: force NeXT to use flock since lockf is broken
20848: [bd5391dca1bb]
20849:
20850: 2001-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
20851:
20852: * check.c:
20853: Use stashed user_gid when checking against exempt gid since sudo
20854: sets its gid to a a value that makes sudoers readable. Previously
20855: if you used gid 0 as the exempt group everyone would be exempt. From
20856: Paul Kranenburg <pk@cs.few.eur.nl>
20857: [0b140cc3a817]
20858:
20859: 2001-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
20860:
20861: * configure:
20862: regen
20863: [cc455408f32b]
20864:
20865: * aclocal.m4:
20866: #include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
20867: some types (such as ssize_t) therein.
20868: [b6aee85ca331]
20869:
20870: 2001-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
20871:
20872: * defaults.c:
20873: Fix negation of paths in a boolean context. Problem found by
20874: apt@UH.EDU
20875: [8aee217a7cdf]
20876:
20877: 2001-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
20878:
20879: * visudo.c:
20880: pasto
20881: [ad32b277bf68]
20882:
20883: 2001-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
20884:
20885: * visudo.c:
20886: SA_RESETHAND means the opposite of what I was thinking--oops To
20887: block all signals in old-style signals use ~0, not 0xffffffff
20888: [6ecdd793590a]
20889:
20890: 2001-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
20891:
20892: * defaults.c:
20893: coerce difference of pointers to int when used in a string length
20894: printf format; deraadt@openbsd.org
20895: [a9d10f07180d]
20896:
20897: 2001-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
20898:
20899: * visudo.c:
20900: Block all signals in Exit() to avoid a signal race. There is still
20901: a tiny window but I'm not going to worry about it.
20902: [6661805c0458]
20903:
20904: 2001-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
20905:
20906: * env.c:
20907: glibc uses the LANGUAGE env var so clear that too; Solar Designer
20908: [d4ba95628afb]
20909:
20910: * lex.yy.c:
20911: Regenerate with a fix to flex.skl that preserves errno from
20912: clobbering by isatty().
20913: [607eec736e19]
20914:
20915: 2000-12-31 Todd C. Miller <Todd.Miller@courtesan.com>
20916:
20917: * auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
20918: auth/sia.c, auth/sudo_auth.c:
20919: Some defaults I_ defines got renamed.
20920: [ec19b23caaf3]
20921:
20922: * Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
20923: defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
20924: set_perms.c, sudo.c, sudo.tab.c:
20925: Move defaults info into its own files from which we generate .h and
20926: .c files. This makes adding or rearranging variables much simpler.
20927: [e91b880b5043]
20928:
20929: 2000-12-30 Todd C. Miller <Todd.Miller@courtesan.com>
20930:
20931: * configure, configure.in:
20932: fix typo in last commit
20933: [10a6ee2bae71]
20934:
20935: * compat.h, config.h.in, configure, configure.in:
20936: Add check + emulation for setegid (like seteuid).
20937: [29492092bd2f]
20938:
20939: * env.c:
20940: Make env_keep override badenv_table as documented Fix traversal of
20941: badenv_table (broken in last commit)
20942: [37c9f0d22673]
20943:
20944: * set_perms.c, sudo.c, sudo.h:
20945: Don't try and build saved uid version of set_perms on systems w/o
20946: them. Rename set_perms_saved_uid() -> set_perms_posix() Make
20947: set_perms_setreuid simply be set_perms_fallback() and simply include
20948: the appropriate function at compile time (setreuid() vs. setuid()).
20949: [3107333c062c]
20950:
20951: * sudoers.cat, sudoers.man.in, sudoers.pod:
20952: PATH is also preserved when env_reset is in effect
20953: [90e45c5711ff]
20954:
20955: * CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
20956: configure.in, defaults.c, defaults.h, env.c, find_path.c,
20957: getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
20958: sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
20959: visudo.c, visudo.cat, visudo.man.in:
20960: New Defaults options: o stay_setuid - sudo will remain setuid if
20961: system has saved uids or setreuid(2) o env_reset - reset the
20962: environment to a sane default o env_keep - preserve environment
20963: variables that would otherwise be cleared
20964:
20965: No longer use getenv/putenv/setenv functions--do environment munging
20966: by hand. Potentially dangerous environment variables can be cleared
20967: only if they contain '/' pr '%' characters to protect buggy
20968: programs. Moved environment routines into env.c (new file)
20969: [c2f97651db4c]
20970:
20971: * INSTALL:
20972: Clear up --without-passwd description
20973: [2f336dab6733]
20974:
20975: * putenv.c, sudo_setenv.c:
20976: We now build up a new environment from scratch and assign it to
20977: "environ".
20978: [6ae6152f2238]
20979:
20980: 2000-12-19 Todd C. Miller <Todd.Miller@courtesan.com>
20981:
20982: * sudo.pod, visudo.pod:
20983: Grammatical fixes from Paul Janzen
20984: [e03ead2e56f8]
20985:
20986: 2000-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
20987:
20988: * visudo.c:
20989: If there was a syntax error and the user just wants to quit, unlink
20990: sudoers if it is zero length.
20991: [74ba7921f520]
20992:
20993: * visudo.c:
20994: 'Q' means ignore parse error, not 'q'
20995: [e8d0e4491fe6]
20996:
20997: * visudo.c:
20998: Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
20999: <dim@xs4all.nl>
21000: [b24990a72491]
21001:
21002: 2000-12-13 Todd C. Miller <Todd.Miller@courtesan.com>
21003:
21004: * set_perms.c:
21005: Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
21006: [41a8db10e076]
21007:
21008: 2000-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
21009:
21010: * config.guess, config.sub:
21011: Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
21012: [6052da895d2e]
21013:
21014: 2000-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
21015:
21016: * sudo.c, visudo.c:
21017: Use exit(127), not exit(-1)
21018: [9ff0c3eada34]
21019:
21020: * Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
21021: Move set_perms() to its own file and use POSIX saved uid or
21022: setreuid() if available.
21023:
21024: Added stay_setuid option for systems that have libraries that
21025: perform extra paranoia checks in system libraries for setuid
21026: programs (ie: anything with issetugid(2)).
21027: [28960f842698]
21028:
21029: * sudo.c:
21030: strip more bits from the environment and add a facility for
21031: stripping things only if they contain '/' or '%' to address printf
21032: format string vulnerabilities in other programs.
21033: [b98d6375f299]
21034:
21035: 2000-11-02 Todd C. Miller <Todd.Miller@courtesan.com>
21036:
21037: * configure:
21038: regen
21039: [7e74e5c91049]
21040:
21041: * configure.in:
21042: For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
21043: strcasecmp().
21044: [a418e9e70442]
21045:
21046: * configure:
21047: regen
21048: [bbff244a52bc]
21049:
21050: * configure.in:
21051: Check for strcasecmp(3) in -lc89 for NCR Unix
21052: [361c99576681]
21053:
21054: 2000-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
21055:
21056: * config.h.in:
21057: Define HAVE_INNETGR #ifdef HAVE__INNETGR
21058: [473cdb92b6db]
21059:
21060: * configure:
21061: regen
21062: [4e6364a195e0]
21063:
21064: * compat.h, config.h.in, configure.in:
21065: Add check for _innetgr(3) since NCR systems have that instead of
21066: innetgr(3).
21067: [25e6852e7494]
21068:
21069: 2000-10-31 Todd C. Miller <Todd.Miller@courtesan.com>
21070:
21071: * auth/securid.c:
21072: check return value of creadcfg() call sd_close() after sd_auth()
21073: store username in sd->username so we don't rely on the USER env
21074: variable
21075: [d106b4f42722]
21076:
21077: 2000-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
21078:
21079: * INSTALL:
21080: document --with-bsdauth
21081: [f1518ecc2ee9]
21082:
21083: * configure:
21084: regen
21085: [dceb35071ea8]
21086:
21087: * configure.in:
21088: --with-bsdauth assumes --with-logincap
21089: [4200778083fd]
21090:
21091: * auth/bsdauth.c, auth/fwtk.c:
21092: When prompting for a response to a challenge, if the user just hits
21093: return then reprompt with echo turned on.
21094: [a539b6474a97]
21095:
21096: 2000-10-29 Todd C. Miller <Todd.Miller@courtesan.com>
21097:
21098: * sudo.c:
21099: Remove debugging code that should not have been committed, oops.
21100: [9862607b77a7]
21101:
21102: * auth/bsdauth.c:
21103: Use lower-level routines and get the password ourselves. Checks for
21104: a challenge and if there is one echo is not turned off.
21105: [2d8fcd166baa]
21106:
21107: * auth/pam.c, auth/sudo_auth.h:
21108: minor housekeeping, no real code changes
21109: [d0074a277fb4]
21110:
21111: 2000-10-27 Todd C. Miller <Todd.Miller@courtesan.com>
21112:
21113: * sudo.c:
21114: Fix a coredump in the logging functions if gethostname(2) fails by
21115: deferring the call to log_error() until things are better setup.
21116:
21117: Fix return value of set_loginclass() in non-BSD-auth case.
21118:
21119: Hard-code 'sudo' in the usage message so we can fit more options on
21120: a line
21121: [d9d1b7579818]
21122:
21123: * logging.c:
21124: Fix errant ';' (typo) that broken MSG_ONLY
21125: [849b2276a470]
21126:
21127: 2000-10-26 Todd C. Miller <Todd.Miller@courtesan.com>
21128:
21129: * sudo.cat, sudo.man.in:
21130: regen
21131: [bb3c8c6704d1]
21132:
21133: * sudo.pod:
21134: Document -a flag
21135: [e18316cebaac]
21136:
21137: * Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
21138: configure, configure.in, getspwuid.c, sudo.c:
21139: Add support for BSD authentication.
21140: [f374cfd9ca0d]
21141:
21142: 2000-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
21143:
21144: * sudoers.pod:
21145: Fix typo; from sato@complex.eng.hokudai.ac.jp
21146: [3085fee9766e]
21147:
21148: 2000-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
21149:
21150: * sudoers.pod:
21151: Mention negating umask
21152: [c9e410294dae]
21153:
21154: * defaults.c:
21155: Allow user to specify umask of 0777 (same as !umask)
21156: [bb771daa96fe]
21157:
21158: 2000-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
21159:
21160: * sudo.pod, visudo.pod:
21161: Fix a typo and give a URL for the sudo history.
21162: [77f73199aedb]
21163:
21164: 2000-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
21165:
21166: * defaults.c, sudo.pod:
21167: fix typos; pepper@reppep.com
21168: [5532c7421340]
21169:
21170: 2000-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
21171:
21172: * sudo.c, sudo.h, sudo_setenv.c:
21173: sudo_setenv() now exits on memory alloc failure instead of returning
21174: -1.
21175: [71f1cf18f47b]
21176:
21177: 2000-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
21178:
21179: * sudo.c:
21180: Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
21181: and possibly others.
21182: [b69d985b0d22]
21183:
21184: * logging.c:
21185: Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
21186: that "%m" won't be expanded but we don't use that anyway since the
21187: logging routines may splat to stderr as well.
21188: [8d37a544d0c0]
21189:
21190: * defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
21191: sudoers.pod:
21192: Add always_set_home variable
21193: [dbcaff646e07]
21194:
21195: * configure, configure.in:
21196: Have to hard code default values in help since the defaults are set
21197: _after_ the help stuff.
21198: [7b5d6d72f55c]
21199:
21200: 2000-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
21201:
21202: * lex.yy.c, parse.lex:
21203: Allow special characters (including '#') to be embedded in pathnames
21204: if quoted by a '\\'. The quoted chars will be dealt with by
21205: fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
21206: [3ed33cf09977]
21207:
21208: 2000-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
21209:
21210: * install-sh:
21211: Better path searching for programs we need.
21212: [60517cb1f0d6]
21213:
21214: * TROUBLESHOOTING:
21215: Add section on "C compiler cannot create executables" errors.
21216: [e4ada6eaee59]
21217:
21218: * Makefile.binary, Makefile.in, version.h:
21219: Crank version
21220: [93d1bd5b7f5e]
21221:
21222: * aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
21223: sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
21224: visudo.man.in, visudo.pod:
21225: Substitute values from configure into man pages.
21226: [619854c356c1]
21227:
21228: 2000-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
21229:
21230: * parse.c, sudo.c:
21231: The listpw and verifypw sudoers options would not take effect
21232: because the value of the default was checked *before* sudoers was
21233: parsed. Instead of passing in the value of PWCHECK_* to
21234: sudoers_lookup(), pass in the arg for def_ival() so the check can be
21235: deferred until after sudoers is parsed.
21236: [4f596e358f72]
21237:
21238: 2000-08-11 Todd C. Miller <Todd.Miller@courtesan.com>
21239:
21240: * tgetpass.c:
21241: When writing prompt, no need to write the NUL as well;
21242: hag@linnaean.org
21243: [fbcdd7b431ee]
21244:
21245: 2000-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
21246:
21247: * install-sh:
21248: When looking for chown, check in /sbin too
21249: [657ba6653f8c]
21250:
21251: 2000-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
21252:
21253: * visudo.c:
21254: Remove extraneous call to init_defaults() and set runas_user to NULL
21255: betweem parses so init_defaults will reset it each time, thus
21256: avoiding a reference to free()d data.
21257: [7421fcd692af]
21258:
21259: 2000-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
21260:
21261: * config.h.in, interfaces.c, interfaces.h, sudo.c:
21262: Add support for using getifaddrs() to get the list of ip addr /
21263: netmask pairs. Currently IPv4-only.
21264: [a35bc4f7306d]
21265:
21266: * visudo.c:
21267: Add a missing check for UserEditor == NULL Add missing '+' before
21268: line number when invoking editor to fix a syntax error
21269: [f0d4635f6082]
21270:
21271: 2000-05-12 Todd C. Miller <Todd.Miller@courtesan.com>
21272:
21273: * sudo.c:
21274: Call clean_env very early in main() for paranoia's sake. Idea from
21275: Marc Esipovich.
21276: [f8d72ebd0115]
21277:
21278: 2000-05-10 Todd C. Miller <Todd.Miller@courtesan.com>
21279:
21280: * sudo.h:
21281: Update proto for evasprintf and easprintf
21282: [d147d6e58419]
21283:
21284: * alloc.c:
21285: Make easprintf() and evasprintf() return an int.
21286: [b2ca5d089667]
21287:
21288: * check.c:
21289: If the targetpw flag is set, use target username as part of the
21290: timestamp path. If tty tickets are in effect cat the tty and the
21291: target username with a ':' as the separator.
21292: [de11abc693c2]
21293:
21294: 2000-05-09 Todd C. Miller <Todd.Miller@courtesan.com>
21295:
21296: * auth/pam.c:
21297: Backout part of last change; setting PAM_USER to the invoking user
21298: breaks things like targetpw.
21299: [427218a7387f]
21300:
21301: * auth/pam.c:
21302: set tty and username via pam_set_item
21303: [85d1922dbcc9]
21304:
21305: * auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
21306: Fix root, runas, and target authentication for non-passwd file auth
21307: methods.
21308: [a14535e7b30c]
21309:
21310: 2000-04-22 Todd C. Miller <Todd.Miller@courtesan.com>
21311:
21312: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
21313: sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
21314: Use B<-Z> not C<-Z> for command line flags in all places. This is
21315: more consistent and works around a bug in Pod::Man.
21316: [64b5a05f30c5]
21317:
21318: * sudoers.cat, sudoers.man.in, sudoers.pod:
21319: Fix an occurence of 'semicolon' that should be 'colon'
21320: [4ea5aacae3fb]
21321:
21322: 2000-04-19 Todd C. Miller <Todd.Miller@courtesan.com>
21323:
21324: * configure, configure.in:
21325: Fix --with-badpri help line
21326: [3cc40977c043]
21327:
21328: 2000-04-17 Todd C. Miller <Todd.Miller@courtesan.com>
21329:
21330: * defaults.c, logging.c, sudo.c:
21331: Bracket calls to syslog with an openlog() and closelog() since some
21332: authentication methods (like PAM) may do their own logging via
21333: syslog. Since we don't use syslog much (usually just once per
21334: session) this doesn't really incur a performance penalty. It also
21335: Fixes a SEGV with pam_kafs.
21336: [fe1cc28529f6]
21337:
21338: 2000-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
21339:
21340: * sudo.c:
21341: Fix -H flag. runas_homedir is only valid after
21342: set_perms(PERM_RUNAS, mode)
21343: [ce9b1c6f68a6]
21344:
21345: 2000-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
21346:
21347: * INSTALL:
21348: Clarify the fact that insults are not enabled just by including them
21349: in the binary.
21350: [d5a31d48320c]
21351:
21352: 2000-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
21353:
21354: * sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
21355: visudo.man.in:
21356: Regenerated with perl 5.6.0 pod2man
21357: [21751433768b]
21358:
21359: * Makefile.in:
21360: Give date string to pod2man since its default is ugly and it ain't
21361: got no alibi.
21362: [0080b2f6298f]
21363:
21364: * Makefile.in:
21365: Do section substitution on the output of pod2man and remove hack
21366: needed for old pod2man.
21367: [1ef843d5c78b]
21368:
21369: * sudo.pod, sudoers.pod, visudo.pod:
21370: Put back real man sections, we will do the substitution later.
21371: [f728c1abad7e]
21372:
21373: 2000-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
21374:
21375: * configure, configure.in:
21376: Don't bother checking for the path to vi if user specified --with-
21377: editor
21378: [bf698487e0d5]
21379:
21380: 2000-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
21381:
21382: * CHANGES, visudo.c:
21383: Visudo now does its own fork/exec instead of calling system(3).
21384: [99bbcd88863b]
21385:
21386: * CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
21387: sudoers.pod, visudo.c:
21388: Visudo now checks for the existence of an editor and gives a
21389: sensible error if it does not exist.
21390:
21391: The path to the editor for visudo is now a colon-separated list of
21392: allowable editors. If the user has $EDITOR set and it matches one
21393: of the allowed editors that editor will be used. If not, the first
21394: editor in the list that actually exists is used.
21395: [cc86eb9f5440]
21396:
21397: * sudo.cat, sudo.man.in, sudo.pod:
21398: Clear up confusion wrt sudo's return value.
21399: [9385b12d8e79]
21400:
21401: 2000-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
21402:
21403: * Makefile.in:
21404: Strip sudo and visudo for bindist target
21405: [a995ddd79177]
21406:
21407: * sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
21408: sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
21409: Use @mansectsu@ and @mansectform@ in the man page bodies as well.
21410: [5eb9e60a726f] [SUDO_1_6_3]
21411:
21412: * visudo.cat, visudo.man.in, visudo.pod:
21413: Typo: @sysconf@ -> @sysconfdir@
21414: [f07f52fcd099]
21415:
21416: * Makefile.in:
21417: 'make dist' should not cause any files to be modified so remove its
21418: dependencies.
21419: [7f44a2666a9c]
21420:
21421: * CHANGES:
21422: Whoops, forgot to add release marker
21423: [16c0f16b35b8]
21424:
21425: 2000-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
21426:
21427: * CHANGES:
21428: Final change for 1.6.3 (or so I hope)
21429: [473c89da6123]
21430:
21431: * sudo.cat, sudoers.cat, visudo.cat:
21432: Use SYSV man sections since BSD systems will have nroff...
21433: [0a6bd154324e]
21434:
21435: 2000-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
21436:
21437: * parse.yacc, sudo.tab.c:
21438: When checking to see if the host/user matches in a defaults spec,
21439: check against TRUE, not just non-zero since it might be -1.
21440: [41f2b7ad3fdd]
21441:
21442: * configure, configure.in:
21443: OSF/1 puts file formats in section 4, not 5.
21444: [d77c1301afa9]
21445:
21446: * CHANGES, INSTALL, sudo.c:
21447: Make login class support work on BSD/OS
21448: [e9bbe3c08ade]
21449:
21450: * RUNSON:
21451: Update for 1.6.3
21452: [c40ce1d76c4d]
21453:
21454: * configure, configure.in:
21455: If there is no inet_addr but there *is* an __inet_addr that's ok
21456: since inet_addr is probably just a macro then. The better thing to
21457: do would be to look for the macro, but this is fine for now.
21458: [1b8865ae4d68]
21459:
21460: * configure, configure.in:
21461: Don't use shlicc for BSD/OS 4.x
21462: [83fbf6dedd2c]
21463:
21464: * Makefile.in, configure, configure.in:
21465: *.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
21466: configure variable so we can deal with this. Also, only remove *.man
21467: for 'distclean' not 'clean'.
21468: [30d56e6de214]
21469:
21470: * sudo.c:
21471: set_loginclass() should be static like the proto says
21472: [d570a2d55fb8]
21473:
21474: 2000-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
21475:
21476: * fnmatch.c:
21477: Add #ifdef __STDC__ around the rangematch function header to avoid
21478: promotion of test to int, thus violating the prototype. Gcc handles
21479: this gracefully but more std ANSI compilers will complain.
21480: [7d98c3e332b2]
21481:
21482: * emul/fnmatch.h:
21483: Pull in newer fnmatch(3) that supports FNM_CASEFOLD
21484: [4e1320852f8b]
21485:
21486: * aclocal.m4, configure, fnmatch.3, fnmatch.c:
21487: Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
21488: FNM_CASEFOLD in configure
21489: [9ef952bf1896]
21490:
21491: * CHANGES, TODO:
21492: update for 1.6.3
21493: [e4ba6368a0c5]
21494:
21495: * sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
21496: Fully qualified hosts w/ wildcards were not matching the FQHOST
21497: token type. There's really no need for a separate token for fully-
21498: qualified vs. unqualified anymore so FQHOST is now history and
21499: hostname_matches now decides which hostname (short or long) to check
21500: based on whether or not the pattern contains a '.'.
21501: [fbd2887d9811]
21502:
21503: * parse.h:
21504: Fully qualified hosts w/ wildcards were not matching the FQHOST
21505: token type. There's really no need for a separate token for fully-
21506: qualified vs. unqualified anymore so FQHOST is now history and
21507: hostname_matches now decides which hostname (short or long) to check
21508: based on whether or not the pattern contains a '.'.
21509: [dd7bbe223461]
21510:
21511: * lex.yy.c, parse.c, parse.lex, parse.yacc:
21512: Fully qualified hosts w/ wildcards were not matching the FQHOST
21513: token type. There's really no need for a separate token for fully-
21514: qualified vs. unqualified anymore so FQHOST is now history and
21515: hostname_matches now decides which hostname (short or long) to check
21516: based on whether or not the pattern contains a '.'.
21517: [630d9d205397]
21518:
21519: * parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
21520: sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
21521: Add support for wildcards in the hostname.
21522: [d8d821ed4238]
21523:
21524: * Makefile.in:
21525: Add targets for *.man.in, using config.status to generate *.man from
21526: *.man.in
21527: [640e50ede485]
21528:
21529: * sudoers.cat, sudoers.man.in, sudoers.pod:
21530: Document set_logname option and enbolden refs to sudo and visudo.
21531: [9622b3a48707]
21532:
21533: * INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
21534: sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
21535: visudo.cat, visudo.man.in, visudo.pod:
21536: Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
21537: from Michael D. Marchionna. configure now does substitution on the
21538: man pages, allowing us to fix up the paths and set the section
21539: correctly. Based on an idea from Michael D. Marchionna.
21540: [463e928a0a2f]
21541:
21542: * auth/passwd.c:
21543: Better fix for handling HP-UX aging info.
21544: [3950f42d8549]
21545:
21546: * sudo.c:
21547: Add support for set_logname run-time default
21548: [c6a7cc76b8b4]
21549:
21550: * sudo.man.in, sudoers.man.in, visudo.man.in:
21551: configure does substitution on these to produce *.man
21552: [b83fc3c1bfc9]
21553:
21554: * sudo.man, sudoers.man, visudo.man:
21555: These files now get generated from *.man.in at configure time.
21556: [c499061f79e0]
21557:
21558: 2000-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
21559:
21560: * defaults.c, defaults.h:
21561: Add set_logname option so users can turn off setting of LOGNAME/USER
21562: environment variables.
21563: [6316869180b8]
21564:
21565: * lsearch.c, parse.c, testsudoers.c:
21566: kill register
21567: [6e104e653748]
21568:
21569: 2000-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
21570:
21571: * auth/passwd.c:
21572: HP-UX adds extra info at the end for password aging so when
21573: comparing the result of crypt to pw_passwd we only compare the first
21574: len(epass) bytes *unless* the user entered an empty string for a
21575: password.
21576: [3d24d4e4e889]
21577:
21578: * logging.c:
21579: Get rid of grandchild hack, it was causing problems and there is
21580: really no need for it. This fixes a bug where we spin eating up CPU
21581: when the user runs a long-running process like a shell.
21582: [5743b10b1e81]
21583:
21584: 2000-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
21585:
21586: * sudo.c:
21587: User can always specify a login class if he/she is already root.
21588: [710d160cef9f]
21589:
21590: * config.h.in, configure, configure.in, defaults.c, defaults.h,
21591: sudo.c, sudo.h:
21592: FreeBSD login class (login.conf) support.
21593: [026b981d6328]
21594:
21595: 2000-03-06 Todd C. Miller <Todd.Miller@courtesan.com>
21596:
21597: * auth/sudo_auth.c:
21598: HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
21599: [9cd4929f1a78]
21600:
21601: 2000-03-03 Todd C. Miller <Todd.Miller@courtesan.com>
21602:
21603: * auth/passwd.c:
21604: Truncate unencrypted password to 8 chars if encrypted password is
21605: exactly 13 characters (indicateing standard a DES password). Many
21606: versions of crypt() do this for you, but not all (like HP-UX's).
21607: [a9d0259cb193]
21608:
21609: 2000-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
21610:
21611: * INSTALL, RUNSON:
21612: Mention that gcc on dynix may have problems
21613: [77b97fa5bf1b]
21614:
21615: 2000-02-29 Todd C. Miller <Todd.Miller@courtesan.com>
21616:
21617: * Makefile.in:
21618: Link visudo with NET_LIBS since we now call syslog via defaults.c
21619: [9e3830b277cc]
21620:
21621: * defaults.c:
21622: Use Argv[0] as the first arg to openlog() since visudo uses this
21623: too.
21624: [e61078f328ec]
21625:
21626: 2000-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
21627:
21628: * sudo.c:
21629: Stash coredumpsize resource limit and retsore it before the exec()
21630: Otherwise the child ends up with a coredumpsize of 0.
21631: [f6a4783835a3]
21632:
21633: 2000-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
21634:
21635: * sudo.cat, sudo.man, sudo.pod:
21636: document -S flag
21637: [3ebd805b7142]
21638:
21639: * sudo.c:
21640: fix usage string
21641: [66b2dfa47fe8]
21642:
21643: * CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
21644: auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
21645: Added -S flag (read passwd from stdin) and tgetpass_flags global
21646: that holds flags to be passed in to tgetpass(). Change echo_off
21647: param to tgetpass() into a flags field. There are currently 2
21648: possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
21649: tgetpass(), abstract the echo set/clear via macros and if (flags &
21650: TGP_ECHO) but echo is not set on the terminal, but sure to set it.
21651: [a4fcbb712cd0]
21652:
21653: * tgetpass.c:
21654: Fixed a bug that caused an infinite loop when the password timeout
21655: was disabled.
21656: [2be1ffc5a39f]
21657:
21658: 2000-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
21659:
21660: * CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
21661: sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
21662: Add rootpw, runaspw, and targetpw options.
21663: [2d4563e46df7]
21664:
21665: * CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
21666: visudo.c:
21667: enveditor -> env_editor
21668: [ddc5f856e583]
21669:
21670: 2000-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
21671:
21672: * BUGS, INSTALL, Makefile.in, README, configure, configure.in,
21673: sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
21674: visudo.man:
21675: crank versino to 1.6.3
21676: [a5f7d3e74360]
21677:
21678: * INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
21679: sudoers.pod, visudo.c:
21680: Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
21681: them. This means that visudo will now parse the sudoers file
21682: *before* it is edited so a bogus sudoers file will cause a warning
21683: to go to stderr. Also, visudo checks the variables once--it does not
21684: check them after each editor run since that could be confusing.
21685: [9f5af18e9212]
21686:
21687: 2000-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
21688:
21689: * RUNSON:
21690: 1.6.2 -> 1.6.2p1
21691: [e25b74f1d1af]
21692:
21693: * check.c, sudo.c, sudo.h:
21694: Move user_is_exempt prototype into sudo.h
21695: [daf26a6ded8a]
21696:
21697: 2000-02-13 Todd C. Miller <Todd.Miller@courtesan.com>
21698:
21699: * configure, configure.in:
21700: Fix thinko, some && should have been || in the last commit
21701: [4b9b2d487ded]
21702:
21703: * configure, configure.in:
21704: Don't initialized Makefile variables to be NULL since the user may
21705: want to import variables from their environment.
21706: [7be019f4422c]
21707:
21708: 2000-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
21709:
21710: * configure, configure.in:
21711: typo
21712: [38f4d8971f0a]
21713:
21714: 2000-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
21715:
21716: * sudo.tab.c:
21717: fix a yacc (skeleton.c) warning
21718: [a2da228a937b]
21719:
21720: 2000-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
21721:
21722: * INSTALL, RUNSON, configure, configure.in:
21723: Make pam work on HP-UX 11.0;jaearick@colby.edu
21724: [b94de0ff6f42]
21725:
21726: * CHANGES:
21727: recent changes; prepare for 1.6.2p1
21728: [b291635ea141]
21729:
21730: * find_path.c:
21731: Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
21732: [4306285c4f6e]
21733:
21734: 2000-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
21735:
21736: * sudo.tab.c:
21737: Regen with yacc that has a memory leak plugged.
21738: [e26383a04eb7]
21739:
21740: * sudoers.cat, sudoers.man, sudoers.pod:
21741: Expanded docs on sudoers 'defaults' options based on INSTALL file
21742: info.
21743: [54c3d62d6c74]
21744:
21745: * INSTALL:
21746: Fix some while lies
21747: [d15311782150]
21748:
21749: 2000-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
21750:
21751: * Makefile.in:
21752: When making a bindist, link FAQ to TROUBLESHOOTING instead of
21753: copying.
21754: [2d88a6ac88cf]
21755:
21756: * sudoers.cat, sudoers.man, sudoers.pod:
21757: Add netgroup caveat
21758: [28d119f466e3] [SUDO_1_6_2]
21759:
21760: * RUNSON:
21761: Last minute updates
21762: [89fb4ed22d52]
21763:
21764: * TROUBLESHOOTING:
21765: PAM entry
21766: [a9fd59f39457]
21767:
21768: * auth/pam.c:
21769: correct a comment
21770: [a29627225ba9]
21771:
21772: * CHANGES, RUNSON:
21773: update for 1.6.2
21774: [b7f1c40ea732]
21775:
21776: * auth/pam.c:
21777: Better detection of PAM errors and fix custom prompts with PAM.
21778: Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
21779: [ff69234b94a5]
21780:
21781: 2000-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
21782:
21783: * snprintf.c:
21784: Cast ULONG_MAX to unsigned long long when comparing to an unsigned
21785: long long value.
21786: [9d918c3a2ecd]
21787:
21788: 2000-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
21789:
21790: * CHANGES, config.h.in, configure, configure.in, visudo.c:
21791: Fix sudoers locking in visudo. We now lock the sudoers file itself,
21792: not the temp file (since locking the temp file can foul up editors).
21793: The previous locking scheme didn't work because the fd was closed
21794: too early.
21795: [de2011bb11ed]
21796:
21797: * config.h.in, configure, configure.in:
21798: Don't need test for ftruncate() any more.
21799: [e5f71c848104]
21800:
21801: * configure, configure.in:
21802: Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
21803: the unbundled HP-UX cc.
21804: [2c373612c644]
21805:
21806: 2000-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
21807:
21808: * sudoers.cat, sudoers.man, sudoers.pod:
21809: "a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
21810: [05360d2c314e]
21811:
21812: 2000-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
21813:
21814: * LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
21815: parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
21816: version.h, visudo.c:
21817: update copyright year on changed files
21818: [5792a2a28a4c]
21819:
21820: * RUNSON:
21821: updates
21822: [edf8f19aa403]
21823:
21824: * CHANGES:
21825: aix fix
21826: [4d4a243b31e2]
21827:
21828: * INSTALL:
21829: Crank version to 1.6.2
21830: [bcb5cb411624]
21831:
21832: * configure:
21833: Crank version to 1.6.2
21834: [32a19f33427f]
21835:
21836: * sudo.c:
21837: When using rlimit check for RLIM_INFINITY When computing the value
21838: of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
21839: [8c16166802e5]
21840:
21841: * CHANGES:
21842: recent changes
21843: [09fc7112e44d]
21844:
21845: * BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
21846: sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
21847: Crank version to 1.6.2
21848: [055fa61a7c61]
21849:
21850: * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
21851: Add 'shell_noargs' runtime option back in. We have to defer
21852: checking until after the sudoers file has been parsed but since
21853: there are now other options that operate that way this one can too.
21854: Based on a patch from bguillory@email.com.
21855: [231db7a007a6]
21856:
21857: * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
21858: Add "listpw" and "verifypw" options.
21859: [190683bac878]
21860:
21861: * sudoers.cat, sudoers.man, sudoers.pod:
21862: o Fix some typos/omissions o Add section on verifypw and listpw o
21863: Define how NOPASSWD interacts with the -v and -l flags
21864: [6feb7350eb79]
21865:
21866: 2000-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
21867:
21868: * configure, configure.in:
21869: For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
21870: -D_HPUX_SOURCE to CPPFLAGS.
21871: [06cc35d89dc8]
21872:
21873: * defaults.c, defaults.h:
21874: In struct sudo_defs_types, move the union to the end and don't
21875: initialize the union member since that only works with an ANSI
21876: compiler. We set the value of the union by hand in init_defaults()
21877: anyway. This allows sudo to compile on a K&R compiler again.
21878: [623487e1fcfa]
21879:
21880: 2000-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
21881:
21882: * parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
21883: netgr_matches needs to check shost as well as host since they may be
21884: different.
21885: [3f43ace23d3e]
21886:
21887: * tgetpass.c:
21888: End on \r as well as \n
21889: [cb7c6e6f4202]
21890:
21891: 2000-01-03 Todd C. Miller <Todd.Miller@courtesan.com>
21892:
21893: * sudo.c:
21894: Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
21895: from 0400 to whatever SUDOERS_MODE is (converting from the old
21896: sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
21897: 0400 which should always be the case.
21898: [34cd83d49d20]
21899:
21900: * parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
21901: Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
21902: w/o a passwd if there is *any* entry for the user on the host with a
21903: NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
21904: the user on the host w/ the specified runas user have the NOPASSWD
21905: flag set.
21906: [4b3b85697653]
21907:
21908: * Makefile.in:
21909: add check target
21910: [3d24d34a76fd]
21911:
21912: 1999-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
21913:
21914: * visudo.c:
21915: Treat EOF at whatnow prompt like 'x' instead of looping.
21916: [5deffc27114c]
21917:
21918: 1999-12-10 Todd C. Miller <Todd.Miller@courtesan.com>
21919:
21920: * CHANGES:
21921: recent changes
21922: [5836a9452568] [SUDO_1_6_1]
21923:
21924: 1999-12-09 Todd C. Miller <Todd.Miller@courtesan.com>
21925:
21926: * config.h.in, configure, configure.in, sudo.c:
21927: Add check for initgroups() since old SYSV lacks this.
21928: [657a6005a569]
21929:
21930: * CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
21931: parse.c, testsudoers.c:
21932: o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
21933: exists.
21934: [17d081e917d6]
21935:
21936: 1999-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
21937:
21938: * auth/sudo_auth.c:
21939: Don't allow insults to be enabled if the insults[] array is empty.
21940: Otherwise there would be division by zero.
21941: [b20c14db6029]
21942:
21943: * insults.h:
21944: Don't allow insults to be enabled if the insults[] array is empty.
21945: Otherwise there would be division by zero.
21946: [028f130204b0]
21947:
21948: * CHANGES, RUNSON:
21949: Don't allow insults to be enabled if the insults[] array is empty.
21950: Otherwise there would be division by zero.
21951: [974f4780254b]
21952:
21953: * insults.h:
21954: Don't care about USE_INSULTS #define since the insult stuff may be
21955: overridden at runtime.
21956: [b873df8b299c]
21957:
21958: * auth/sudo_auth.c:
21959: Honor insults flag.
21960: [756111640fdc]
21961:
21962: * CHANGES, parse.c:
21963: Don't ask the user for a password if the user is not allowed to run
21964: the command and the authenticate flag (in sudoers) is false.
21965: [cea9fdc09c76]
21966:
21967: * CHANGES, RUNSON, lex.yy.c, parse.lex:
21968: o Whenever we get a bare newline we change to the INITIAL state. o
21969: Enter GOTRUNAS when we see Runas_Alias
21970:
21971: This allows #uid to work in a RunasAlias.
21972: [a475513e7c7a]
21973:
21974: 1999-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
21975:
21976: * CHANGES, parse.yacc, sudo.tab.c:
21977: fix parsing of runas lists: o oprunasuser and runaslist now return a
21978: value o in a runasspec, if a runaslist does not return TRUE, set
21979: runas_matches to FALSE. Normally, a runaslist only returns FALSE
21980: for explicitly denied users. o since runaslist does not modify the
21981: stack there is no need for a push/pop in runasalias.
21982: [82b305b34a8c]
21983:
21984: * check.c, sudo.c:
21985: Don't kill the user's tickets until after sudoers has been parsed
21986: since tty_tickets and ticket_dir could be set in sudoers.
21987: [f43e25367f3a]
21988:
21989: * BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
21990: configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
21991: sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
21992: crank version to 1.6
21993: [95f8bdcf9bb2]
21994:
21995: * testsudoers.c:
21996: add set_fqdn() stub
21997: [bbc81af5b41a]
21998:
21999: 1999-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
22000:
22001: * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
22002: sudoers.man, sudoers.pod, visudo.c:
22003: o Kill shell_noargs option, it cannot work since the command needs
22004: to be set before sudoers is parsed. o Fix the "set_home" sudoers
22005: option (only worked at compile time). o Fix "fqdn" sudoers option.
22006: We now set host/shost via set_fqdn which gets called when the
22007: "fqdn" option is set in sudoers. o Move the openlog() to
22008: store_syslogfac() so this gets overridden correctly from the
22009: sudoers file.
22010: [3dca861f0f5d]
22011:
22012: * auth/securid.c:
22013: SecurID support should compile now.
22014: [a544e5c6ea34]
22015:
22016: 1999-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
22017:
22018: * sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
22019: visudo.man, visudo.pod:
22020: fix some syntactic goofs
22021: [b3451f0d5239]
22022:
22023: 1999-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
22024:
22025: * Makefile.in, sudo.html, sudoers.html, visudo.html:
22026: No longer need the .html files as they are generated automatically
22027: on the web site.
22028: [1b4aa4204584]
22029:
22030: * CHANGES, LICENSE:
22031: kill characters that made wml unhappy
22032: [b988fbc6da56]
22033:
22034: * HISTORY:
22035: typo
22036: [a418963f7fce]
22037:
22038: 1999-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
22039:
22040: * README:
22041: majordomo@cs.colorado.edu -> majordomo@courtesan.com
22042: [5d151e8ffd3b]
22043:
22044: * Makefile.in, configure:
22045: Wrap script execution w/ /bin/sh for the benefit of ctm
22046: [3a9c4766b2c3]
22047:
22048: 1999-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
22049:
22050: * sudo.c:
22051: Make the -s flag be exclusive too. Also reorder the flags in the
22052: exclusive usage message so they are alphabetical.
22053: [4c7af200db34]
22054:
22055: 1999-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
22056:
22057: * auth/pam.c:
22058: make pam errors other than PAM_PERM_DENIED fatal
22059: [64bcb3fd2baf]
22060:
22061: * auth/API:
22062: fix typo
22063: [f3134c88b12e]
22064:
22065: * INSTALL:
22066: make it clear that /etc/pam.d/sudo is required on linux
22067: [213cc3eaad82]
22068:
22069: * auth/pam.c:
22070: fix a warning on redhat and spew an error if pam_authenticate()
22071: returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
22072: [7e46dd19da89]
22073:
22074: * sudo.cat, sudo.html, sudo.man, sudo.pod:
22075: Be very clear that the password required is the user's not root's
22076: [a6da127347e5]
22077:
22078: 1999-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
22079:
22080: * Makefile.in:
22081: add sample.syslog.conf to DISTFILES and BINFILES
22082: [8661c27c007e]
22083:
22084: 1999-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
22085:
22086: * RUNSON:
22087: updates from Brian Jackson + some formatting
22088: [6d31c6fa63f8]
22089:
22090: 1999-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
22091:
22092: * INSTALL.binary, Makefile.binary, README, RUNSON:
22093: o One RUNSon update o Changes for automating real binary releases
22094: [dd9585f4406c]
22095:
22096: * Makefile.in:
22097: Add bindist target
22098: [546ed3fa94bb]
22099:
22100: 1999-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
22101:
22102: * TROUBLESHOOTING:
22103: talk about run-time options in addition to compile-time options
22104: [1eb813ff0a9a] [SUDO_1_6_0]
22105:
22106: * CHANGES:
22107: fix typos
22108: [65e92bb70a7b]
22109:
22110: * sudo.c:
22111: need sys/time.h if HAVE_SETRLIMIT
22112: [ce31655a8a60]
22113:
22114: * PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
22115: sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
22116: get rid of references to sudo-bugs. Now mention the web site or the
22117: sudo@ alias
22118: [a9db861fd8c6]
22119:
22120: * sudoers.html:
22121: repair pod2html damage
22122: [62ece4277f1f]
22123:
22124: * RUNSON, TODO:
22125: Update for 1.6 release
22126: [98569c57ba2a]
22127:
22128: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
22129: Add warning about using ALL in a command context.
22130: [6c77685ab280]
22131:
22132: 1999-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
22133:
22134: * visudo.c:
22135: Call yyrestart() on a parse error to reset the lexer state.
22136: [1370a27acdb2]
22137:
22138: * lex.yy.c, parse.lex:
22139: Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
22140: since it might not get called in yywrap if we get a parse error
22141: (and we only reread the file on error anyway).
22142: [37f4b449e28e]
22143:
22144: * lex.yy.c, parse.lex:
22145: Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
22146: might still exist. Call yyrestart() instead of using the deprecated
22147: YY_NEW_FILE macro.
22148: [7d0d873046c6]
22149:
22150: * lex.yy.c, parse.lex:
22151: flex doesn't need %N table size declarations
22152: [268b020fd60a]
22153:
22154: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
22155: Mention what characters need to be escaped in names.
22156: [72ccbb6b0f31]
22157:
22158: 1999-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
22159:
22160: * configure:
22161: regen
22162: [65827abb5c7b]
22163:
22164: * INSTALL:
22165: clarify Mac OS X entry
22166: [8da1549a71f5]
22167:
22168: * RUNSON:
22169: update
22170: [0cff8df7459f]
22171:
22172: * configure.in:
22173: o Use AC_MSG_ERROR throughout o Check syslog configure options for
22174: danity
22175: [4cb81e642e5c]
22176:
22177: 1999-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
22178:
22179: * defaults.c:
22180: Fix printing of type T_MODE in dump_defaults()
22181: [a868bb6f5515]
22182:
22183: * strcasecmp.c:
22184: missing sys/types.h
22185: [ca694ca325b6]
22186:
22187: * INSTALL:
22188: Break out options that may be overridden at run time into their own
22189: section. Add a not about Max OS X and correct some lies.
22190: [d8bcfd120593]
22191:
22192: 1999-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
22193:
22194: * CHANGES, config.h.in, configure, configure.in, sudo.c:
22195: o Now use getrlimit to find the highest fd when closing all non-std
22196: fd's o Turn off core dumps via setrlimit for the sake of paranoia
22197: [dd9f651b6def]
22198:
22199: * RUNSON:
22200: updates
22201: [f581841fe615]
22202:
22203: 1999-11-01 Todd C. Miller <Todd.Miller@courtesan.com>
22204:
22205: * CHANGES:
22206: updates
22207: [553baa1d44c7]
22208:
22209: * tgetpass.c:
22210: When read()'ing, do a single character at a time to be sure we don't
22211: go oast the newline.
22212: [907d33f55bb4]
22213:
22214: * sudo.c:
22215: For the sudo_root option, check against user_uid, not getuid() since
22216: at this point, ruid == euid == 0.
22217: [92d5c51939b4]
22218:
22219: * RUNSON:
22220: some updates
22221: [e3ed0c1f312b]
22222:
22223: * logging.h:
22224: Fix compilation problem when --with-logging=file was specified.
22225: This means that syslog is now required to build sudo but that should
22226: not be a problem. If it is it can be fixed trivially with a
22227: configure check for syslog() or syslog.h.
22228: [839a4b069190]
22229:
22230: * tgetpass.c:
22231: Make this work again for things like "sudo echo hi | more" where the
22232: tty gets put into character at a time mode. We read until we read
22233: end of line or we run out of space (similar to fgets(3)).
22234: [c8f746df2e63]
22235:
22236: 1999-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
22237:
22238: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
22239: change ital to bold
22240: [f860978e530a]
22241:
22242: * RUNSON:
22243: update
22244: [9bcfbb405568]
22245:
22246: 1999-10-16 Todd C. Miller <Todd.Miller@courtesan.com>
22247:
22248: * defaults.c:
22249: Error out if syslog parameters are given without a value. For
22250: Ultrix or 4.2BSD "syslog" is allowed without a value since there are
22251: no facilities in the 4.2BSD syslog.
22252: [69e7a686f5f0]
22253:
22254: 1999-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
22255:
22256: * defaults.c:
22257: Ignore the syslog facility for systems w/ old syslog like Ultrix.
22258: [5c250adbbb84]
22259:
22260: * TROUBLESHOOTING:
22261: people with "." early in their path can have problems running sudo
22262: from the build dir ;-)
22263: [20a1744a24a4]
22264:
22265: 1999-10-13 Todd C. Miller <Todd.Miller@courtesan.com>
22266:
22267: * sudo.cat, sudo.html, sudo.man, sudo.pod:
22268: Remove -r realm option
22269: [127caa537f95]
22270:
22271: * auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
22272: configure.in, sudo.c:
22273: New krb5 code from Frank Cusack <fcusack@iconnet.net>.
22274: [7177a3893a62]
22275:
22276: * CHANGES:
22277: update to reality
22278: [766cfbb512d6]
22279:
22280: 1999-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
22281:
22282: * auth/fwtk.c:
22283: include <auth.h> to get function prototypes.
22284: [d6c7c12d09fe]
22285:
22286: * sudo.cat, sudo.html, sudo.man, sudo.pod:
22287: document -L flag
22288: [dc803e1ce0d7]
22289:
22290: 1999-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
22291:
22292: * sudo.c:
22293: in set_perms(), always call setuid(0) before changing the ruid/euid
22294: so we always know it will succeed.
22295: [8cced1b862bf]
22296:
22297: * defaults.h:
22298: #undef T_FOO to avoid conflicts with system defines (like on
22299: ULTRIX).
22300: [d9f0aac092b0]
22301:
22302: * TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
22303: sudoers.pod:
22304: Docuement "Defaults" lines in /etc/sudoers. Still needs some
22305: fleshing out but this is a start.
22306: [521a1e629bbc]
22307:
22308: 1999-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
22309:
22310: * use strtol, not strtoul since not everyone has not strtoul
22311: [988462f093cc]
22312:
22313: * defaults.c:
22314: use strtol, not strtoul since not everyone has not strtoul
22315: [fce835ce62e3]
22316:
22317: * lex.yy.c, parse.lex:
22318: last {WORD} rule should only apply in the INITIAL state
22319: [9b57570bfa83]
22320:
22321: * lex.yy.c, parse.lex:
22322: o Add support for escaped characters in the WORD macro o Modify
22323: fill() to squash escape chars
22324: [87572d59e4e0]
22325:
22326: * defaults.c, defaults.h:
22327: o Add T_PATH flag to allow simple sanity checks for default values
22328: that are supposed to be pathnames. o Fix a duplicate free when
22329: visudo finds an error.
22330: [bdc6855a6c6d]
22331:
22332: 1999-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
22333:
22334: * defaults.c, defaults.h, logging.c:
22335: mail_if_foo -> mail_foo
22336: [cbee9415875d]
22337:
22338: 1999-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
22339:
22340: * compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
22341: o Add requiretty option o Move O_NOCTTY to compat.h
22342: [65b8bf0e1795]
22343:
22344: * logging.c:
22345: The exit() in log_error() was mistakenly removed in a previous
22346: version. Put it back...
22347: [9473449130a4]
22348:
22349: 1999-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
22350:
22351: * INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
22352: auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
22353: configure, configure.in, defaults.c, defaults.h, find_path.c,
22354: getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
22355: o Change defaults stuff to put the value right in the struct. o
22356: Implement mailer_flags o Store syslog stuff both in int and string
22357: form. Setting the string form magically updates the int version.
22358: o Add boolean attribute to strings where it makes sense to say !foo
22359: [4698953f9a36]
22360:
22361: * tgetpass.c:
22362: add O_NOCTTY when opening /dev/tty just in case
22363: [4c6d1d1bb300]
22364:
22365: 1999-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
22366:
22367: * auth/API:
22368: cleanup function no longer takes a status arg
22369: [0819edbfe7f8]
22370:
22371: * INSTALL:
22372: the the
22373: [19aadb65ea28]
22374:
22375: 1999-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
22376:
22377: * TODO, config.h.in, configure, configure.in, logging.c:
22378: Use strftime() instead of ctime() if it is available.
22379: [fb60ea63b514]
22380:
22381: 1999-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
22382:
22383: * defaults.c:
22384: fix copyright date
22385: [4a53b54aa72f]
22386:
22387: * RUNSON:
22388: update ReliantUNIX entry
22389: [de618a4f67d9]
22390:
22391: * defaults.c, defaults.h, logging.c:
22392: add log_year option
22393: [251a9e20568a]
22394:
22395: * configure, configure.in:
22396: add --without-sendmail to help output
22397: [93162f199902]
22398:
22399: * configure, configure.in:
22400: enforce an otctal arg for --with-suoders-mode
22401: [45e1b04ccad3]
22402:
22403: 1999-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
22404:
22405: * BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
22406: auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
22407: auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
22408: defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
22409: parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
22410: testsudoers.c, version.c, visudo.c:
22411: Add support for "Defaults" line in sudoers to make configuration
22412: variables changable at runtime (and on a global, per-host and per-
22413: user basis). Both the names and the internal representation are
22414: still subject to change. It was necessary to make sudo_user.runas
22415: but a char ** instead of a char * since this value can be changed by
22416: a Defaults line. There is a similar (but more complicated) issue
22417: with sudo_user.prompt but it is handled differently at the moment.
22418:
22419: Add a "-L" flag to list the name of options with their descriptions.
22420: This may only be temporary.
22421:
22422: Move some prototypes to parse.h
22423:
22424: Be much less restrictive on what is allowed for a username.
22425: [f71abf7ba80c]
22426:
22427: * sample.syslog.conf:
22428: Add more info
22429: [e952e6f42d4d]
22430:
22431: 1999-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
22432:
22433: * LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
22434: strcasecmp.c:
22435: UCB has dropped the advertising clause from their license.
22436: [a5602b36a341]
22437:
22438: 1999-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
22439:
22440: * auth/sudo_auth.h:
22441: move dce_verofy proto to correct section
22442: [972c815af558]
22443:
22444: * auth/dce.c:
22445: remove XXX
22446: [820631855be0]
22447:
22448: 1999-08-28 Todd C. Miller <Todd.Miller@courtesan.com>
22449:
22450: * emul/fnmatch.h:
22451: Add fnmatch() prototype
22452: [79e84576d92a]
22453:
22454: * fnmatch.c, parse.c, testsudoers.c:
22455: Move inclusion of emul/fnmatch.h to be after sudo.h for __P
22456: [1182c89fa811]
22457:
22458: * sudo.h:
22459: add strcasecmp proto
22460: [512d1d8a6a0c]
22461:
22462: * auth/sudo_auth.c:
22463: add check for case where there are no auth methods
22464: [e4af2b91b43e]
22465:
22466: * configure, configure.in:
22467: Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
22468: SunOS4 w/ gcc
22469: [746ce8bcec23]
22470:
22471: * getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
22472: include strings.h everywhere we include string.h
22473: [6f7d5d437e7b]
22474:
22475: * version.c:
22476: nicer output when showing auth methods
22477: [0eac4b977f9d]
22478:
22479: * version.c:
22480: Add support for SEND_MAIL_WHEN_NO_HOST
22481: [9f20a3a3fae6]
22482:
22483: * config.h.in, configure, configure.in:
22484: Add _GNU_SOURCE for Linux
22485: [c7bd8c511847]
22486:
22487: * lex.yy.c, parse.lex:
22488: fix definition of OCTECT
22489: [4af30e63244d]
22490:
22491: * configure, configure.in:
22492: aix_auth.o not authenticate.o
22493: [fe95dfb08df4]
22494:
22495: 1999-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
22496:
22497: * sudo.c:
22498: Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
22499: keyboard). Since we run with ruid/euid == 0 the user can't really
22500: signal us in nasty ways.
22501: [a7f6487c0f48]
22502:
22503: * visudo.c:
22504: Don't need to worry about catching too many signals since we do
22505: locking on the tmp file. If a lockfile is really stale, it will be
22506: detected and overwritten.
22507: [28983db3e749]
22508:
22509: * INSTALL, Makefile.in:
22510: include auth/API in tarball
22511: [014991600252]
22512:
22513: * auth/sudo_auth.c:
22514: move memset() of plaintext pw outside of verify loop and only do the
22515: memset if we are *not* in standalone mode.
22516: [66f8e87567e2]
22517:
22518: * auth/sudo_auth.c, auth/sudo_auth.h:
22519: DCE is not a standalone method
22520: [34963e2d8a1b]
22521:
22522: * sudo.c:
22523: fix --enable-noargs-shell
22524: [4234062abbb0]
22525:
22526: * snprintf.c:
22527: "#ifdef __STDC__" not "#if __STDC__" (I missed one)
22528: [c430b80454c6]
22529:
22530: * auth/fwtk.c, auth/sia.c:
22531: _cleanup() function returns an int.
22532: [d1a1cc071ec1]
22533:
22534: * auth/dce.c:
22535: there were still some return(0)'s hanging around, make them
22536: AUTH_FAILURE
22537: [1002aa1962c3]
22538:
22539: * parse.c:
22540: typo in comment
22541: [5abc410dbfd2]
22542:
22543: * version.c:
22544: add missing semicolon
22545: [a262283b52a5]
22546:
22547: * auth/sudo_auth.h:
22548: missing backslash
22549: [bf89f6bd2900]
22550:
22551: 1999-08-26 Todd C. Miller <Todd.Miller@courtesan.com>
22552:
22553: * CHANGES, config.h.in, configure, configure.in:
22554: Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
22555: [f1a9bca0cf67]
22556:
22557: * Makefile.in:
22558: add parse.h to HDRS
22559: [a3d054987766]
22560:
22561: * Makefile.in, configure, configure.in:
22562: Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
22563: LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
22564: network libs like -lsocket, -lnsl go in NET_LIBS. This allows
22565: testsudoers to build on Solaris and is a bit cleaner in general.
22566: [4e6239e97002]
22567:
22568: * UPGRADE:
22569: mention ptmp -> sudoers.tmp
22570: [ec3baa0fe8a1]
22571:
22572: * config.h.in, configure, configure.in:
22573: Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
22574: [6f93dc7f39f5]
22575:
22576: * RUNSON:
22577: add 2 reports
22578: [ce0fcc00ee4e]
22579:
22580: * auth/kerb5.c:
22581: Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
22582: return a value more like a system function
22583: [0dd56aa21424]
22584:
22585: * auth/dce.c:
22586: Add an XXX
22587: [58fc8562c212]
22588:
22589: * TODO:
22590: more things todo!
22591: [5a459d0cf339]
22592:
22593: * sample.sudoers:
22594: update based on what is in the man page
22595: [1a0477db96fa]
22596:
22597: * parse.yacc, sudo.tab.c:
22598: minor change to first line printed in -l mode
22599: [69eb57d96952]
22600:
22601: * sudo.cat, sudo.html, sudo.man, sudo.pod:
22602: rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
22603: standard and add "EXAMPLES" section
22604: [7e543335ebe1]
22605:
22606: * visudo.cat, visudo.html, visudo.man, visudo.pod:
22607: rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
22608: standard
22609: [f82d87ed65c2]
22610:
22611: * logging.c, parse.c, sudo.h:
22612: add FLAG_NO_CHECK
22613: [c7d69176a2d7]
22614:
22615: * lex.yy.c, parse.lex:
22616: make an OCTET really be limited to 0-255
22617: [6ee568dd6a02]
22618:
22619: * UPGRADE:
22620: mention timestamp changes
22621: [e44d5302bf60]
22622:
22623: * PORTING:
22624: cosmetic cleanup
22625: [36fa3a2664dd]
22626:
22627: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
22628: new sudoers(8) man page
22629: [e674d06283d0]
22630:
22631: 1999-08-24 Todd C. Miller <Todd.Miller@courtesan.com>
22632:
22633: * version.c:
22634: Update comments about syslog name tables
22635: [63830a782dcb]
22636:
22637: * CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
22638: strcasecmp.c, sudo.tab.c:
22639: include strcasecmp() for those without it
22640: [a0d8e2488bbc]
22641:
22642: * sample.sudoers:
22643: Use the : operator some more and fix a typo
22644: [18804c70da86]
22645:
22646: * HISTORY:
22647: update the history of sudo
22648: [9d9b3d5279b3]
22649:
22650: * parse.c, parse.lex, testsudoers.c:
22651: CIDR-style netmask support
22652: [768644467353]
22653:
22654: * CHANGES:
22655: recent changes
22656: [a4319e9d07cb]
22657:
22658: * sudo.tab.c, sudo.tab.h:
22659: these should be generated with byacc, not bison
22660: [f57b9489b752]
22661:
22662: * lex.yy.c:
22663: regen
22664: [522461f95dfa]
22665:
22666: * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
22667: In "sudo -l" mode, the type of the stored (expanded) alias was not
22668: stored with the contents. This could lead to incorrect output if
22669: the sudoers file had different alias types with the same name.
22670: Normal parsing (ie: not in '-l' mode) is unaffected.
22671: [823fe2bc4b79]
22672:
22673: 1999-08-23 Todd C. Miller <Todd.Miller@courtesan.com>
22674:
22675: * configure, configure.in:
22676: define _XOPEN_SOURCE to get at crypt() proto on some systems
22677: [1b3769b86fb9]
22678:
22679: 1999-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
22680:
22681: * snprintf.c:
22682: fix comment
22683: [fc1264df00f7]
22684:
22685: * tgetpass.c:
22686: don't need limits.h
22687: [f1631829af45]
22688:
22689: * snprintf.c:
22690: kill bogus reference to vfprintf
22691: [a0b99b25d389]
22692:
22693: * sample.sudoers, sudoers:
22694: better examples
22695: [b4d87ea64cc8]
22696:
22697: * snprintf.c:
22698: Add some const in the K&R defs. This is safe since we define const
22699: away if the compiler doesn't grok it.
22700: [614d6e83d45e]
22701:
22702: * aclocal.m4, configure:
22703: Better test for working long long support. Ultrix compiler supports
22704: basic long long but not all operations on them.
22705: [5da1508710ed]
22706:
22707: * aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
22708: snprintf.c, sudo.c:
22709: Add check for LONG_IS_QUAD #undef MAXINT before including
22710: hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
22711: in snprintf.c and use LONG_IS_QUAD
22712: [a1f7993367fc]
22713:
22714: 1999-08-21 Todd C. Miller <Todd.Miller@courtesan.com>
22715:
22716: * LICENSE, aclocal.m4, config.h.in, configure, configure.in,
22717: snprintf.c:
22718: UCB-derived snprintf + asprintf support. Supports quads if the
22719: compiler does. No floating point yet, perhaps later...
22720: [0caf05aba945]
22721:
22722: 1999-08-20 Todd C. Miller <Todd.Miller@courtesan.com>
22723:
22724: * auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
22725: goodpath.c, logging.c, parse.c, sudo.c:
22726: Run most of the code as root, not the invoking user. It doesn't
22727: really gain us anything to run as the user since an attacker can
22728: just have an setuid(0) in their egg. Running as root solves
22729: potential problems wrt signalling.
22730: [408e530dda01]
22731:
22732: * sudo.tab.c:
22733: regen
22734: [f8cfb37e37de]
22735:
22736: 1999-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
22737:
22738: * logging.c, sudo.c:
22739: Don't wait for child to finish in log_error(), let the signal
22740: handler get it if we are still running, else let init reap it for
22741: us. The extra time it takes to wait lets the user know that mail is
22742: being sent.
22743:
22744: Install SIGCHLD handler in main() and for POSIX signals, block
22745: everything
22746: *except* SIGCHLD.
22747: [d2b6ab0ef3be]
22748:
22749: * INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
22750: parse.yacc, sudo.c, sudo.h:
22751: sudoers_lookup() now returns a bitmap instead of an int. This makes
22752: it possible to express things like "failed to validate because user
22753: not listed for this host". Some thigns that were previously
22754: VALIDATE_FOO are now FLAG_FOO. This may change later on.
22755:
22756: Reorganized code in log_auth() and sudo.c to deal with above
22757: changes.
22758:
22759: Safer versions of push/pushcp with in the do { ... } while (0) style
22760:
22761: parse.yacc now saves info on the stack to allow parse.c to determine
22762: if a user was listed, but not for the host he/she tried to run on.
22763:
22764: Added --with-mail-if-no-host option
22765: [63326cb01efc]
22766:
22767: 1999-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
22768:
22769: * parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
22770: visudo.man, visudo.pod:
22771: o NewArgv and NewArgc don't need to be externally visible. o If
22772: pedantic > 1, it is a parse error. o Add -s (strict) option to
22773: visudo which sets pedantic to 2.
22774: [5d7d81b55cd5]
22775:
22776: * HISTORY, INSTALL:
22777: Just have sudo-bugs contact info in one place
22778: [e7f6588ea683]
22779:
22780: * sudo.cat, sudo.html, sudo.man, sudo.pod:
22781: Add BUGS section
22782: [6607d96ea510]
22783:
22784: * Makefile.in, configure, configure.in:
22785: Add testsudoers to default build target if --with-devel Don't clean
22786: generated parser files unless "distclean".
22787: [5827b769dc57]
22788:
22789: * parse.yacc, sudo.tab.c:
22790: In pedantic mode we need to save *all* the aliases, not just those
22791: that match, or we get spurious warnings.
22792: [24f5b1f0e1de]
22793:
22794: * TROUBLESHOOTING:
22795: reference samples.sylog.conf
22796: [11841668380a]
22797:
22798: 1999-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
22799:
22800: * sample.syslog.conf:
22801: Sample entries for syslog.conf
22802: [0f7697d878a1]
22803:
22804: * CHANGES:
22805: recent changes
22806: [8bca8810c6bd]
22807:
22808: * auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
22809: auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
22810: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
22811: auth/sudo_auth.c, auth/sudo_auth.h:
22812: In struct sudo_auth, turn need_root and configured into flags and
22813: add a flag to specify an auth method is running alone (the only
22814: one). Pass auth methods their sudo_auth pointer, not the data
22815: pointer. This allows us to get at the flags and tell if we are the
22816: only auth method. That, in turn, allows the method to be able to
22817: decide what should/should not be a fatal error. Currently only
22818: rfc1938 uses it this way, which allows us to kill the OTP_ONLY
22819: define and te hackery that went with it. With access to the
22820: sudo_auth struct, methods can also get at a string holding their
22821: cannonical name (useful in error messages).
22822: [b7e320fc6511]
22823:
22824: * INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
22825: getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
22826: sudo.tab.h:
22827: o --with-otp deprecated, use --without-passwd instead o real
22828: dependencies in the Makefile o --with-devel option to enable yacc,
22829: lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
22830: back to being a token, not a string but don't leak memory o rename
22831: hsotspec -> host in parse.yacc
22832: [912c45226cb2]
22833:
22834: 1999-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
22835:
22836: * BUGS, CHANGES:
22837: recent changes
22838: [801fa6e55687]
22839:
22840: * auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
22841: sudo.c, sudo.h:
22842: o Digital UNIX needs to check for *snprintf() before -ldb is added
22843: to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
22844: for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
22845: functions in snprintf.c to fix -Wall o Add missing includes to fix
22846: more -Wall
22847: [8d207203e126]
22848:
22849: * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
22850: configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
22851: visudo.c:
22852: o Add a "pedentic" flag to the parser. This makes sudo warn in
22853: cases where an alias may be used before it is defined. Only turned
22854: on for visudo and testsudoers. o Add --disable-authentication option
22855: that makes sudo not require authentication by default. The PASSWD
22856: tag can be used to require authentication for an entry. We no
22857: longer overload --without-passwd.
22858: [f307e09adf98]
22859:
22860: * lex.yy.c, parse.lex:
22861: Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
22862: username can contain just about anything so be very permissive. Also
22863: drop the unused \. punctuation.
22864: [06a50614ff89]
22865:
22866: 1999-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
22867:
22868: * parse.yacc, sudo.tab.c:
22869: o add a 'val' element to aliasinfo struct and move -> parse.h o
22870: find_alias() now returns an aliasinfo * instead of boolean o
22871: add_alias() now takes a value parameter to store in the
22872: aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
22873: return: 1) positive match 0) negative match (due to '!')
22874: -1) no match This means setting $$ explicitly in all cases, which I
22875: should have done in the first place. It also means that we always
22876: store a value that is != -1 and when we see a '!' we can set
22877: *_matches to !rv if rv != -1. The upshot of all of this is that '!'
22878: now works the way it should in lists and some of the rules are more
22879: uniform and sensible.
22880: [ad8e73b5d581]
22881:
22882: * Makefile.in:
22883: add parse.h dependency
22884: [4ccccd464d30]
22885:
22886: * parse.h:
22887: kill unused *_matched macros
22888: [02cba6dcb732]
22889:
22890: * parse.yacc:
22891: Allow a list of users as the first thing in a user spec, not just a
22892: single entry. This makes things more uniform, though it does allow
22893: you to write user specs that are hard to read.
22894: [3c4c91c508ca]
22895:
22896: * sudo.tab.c:
22897: parse.yacc
22898: [feca81881bb6]
22899:
22900: * configure:
22901: regen
22902: [6f247010bb3b]
22903:
22904: * configure.in:
22905: fix check for crypt() in libufc
22906: [82770736f4b0]
22907:
22908: 1999-08-07 Todd C. Miller <Todd.Miller@courtesan.com>
22909:
22910: * README:
22911: sudo-users list now exists
22912: [4716d2bb0bbf]
22913:
22914: * INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
22915: Update to reality.
22916: [1eda2d57e42a]
22917:
22918: * CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
22919: config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
22920: version.c, visudo.c:
22921: o Move lock_file() and touch() into fileops.c so visudo can use them
22922: o Visudo now locks the sudoers temp file instead of bailing when the
22923: temp file already exists. This fixes the problem of stale temp
22924: files but it does *require* that you not try to put the temp file in
22925: a world-writable directory. This shoud not be an issue as the temp
22926: file should live in the same dir as sudoers. o Visudo now only
22927: installs the temp file as sudoers if it changed.
22928: [2517cd06c070]
22929:
22930: 1999-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
22931:
22932: * logging.c:
22933: add fcntl locking
22934: [c304adeaf515]
22935:
22936: * config.h.in, configure, configure.in, logging.c:
22937: Lock the log file.
22938: [d8652704fbdf]
22939:
22940: * Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
22941: visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
22942: o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
22943: temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
22944: -> _PATH_SUDOERS_TMP
22945: [68cad8975807]
22946:
22947: 1999-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
22948:
22949: * INSTALL, check.c, config.h.in, configure, configure.in, version.c:
22950: o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
22951: root sudo -V config reporting
22952: [cdd2613a9dcf]
22953:
22954: * configure, configure.in:
22955: aix_auth.o not authenticate.o
22956: [d972e35f6730]
22957:
22958: * config.h.in:
22959: Add --with-goodpri and --with-badpri configure options to specify
22960: the syslog priority to use.
22961: [2595ae50ab86]
22962:
22963: * INSTALL, configure, configure.in, logging.h:
22964: Add --with-goodpri and --with-badpri configure options to specify
22965: the syslog priority to use.
22966: [8276ee9b2b49]
22967:
22968: * compat.h:
22969: kill crufty AIX stuff
22970: [a4f35ef9854e]
22971:
22972: * Makefile.in:
22973: Sigh, some versions of make (like Solaris's) don't deal with $< like
22974: I would expect. Both GNU and BSD makes get this right but... So, we
22975: just expand $< inline at the cost of some ugliness.
22976: [b1b456f8801f]
22977:
22978: * version.c:
22979: If the invoking user is root, sudo will now print configure info in
22980: -V mode. Currently just prints logging info, to be expanded later.
22981: [392f7ed99267]
22982:
22983: * logging.c, logging.h, sudo.c, sudo.h:
22984: o new defines for syslog facility and priority o use new
22985: print_version() functino for -V mode
22986: [78abc5142985]
22987:
22988: * check.c:
22989: Don't need version.c
22990: [db9a830ad893]
22991:
22992: * aclocal.m4, config.h.in, configure, configure.in:
22993: Add check for syslog facilities and priorities tables in syslog.h
22994: [b86213e5fc5c]
22995:
22996: * Makefile.in:
22997: o authenticate -> aix_auth o add version.c
22998: [44b6b9a8d0f5]
22999:
23000: * auth/sudo_auth.c:
23001: Missed a prompt -> user_prompt conversion
23002: [e4c60b1f210c]
23003:
23004: 1999-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
23005:
23006: * TODO:
23007: sudo should lock its logfile
23008: [6d2830b28b07]
23009:
23010: * parse.yacc, sudo.tab.c:
23011: o Add '!' correctly when expanding Aliases. o Add shortcut macros
23012: for append() to make things more readable. o The separator in
23013: append() is now a string instead of a char. o In append(), only
23014: prepend the separator if the last char is not a '!'. This is a
23015: hack but it greatly simplifies '!' handling. o In -l mode, Runas
23016: lists and NOPASSWD/PASSWD tags are now inherited across entries in
23017: a list (matches current behavior). o Fix formatting in -l mode such
23018: that items in a list are separated by a space. Greatlt improves
23019: readability. o Space for name field in struct aliasinfo is now
23020: allocated dyanically instead of using a (big) buffer. o In
23021: add_alias(), only search the list once (lsearch instead of lfind +
23022: lsearch)
23023: [51f7e07addb9]
23024:
23025: * lex.yy.c, sudo.tab.c, sudo.tab.h:
23026: regen
23027: [5c19bb05dc21]
23028:
23029: * configure, configure.in:
23030: Solais pam doesn't require anye xtra setup
23031: [a25ba03d91d1]
23032:
23033: * parse.yacc:
23034: o Simpler '!' support now that the lexer deals with multiple !'s for
23035: us. o In the case of opFOO, have FOO give a boolean return value and
23036: set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
23037: it gets fill()'d in parse.lex--fixes a small memory leak. In the
23038: long run it may be better to just fix parse.lex and make ALL back
23039: into a token. However, having it be a string is useful since it
23040: can be easily passed back to the parent rule if we so desire.
23041: [b3c64b443018]
23042:
23043: * parse.lex:
23044: o Remove some unnecessary backslashes o collapse multiple !'s by
23045: using !+ and checking if yyleng is even or odd. this allows us to
23046: simplify ! handling in parse.yacc
23047: [76330e8da8e3]
23048:
23049: * sudo.c:
23050: -u flag was being ignored
23051: [e30283207585]
23052:
23053: 1999-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
23054:
23055: * Makefile.in:
23056: correct fix
23057: [a0e2377dec8f]
23058:
23059: * Makefile.in:
23060: work around pod2man stupididy
23061: [7c755640b67f]
23062:
23063: * Makefile.in:
23064: correct dependencies for .cat
23065: [5ed7b0653b68]
23066:
23067: * sudo.cat, sudo.man, visudo.cat, visudo.man:
23068: regen
23069: [b74510dd6a0a]
23070:
23071: * sudo.pod, visudo.pod:
23072: Add copyright Update to reality
23073: [188e9b046c15]
23074:
23075: * parse.c, sudo.c, sudo.h:
23076: rename validate() to the more descriptive sudoers_lookup()
23077: [7a1cb652f379]
23078:
23079: * auth/aix_auth.c:
23080: use tgetpass
23081: [b8ba5daec40a]
23082:
23083: 1999-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
23084:
23085: * CHANGES:
23086: updates
23087: [e61460cdf4a0]
23088:
23089: * HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
23090: configure, configure.in, sudo.c:
23091: Sudo, not CU Sudo
23092: [9061b3573c0c]
23093:
23094: * LICENSE:
23095: add 4th term to license similar to term 5 in the apache license
23096: [92712e895afb]
23097:
23098: * emul/search.h, emul/utime.h:
23099: add 4th term to license similar to term 5 in the apache license
23100: [4f93a8b9396e]
23101:
23102: * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
23103: auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
23104: auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
23105: auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
23106: logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
23107: pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
23108: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
23109: visudo.c:
23110: add 4th term to license similar to term 5 in the apache license
23111: [afae9f2bf9ec]
23112:
23113: * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
23114: add 4th term to license similar to term 5 in the apache license
23115: [c389d3fdafac]
23116:
23117: * Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
23118: getspwuid.c, goodpath.c:
23119: add 4th term to license similar to term 5 in the apache license
23120: [969e63dbd38e]
23121:
23122: * LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
23123: insults.h, logging.c, sudo.c, sudo.h:
23124: there was a 1995 release too
23125: [5963fd89457a]
23126:
23127: 1999-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
23128:
23129: * CHANGES:
23130: updates
23131: [254b794f16ab]
23132:
23133: * check.c:
23134: Use dirs instead of files for timestamp. This allows tty and non-
23135: tty schemes to coexist reasonably. Note, however, that when you
23136: update a tty ticket, the mtime on the user dir gets updated as well.
23137: [44bfac32f799]
23138:
23139: * configure, configure.in:
23140: Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
23141: when linking test program, not just -lprot. Also add check for
23142: getspnam(). The SCO docs indicate that /etc/shadow can be used but
23143: this may be a lie.
23144: [2ba21d36cc1e]
23145:
23146: 1999-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
23147:
23148: * auth/API:
23149: first cut at auth API description
23150: [3d10df021eb8]
23151:
23152: 1999-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
23153:
23154: * auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
23155: auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
23156: auth/sudo_auth.h:
23157: auth API change. There is now an init method that gets run before
23158: the main loop. This allows auth routines to differentiate between
23159: initialization that happens once vs. setup that needs to run each
23160: time through the loop.
23161: [76df1c0d3478]
23162:
23163: * auth/kerb5.c, logging.c:
23164: use easprintf() and evasprintf()
23165: [fd97d96dc12f]
23166:
23167: * alloc.c, sudo.h:
23168: add easprintf() and evasprintf(), error checking versions of
23169: asprintf() and vasprintf()
23170: [f54385de20b7]
23171:
23172: * TODO:
23173: remove 2 items. One done, one won't do.
23174: [64513b47bc7a]
23175:
23176: * lex.yy.c, sudo.tab.c:
23177: regen
23178: [4aa299de2752]
23179:
23180: * configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
23181: visudo.html, visudo.man:
23182: regen
23183: [553c0d1209be]
23184:
23185: * CHANGES:
23186: new changes
23187: [d7be00b7e36b]
23188:
23189: * sudo.pod:
23190: o Document -K flag and update meaning of -k flag. o BSD-style
23191: copyright o Document clearing of BIND resolver environment variables
23192: o Clarify bit about shared libs o suggest rc files create /tmp/.odus
23193: if your OS gives away files
23194: [4a4092be1455]
23195:
23196: * visudo.pod:
23197: BSD license
23198: [ad0bfd0a4630]
23199:
23200: * version.h:
23201: BSD-style copyright
23202: [ecc6479325be]
23203:
23204: * tgetpass.c:
23205: o BSD copyright o no need to block signals, we now do that in main()
23206: o cosmetic changes
23207: [61958beda7ab]
23208:
23209: * testsudoers.c, visudo.c:
23210: o BSD-style copyright o Use "struct sudo_user" instead of old
23211: globals. o some cometic cleanup
23212: [88c0c6924082]
23213:
23214: * sudo_setenv.c:
23215: BSD-style copyright
23216: [df20290129a0]
23217:
23218: * sudo.h:
23219: o BSD copyright o logging and parser bits moved to their own .h
23220: files o new "struct sudo_user" to encapsulate many of the old
23221: globals.
23222: [50fc86bf25cb]
23223:
23224: * sudo.c:
23225: o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
23226: logging routines o simplified flow of control o BIND resolver
23227: additions to badenv_table
23228: [8c53f15bfcb0]
23229:
23230: * strerror.c:
23231: BSD-style copyright
23232: [7c906c3a82ac]
23233:
23234: * snprintf.c:
23235: Now compiles on more K&R compilers
23236: [07ab1d3231c7]
23237:
23238: * putenv.c:
23239: BSD-style copyright, cosmetic changes
23240: [c42371295881]
23241:
23242: * pathnames.h.in:
23243: BSD-style copyright
23244: [e5c34ebd4cf1]
23245:
23246: * parse.c, parse.h, parse.lex, parse.yacc:
23247: BSD-style copyright. Move parser-specific defines and structs into
23248: parse.h + other cosmetic changes
23249: [d3088efb6228]
23250:
23251: * logging.h:
23252: defines for logging routines
23253: [13147941c02d]
23254:
23255: * find_path.c, getspwuid.c, goodpath.c, interfaces.c:
23256: BSD-style copyright, cosmetic changes
23257: [e8205e91a4fa]
23258:
23259: * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
23260: interfaces.h:
23261: BSD-style copyright
23262: [b9499da7cdce]
23263:
23264: * configure.in:
23265: o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
23266: kill --disable-tgetpass o add --without-passwd o changes to fill in
23267: AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
23268: v?asprintf() o replace --with-AuthSRV with --with-fwtk
23269: [9a3f39b9c128]
23270:
23271: * config.h.in:
23272: BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
23273: HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
23274: HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
23275: [9a09054db53a]
23276:
23277: * compat.h:
23278: BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
23279: [25509c566975]
23280:
23281: * alloc.c:
23282: BSD-style copyright
23283: [4967be892363]
23284:
23285: * TROUBLESHOOTING:
23286: no more --with-getpass
23287: [afd5b670c196]
23288:
23289: * TODO:
23290: Take out things I've done...
23291: [375420c8270e]
23292:
23293: * README:
23294: Refer to LICENSE
23295: [c486c8db30f6]
23296:
23297: * PORTING:
23298: --with-getpass no longer exists
23299: [db48202df1bb]
23300:
23301: * Makefile.in:
23302: BSD-style copyright. Update to reflect reality wrt new files and
23303: new auth modules.
23304: [61a2ca7940fb]
23305:
23306: * INSTALL:
23307: Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
23308: --without-passwd.
23309: [64e8f9e1c05e]
23310:
23311: * HISTORY:
23312: Update history a bit
23313: [df60c0a871b8]
23314:
23315: * COPYING, LICENSE:
23316: Now distributed under a BSD-style license
23317: [d1a184ccabe1]
23318:
23319: * auth/sudo_auth.c:
23320: o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
23321: options. o skey/opie replaced by rfc1938 code o new struct sudo_user
23322: global
23323: [891b57060868]
23324:
23325: * auth/pam.c, auth/sia.c:
23326: BSD-style copyright and use new log functions
23327: [65c44445ea84]
23328:
23329: * auth/kerb5.c:
23330: o BSD-style copyright o Use new log functiongs o Use asprintf() and
23331: snprintf() where sensible.
23332: [1ff0feaacf95]
23333:
23334: * check.c:
23335: Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
23336: done more reasonably--better sanity checks and tty-based stamps are
23337: now done as files in a directory with the same name as the invoking
23338: user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
23339: to mix tty and non-tty based ticket schemes but this may change in
23340: the future (it requires sudo to use a directory instead of a file in
23341: the non-tty case). Also, ``sudo -k'' now sets the ticket back to
23342: the epoch and ``sudo -K'' really deletes the file. That way you
23343: don't get the lecture again just because you killed your ticket in
23344: .logout. BSD-style copyright now.
23345: [ec3460f85be8]
23346:
23347: * logging.c:
23348: o rewritten logging routines. log_error() now takes printf-style
23349: varargs and log_auth() for the return value of validate(). o BSD-
23350: style copyright
23351: [438292025c4e]
23352:
23353: * auth.c, check_sia.c, dce_pwent.c, secureware.c:
23354: superceded by new auth API
23355: [412060590da7]
23356:
23357: * auth/kerb4.c:
23358: BSD-style copyright
23359: [cc4e800833c7]
23360:
23361: * auth/fwtk.c:
23362: Use snprintf() where it makes sense and add a BSD-style copyright
23363: [1b7502388a74]
23364:
23365: * auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
23366: auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
23367: BSD-style copyright
23368: [42583bedae5c]
23369:
23370: * emul/utime.h, utime.c:
23371: BSD-style copyright
23372: [3985c90aba47]
23373:
23374: * emul/search.h:
23375: this has been rewritten so use my BSD-style copyright
23376: [176df1b0de6f]
23377:
23378: 1999-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
23379:
23380: * snprintf.c:
23381: include malloc.h if no stdlib.h
23382: [7b123f1d1d03]
23383:
23384: * snprintf.c:
23385: KTH snprintf()/asprintf() for systems w/o them
23386: [3ca9aefb9d01]
23387:
23388: * strerror.c:
23389: strerror() for systems w/o it
23390: [7f0bd8a1c1b4]
23391:
23392: 1999-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
23393:
23394: * visudo.c:
23395: stylistic changes
23396: [6f99aceb7170]
23397:
23398: * parse.c, parse.lex, parse.yacc:
23399: Add contribution info in the main comment
23400: [e50cec10acd6]
23401:
23402: 1999-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
23403:
23404: * auth/pam.c:
23405: remove missed ref to PAM_nullpw
23406: [a43e59692cdb]
23407:
23408: * auth/sudo_auth.h:
23409: pasto
23410: [891ff138ab89]
23411:
23412: * auth/kerb5.c:
23413: more or less complete now--still untested
23414: [21036732faa0]
23415:
23416: * auth/afs.c, auth/pam.c:
23417: don't use user_name macro, it will go away
23418: [def7cf727349]
23419:
23420: * auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
23421: combine skey/opie code into rfc1938.c
23422: [44d88ca93d3e]
23423:
23424: * auth/dce.c, auth/sudo_auth.h:
23425: DCE authentication method; basically unchanged from dce_pwent.c
23426: [4d468473dd6f]
23427:
23428: * auth/aix_auth.c, auth/sudo_auth.h:
23429: AIX authenticate() support. Could probably be much better
23430: [000013321a33]
23431:
23432: * auth/sia.c:
23433: Fix an uninitialized variable and some cleanup. Now works (tested)
23434: [fd6ad88ff055]
23435:
23436: * auth/sia.c, auth/sudo_auth.h:
23437: SIA support for digital unix
23438: [5335f3e70eab]
23439:
23440: * auth/pam.c:
23441: don't use prompt global, it will go away
23442: [fadd22dd6ce4]
23443:
23444: * auth/secureware.c:
23445: correct copyright years
23446: [6aa07c49f51b]
23447:
23448: * auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
23449: auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
23450: auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
23451: New authentication API and methods
23452: [9debe9b59c79]
23453:
23454: 1999-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
23455:
23456: * sudo.tab.c:
23457: regen
23458: [84578e82c1a6]
23459:
23460: * parse.yacc:
23461: only save an entry if user_matches && host_matches, even if the
23462: stack is empty (fix for previous commit)
23463: [00984b078d8a]
23464:
23465: * sudo.tab.c:
23466: regen
23467: [66acf160b4b7]
23468:
23469: * parse.yacc:
23470: 1) Always save an entry on the stack if it is empty. This fixes the
23471: -l and -v flags that were broken by earlier parser changes.
23472:
23473: 2) In a Runas list, don't negate FALSE -> TRUE since that would make
23474: !foo match any time the user specified a runas user (via -u) other
23475: than foo.
23476: [f322eb54b015]
23477:
23478: * testsudoers.c:
23479: interfaces and num_interfaces are now auto, not extern
23480: [113add5c6518]
23481:
23482: 1999-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
23483:
23484: * auth.c:
23485: use a static global to keep stae about empty passwords
23486: [bc02e30807d8]
23487:
23488: * check_sia.c:
23489: make PASSWORD_NOT_CORRECT logging consistent with other modules
23490: [21962549d5fd]
23491:
23492: 1999-07-05 Todd C. Miller <Todd.Miller@courtesan.com>
23493:
23494: * auth.c:
23495: PAM prompt code was wrong, looks like we have to kludge it after
23496: all.
23497: [91f246155ead]
23498:
23499: * auth.c:
23500: In the PAM code, when a user hits return at the first password
23501: prompt, exit without a warning just like the normal auth code
23502: [918f59bacdb7]
23503:
23504: * configure, configure.in:
23505: kludge around cross-compiler false positives
23506: [5e5fc8356400]
23507:
23508: * auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
23509: New (correct) PAM code Tgetpass now takes an echo flag for use with
23510: PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
23511: useless umask setting Change error from BAD_ALLOCATION ->
23512: BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
23513: for consistency
23514: [e71397f09dd8]
23515:
23516: * sudo.c:
23517: Some -Wall and kill some trailing spaces
23518: [8229b43d5c4e]
23519:
23520: * configure.in:
23521: define -D__EXTENSIONS__ for solaris so we get crypt() proto
23522: [7533e4436cab]
23523:
23524: 1999-06-22 Todd C. Miller <Todd.Miller@courtesan.com>
23525:
23526: * RUNSON:
23527: add Dynix 4.4.4
23528: [b69f773efbce]
23529:
23530: * INSTALL, config.h.in, configure, configure.in:
23531: for kerberos V < version, fall back on old kerb4 auth code
23532: [d685ed3a1d8e]
23533:
23534: * INSTALL:
23535: clarify some things
23536: [2f5ba2e8e53a]
23537:
23538: * UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
23539: typos
23540: [8925a109c093]
23541:
23542: 1999-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
23543:
23544: * sudo.c:
23545: mention why DONT_LEAK_PATH_INFO is not the default
23546: [0346260cb4ec]
23547:
23548: 1999-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
23549:
23550: * tgetpass.c:
23551: Fix open(2) return value checking, was NULL for fopen, should be -1
23552: for open
23553: [355878bf6d8a]
23554:
23555: * configure:
23556: regen
23557: [68bf82871862]
23558:
23559: * configure.in:
23560: better wording for solaris pam notice
23561: [04e88c7a6c42]
23562:
23563: * CHANGES:
23564: document recent changes
23565: [7c922c5622ef]
23566:
23567: * TROUBLESHOOTING:
23568: Update shadow password section
23569: [e8448bae7d66]
23570:
23571: * auth.c:
23572: move authentication code from check.c to auth.c
23573: [e9f6ecae2399]
23574:
23575: * Makefile.in, check.c, sudo.h:
23576: move authentication code to auth.c
23577: [124cded85f46]
23578:
23579: 1999-05-17 Todd C. Miller <Todd.Miller@courtesan.com>
23580:
23581: * Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
23582: getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
23583: logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
23584: sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
23585: visudo.c:
23586: Move interface-related defines to interfaces.h so we don't have to
23587: include <netinet/in.h> everywhere.
23588: [e7599d8ea0bf]
23589:
23590: 1999-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
23591:
23592: * CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
23593: parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
23594: o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
23595: turns out the old DES crypt does the right thing with passwords
23596: longert than 8 characters. o Fix common typo (necesary ->
23597: necessary) o Update TODO list
23598: [ad75007a6f13]
23599:
23600: 1999-05-03 Todd C. Miller <Todd.Miller@courtesan.com>
23601:
23602: * sudo.c:
23603: set $LOGNAME when we set $USER
23604: [391596210fd7]
23605:
23606: 1999-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
23607:
23608: * INSTALL:
23609: add comment about digital unix and interfaces.c warning with gcc
23610: [e20f815901cc]
23611:
23612: 1999-04-15 Todd C. Miller <Todd.Miller@courtesan.com>
23613:
23614: * sample.sudoers:
23615: use modern paths and give examples for some of the new parser
23616: features
23617: [e7b2e507c695]
23618:
23619: 1999-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
23620:
23621: * parse.c:
23622: fix comment
23623: [5eb0d005a65f]
23624:
23625: * alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
23626: getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
23627: parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
23628: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
23629: Function names should be flush with the start of the line so they
23630: can be found trivially in an editor and with grep
23631: [3c400abde574]
23632:
23633: * find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
23634: sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
23635: free(3) is already void, no need to cast it
23636: [6981e1ebda0f]
23637:
23638: * logging.c, sudo.c, sudo.h:
23639: catch case where cmnd_safe is not set (this should not be possible)
23640: [3e1e3038546c]
23641:
23642: * CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
23643: testsudoers.c, visudo.c:
23644: Stash the "safe" path (ie: the one listed in sudoers) to the command
23645: instead of stashing the struct stat. Should be safer.
23646: [aa2883fcf57e]
23647:
23648: 1999-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
23649:
23650: * INSTALL, Makefile.in, UPGRADE:
23651: notes on updating from an earlier release
23652: [df9fffa4ab2c]
23653:
23654: * CHANGES:
23655: updated
23656: [574f5065d15a]
23657:
23658: 1999-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
23659:
23660: * parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
23661: sudoers.man, sudoers.pod:
23662: You can now specifiy a host list instead of just a host or alias.
23663: Ie: user = host1,host2,ALIAS,!host3 my_command now works.
23664: [e3942bb78021]
23665:
23666: * testsudoers.c:
23667: Quiet -Wall
23668: [a3edc8b08c3a]
23669:
23670: * parse.yacc, sudo.tab.c:
23671: Move the push from the beginning of cmndspec to the end. This means
23672: we no longer have to do a push at the end of privilege, just reset
23673: some values.
23674: [8ea66e5860c6]
23675:
23676: * sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
23677: runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
23678: use "!" most everywhere
23679: [aadae4d1c9d5]
23680:
23681: 1999-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
23682:
23683: * sudoers.pod:
23684: modernize paths and update su example based on sample.sudoers one
23685: [3f6a37e16c83]
23686:
23687: * sample.sudoers:
23688: New runas semantics
23689: [756ee92865b7]
23690:
23691: * CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
23692: strdup.c, sudo.h:
23693: In estrdup(), do the malloc ourselves so we don't need to rely on
23694: the system strdup(3) which may or may not exist. There is now no
23695: need to provide strdup() for those w/o it. Also, the prototype for
23696: estrdup() was wrong, it returns char * and its param is const.
23697: [5f1f984da8e3]
23698:
23699: * getcwd.c:
23700: $Sudo tag
23701: [e4188a35e68c]
23702:
23703: * check.c:
23704: buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
23705: [2aec87c86cde]
23706:
23707: * CHANGES, TODO, parse.yacc, sudo.tab.c:
23708: It is now possible to use the '!' operator in a runas list as well
23709: as in a Cmnd_Alias, Host_Alias and User_Alias.
23710: [a4fdaabda990]
23711:
23712: * logging.c, sudo.h:
23713: Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
23714: [73d0376785ae]
23715:
23716: * sudo.h:
23717: Definitions of *_matched were wrong--user top, not top-2 as
23718: subscript.
23719: [5f8350a57362]
23720:
23721: * logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
23722: Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
23723: command but the NOPASSWD flag was set. Make runasspec, runaslist,
23724: runasuser, and nopasswd typeless in parse.yacc Add support for '!'
23725: in the runas list Fix double printing of '%' and '+' for groups and
23726: netgroups respectively Add *_matched macros (no need for local stack
23727: variable). Should only be used directly after a pop (since top must
23728: be >= 2).
23729: [392b1400c4e6]
23730:
23731: * aclocal.m4, configure.in:
23732: Add copyright, somewhat silly
23733: [55c2cdd82dca]
23734:
23735: 1999-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
23736:
23737: * BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
23738: compat.h, config.h.in, configure, configure.in, dce_pwent.c,
23739: emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
23740: ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
23741: lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
23742: putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
23743: sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
23744: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
23745: visudo.man:
23746: Crank version to 1.6 and combine copyright statements
23747: [0e1c791658ae]
23748:
23749: * sample.sudoers:
23750: Use ! not ^ to do negation
23751: [1480a0761730]
23752:
23753: * lex.yy.c, sudo.tab.c:
23754: regen
23755: [89ca5a46684b]
23756:
23757: * parse.lex, parse.yacc:
23758: Make runas and NOPASSWD tags persistent across entris in a command
23759: list. Add a PASSWD tag to reverse NOPASSWD. When you override a
23760: runas or *PASSWD tag the value given becomes the new default for the
23761: rest of the command list.
23762: [f1bbb4066542]
23763:
23764: 1999-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
23765:
23766: * CHANGES, RUNSON:
23767: update for 1.5.9
23768: [a1ae9d4a7d54] [SUDO_1_5_9]
23769:
23770: * visudo.c:
23771: Shift return value of system(3) by 8 to get real exit value and if
23772: it is not 1 or 0 print the retval along with the error message.
23773: [c1ff50d743fb]
23774:
23775: 1999-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
23776:
23777: * Makefile.in:
23778: testsudoers needs LIBOBJS too
23779: [972571b4e4bf]
23780:
23781: * parse.c, parse.yacc, sudo.tab.c:
23782: Fix another parser bug. For a sudoers entry like this: millert
23783: ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
23784: as root.
23785: [51968e1eb33d]
23786:
23787: * CHANGES:
23788: new change
23789: [271c6110bb62]
23790:
23791: * parse.yacc, sudo.tab.c:
23792: Save entries that match a ! command on the matching stack too
23793: [5afb5107116c]
23794:
23795: * sudo.c:
23796: Make sudo's usage info better when mutually exclusive args are given
23797: and don't rely on argument order to detect this; nick@zeta.org.au
23798: [2422753c88fd]
23799:
23800: 1999-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
23801:
23802: * CHANGES, Makefile.in, RUNSON:
23803: updates from CU
23804: [b37381e3dafb]
23805:
23806: * Makefile.in:
23807: use gzip
23808: [94a64e52a166]
23809:
23810: * parse.yacc, sudo.tab.c:
23811: Fix off by one error introduced in *alloc changes
23812: [95ede581153a]
23813:
23814: * BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
23815: check_sia.c, compat.h, config.h.in, configure, configure.in,
23816: dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
23817: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
23818: interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
23819: pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
23820: sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
23821: sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
23822: visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
23823: ++version
23824: [c6d88f024e37]
23825:
23826: * Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
23827: interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
23828: putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
23829: sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
23830: Use emalloc/erealloc/estrdup
23831: [44221d97361a]
23832:
23833: * alloc.c:
23834: error checking memory allocation routines
23835: [5f8c1e7bbc71]
23836:
23837: * parse.yacc, sudo.tab.c:
23838: Still not right, this fixes it for real
23839: [ad553b6f5339]
23840:
23841: * parse.yacc, sudo.tab.c:
23842: Fix for previous commit
23843: [4d6f989f9bf2]
23844:
23845: * CHANGES, INSTALL, parse.yacc:
23846: Fix a parser bug that was exposed when mixing different runas specs
23847: and ! commands. For example: millert ALL=(daemon)
23848: /usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
23849: as well as daemon when it should just allow daemon. The problem was
23850: that comma-separated commands in a list shared the same entry on the
23851: matching stack. Now they get their own entry iff there is a full
23852: match. It may be better to just make the runas spec persistent
23853: across all commands in a list like the user and host entries of the
23854: matching stack. However, since that is a fairly major change it
23855: should gets its own minor rev increase.
23856: [c4b939cdcc8e]
23857:
23858: 1999-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
23859:
23860: * check.c, config.h.in:
23861: Simplify PAM code and fix a PAM-related warning on Linux
23862: [2468399523b6]
23863:
23864: 1999-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
23865:
23866: * CHANGES:
23867: updates
23868: [29d4a997769c]
23869:
23870: * sample.sudoers:
23871: better su entry
23872: [76d8285a72ba]
23873:
23874: * configure:
23875: regen
23876: [b7450cc6975d]
23877:
23878: * check.c, configure.in:
23879: new pam code that works on solaris, should work on linux too;
23880: aelberg@home.com
23881: [84c16c0ff259]
23882:
23883: 1999-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
23884:
23885: * RUNSON:
23886: more entries
23887: [b6bef8660759]
23888:
23889: * config.h.in:
23890: only include strings.h if there is no string.h
23891: [b66054a32b00]
23892:
23893: 1999-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
23894:
23895: * config.guess:
23896: Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
23897: [c086d2fe63af]
23898:
23899: 1999-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
23900:
23901: * sudo.c:
23902: shost must be set before log functions are called #ifdef HOST_IN_LOG
23903: [d49a7944358f]
23904:
23905: 1999-03-07 Todd C. Miller <Todd.Miller@courtesan.com>
23906:
23907: * CHANGES, lex.yy.c, parse.lex:
23908: Fix a bug wrt quoting characters in command args. Stop processing
23909: an arg when you hit a backslash so the quoted-character detection
23910: can catch it.
23911: [2281438d7f41]
23912:
23913: 1999-02-26 Todd C. Miller <Todd.Miller@courtesan.com>
23914:
23915: * interfaces.c:
23916: include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
23917: [31118a9e9916]
23918:
23919: 1999-02-24 Todd C. Miller <Todd.Miller@courtesan.com>
23920:
23921: * configure, configure.in:
23922: add missing case statement so --without-sendmail works
23923: [ca25614f7dd9]
23924:
23925: 1999-02-23 Todd C. Miller <Todd.Miller@courtesan.com>
23926:
23927: * CHANGES:
23928: more
23929: [4d70e44f7f93]
23930:
23931: 1999-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
23932:
23933: * configure, configure.in:
23934: only search for -lsun in irix <= 4.x
23935: [e604238317b1]
23936:
23937: * configure, configure.in:
23938: back out last configure.in change now that I've hacked autoconf to
23939: fix the real problem and add a missing newline
23940: [2dabf59a79b5]
23941:
23942: * CHANGES:
23943: updated
23944: [bb35d526552f]
23945:
23946: * getcwd.c:
23947: add def of dirfd() for those without it
23948: [95f0173d8441]
23949:
23950: * configure, configure.in:
23951: When falling back to checking for socket() when linking with
23952: "-lsocket -lnsl" check for main() instead since autoconf has already
23953: cached the results of checking for socket() in -lsocket. This is
23954: really an autoconf bug as it should use the extra libs as part of
23955: the cache variable name.
23956: [a845f8b710ad]
23957:
23958: * configure.in:
23959: typo
23960: [a7d62f62a478]
23961:
23962: 1999-02-21 Todd C. Miller <Todd.Miller@courtesan.com>
23963:
23964: * configure.in:
23965: fix occurrence of $with_timeout that should be
23966: $with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
23967: bochum.de
23968: [8c4da2cf73d1]
23969:
23970: 1999-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
23971:
23972: * sudo.cat, sudo.html, sudo.man, sudo.pod:
23973: fix grammar; espie@openbsd.org
23974: [7031d9dfbc3e] [SUDO_1_5_8]
23975:
23976: 1999-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
23977:
23978: * parse.yacc, sudo.c, testsudoers.c:
23979: add cast for strdup in places it does not have it
23980: [7ce4478d3b0f]
23981:
23982: 1999-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
23983:
23984: * configure, configure.in:
23985: define for_BSD_TYPES irix
23986: [858337ff4af8]
23987:
23988: 1999-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
23989:
23990: * Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
23991: Make it clear that it is the user's password, not root's, that we
23992: want.
23993: [ae0f51b35ee4]
23994:
23995: * check.c, sudo.h:
23996: If the user enters an empty password and really has no password,
23997: accept the empty password they entered. Perviously, they could
23998: enter anything
23999: *but* an empty password. Also, add GETPASS macro that calls either
24000: tgetpass() or getpass() depending on how sudo was configured.
24001: Problem noted by jdg@maths.qmw.ac.uk
24002: [2fde21ce94c1]
24003:
24004: 1999-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
24005:
24006: * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
24007: dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
24008: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
24009: interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
24010: pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
24011: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
24012: visudo.c:
24013: add explicate copyright
24014: [d3b4449834a5]
24015:
24016: * CHANGES:
24017: mention -lsocket, -lnsl configure changes
24018: [9140af4ad8ae]
24019:
24020: 1999-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
24021:
24022: * sudo.c:
24023: Don't clobber errno after calling check_sudoers().
24024: [59bd581b2654]
24025:
24026: 1999-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
24027:
24028: * configure, configure.in:
24029: When linking with both -lsocket and -lnsl be sure to do so in that
24030: order. Also, when we can't find socket() or inet_addr() and have to
24031: try linking with both libs, issue a warning.
24032: [0ee547163067]
24033:
24034: * sudo.cat, sudo.man, sudo.pod:
24035: clarify bad timestamp and fmt
24036: [70e42cf56c75]
24037:
24038: 1999-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
24039:
24040: * INSTALL, RUNSON:
24041: be clear that pam is linux-only and add a RUNSON entry
24042: [7fdeab875e0d]
24043:
24044: 1999-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
24045:
24046: * CHANGES, INSTALL, configure, configure.in:
24047: fix and correctly document --with-umask; problem noted by
24048: adap@adap.org
24049: [11cd0481d63a]
24050:
24051: 1999-01-20 Todd C. Miller <Todd.Miller@courtesan.com>
24052:
24053: * configure, configure.in:
24054: only use /usr/{man,catman}/local to store man pages if suer didn't
24055: override prefix or mandir
24056: [781ad2cbe9be]
24057:
24058: * INSTALL, configure, configure.in:
24059: fix typo, make --with-SecurID take an arg
24060: [026a9b4014fc]
24061:
24062: 1999-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
24063:
24064: * RUNSON:
24065: updates from users
24066: [2286982b31e6]
24067:
24068: * CHANGES, INSTALL, check.c, configure, configure.in:
24069: FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
24070: [23aa4e5c6b02]
24071:
24072: * configure, configure.in:
24073: better fix for the problem of unresolved symbols in -lnsl or
24074: -lsocket
24075: [82fe70fc287f]
24076:
24077: * configure, configure.in:
24078: when checking for functions in -lnsl and -lsocket link with both of
24079: them to avoid unresolved symbols on some weirdo systems
24080: [1734a591808e]
24081:
24082: 1999-01-18 Todd C. Miller <Todd.Miller@courtesan.com>
24083:
24084: * BUGS, CHANGES, RUNSON, TODO:
24085: old changes that didn't make it into RCS before the RCS->CVS switch
24086: [846eb2b8f9aa]
24087:
24088: 1999-01-17 Todd C. Miller <Todd.Miller@courtesan.com>
24089:
24090: * Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
24091: configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
24092: getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
24093: ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
24094: lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
24095: secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
24096: sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
24097: visudo.pod:
24098: add sudo tags
24099: [962f81eaa5ab]
24100:
24101: * sudo.h:
24102: testing Sudo tag
24103: [e84cbc521129]
24104:
24105: * version.h:
24106: testing Sudo tag
24107: [a8c3a3998b88]
24108:
24109: * BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
24110: config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
24111: find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
24112: ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
24113: logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
24114: secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
24115: sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
24116: utime.c, version.h, visudo.c, visudo.cat, visudo.man:
24117: crank version and regen files
24118: [23eacf00a1a4]
24119:
24120: * Makefile.in:
24121: kill rcs goop in update_version and fix now that version is a const
24122: [e6e50bd8d1e1]
24123:
24124: * INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
24125: sudo.c, sudo.h, sudo.pod:
24126: kerb5 support from fcusack@iconnet.net
24127: [8134027986e2]
24128:
24129: * realpath.c, sudo_realpath.c:
24130: we no longer use realpath
24131: [0f5f64abc646]
24132:
24133: * qualify.c:
24134: replaced by find_path.c
24135: [9e32a87e09c4]
24136:
24137: * options.h:
24138: all options are now configure flags
24139: [ee6bd9610102]
24140:
24141: * lex.yy.c:
24142: regen
24143: [bdbf8a18161f]
24144:
24145: * getwd.c:
24146: superceded by getcwd.c
24147: [1e54ee0990b4]
24148:
24149: * getpass.c:
24150: superceded by tgetpass.c
24151: [4e0d1edc30e3]
24152:
24153: * SUPPORTED:
24154: superceded by RUNSON
24155: [854c5a21cb53]
24156:
24157: * OPTIONS:
24158: No longer used now that we have configure options for everything.
24159: [9b1ae1c89259]
24160:
24161: * configure:
24162: regen based on configure.in
24163: [3a4d73936973]
24164:
24165: * sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
24166: sudoers.man, visudo.cat, visudo.html, visudo.man:
24167: regen based on sudo.pod, sudoers.pod, and visudo.pod
24168: [c267beb90778]
24169:
24170: 1998-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
24171:
24172: * check.c:
24173: fix tty tickets in remove_timestamp (didn't use ':')
24174: [fd964a74a32b]
24175:
24176: 1998-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
24177:
24178: * interfaces.c:
24179: close sock when we are done with it
24180: [95de0380f8a4]
24181:
24182: 1998-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
24183:
24184: * parse.yacc:
24185: never say "error on line -1"
24186: [361db1491121]
24187:
24188: 1998-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
24189:
24190: * configure.in:
24191: check for -lnsl before -lsocket
24192: [8e966d6bbcb5]
24193:
24194: * configure.in:
24195: quote '[', ']' used in ranges correctly
24196: [fa4f9c6ff651]
24197:
24198: 1998-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
24199:
24200: * config.h.in:
24201: add missing NO_ROOT_SUDO noted by drno@tsd.edu
24202: [c969f25d1667]
24203:
24204: 1998-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
24205:
24206: * version.h:
24207: 1.5.7
24208: [7a22de0bc148]
24209:
24210: * INSTALL:
24211: more info for 1.5.7
24212: [30ad9e784799]
24213:
24214: * README:
24215: update for 1.5.7
24216: [cd03a0a27cd2]
24217:
24218: * parse.yacc:
24219: make increases of cm_list_size and ga_list_size be similar to
24220: increases of stacksize (ie: >= not > in initial compare).
24221: [6bd450a896c7]
24222:
24223: * parse.yacc:
24224: when we get a syntax error, report it for the previous line since
24225: that's generally where the error occurred.
24226: [c4ac84058f0b]
24227:
24228: 1998-11-18 Todd C. Miller <Todd.Miller@courtesan.com>
24229:
24230: * config.h.in, configure.in, interfaces.c:
24231: add back check for sys/sockio.h but only use it if SIOCGIFCONF is
24232: not defined
24233: [d197f31fd1e4] [SUDO_1_5_7]
24234:
24235: * config.h.in:
24236: define BSD_COMP for svr4
24237: [87ac1147ff79]
24238:
24239: * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
24240: goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
24241: parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
24242: testsudoers.c, tgetpass.c, utime.c, visudo.c:
24243: more -Wall
24244: [d98e2d32db2a]
24245:
24246: * configure.in:
24247: kill check for sockio,h
24248: [4399779014c1]
24249:
24250: * config.h.in:
24251: no more HAVE_SYS_SOCKIO_H
24252: [67484528e347]
24253:
24254: * check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
24255: goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
24256: parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
24257: testsudoers.c, tgetpass.c, utime.c, visudo.c:
24258: -Wall
24259: [2b7e83976788]
24260:
24261: 1998-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
24262:
24263: * sudo.c:
24264: add missing inform_user()
24265: [8689528c6d55]
24266:
24267: 1998-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
24268:
24269: * find_path.c:
24270: return NOT_FOUND if given fully qualified path and it does not exist
24271: previously it would perror(ENOENT) which bypasses the option to not
24272: leak path info
24273: [ccbc3d0130ae]
24274:
24275: * configure.in:
24276: for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
24277: -ldes
24278: [c77d3b484ece]
24279:
24280: 1998-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
24281:
24282: * INSTALL:
24283: tty tickets are user:tty now
24284: [a53a303a614d]
24285:
24286: * check.c:
24287: when using tty tickets make it user:tty not user.tty as a username
24288: could have a '.' in it
24289: [3160b3f5c890]
24290:
24291: 1998-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
24292:
24293: * sudo.c:
24294: add "ignoring foo found in ." for auth successful case
24295: [24257169e0bd]
24296:
24297: 1998-11-09 Todd C. Miller <Todd.Miller@courtesan.com>
24298:
24299: * sudo.c:
24300: add missing printf param
24301: [8c905124f777]
24302:
24303: 1998-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
24304:
24305: * INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
24306: go back to printing "command not found" unless --disable-path-info
24307: specified. Also, tell user when we ignore '.' in their path and it
24308: would have been used but for --with-ignore-dot.
24309: [066e118c11e4]
24310:
24311: * check.c, sudo.c:
24312: Only one space after a colon, not two, in printf's
24313: [38452f4c8007]
24314:
24315: 1998-11-05 Todd C. Miller <Todd.Miller@courtesan.com>
24316:
24317: * sudo.pod:
24318: document setting $USER
24319: [80557fe6aede]
24320:
24321: * check.c:
24322: fix bugs with prompt expansion
24323: [44c4fca5f009]
24324:
24325: * sudo.c:
24326: set $USER for root too
24327: [4b525e1c6269]
24328:
24329: 1998-11-04 Todd C. Miller <Todd.Miller@courtesan.com>
24330:
24331: * getspwuid.c:
24332: typo
24333: [5107446f43e0]
24334:
24335: * configure.in:
24336: HP-UX's iscomsec is in -lsec, not libc
24337: [03c9f700b795]
24338:
24339: * configure.in:
24340: remove some entries in the OS case statement that did nothing
24341: [ea96e7e0f624]
24342:
24343: * TROUBLESHOOTING:
24344: add "cd" section and flush out syslog section
24345: [5107f7363b78]
24346:
24347: * Makefile.in:
24348: no more sudo-lex.yy.c
24349: [ed50826efbbc]
24350:
24351: * check_sia.c:
24352: add custom prompt support
24353: [6a285cea10b7]
24354:
24355: * testsudoers.c:
24356: kill perror("malloc") since we already have a good error messages
24357: pw_ent -> pw for brevity
24358: [eee31052921e]
24359:
24360: * sudo.c:
24361: kill perror("malloc") since we already have a good error messages
24362: pw_ent -> pw for brevity set $USER if -u specified
24363: [9f3753461f8a]
24364:
24365: * parse.yacc:
24366: kill perror("malloc") since we already have a good error messages
24367: [849459088ac3]
24368:
24369: * parse.c:
24370: kill perror("malloc") since we already have a good error messages
24371: pw_ent -> pw for brevity when checking if %group matches, look up
24372: user in password file so that %groups works in a RunAs spec.
24373: [0489b4ecc59a]
24374:
24375: * logging.c:
24376: kill perror("malloc") since we already have a good error messages
24377: [3191a18b3526]
24378:
24379: * check.c, getspwuid.c, interfaces.c:
24380: kill perror("malloc") since we already have a good error messages
24381: pw_ent -> pw for brevity
24382: [7193fdb38cf9]
24383:
24384: 1998-11-03 Todd C. Miller <Todd.Miller@courtesan.com>
24385:
24386: * tgetpass.c:
24387: the prompt is expanded before tgetpass is called
24388: [0f408f508041]
24389:
24390: * sudo.h:
24391: tgetpass now has the same args as getpass again
24392: [b6778cd9d79f]
24393:
24394: * getspwuid.c:
24395: add iscomsec, issecure support
24396: [007be7ec7ae7]
24397:
24398: * check.c:
24399: we now expand any %h or %u in the prompt before passing to tgetpass
24400: [f3db8c9ee387]
24401:
24402: * configure.in:
24403: add check for syslog(3) in -lsocket, -lnsl, -linet
24404: [5a96f902ce00]
24405:
24406: * config.h.in:
24407: add HAVE_ISCOMSEC and HAVE_ISSECURE
24408: [f640b0d4cf05]
24409:
24410: * configure.in:
24411: add check for iscomsec in HP-UX
24412: [b28b249040f0]
24413:
24414: * configure.in:
24415: check for issecure if we have getpwanam on SunOS some options are
24416: incompatible with DUNIX SIA check for dispcrypt on DUNIX
24417: [a49d05d9c913]
24418:
24419: 1998-10-25 Todd C. Miller <Todd.Miller@courtesan.com>
24420:
24421: * config.h.in:
24422: add HAVE_DISPCRYPT
24423: [7376d543d8d6]
24424:
24425: * secureware.c:
24426: add back support for non-dispcrypt based checking for older DUNIX
24427: [977b98e936be]
24428:
24429: * INSTALL:
24430: sia changes
24431: [c5387c06e30f]
24432:
24433: * configure.in:
24434: SIA becomes the default on Digital UNIX now havbe --disable-sia to
24435: turn it off...
24436: [3b647558ea13]
24437:
24438: * check.c:
24439: move local includes after system ones
24440: [b2abad4c4aef]
24441:
24442: 1998-10-24 Todd C. Miller <Todd.Miller@courtesan.com>
24443:
24444: * check.c, check_sia.c, sudo.h:
24445: add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
24446: stderr
24447: [547cbf299661]
24448:
24449: * check_sia.c:
24450: fix while loop in sia_attempt_auth() that checks the password. Only
24451: the first iteration was working.
24452: [1886fd1ac831]
24453:
24454: 1998-10-22 Todd C. Miller <Todd.Miller@courtesan.com>
24455:
24456: * aclocal.m4:
24457: don't trust UID_MAX or MAXUID
24458: [2aeddb1654d8]
24459:
24460: * configure.in:
24461: fix two pastos
24462: [c18f0a10b75d]
24463:
24464: * configure.in:
24465: fix typo
24466: [1eb3190ef12d]
24467:
24468: * getspwuid.c, secureware.c:
24469: init crypt_type to INT_MAX since it is legal to be negative in DUNX
24470: 5.0
24471: [cefbde04822d]
24472:
24473: * configure.in:
24474: for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
24475: -ldb since DUNX < 4.0 lacks it
24476: [e6b11d971068]
24477:
24478: 1998-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
24479:
24480: * check.c, compat.h, config.h.in, configure.in, getspwuid.c,
24481: secureware.c, sudo.c, tgetpass.c:
24482: getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
24483: minutes if the shadow files don't exist).
24484: [2f297d095004]
24485:
24486: 1998-10-20 Todd C. Miller <Todd.Miller@courtesan.com>
24487:
24488: * INSTALL:
24489: updated --with-editor blurb
24490: [77d8a3ea7328]
24491:
24492: * TROUBLESHOOTING:
24493: tell how to put sudoers in a different dir
24494: [456cd20eb1d0]
24495:
24496: * configure.in:
24497: add missing quotes around $with_editor
24498: [22881748ab1b]
24499:
24500: * configure.in:
24501: typo in --with-editor bits
24502: [ab6964580681]
24503:
24504: * INSTALL:
24505: I don't expect it to work on Solaris
24506: [1c2fceaaf56e]
24507:
24508: * check.c:
24509: add back security/pam_misc.h
24510: [6ffd30033c1e]
24511:
24512: 1998-10-19 Todd C. Miller <Todd.Miller@courtesan.com>
24513:
24514: * INSTALL:
24515: remove dunix note since configure checks for this now
24516: [e9904512b8e8]
24517:
24518: * configure.in:
24519: add check for broken dunix prot.h (4.0 < 4.0D is bad)
24520: [8a4c1e6aef3b]
24521:
24522: * getspwuid.c, secureware.c, tgetpass.c:
24523: new dunix shadow code, use dispcrypt(3)
24524: [1b936bc7268c]
24525:
24526: * config.h.in:
24527: add HAVE_INITPRIVS
24528: [4369f4c4f914]
24529:
24530: * sudo.c:
24531: call initprivs() if we have it for getprpwuid later on
24532: [11cf5915d826]
24533:
24534: * Makefile.in:
24535: clean pathnames.h too
24536: [5f1df3262613]
24537:
24538: * configure.in:
24539: quote "Sorry, try again." with [] since it has a comma in it set
24540: LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
24541: getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
24542: initprivs later.
24543: [e226b0a3f250]
24544:
24545: * INSTALL:
24546: update Digital UNIX note about acl.h
24547: [80132b71d73a]
24548:
24549: * INSTALL:
24550: add --with-sia
24551: --without-root-sudo -> --disable-root-sudo some reordering
24552: [198386358818]
24553:
24554: * secureware.c:
24555: add whitespace
24556: [4aadaf1a54b0]
24557:
24558: * Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
24559: add SIA support
24560: [fa3ddbb9cc51]
24561:
24562: * check_sia.c:
24563: Initial revision
24564: [2968551d40e4]
24565:
24566: 1998-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
24567:
24568: * configure.in:
24569: when checking for -lsocket, -lnsl, and -linet, check for the
24570: specific functions we need from them.
24571: [8d33e64362a3]
24572:
24573: * config.h.in, sudo.h:
24574: move Syslog_* defs into sudo.h
24575: [03d1774f25c7]
24576:
24577: * Makefile.in, sudo.h:
24578: added check_secureware
24579: [e46e3cbb9a97]
24580:
24581: * configure.in:
24582: finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
24583: [dbefe1856503]
24584:
24585: * insults.h:
24586: don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
24587: defined. configure now does that for us
24588: [e4520ea0581f]
24589:
24590: * configure.in:
24591: move some --with options around change a bunch of echo's to
24592: AC_MSG_CHECKING, AC_MSG_RESULT pairs
24593: [ffdf6869fdd7]
24594:
24595: * configure.in:
24596: change $with_foo-bar -> $with_foo_bar kill extra " that caused a
24597: syntax error add some echo verbage
24598: [3278c49bf74b]
24599:
24600: 1998-10-17 Todd C. Miller <Todd.Miller@courtesan.com>
24601:
24602: * check.c:
24603: moved SecureWare stuff into secureware.c
24604: [42d3d3ac35dc]
24605:
24606: * secureware.c:
24607: Initial revision
24608: [aa7f72a249cf]
24609:
24610: * INSTALL:
24611: update url to solaris gcc bins
24612: [36a3eb668777]
24613:
24614: * INSTALL:
24615: change option formatter and flesh out someentries
24616: [6fbd1db4a8ad]
24617:
24618: * TROUBLESHOOTING, sudo.pod, visudo.pod:
24619: environmental variable -> environment variable
24620: [6f14d708e32d]
24621:
24622: * BUGS:
24623: everything is now done via configure
24624: [c217858f58ab]
24625:
24626: * README:
24627: prev rev was 1.5.6
24628: [7b4177103c35]
24629:
24630: * Makefile.in:
24631: passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
24632: [31c6b0a5e0e2]
24633:
24634: * config.h.in:
24635: SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
24636: [d406a1ef6d25]
24637:
24638: * Makefile.in:
24639: merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
24640: sudoers_mode from configure
24641: [1c509500655a]
24642:
24643: * configure.in:
24644: SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
24645: the Makefile, not config.h
24646: [d4482f1492fe]
24647:
24648: * INSTALL:
24649: document all --with/--enable options
24650: [22d81b312d7f]
24651:
24652: 1998-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
24653:
24654: * insults.h:
24655: options.h is no more
24656: [560946a33f7f]
24657:
24658: * config.h.in:
24659: assimilated options.h
24660: [dd8ce74613c1]
24661:
24662: * configure.in:
24663: moved options from options.h to configure
24664: [d39662f71b4e]
24665:
24666: * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
24667: logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
24668: sudo_setenv.c, visudo.c:
24669: no more options.h
24670: [43924bf0858d]
24671:
24672: * INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
24673: remove references to options.h
24674: [ef3474295395]
24675:
24676: * dce_pwent.c, interfaces.c, sudo.c:
24677: kill sys/time.h
24678: [4d833f0034e4]
24679:
24680: * tgetpass.c:
24681: if select return < -1 still prompt for pw
24682: [e0009e5c93a2]
24683:
24684: * options.h:
24685: convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
24686: configure options
24687: [e60a1e546516]
24688:
24689: * parse.c:
24690: FAST_MATCH is no longer an optino
24691: [c448dbb3464b]
24692:
24693: * check.c:
24694: remove_timestamp() if timestamp is preposterous
24695: [70d9a86c6ecd]
24696:
24697: * options.h:
24698: convert more options to --with/--enable
24699: [34646d9b09dc]
24700:
24701: * INSTALL, aclocal.m4:
24702: logfile -> logpath
24703: [42de502bc637]
24704:
24705: * configure.in:
24706: convert more options into --with and --enable
24707: [92d0898c9844]
24708:
24709: * tgetpass.c:
24710: catch EINTR in select and restart
24711: [f045d2f234d7]
24712:
24713: * logging.c:
24714: sys/errno -> errno
24715: [7f0c5beab6f2]
24716:
24717: 1998-09-24 Todd C. Miller <Todd.Miller@courtesan.com>
24718:
24719: * sudo.c:
24720: UMASK -> SUDO_UMASK.
24721: [48f308661514]
24722:
24723: * check.c, logging.c:
24724: time.h, not sys/time.h
24725: [91de049c79e4]
24726:
24727: 1998-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
24728:
24729: * logging.c:
24730: MAILER -> _PATH_SENDMAIL
24731: [df65d6896639]
24732:
24733: * INSTALL, configure.in:
24734: no more --with-C2, now it is --disable-shadow
24735: [18bfcab3b9ab]
24736:
24737: * aclocal.m4, check.c, compat.h, config.h.in, configure.in,
24738: getspwuid.c, sudo.c, tgetpass.c:
24739: new shadow password scheme. Always include shadow support if the
24740: platform supports it and the user did not disable it via configure
24741: [2135d93bb4a9]
24742:
24743: 1998-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
24744:
24745: * configure.in:
24746: --with-getpass -> --{enable,disable}-tgetpass
24747: [451b33fdd4c7]
24748:
24749: * Makefile.in:
24750: pathnames.h -> pathnames.h.in
24751: [b109022eca69]
24752:
24753: * check.c:
24754: fix version string
24755: [761b25c314ea]
24756:
24757: * check.c:
24758: move pam_conv to be static to auth function remove pam_misc.h
24759: (solaris doesn't have one)
24760: [a682e4da987a]
24761:
24762: * aclocal.m4:
24763: _CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
24764: [e6005d0599b5]
24765:
24766: * configure.in:
24767: munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
24768: [24c0ac2155ef]
24769:
24770: * pathnames.h.in:
24771: convert to pathnames.h.in
24772: [013bddf7f684]
24773:
24774: 1998-09-19 Todd C. Miller <Todd.Miller@courtesan.com>
24775:
24776: * configure.in:
24777: fix typo in sysv4 matching case /.
24778: [2994c4f88cf5]
24779:
24780: 1998-09-18 Todd C. Miller <Todd.Miller@courtesan.com>
24781:
24782: * check.c:
24783: pam stuff needs to run as root, not user, for shadow passwords
24784: [d94ff75de503]
24785:
24786: 1998-09-17 Todd C. Miller <Todd.Miller@courtesan.com>
24787:
24788: * BUGS, INSTALL, README, configure.in:
24789: updated version
24790: [775adc7de7ac]
24791:
24792: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
24793: emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
24794: ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
24795: logging.c, options.h, parse.c, parse.lex, parse.yacc,
24796: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
24797: testsudoers.c, tgetpass.c, utime.c, visudo.c:
24798: updated version
24799: [5ca599fb6b93]
24800:
24801: * check.c:
24802: user version.h for long message
24803: [47a52ac7e542]
24804:
24805: * check.c:
24806: this is version 1.5.6
24807: [8451ac79eee2]
24808:
24809: 1998-09-16 Todd C. Miller <Todd.Miller@courtesan.com>
24810:
24811: * Makefile.in:
24812: remove errant backslash
24813: [0222a8a650ff]
24814:
24815: 1998-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
24816:
24817: * options.h, parse.yacc, pathnames.h.in:
24818: fix version string
24819: [fdee73255d64] [SUDO_1_5_6]
24820:
24821: * BUGS, CHANGES, TODO:
24822: updtaed for 1.5.6
24823: [752443bf7f26]
24824:
24825: * RUNSON:
24826: updated for 1.5.6
24827: [0f878123fe6a]
24828:
24829: 1998-09-14 Todd C. Miller <Todd.Miller@courtesan.com>
24830:
24831: * interfaces.c:
24832: kill unused localhost_mask var copy if name to ifr_tmp after we zero
24833: it
24834: [8e89c364cef2]
24835:
24836: 1998-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
24837:
24838: * INSTALL:
24839: Better description of new vs. old sudoers modes fix some typos
24840: better description of /usr/ucb/cc gotchas on slowaris
24841: [c00b2a6fc1e8]
24842:
24843: * Makefile.in:
24844: add sample.pam
24845: [ec7f6cc19b00]
24846:
24847: * sudo.c:
24848: set NewArgv[0] to user_shell, not basename(user_shell)
24849: [1e907cbc9f7b]
24850:
24851: 1998-09-12 Todd C. Miller <Todd.Miller@courtesan.com>
24852:
24853: * README:
24854: mention TROUBLESHOOTING more fix some typos
24855: [2c2e6907d4a4]
24856:
24857: * configure.in:
24858: move --enable/--disable to be after --with
24859: [9b30097f76c1]
24860:
24861: * INSTALL:
24862: document --enable/--disable
24863: [c522362e38a8]
24864:
24865: * INSTALL:
24866: document --with-pam
24867: [7e38932c78ac]
24868:
24869: 1998-09-11 Todd C. Miller <Todd.Miller@courtesan.com>
24870:
24871: * configure.in:
24872: Add message for pam users
24873: [d224f277e3cd]
24874:
24875: * sample.pam:
24876: Initial revision
24877: [3a84d7045f54]
24878:
24879: * config.h.in:
24880: fix HAVE_PAM
24881: [2f0f303ebd88]
24882:
24883: * check.c, config.h.in, configure.in:
24884: pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
24885: [ea3e0a72d707]
24886:
24887: 1998-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
24888:
24889: * config.h.in:
24890: add HOST_IN_LOG and WRAP_LOG
24891: [822c36eeb6a8]
24892:
24893: * logging.c:
24894: add WRAP_LOG and HOST_IN_LOG
24895: [3cf6052bd27e]
24896:
24897: * configure.in:
24898: add --enable-log-host and --enable-log-wrap
24899: [c968cc12b353]
24900:
24901: * aclocal.m4:
24902: use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
24903: [915fef7e11a1]
24904:
24905: 1998-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
24906:
24907: * compat.h:
24908: add howmany macro
24909: [9107a057a7c8]
24910:
24911: * tgetpass.c:
24912: include sys/param.h to get howmany macro
24913: [7e908b5e1f32]
24914:
24915: 1998-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
24916:
24917: * OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
24918: add RUNAS_DEFAULT
24919: [1e76398ea3fd]
24920:
24921: 1998-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
24922:
24923: * fnmatch.c:
24924: bring in stdio.h for NULL
24925: [69c016610cbb]
24926:
24927: * aclocal.m4:
24928: allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
24929: [15ab2972f8d0]
24930:
24931: * sudo.c:
24932: use HAVE_SET_AUTH_PARAMETERS
24933: [8abfdc8c80f7]
24934:
24935: * config.h.in:
24936: add HAVE_SET_AUTH_PARAMETERS
24937: [673a5ebd5539]
24938:
24939: * configure.in:
24940: add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
24941: [a401f5a7469a]
24942:
24943: * config.sub:
24944: add support for HI-UX/MPP SR220001 02-03 0 SR2201
24945: [cb657b7acaae]
24946:
24947: * interfaces.c:
24948: initialize previfname
24949: [26a1902f56dc]
24950:
24951: * interfaces.c:
24952: Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
24953: it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
24954: kludging it
24955: [fa5c890c313b]
24956:
24957: * configure.in:
24958: typo
24959: [bff579fbe95c]
24960:
24961: * Makefile.in:
24962: don't need special build line for sudo.tab.o
24963: [10c0a0a912e4]
24964:
24965: * Makefile.in:
24966: don't clean sudo.tab.[ch]
24967: [c40d5968efbb]
24968:
24969: * sudo.c:
24970: Sudo should prompt for a password before telling the user that a
24971: command could not be found.
24972: [d718c85a0047]
24973:
24974: * BUGS:
24975: for 1.5.6
24976: [0cc1fe5b9129]
24977:
24978: * INSTALL, README:
24979: no longer require yacc
24980: [d9096fc5b8b6]
24981:
24982: * Makefile.in:
24983: typo
24984: [70feb1aefbd5]
24985:
24986: * Makefile.in:
24987: y.tab -> sudo.tab include pre-yacc'd parse.yacc
24988: [cc802025fd44]
24989:
24990: * parse.lex:
24991: include sudo.tab.h, not y.tab.h don't break out of command args if
24992: you get a '='
24993: [728ad26dbda5]
24994:
24995: * insults.h:
24996: fix version ,
24997: [242bbce1b2d4]
24998:
24999: * ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
25000: fix version
25001: [2bb9086fea1e]
25002:
25003: * compat.h:
25004: fix version
25005: [7e634d498ce6]
25006:
25007: * getcwd.c:
25008: getcwd(3) from OpenBSD for those without it.
25009: [6c68d0df8f6c]
25010:
25011: * sudo.h:
25012: HAVE_GETWD -> HAVE_GETCWD
25013: [2ad1e64d60c0]
25014:
25015: * configure.in:
25016: pretend sunos doesn't have getcwd(3) since it opens a pipe to
25017: getpwd!
25018: [677992ba5a6a]
25019:
25020: * parse.c:
25021: use NAMLEN() macro
25022: [8f5685aa3165]
25023:
25024: * fnmatch.c:
25025: remove duplicate include of string.h
25026: [6024f3051ac3]
25027:
25028: * configure.in:
25029: call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
25030: [3d82a9c22cc2]
25031:
25032: * aclocal.m4:
25033: add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
25034: [53fbc47282f9]
25035:
25036: * config.h.in:
25037: add dev_t and ino_t
25038: [5929bb0c7e1a]
25039:
25040: 1998-07-28 Todd C. Miller <Todd.Miller@courtesan.com>
25041:
25042: * check.c:
25043: fix OTP_ONLY for opie
25044: [7edcfa78f2ec]
25045:
25046: 1998-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
25047:
25048: * testsudoers.c, tgetpass.c:
25049: include stdlib.h for malloc proto
25050: [c9f4b99a2fe9]
25051:
25052: 1998-05-19 Todd C. Miller <Todd.Miller@courtesan.com>
25053:
25054: * Makefile.in:
25055: make update_version saner
25056: [d522f93ee04a]
25057:
25058: * config.h.in:
25059: add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
25060: [c9a2d21dc608]
25061:
25062: * configure.in:
25063: check for waitpid and wait3 or no waitpid
25064: [1f18c3224184]
25065:
25066: * logging.c:
25067: used waitpid or wait3 if we have 'em
25068: [391c3279ee65]
25069:
25070: 1998-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
25071:
25072: * visudo.c:
25073: fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
25074: [fbf53b18178f]
25075:
25076: 1998-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
25077:
25078: * configure.in:
25079: don't need to explicately mention -lsocket -lnsl for sequent
25080: [1898dc055352]
25081:
25082: 1998-04-25 Todd C. Miller <Todd.Miller@courtesan.com>
25083:
25084: * configure.in:
25085: dynix should not link with -linet
25086: [278a4b9cfe2a]
25087:
25088: 1998-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
25089:
25090: * INSTALL:
25091: mention that HP-UX doesn't ship with yacc
25092: [bde5147198c0]
25093:
25094: 1998-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
25095:
25096: * check.c:
25097: ignore kerberos if we can't get the local realm
25098: [1e311a091a27]
25099:
25100: 1998-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
25101:
25102: * BUGS, INSTALL, README, configure.in:
25103: ++version
25104: [499ffc746018]
25105:
25106: * version.h:
25107: ++
25108: [35ba1ee01bd3]
25109:
25110: * Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
25111: find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
25112: logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
25113: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
25114: updated version
25115: [b4990a513f31]
25116:
25117: * check.c, sudo.h:
25118: fix version
25119: [5710795834e8]
25120:
25121: * getcwd.c:
25122: don't use popen/pclose. Do it inline.
25123: [29e57b0646a4]
25124:
25125: * lsearch.c:
25126: add rcsid
25127: [b2b55c39858d]
25128:
25129: * sudo.c:
25130: typo
25131: [d381ac39ed0f]
25132:
25133: * check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
25134: ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
25135: sudo.h:
25136: updated version
25137: [462d6e1a2d75]
25138:
25139: * check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
25140: MAX* + 1 -> MAX*
25141: [2c2eeb78d34f]
25142:
25143: * Makefile.in:
25144: getwd.c -> getcwd.c
25145: [7d718c32fc02]
25146:
25147: * config.h.in:
25148: kill HAVE_GETWD
25149: [6ad3d702343f]
25150:
25151: * configure.in:
25152: getcwd, not getwd
25153: [33e5b9841f58]
25154:
25155: * getcwd.c:
25156: use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
25157: purpose
25158: [24e58d340161]
25159:
25160: 1998-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
25161:
25162: * OPTIONS, options.h:
25163: add STUB_LOAD_INTERFACES
25164: [d747cb23ca83]
25165:
25166: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
25167: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
25168: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
25169: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
25170: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
25171: testsudoers.c, tgetpass.c, utime.c, visudo.c:
25172: updated version
25173: [0798229312cc]
25174:
25175: * configure.in:
25176: support *-ccur-sysv4 and fix two typos
25177: [24a823ad7cc9]
25178:
25179: 1998-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
25180:
25181: * configure.in:
25182: don't echo about with_logfile and with_timedir
25183: [31e4a1e2d9ad]
25184:
25185: * INSTALL:
25186: document --with-logfile and --with-timedir
25187: [674f811a40e0]
25188:
25189: * aclocal.m4:
25190: support --with-logfile and --with-timedir
25191: [2fc36b35db12]
25192:
25193: * configure.in:
25194: Add --with-logfile and --with-timedir
25195: [09045bf07e29]
25196:
25197: * sudo.c:
25198: change size computation of NewArgv for UNICOS
25199: [b50df07da3a1]
25200:
25201: 1998-02-19 Todd C. Miller <Todd.Miller@courtesan.com>
25202:
25203: * configure.in:
25204: treate -*-sysv4* like *-*-svr4
25205: [471b7ef4dbf2]
25206:
25207: 1998-02-18 Todd C. Miller <Todd.Miller@courtesan.com>
25208:
25209: * configure.in:
25210: fix spacing for --with-authenticate help
25211: [8321cb37c410]
25212:
25213: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
25214: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
25215: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
25216: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
25217: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
25218: testsudoers.c, tgetpass.c, utime.c, visudo.c:
25219: updated version
25220: [dc1ab97312eb]
25221:
25222: * parse.yacc:
25223: fix off by one error in push macro
25224: [bece59c8c3a9]
25225:
25226: 1998-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
25227:
25228: * configure.in:
25229: removed bogus alloca hack
25230: [a68dd720462d]
25231:
25232: * check.c:
25233: added AIX 4.x authenticate() support
25234: [12985eb448a0]
25235:
25236: * parse.yacc:
25237: include alloca.h if using bison and not gcc and it exists. fixes an
25238: alloca problem on hpux 10.x
25239: [e3b5c4f26072]
25240:
25241: * INSTALL:
25242: mention --with-authenticate
25243: [78a1c96820e7]
25244:
25245: * configure.in:
25246: added AIX authenticate() support
25247: [c983193ec252]
25248:
25249: * config.h.in:
25250: add HAVE_AUTHENTICATE
25251: [7b0e5f5db5d9]
25252:
25253: * interfaces.c:
25254: dynamically size ifconf buffer
25255: [10afb0e9b2f9]
25256:
25257: * configure.in:
25258: quote '[' and ']'
25259: [8fc38a4defad]
25260:
25261: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
25262: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
25263: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
25264: logging.c, options.h, parse.c, parse.lex, parse.yacc,
25265: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
25266: testsudoers.c, tgetpass.c, utime.c, visudo.c:
25267: updated version
25268: [5f66de71ec61]
25269:
25270: * visudo.pod:
25271: add ERRORS section
25272: [3df3edb73cf6]
25273:
25274: 1998-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
25275:
25276: * TROUBLESHOOTING:
25277: add busy stmp file explanation
25278: [6c555d469b6f]
25279:
25280: 1998-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
25281:
25282: * configure.in:
25283: the name of the cached var that signals whether or not you are cross
25284: compiling changed. It is now ac_cv_prog_cc_cross
25285: [123911c0658c]
25286:
25287: 1998-02-11 Todd C. Miller <Todd.Miller@courtesan.com>
25288:
25289: * INSTALL:
25290: mention glibc 2.07 is fixed wrt lsearch()\.
25291: [ded758524582]
25292:
25293: 1998-02-07 Todd C. Miller <Todd.Miller@courtesan.com>
25294:
25295: * sample.sudoers, sudoers.pod:
25296: better example of su but not root su
25297: [b3199610be21]
25298:
25299: 1998-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
25300:
25301: * Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
25302: emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
25303: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
25304: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
25305: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
25306: testsudoers.c, tgetpass.c, utime.c, visudo.c:
25307: updated version
25308: [46922b84e86b]
25309:
25310: * Makefile.in:
25311: correct regexp for updating version
25312: [8032728b2a8a]
25313:
25314: * tgetpass.c:
25315: remove bogus flush of stderr spew prompt before turning off echo.
25316: Seems to fix a weird problem where if sudo complained about a bogus
25317: stamp file the user would sometimes not have a chance to enter a
25318: password
25319: [7aa1493cc141]
25320:
25321: * check.c:
25322: fix bogus flush of stderr
25323: [6d047871c5e8]
25324:
25325: * sudo.c:
25326: close fd's <=2 not <=3 and move that chunk of code up
25327: [553e4faac195]
25328:
25329: * configure.in:
25330: support hpux1[0-9] not just hpux10
25331: [5a34a000ff8a]
25332:
25333: 1998-01-30 Todd C. Miller <Todd.Miller@courtesan.com>
25334:
25335: * parse.c:
25336: set sudoers_fp to nil after closing
25337: [221a8b4bbf34]
25338:
25339: 1998-01-24 Todd C. Miller <Todd.Miller@courtesan.com>
25340:
25341: * config.guess, config.sub:
25342: updated from autoconf 2.12
25343: [6fc86a0fc61b]
25344:
25345: * configure.in:
25346: add *-*-svr4 rule
25347: [38f0427f7c9d]
25348:
25349: 1998-01-23 Todd C. Miller <Todd.Miller@courtesan.com>
25350:
25351: * tgetpass.c:
25352: fix select usage for high fd's (dynamically allocate readfds)
25353: [c2d1f76e0321]
25354:
25355: * check.c:
25356: kill extra whitespace
25357: [d784b6c9c514]
25358:
25359: * sudo.c:
25360: do an initgroups() before running a command, unless the target user
25361: is root.
25362: [4ca561287480]
25363:
25364: 1998-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
25365:
25366: * TROUBLESHOOTING:
25367: tell people to use tabs, not spaces, in syslog.conf
25368: [8ae90a205134]
25369:
25370: 1998-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
25371:
25372: * Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
25373: parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
25374: updated version
25375: [4d855ff5de26]
25376:
25377: * check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
25378: logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
25379: updated version
25380: [8e007e178b33]
25381:
25382: * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
25383: insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
25384: updated version
25385: [9ddea5c8814d]
25386:
25387: * Makefile.in:
25388: more tweaks to update_version
25389: [047698752855]
25390:
25391: * Makefile.in:
25392: fixed up update_version rule
25393: [47b6fa34b77f]
25394:
25395: * configure.in:
25396: ++version
25397: [c1ca664e30b7]
25398:
25399: * Makefile.in:
25400: removed supe of check.c
25401: [8f340a05296a]
25402:
25403: * INSTALL:
25404: ++version I missed
25405: [a298e6c17491]
25406:
25407: * RUNSON:
25408: updated
25409: [a14f6057bc15]
25410:
25411: * BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
25412: dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
25413: goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
25414: insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
25415: parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
25416: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
25417: visudo.c:
25418: updated version
25419: [02231b1a3ab3]
25420:
25421: * CHANGES:
25422: updated for 1.5.5
25423: [634e5fcaf40b]
25424:
25425: * Makefile.in:
25426: add rules to update version stuff in files so I don't need to do it
25427: by hand
25428: [3620ad60485a]
25429:
25430: * sudo.h:
25431: sudoers_fp is now extern
25432: [88c6e9b9ea84]
25433:
25434: * sudo.c:
25435: in check_sudoers, cache the sudoers file handle in sudoers_fp so we
25436: don't have to open it again in the parse. This may help with weird
25437: solaris problems where EAGAIN sometime occurrs.
25438: [d3c26451ed1d]
25439:
25440: * parse.c:
25441: sudoers file open is now done only in check_sudoers() so we just do
25442: a rewind() instead of an open. May help people on solaris who were
25443: getting EAGAIN.
25444: [c8b8c7722fa5]
25445:
25446: 1998-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
25447:
25448: * INSTALL:
25449: mention that newer glibc is fixed
25450: [20f06f5d3ef3]
25451:
25452: 1998-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
25453:
25454: * sudo.c:
25455: newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
25456: _RLD* instead of _RLD_*
25457: [1e22c588d602]
25458:
25459: * parse.c:
25460: typo
25461: [d0b7cb85f08a]
25462:
25463: * parse.c:
25464: fix that bug for real
25465: [5a6eeca6d04b]
25466:
25467: * INSTALL:
25468: document Linux's libc6 brokenness.
25469: [0246c1aa64ee]
25470:
25471: * parse.yacc:
25472: -Wall
25473: [d0e452fb1e2d]
25474:
25475: * RUNSON:
25476: updated
25477: [4949a1bbd0a9] [SUDO_1_5_4]
25478:
25479: * TROUBLESHOOTING:
25480: remind people to HUP syslogd
25481: [590962faa4f0]
25482:
25483: * Makefile.in:
25484: add -O flag to tar
25485: [622d02de339d]
25486:
25487: * RUNSON:
25488: updated
25489: [a72930d6e615]
25490:
25491: * TODO:
25492: updated
25493: [4a51bd458390]
25494:
25495: * sudo.pod:
25496: remove author's email addr. people should mail sudo-bugs
25497: [9b6bbdb3a6d9]
25498:
25499: * INSTALL:
25500: fix version
25501: [246274c6c8af]
25502:
25503: * README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
25504: find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
25505: ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
25506: logging.c, options.h, parse.c, parse.lex, parse.yacc,
25507: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
25508: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
25509: ++version
25510: [f532ff4ee766]
25511:
25512: * RUNSON:
25513: updated
25514: [62d5c71358b5]
25515:
25516: * INSTALL, Makefile.in:
25517: ++version
25518: [1a7c7628edfc]
25519:
25520: * CHANGES:
25521: updated fort 1.5.4
25522: [7e4873508c99]
25523:
25524: * check.c:
25525: exit(1) if user enters no passwd
25526: [f382c0e35e4e]
25527:
25528: * BUGS:
25529: ++version
25530: [fab6a867ab67]
25531:
25532: * parse.c:
25533: commands can start with ./* not just /* -- fixes a serious security
25534: hole.
25535: [244d2fe35ee3]
25536:
25537: 1997-12-21 Todd C. Miller <Todd.Miller@courtesan.com>
25538:
25539: * sudo.c:
25540: Don't set the tty variable to NULL when we lack a tty, leave it as
25541: "unknown".
25542: [193b26daba03]
25543:
25544: 1997-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
25545:
25546: * sample.sudoers:
25547: fix usage of (username) in conjunction with , and !
25548: [7ae68607f68f]
25549:
25550: * visudo.c:
25551: catch the case where the user is not in the passwd file
25552: [31650258deb0]
25553:
25554: * tgetpass.c:
25555: use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
25556: select(2)
25557: [60ab2d9a9ee8]
25558:
25559: * sudo.c:
25560: define tty global to an initial value to avoid dumping core in
25561: logging functions when passwd file is unavailable.
25562: [77056c7bc908]
25563:
25564: * sudo.c:
25565: do the set_perms(PERM_USER, sudo_mode) after we have gotten the
25566: passwd entry
25567: [1fdb8e579a5a]
25568:
25569: * sudo.pod:
25570: talk about problem of ALL
25571: [1cd1905c9f6f]
25572:
25573: 1997-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
25574:
25575: * README:
25576: new web location
25577: [d24dc26f6da5]
25578:
25579: * INSTALL:
25580: fdesc bug is fixed in Open/Net BSD
25581: [7d4d81b08ac3]
25582:
25583: * HISTORY:
25584: updates from Nieusma
25585: [3a43769a1b78]
25586:
25587: 1997-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
25588:
25589: * dce_pwent.c:
25590: move compat.h after the system includes
25591: [5ea43a5968ac]
25592:
25593: 1997-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
25594:
25595: * logging.c:
25596: save errno from being clobbered by wait(). From Theo
25597: [f2d1c48cd592]
25598:
25599: 1997-05-21 Todd C. Miller <Todd.Miller@courtesan.com>
25600:
25601: * compat.h:
25602: fix an occurence of setresuid -> setreuid (typo)
25603: [394de35c9b1c]
25604:
25605: 1997-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
25606:
25607: * install-sh:
25608: check for path to strip
25609: [2b7ef824bd55]
25610:
25611: 1997-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
25612:
25613: * logging.c:
25614: deal with maxfilelen < 0 case
25615: [f0af095178d7]
25616:
25617: * OPTIONS:
25618: fixed descriptin
25619: [629f60bd4b5f]
25620:
25621: 1996-12-12 Todd C. Miller <Todd.Miller@courtesan.com>
25622:
25623: * sudo.c:
25624: correct error message if mode/owner wrong and not statable by owner
25625: but is statable by root.
25626: [cb631ce2e85e]
25627:
25628: 1996-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
25629:
25630: * config.guess, config.sub:
25631: autoconf 2.11
25632: [f3cbe59e0756]
25633:
25634: 1996-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
25635:
25636: * CHANGES, RUNSON, TODO:
25637: sudo 1.5.3.
25638: [2be3229b8626]
25639:
25640: 1996-11-14 Todd C. Miller <Todd.Miller@courtesan.com>
25641:
25642: * parse.yacc, sudo.h:
25643: command_alias -> generic_alias
25644: [c404ca8c510d] [SUDO_1_5_3]
25645:
25646: * sample.sudoers:
25647: added Runas_Alias example and fixed syntax errors
25648: [c304053f4a8a]
25649:
25650: * OPTIONS, options.h:
25651: updated MAILSUBJECT
25652: [18d1573fcd2a]
25653:
25654: * logging.c:
25655: added %h expansion
25656: [a4bff9b284fd]
25657:
25658: * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
25659: configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
25660: goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
25661: insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
25662: parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
25663: sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
25664: visudo.c:
25665: ++version
25666: [211ff20f956f]
25667:
25668: * BUGS, emul/utime.h:
25669: ++version
25670: [cde5376579e3]
25671:
25672: * sudoers.pod:
25673: document Runas_Alias
25674: [b1a58f28fb2c]
25675:
25676: * visudo.pod:
25677: q (uid) -> Q
25678: [d256649a0e6b]
25679:
25680: * visudo.c:
25681: buffer oflow checking q (uit) -> Q if yyparse() fails drop into
25682: whatnow
25683: [1cb183d15626]
25684:
25685: * parse.yacc:
25686: add size params to sprintf
25687: [9228f698921f]
25688:
25689: * parse.lex:
25690: allow trailing space after '\\' but before '\n'
25691: [f51dbbf69fdf]
25692:
25693: * find_path.c:
25694: off by one error in path size check
25695: [a6d75ccd7632]
25696:
25697: * check.c:
25698: sprintf paranoia
25699: [3ffb12d198dd]
25700:
25701: 1996-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
25702:
25703: * parse.yacc:
25704: fixed more_aliases
25705: [aab12f2a50af]
25706:
25707: * visudo.c:
25708: now warns if killed by signal ./
25709: [310c186a0fd7]
25710:
25711: 1996-11-11 Todd C. Miller <Todd.Miller@courtesan.com>
25712:
25713: * parse.yacc:
25714: fix Runas_Alias stuff Alias's in runas list now get expanded (but it
25715: is gross)
25716: [45590b83120f]
25717:
25718: * sudo.c:
25719: Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
25720: [d53e01c14c58]
25721:
25722: * parse.yacc:
25723: add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
25724: [7a4a040aae2d]
25725:
25726: * parse.lex:
25727: Add Runas_Alias and simplify a rule.
25728: [6f794a769a37]
25729:
25730: * parse.yacc:
25731: always store User_Alias's since they can be used inside of a runas
25732: list. Sigh. Really need a Runas_Alias instead.
25733: [3bab058a873e]
25734:
25735: 1996-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
25736:
25737: * visudo.c:
25738: deal with case where there is no sudoers file
25739: [fa38b3bb244d]
25740:
25741: 1996-10-12 Todd C. Miller <Todd.Miller@courtesan.com>
25742:
25743: * TROUBLESHOOTING:
25744: added one
25745: [e61346d06725]
25746:
25747: 1996-10-11 Todd C. Miller <Todd.Miller@courtesan.com>
25748:
25749: * HISTORY, testsudoers.c:
25750: developement -> development
25751: [4df55e293941]
25752:
25753: * INSTALL:
25754: added a note
25755: [3845fb83dbc0]
25756:
25757: * RUNSON:
25758: for 1.5.2
25759: [5489b7298942]
25760:
25761: * CHANGES:
25762: updated
25763: [0741834929e6]
25764:
25765: 1996-10-10 Todd C. Miller <Todd.Miller@courtesan.com>
25766:
25767: * PORTING:
25768: removed seteuid() notes
25769: [1010a60f281d] [SUDO_1_5_2]
25770:
25771: 1996-10-09 Todd C. Miller <Todd.Miller@courtesan.com>
25772:
25773: * compat.h:
25774: better seteuid() emulatino
25775: [e807623b662c]
25776:
25777: * configure.in:
25778: added check for seteuid
25779: [8cf9fabc6f4f]
25780:
25781: * config.h.in:
25782: added HAVE_SETEUID
25783: [596db46aa828]
25784:
25785: 1996-10-08 Todd C. Miller <Todd.Miller@courtesan.com>
25786:
25787: * configure.in:
25788: first stab at sequent support
25789: [b85a7bfcac76]
25790:
25791: * config.h.in:
25792: added HAVE_SYS_SELECT_H
25793: [93ecdd042463]
25794:
25795: * compat.h:
25796: sequent -> _SEQUENT_
25797: [63a38b6da98c]
25798:
25799: * compat.h:
25800: added seteuid() macro for DYNIX
25801: [695bd63c5ea6]
25802:
25803: * tgetpass.c:
25804: _AIX -> HAVE_SYS_SELECT_H
25805: [b31221211bc2]
25806:
25807: 1996-10-07 Todd C. Miller <Todd.Miller@courtesan.com>
25808:
25809: * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
25810: parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
25811: testsudoers.c, tgetpass.c, utime.c, visudo.c:
25812: ++version
25813: [8052992fd453]
25814:
25815: * check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
25816: getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
25817: ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
25818: pathnames.h.in, version.h:
25819: ++version
25820: [f7ad15e1598a]
25821:
25822: * sudo.pod:
25823: added -H and SUDO_PS1
25824: [bb965241e30c]
25825:
25826: * configure.in:
25827: use SUDO_FUNC_FNMATCH
25828: [6a8350d85fb2]
25829:
25830: * aclocal.m4:
25831: added SUDO_FUNC_FNMATCH
25832: [45b32c91c4ba]
25833:
25834: * sudo.c:
25835: added -H flag
25836: [11ebc6872fd6]
25837:
25838: * sudo.h:
25839: added MODE_RESET_HOME /
25840: [67a7f8bcbbd6]
25841:
25842: 1996-10-05 Todd C. Miller <Todd.Miller@courtesan.com>
25843:
25844: * INSTALL:
25845: mention OPIE
25846: [5723515d5bbd]
25847:
25848: * options.h:
25849: SKEY -> OTP
25850: [c1d268130bc4]
25851:
25852: * configure.in:
25853: added opie support
25854: [123872b41b20]
25855:
25856: * compat.h, config.h.in:
25857: added HAVE_OPIE
25858: [528c71afc1e5]
25859:
25860: * check.c:
25861: added HAVE_OPIE and changed to *_OTP_*
25862: [4c62f5db872a]
25863:
25864: * OPTIONS:
25865: SKEY -> OTP
25866: [bd858e5e9652]
25867:
25868: 1996-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
25869:
25870: * check.c:
25871: moved fclose() in skey stuff.
25872: [11f7dc8431a6]
25873:
25874: 1996-10-03 Todd C. Miller <Todd.Miller@courtesan.com>
25875:
25876: * putenv.c:
25877: index -> strchr remove unnecesary stuff
25878: [af2d05238062]
25879:
25880: * check.c:
25881: now call skeychallenge() to get challenge instead of making one up
25882: ourselves. this way, we get extra goodies in the prompt.
25883: [49b770d98d3a]
25884:
25885: 1996-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
25886:
25887: * CHANGES:
25888: added one
25889: [3f5149357e2a] [SUDO_1_5_1]
25890:
25891: * parse.lex:
25892: allow logins to start with a number (YUCK!)
25893: [7ed7ef324741]
25894:
25895: 1996-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
25896:
25897: * TROUBLESHOOTING:
25898: added soalris 2.5 vs 2.4 note
25899: [16160a251aae]
25900:
25901: * configure.in:
25902: DUNIX doesn't need -lnsl
25903: [be924cc322c3]
25904:
25905: * CHANGES:
25906: *** empty log message ***
25907: [1b2937521981]
25908:
25909: * check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
25910: getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
25911: ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
25912: options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
25913: strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
25914: utime.c, version.h, visudo.c:
25915: courtesan
25916: [5f203589bbfe]
25917:
25918: * PORTING, README, RUNSON:
25919: courtesan
25920: [d72517f4937e]
25921:
25922: * INSTALL, Makefile.in, TROUBLESHOOTING:
25923: courtesan
25924: [5c007e3c7a71]
25925:
25926: * visudo.pod:
25927: *** empty log message ***
25928: [37ebe85bd4e1]
25929:
25930: * sudo.pod, visudo.pod:
25931: courtesan
25932: [37f02e2130ea]
25933:
25934: 1996-09-07 Todd C. Miller <Todd.Miller@courtesan.com>
25935:
25936: * HISTORY:
25937: added courtesan ./
25938: [b01435226276]
25939:
25940: 1996-09-06 Todd C. Miller <Todd.Miller@courtesan.com>
25941:
25942: * sudo.c:
25943: added $SUDO_PROMPT support
25944: [cb1fa72c093d]
25945:
25946: 1996-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
25947:
25948: * check.c:
25949: print long skey challemged to stderr, not stdout
25950: [750fc775b3b2]
25951:
25952: 1996-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
25953:
25954: * CHANGES:
25955: updated for 1.5.1
25956: [9b615f393057]
25957:
25958: * emul/utime.h:
25959: ++version
25960: [a94de18deafb]
25961:
25962: 1996-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
25963:
25964: * RUNSON:
25965: updated for 1.5.1
25966: [4092f20ab634]
25967:
25968: 1996-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
25969:
25970: * check.c:
25971: use shost, not host for tgetpass
25972: [6061c49ff9be]
25973:
25974: * sudo.pod:
25975: documented %u and %h
25976: [6d2922d29897]
25977:
25978: * OPTIONS:
25979: documented %u and %h
25980: [1a71da13a864]
25981:
25982: * configure.in:
25983: fixed typo
25984: [1230dec2b062]
25985:
25986: * INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
25987: dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
25988: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
25989: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
25990: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
25991: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
25992: ++version
25993: [65ce8eabf77a]
25994:
25995: * BUGS:
25996: ++version
25997: [afecab53aab7]
25998:
25999: 1996-08-29 Todd C. Miller <Todd.Miller@courtesan.com>
26000:
26001: * Makefile.in, configure.in, version.h:
26002: ++version
26003: [fb3ff940d672]
26004:
26005: * sudo.h:
26006: new tgetpass() params
26007: [9eccc5b0f8ae]
26008:
26009: * check.c:
26010: pass use and host to tgetpass
26011: [c56d9d13c401]
26012:
26013: * tgetpass.c:
26014: added %u and %h escapes
26015: [04ae775d3e5d]
26016:
26017: * OPTIONS, check.c, options.h:
26018: added NO_MESSAGE
26019: [3927dad19057]
26020:
26021: * configure.in:
26022: added cray (unicos) support
26023: [1122210c5fb1]
26024:
26025: 1996-08-27 Todd C. Miller <Todd.Miller@courtesan.com>
26026:
26027: * OPTIONS, options.h, sudo.c:
26028: added SHELL_SETS_HOME
26029: [0b26909b0929]
26030:
26031: 1996-08-25 Todd C. Miller <Todd.Miller@courtesan.com>
26032:
26033: * INSTALL:
26034: added note about "make install"
26035: [7e56ea76d4b4]
26036:
26037: * parse.yacc:
26038: changed length/size params from int to size_t
26039: [5654e5ceb1b3]
26040:
26041: * OPTIONS:
26042: now get CSOPS insults as well by default
26043: [297323d0179a]
26044:
26045: * insults.h:
26046: use csops insults too by default
26047: [07fafc136169]
26048:
26049: * INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
26050: version = 1.5
26051: [4b8772b11e3b]
26052:
26053: * sudo.c:
26054: added runas_homedir
26055: [b0e0d4417a15]
26056:
26057: * TODO:
26058: updated for 1.5
26059: [66259df825d5]
26060:
26061: * RUNSON:
26062: updated for 1.5
26063: [e08bc9ebfe95]
26064:
26065: * CHANGES:
26066: 1.5 release
26067: [8c16942fea41]
26068:
26069: * INSTALL:
26070: added "upgrading" notes
26071: [210d968964ff]
26072:
26073: 1996-08-22 Todd C. Miller <Todd.Miller@courtesan.com>
26074:
26075: * visudo.c:
26076: now do chmod and chown after edit of temp file and before rename
26077: [de174e34faa7] [SUDO_1_5_0]
26078:
26079: 1996-08-18 Todd C. Miller <Todd.Miller@courtesan.com>
26080:
26081: * Makefile.in:
26082: ++version added INSTALL.configure
26083: [c9e9214f52ae]
26084:
26085: * configure.in, version.h:
26086: ++version
26087: [5985abed3eb2]
26088:
26089: * TROUBLESHOOTING:
26090: *** empty log message ***
26091: [d65c540ec52e]
26092:
26093: * parse.yacc:
26094: added missing cast
26095: [e7247319a7d5]
26096:
26097: * sudo.c:
26098: sets $HOME to pw_dir of runas user
26099: [d3f7f4d05752]
26100:
26101: * sudo.pod:
26102: document $HOME change
26103: [854454d458c4]
26104:
26105: 1996-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
26106:
26107: * sudo.pod:
26108: fixed up some wording
26109: [b0c8582f2c97]
26110:
26111: * check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
26112: interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
26113: strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
26114: visudo.c:
26115: ++version
26116: [748be723fd8b]
26117:
26118: * compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
26119: insults.h, options.h, pathnames.h.in, sudo.h:
26120: ++version
26121: [acdf8b1b2a1b]
26122:
26123: * emul/utime.h:
26124: ++version
26125: [b3f35298ab8d]
26126:
26127: * sudo.h:
26128: name nad type changes
26129: [db24ab3da141]
26130:
26131: * testsudoers.c:
26132: now works with new sudo
26133: [379346c42cc2]
26134:
26135: * parse.yacc:
26136: fixed some XXX
26137: [f5fe4c990052]
26138:
26139: * parse.yacc:
26140: some variable name changes + comment headers for functions.
26141: [3dc3bd9aa73d]
26142:
26143: * tgetpass.c:
26144: added extra paren's to make compilers happy
26145: [9e4968a34d56]
26146:
26147: * sudo.c:
26148: *** empty log message ***
26149: [70c924c1ed69]
26150:
26151: * parse.c:
26152: now uses init_parser() if not in sudoers and tries "list" or
26153: "validate" scold but don't be nasty.
26154: [c0d8fb3f8c9e]
26155:
26156: * TROUBLESHOOTING:
26157: now can use upper case login names
26158: [c772fffcefe5]
26159:
26160: * visudo.c:
26161: now uses init_parser()
26162: [b9efae7243fd]
26163:
26164: * INSTALL, README:
26165: updated
26166: [27dc8283fdc8]
26167:
26168: * PORTING:
26169: added info about PASSWORD_TIMEOUT
26170: [980e15d892f8]
26171:
26172: * INSTALL.configure:
26173: Initial revision
26174: [8292e89a08d3]
26175:
26176: * BUGS:
26177: fixed a bug ,
26178: [c6e46f5624f9]
26179:
26180: * parse.yacc:
26181: now dynamically allocates memory for the stacks -- no more
26182: overflows!
26183: [8615c35b6ad3]
26184:
26185: * sudo.pod:
26186: -l now explands command aliases
26187: [39f45605935d]
26188:
26189: * parse.yacc:
26190: hacks to expand command aliases for `sudo -l'
26191: [e4eb752608f9]
26192:
26193: * sudo.c:
26194: remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
26195: [01327ca5084b]
26196:
26197: * sudo.h:
26198: added struct command_alias
26199: [dd2f32764082]
26200:
26201: * sudo.pod:
26202: fixed a bug
26203: [e708ff08d2eb]
26204:
26205: * lsearch.c:
26206: in compar() key should be first arg
26207: [fc14c3fa62ee]
26208:
26209: 1996-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
26210:
26211: * BUGS:
26212: fixed some bugs
26213: [639dfe425bd5]
26214:
26215: * parse.yacc:
26216: can now deal with upcase HOST and USER names
26217: [c6aa7bcfb00d]
26218:
26219: * sudo.c:
26220: don't yell too loudly at non-sudoers if they do "sudo -l"
26221: [4ef146128d89]
26222:
26223: * sudo.pod:
26224: fixed thinko
26225: [830f2f0f22e7]
26226:
26227: * parse.c:
26228: fix comment
26229: [d20ce9e17ddc]
26230:
26231: 1996-08-09 Todd C. Miller <Todd.Miller@courtesan.com>
26232:
26233: * parse.c, parse.yacc:
26234: added support for new `sudo -l' stuff
26235: [7dceaef3c733]
26236:
26237: * sudo.c:
26238: now uses list_matches()
26239: [293364821b61]
26240:
26241: * sudo.h:
26242: added struct sudo_match
26243: [b2684179d179]
26244:
26245: * configure.in:
26246: now more -lgnumalloc
26247: [4f8ae42617d8]
26248:
26249: 1996-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
26250:
26251: * install-sh:
26252: added more paths for chown and whoami
26253: [6e685a19426c]
26254:
26255: 1996-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
26256:
26257: * check.c:
26258: typo
26259: [3adfa01c04bc]
26260:
26261: 1996-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
26262:
26263: * aclocal.m4:
26264: fixed DUNIX check for shadow pw
26265: [c25324bcd27b]
26266:
26267: * tgetpass.c:
26268: now only turn off echo if it is already on. this fixes a race when
26269: you use sudo in a pipelin
26270: [28388c2de21c]
26271:
26272: * INSTALL:
26273: updated
26274: [b45ac9366b7e]
26275:
26276: * configure.in:
26277: changed "test -z $foo && do_this" to if; then construct
26278: [2183c4426bca]
26279:
26280: 1996-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
26281:
26282: * configure.in:
26283: added missing defines of SHADOW_TYPE
26284: [be89ea68a7f3]
26285:
26286: 1996-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
26287:
26288: * check.c:
26289: protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
26290: only in dunix 4.x
26291: [1e7c1c677263]
26292:
26293: * getspwuid.c:
26294: added AUTH_CRYPT_C1CRYPT support
26295: [88d6b0058b20]
26296:
26297: * parse.c:
26298: no longer return VALIDATE_NOT_OK if there was a runas that didn't
26299: match. Now we can have runas stuff on more than one line.
26300: [52b68920d7b7]
26301:
26302: * getspwuid.c, sudo.c, tgetpass.c:
26303: use SHADOW_TYPE instead of HAVE_C2_SECURITY
26304: [cf401dfcbc06]
26305:
26306: * configure.in:
26307: got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
26308: something
26309: [c7a233c4dd93]
26310:
26311: * config.h.in:
26312: removed HAVE_C2_SECURITY added SPW_BSD
26313: [8314405e9754]
26314:
26315: * compat.h:
26316: use SHADOW_TYPE instead of HAVE_C2_SECURITY
26317: [6f94870df17f]
26318:
26319: * check.c:
26320: SHADOW_TYPE is always defined so just against its value
26321: [72c69a55d02f]
26322:
26323: * aclocal.m4:
26324: added SUDO_CHECK_SHADOW_DUNIX
26325: [ef025ae9d496]
26326:
26327: 1996-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
26328:
26329: * sudoers.pod:
26330: * -> ?* in one example added another instance of (runas) and one of
26331: NOPASSWD:
26332: [d74fe1dcbe7d]
26333:
26334: 1996-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
26335:
26336: * configure.in:
26337: added back check for config.cache from other host type
26338: [0ba87871f585]
26339:
26340: * parse.lex:
26341: removed an instance of \"
26342: [1e008d3709f6]
26343:
26344: * sample.sudoers:
26345: added an example
26346: [dbfcf68ee330]
26347:
26348: * sudoers.pod:
26349: updated wrt new wildcard matching
26350: [193fa44a475b]
26351:
26352: * configure.in:
26353: new check for shadow passwords if we don't know anything
26354: [67465df7dc9a]
26355:
26356: * aclocal.m4:
26357: new SUDO_CHECK_SHADOW_GENERIC
26358: [3563b16a41b8]
26359:
26360: * configure.in:
26361: added back check for -lsocket (oops)
26362: [a80882ee1cb6]
26363:
26364: * configure.in:
26365: better (working) check for shadow passwd type if we know to use C2.
26366: [3cdd2a59a641]
26367:
26368: * configure.in:
26369: now uses AC_CANONICAL_HOST to figure out os type
26370: [80db7fe6e704]
26371:
26372: * Makefile.in:
26373: added config.{guess,sub}
26374: [c6be7e3ca384]
26375:
26376: * aclocal.m4:
26377: removed unused stuff to figure out os type
26378: [c9a0f3b57123]
26379:
26380: * config.sub:
26381: added openbsd
26382: [bfc6bfec3668]
26383:
26384: * config.sub:
26385: Initial revision
26386: [e6e06ce0d17d]
26387:
26388: * config.guess:
26389: Initial revision
26390: [99dd06f79199]
26391:
26392: * testsudoers.c:
26393: don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
26394: pathname. need to check against sudoers_args even if user_args is
26395: nil
26396: [66e6cf77f5d6]
26397:
26398: * parse.c:
26399: don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
26400: pathname need to check against sudoers_args even if user_args is nil
26401: [74374df17311]
26402:
26403: 1996-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
26404:
26405: * check.c:
26406: added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
26407: [cbb00261c415]
26408:
26409: * testsudoers.c:
26410: now takes command line args and uses cmnd_args
26411: [f0c2fd35a527]
26412:
26413: * parse.lex:
26414: fill_args was adding an extra leading space
26415: [692fc999b2e8]
26416:
26417: 1996-07-22 Todd C. Miller <Todd.Miller@courtesan.com>
26418:
26419: * visudo.c:
26420: fixed dummy command_matches()
26421: [93d9543db6e2]
26422:
26423: * parse.yacc:
26424: fixed prototype
26425: [7b0addfbd429]
26426:
26427: * sudo.h:
26428: added cmnd_args
26429: [8f47c4ae65ef]
26430:
26431: * parse.yacc:
26432: now uses flat args string
26433: [016e65877da3]
26434:
26435: * parse.c, parse.lex:
26436: now uses flat arg string
26437: [5b5f2e3f4c09]
26438:
26439: * visudo.c:
26440: added cmnd_args def
26441: [876867134775]
26442:
26443: * sudo.c:
26444: now sets cmnd_args global
26445: [e6fee70cb59b]
26446:
26447: * logging.c:
26448: cmnd_args is now exported from sudo.[ch]
26449: [7a9cd36e356f]
26450:
26451: 1996-07-21 Todd C. Miller <Todd.Miller@courtesan.com>
26452:
26453: * parse.yacc:
26454: can't rely on cmnd_matches as much as I thought -- added some $$
26455: stuff back in to prevent namespace pollution problems.
26456: [3c45fedb5af3]
26457:
26458: * parse.yacc:
26459: Simplified parse rules wrt runas and NOPASSWD (more consistent).
26460: [e6d838c8a4c7]
26461:
26462: 1996-07-20 Todd C. Miller <Todd.Miller@courtesan.com>
26463:
26464: * parse.lex:
26465: NOPASSWD may now have blanks before the ':' '(' only starts a
26466: 'runas' if in the initial state to avoid collision with command args
26467: [c5c01172f499]
26468:
26469: * configure.in:
26470: added checks for specific shadow passwd schemes
26471: [b7e3d1f7b84f]
26472:
26473: * aclocal.m4:
26474: added routines to check for specific shadow passwd types
26475: [e5e1d19960a6]
26476:
26477: 1996-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
26478:
26479: * configure.in:
26480: added support for ncr boxen
26481: [bea9dc5aae7f]
26482:
26483: * aclocal.m4:
26484: added support for detecting ncr boxen
26485: [8653a158a924]
26486:
26487: 1996-07-16 Todd C. Miller <Todd.Miller@courtesan.com>
26488:
26489: * configure.in:
26490: added sinix support
26491: [5de2b2173ee1]
26492:
26493: 1996-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
26494:
26495: * TROUBLESHOOTING:
26496: added info about "config.cache from other other" error.
26497: [845b10198e0b]
26498:
26499: * aclocal.m4:
26500: now makes sure you don't have a config.cache file from another OS
26501: [4fe32571c021]
26502:
26503: * configure.in:
26504: now sets $LIBS when needed to configure links with libs when doing
26505: tests hpux10 now uses SPW_SECUREWARE for C2 added check for
26506: bigcrypt(3) if SPW_SECUREWARE
26507: [2df6b8ca538f]
26508:
26509: * getspwuid.c:
26510: fixed typo
26511: [fe1cb1d792d6]
26512:
26513: * tgetpass.c:
26514: now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
26515: [f71138372c07]
26516:
26517: * getspwuid.c:
26518: no more SPW_HPUX10
26519: [cfdeb18bc16b]
26520:
26521: * config.h.in:
26522: no more SPW_HPUX10 added HAVE_BIGCRYPT
26523: [00d296479a61]
26524:
26525: * compat.h:
26526: now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
26527: [6c6d9e680417]
26528:
26529: * check.c:
26530: SPW_SECUREWARE now uses bigcrypt
26531: [be71fc66690f]
26532:
26533: 1996-07-13 Todd C. Miller <Todd.Miller@courtesan.com>
26534:
26535: * sample.sudoers:
26536: fixed 2 syntax errors
26537: [45eee19ef4ac]
26538:
26539: * sudoers:
26540: root may now run ALL as ALL
26541: [1b54c6b9b212]
26542:
26543: 1996-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
26544:
26545: * interfaces.c:
26546: fixed a typo/thinko that broke BSD's with sa_len
26547: [603438360126]
26548:
26549: 1996-07-08 Todd C. Miller <Todd.Miller@courtesan.com>
26550:
26551: * check.c, configure.in:
26552: updated AFS support
26553: [e572eb8d177a]
26554:
26555: * TROUBLESHOOTING:
26556: added entry about /usr/ucb/cc
26557: [025b353aa9d3]
26558:
26559: * INSTALL:
26560: prep no longer holds gcc binaries
26561: [8b0942958049]
26562:
26563: * INSTALL:
26564: updated AFS note
26565: [7af6efd5abe4]
26566:
26567: * Makefile.in:
26568: added @AFS_LIBS@
26569: [97b6fe6ad7d6]
26570:
26571: * compat.h:
26572: AFS allows long passwords
26573: [5fb17122c302]
26574:
26575: * testsudoers.c:
26576: fixed -u user support
26577: [b1a0c1648639]
26578:
26579: * parse.c:
26580: sudo -v now groks VALIDATE_OK_NOPASS
26581: [74fc03fffe7e]
26582:
26583: * parse.yacc:
26584: fixed no_passwd vs. runas_matched
26585: [549a9b791a6a]
26586:
26587: * TROUBLESHOOTING:
26588: took out stuff about NFS-mounting since it is no longer an issue
26589: [d95ab7fbbc61]
26590:
26591: * INSTALL:
26592: added --with-libraries > --with-libpath --with-incpath
26593: [d5d15a7a0f4c]
26594:
26595: * parse.yacc:
26596: was setting runas_matches to -1 in wrong place
26597: [db2b1deb8d33]
26598:
26599: * check.c:
26600: removed usersec.h which is not present in new AFS versions
26601: [618b016dd17f]
26602:
26603: * tgetpass.c:
26604: now deals with timeout <= 0
26605: [ba53a1257255]
26606:
26607: * OPTIONS:
26608: updated
26609: [75093bd8fdca]
26610:
26611: * configure.in:
26612: BSD/OS >= 2.0 now uses shlicc instead of just gcc
26613: [ff6dbf7825c2]
26614:
26615: * sudo.c:
26616: fixed backwards compatibility with sudo 1.4 sudoers mode for root
26617: readable/writable filesystems
26618: [2694ed627221]
26619:
26620: * Makefile.in:
26621: now gives INSTALL -c flag
26622: [63db055a2fd1]
26623:
26624: * parse.yacc:
26625: slightly simpler initialization of no_passwd and runas_matches
26626: [463a1b5fa323]
26627:
26628: * testsudoers.c:
26629: added -u username support
26630: [38b072fcd6b3]
26631:
26632: * configure.in:
26633: improved --with-libraries support
26634: [047dbc5f0af2]
26635:
26636: 1996-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
26637:
26638: * configure.in:
26639: added --with-incpath, --with-libpath, --with-libraries
26640: [20f20d6c718c]
26641:
26642: * parse.yacc:
26643: now initializes some fields that weren't getting set to -1 pretty
26644: gross -- need a rewrite.
26645: [021c160390c6]
26646:
26647: 1996-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
26648:
26649: * alloca.c:
26650: removed emacs'isms
26651: [9d4ec2efe057]
26652:
26653: * configure.in:
26654: no longer add -lPW to *_LIBS since we include alloca.c
26655: [a626d1bbea80]
26656:
26657: * config.h.in:
26658: added HAVE_ALLOCA_H
26659: [15491e2a6cff]
26660:
26661: * Makefile.in:
26662: added alloca.c
26663: [0400f25e1fe4]
26664:
26665: * alloca.c:
26666: Initial revision
26667: [06d033aa4882]
26668:
26669: * configure.in:
26670: ++version
26671: [f52c0fb98f90]
26672:
26673: 1996-06-25 Todd C. Miller <Todd.Miller@courtesan.com>
26674:
26675: * sudo.c:
26676: now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
26677: not always set to a valid uid.
26678: [c2669f77704d]
26679:
26680: * OPTIONS:
26681: fixed entry for SUDO_MODE
26682: [d7272f6035b8]
26683:
26684: * sudo.c:
26685: Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
26686: being set to -2. Now beat NFS to the punch and set uid to "nobody"
26687: ourselves, preserving group 0 to read sudoers.
26688: [b1fbc5dd1e34]
26689:
26690: * parse.c:
26691: moved set_perms(PERM_ROOT) to be before yyparse()
26692: [7619d8080735]
26693:
26694: * logging.c:
26695: fixed a typo
26696: [318acc48cde0]
26697:
26698: * configure.in:
26699: no longer need AC_PROG_INSTALL
26700: [de01b1336dc8]
26701:
26702: * Makefile.in:
26703: always use install-sh to avoid install(1)'s that use get{pw,gr}nam
26704: [ea2351986406]
26705:
26706: * INSTALL:
26707: make clean -> make distclean
26708: [704a98e8ba10]
26709:
26710: 1996-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
26711:
26712: * parse.yacc:
26713: removed some unnecsary if's
26714: [f00db6508132]
26715:
26716: * Makefile.in, version.h:
26717: ++version
26718: [bdb6740b24c8]
26719:
26720: * parse.c, testsudoers.c:
26721: now includes netgroup.h
26722: [93f5a06352bc]
26723:
26724: * interfaces.c:
26725: removed cats of ioctl to int since they didn't shut up -Wall
26726: [83e9f912cd7a]
26727:
26728: * interfaces.c:
26729: explicately cast ioctl() to int since it it not always declared
26730: [2ff9294e469e]
26731:
26732: * sudo.h:
26733: added declarations for yyparse() and yylex()
26734: [6071321ab771]
26735:
26736: * parse.yacc:
26737: fixed an occurence of '==' -> '='
26738: [2c46d2e11d57]
26739:
26740: * config.h.in, configure.in:
26741: added check for netgroup.h
26742: [73403050f4e3]
26743:
26744: * sudo.c:
26745: fixed 2 compiler warnings
26746: [680929b0bd97]
26747:
26748: * sudo.c:
26749: SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
26750: initialized
26751: [18707ecd07c2]
26752:
26753: 1996-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
26754:
26755: * sudo.pod:
26756: fixed a typo
26757: [e4b5c12aa130]
26758:
26759: 1996-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
26760:
26761: * parse.yacc:
26762: fixed a formatting thingie
26763: [c79327b6f19b]
26764:
26765: * parse.c, parse.yacc:
26766: fixed -u support with multiple user lists on a line
26767: [e4d1066adca2]
26768:
26769: * configure.in:
26770: unixware needs -lgen
26771: [b5bf9bca63cc]
26772:
26773: * README:
26774: updated ftp location
26775: [b25a033f7921]
26776:
26777: * sudoers.pod:
26778: add net_addr/netmask support
26779: [674e83516d1e]
26780:
26781: * sample.sudoers:
26782: added net_addr/mask example
26783: [774878e89b28]
26784:
26785: * parse.c, parse.lex:
26786: added support for net_addr/netmask
26787: [e33de27325d8]
26788:
26789: 1996-06-16 Todd C. Miller <Todd.Miller@courtesan.com>
26790:
26791: * sudoers.pod:
26792: ^ -> !
26793: [1a084950d6ef]
26794:
26795: 1996-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
26796:
26797: * RUNSON:
26798: updated for 1.4.3
26799: [c82019025d09]
26800:
26801: * CHANGES:
26802: udpated for 1.4.3
26803: [ceaa81adb8f0]
26804:
26805: * BUGS, TODO, TROUBLESHOOTING:
26806: updated
26807: [ff94fae4b853]
26808:
26809: * sample.sudoers:
26810: updated with examples of new stuff
26811: [99d0b4cb4c9c]
26812:
26813: * INSTALL, README:
26814: ++version
26815: [b763b80fe836]
26816:
26817: * sudoers.pod:
26818: updated wrt -u and NOPASSWD
26819: [0b5b722ea0f4]
26820:
26821: * sudo.pod:
26822: updated wrt -u and CAVEATS
26823: [71d5d53b5d18]
26824:
26825: 1996-06-09 Todd C. Miller <Todd.Miller@courtesan.com>
26826:
26827: * sudo.c:
26828: fixed usage()
26829: [114c7d09b550]
26830:
26831: * parse.lex:
26832: now use :foo: character classes (makes no diff for generated lexer)
26833: [7b0aeb737a02]
26834:
26835: 1996-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
26836:
26837: * check.c:
26838: fixed LONG_SKEY_PROMPT stuff
26839: [0efe78b4bdda]
26840:
26841: 1996-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
26842:
26843: * visudo.c:
26844: fixed a comment
26845: [3d289017104b]
26846:
26847: * lsearch.c:
26848: make more like NetBSD one -- now compiles w/o warnings
26849: [932206296a54]
26850:
26851: * emul/search.h:
26852: fixed decls of lsearch()
26853: [c58cf4584c45]
26854:
26855: * config.h.in, configure.in, getspwuid.c:
26856: added SPW_HPUX10
26857: [d74e5eaa5f17]
26858:
26859: * check.c:
26860: hpux 10 uses bigcrypt() if C2
26861: [359eb63f4021]
26862:
26863: 1996-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
26864:
26865: * parse.c:
26866: now always uses fnmatch to match args
26867: [a9d91f35256a]
26868:
26869: * tgetpass.c:
26870: back to using stdio instead of raw i/o since that caused some
26871: problems
26872: [e7ce2bc92974]
26873:
26874: 1996-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
26875:
26876: * sudo.c:
26877: now give usage warning if use -l,-v,-k with args
26878: [6b48180c4fea]
26879:
26880: 1996-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
26881:
26882: * sudo.c:
26883: NewArgc is now set to 1 for -l, -v, -k
26884: [7497cb1416a8]
26885:
26886: * sudo.c:
26887: now sets sudoers to correct group if mode is 0400
26888: [484c43d99718]
26889:
26890: * install-sh:
26891: updated to version used by inn and bind
26892: [28683ad8725a]
26893:
26894: * configure.in:
26895: now uses -lgnumalloc if it exists
26896: [3651ca4415a2]
26897:
26898: * Makefile.in:
26899: "make install" now sets uid/gid and mode on sudoers if it exists
26900: [1f5216191ae9]
26901:
26902: * sudo.c:
26903: rmeoved debugging statements
26904: [aeda278e2c26]
26905:
26906: * parse.yacc:
26907: added a missing free()
26908: [592c9482a159]
26909:
26910: * sudo.c:
26911: now uses user_gid instead of getegid (which was wrong anyway) to set
26912: SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
26913: (logging.c depends on args being in the environment)
26914: [9f5328a3b942]
26915:
26916: * logging.c:
26917: now uses SUDO_COMMAND envariable to get command args rather than
26918: building it up again.
26919: [7f8edc5bccb7]
26920:
26921: * parse.c:
26922: now uses user_gid
26923: [4b9303ae45fe]
26924:
26925: * sudo.c:
26926: fixed off by one error in allocation NewArgv
26927: [921ea1a4e7c6]
26928:
26929: * parse.c:
26930: in sudoers, 'command ""' now means command with no args
26931: [a5273648ace2]
26932:
26933: * configure.in:
26934: added check for fnmatch(3) and fnmatch.h
26935: [258916a7866f]
26936:
26937: * config.h.in:
26938: added HAVE_FNMATCH
26939: [b9860d361e93]
26940:
26941: * Makefile.in:
26942: replaced wildcat.* with fnmatch.*
26943: [03ad9ee21a1c]
26944:
26945: * testsudoers.c:
26946: now uses fnmatch()
26947: [5a7f7de987a9]
26948:
26949: 1996-05-27 Todd C. Miller <Todd.Miller@courtesan.com>
26950:
26951: * parse.c:
26952: now uses fnmatch() instead of wildmat a trailing star (*) by itself
26953: now matches multiple args added support for wildcards in the
26954: pathname in sudoers
26955: [1f7fb950b868]
26956:
26957: 1996-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
26958:
26959: * fnmatch.c:
26960: now includes compat.h and config.h
26961: [090206b95cf8]
26962:
26963: * config.h.in:
26964: added HAVE_FNMATCH_H
26965: [90eb42150173]
26966:
26967: * configure.in:
26968: now checks for alloca() (if needed by bison or dce) and links with
26969: -lPW if it contains alloca() and libv and compiler do not.
26970: [cfa2b3cef49a]
26971:
26972: * emul/fnmatch.h, fnmatch.3, fnmatch.c:
26973: Initial revision
26974: [20b1f762a32a]
26975:
26976: 1996-04-29 Todd C. Miller <Todd.Miller@courtesan.com>
26977:
26978: * sudo.c:
26979: now fixes mode on sudoers if set to 0400 to aid in upgrade
26980: [d4bdfd521820]
26981:
26982: 1996-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
26983:
26984: * Makefile.in:
26985: fixed pod2man usage
26986: [5adf2ec77b27]
26987:
26988: * Makefile.in, configure.in, version.h:
26989: ++version
26990: [b4029de876d0]
26991:
26992: * testsudoers.c, visudo.c:
26993: runas_user is now initialized to "root"
26994: [8537d97bff39]
26995:
26996: * sudo.h:
26997: removed PERM_FULL_ROOT
26998: [241f8bbf647f]
26999:
27000: * sudo.c:
27001: runas_user defaults to "root" so no more need to PERM_RUNAS
27002: [fc0c0dfc72ba]
27003:
27004: * parse.c:
27005: will now only running commands as root if there was no runas list
27006: (or if root is in the runas list)
27007: [40c587666c81]
27008:
27009: * logging.c:
27010: now logs "USER=%s"
27011: [b733504c87fd]
27012:
27013: * parse.yacc:
27014: runas_matches is now set to false if we get a negative match
27015: [5495b150b300]
27016:
27017: * parse.lex:
27018: make #uid work + some minor cleanup
27019: [07851bbce03a]
27020:
27021: * sample.sudoers:
27022: added support for NOPASSWD and "runas" from garp@opustel.com /
27023: [7a9c67b51fa5]
27024:
27025: * visudo.c:
27026: added support for "runas" from garp@opustel.com replaced
27027: SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
27028: SUDOERS_MODE
27029: [e714209b9885]
27030:
27031: * testsudoers.c:
27032: added support for "runas" from garp@opustel.com
27033: [b837f856da10]
27034:
27035: * sudo.h:
27036: added support for NO_PASSWD and runas from garp@opustel.com replaced
27037: SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support
27038: fro SUDOERS_MODE
27039: [cea6f26679b7]
27040:
27041: * sudo.c:
27042: added support for NO_PASSWD and runas from garp@opustel.com replaced
27043: SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
27044: SUDOERS_MODE
27045: [61b5434237c5]
27046:
27047: * parse.yacc:
27048: added support for NO_PASSWD and runas from garp@opustel.com
27049: [72ebd3056f22]
27050:
27051: * parse.c, parse.lex:
27052: added support for NO_PASSWD and runas from garp@opustel.com
27053: [fef6dbdd114d]
27054:
27055: * logging.c:
27056: added support for SUDOERS_WRONG_MODE and "runas"
27057: [e794efc2b443]
27058:
27059: * configure.in:
27060: added --with-CC only link with -lshadow on linux (with shadow pw) if
27061: libc lacks getspnam()
27062: [3ecf4ae21002]
27063:
27064: * OPTIONS, options.h:
27065: removed NO_PASSWD since it is not possible to do this in the sudoers
27066: file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
27067: SUDOERS_GID. Added SUDOERS_MODE.
27068: [2eaa4891ef48]
27069:
27070: * Makefile.in:
27071: now uses SUDOERS_UID and SUDOERS_GID
27072: [8d615f0fdb2a]
27073:
27074: 1996-04-27 Todd C. Miller <Todd.Miller@courtesan.com>
27075:
27076: * INSTALL:
27077: added --with-CC
27078: [a1b8286a81b8]
27079:
27080: 1996-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
27081:
27082: * parse.lex:
27083: added double quote support
27084: [a5e4fc7e3a2b]
27085:
27086: * sudoers.pod:
27087: documented double quoting
27088: [c6ea47969a44]
27089:
27090: 1996-04-05 Todd C. Miller <Todd.Miller@courtesan.com>
27091:
27092: * mkinstalldirs:
27093: Initial revision
27094: [dcb86d65ad8f]
27095:
27096: * check.c:
27097: fixed some indentation
27098: [4d1c5ab8072b]
27099:
27100: * Makefile.in:
27101: fixed a typo
27102: [0d27eebc7227]
27103:
27104: * Makefile.in:
27105: added install-dirs .
27106: [f499b99b8be7]
27107:
27108: 1996-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
27109:
27110: * dce_pwent.c:
27111: new version from "Jeff A. Earickson" <jaearick@colby.edu>
27112: [422481be5fbd]
27113:
27114: 1996-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
27115:
27116: * configure.in:
27117: $CSOPS -> $with_csops (whoops, missed one)
27118: [b04c6948130e]
27119:
27120: * BUGS:
27121: updated
27122: [c4d5713e227d]
27123:
27124: * parse.lex:
27125: FQHOST now has same constraints as non-FQHOST
27126: [e1c3bf2381d1]
27127:
27128: * INSTALL:
27129: added note about OS's w/ shadow passwords turned on by default
27130: [166257f43be4]
27131:
27132: 1996-04-02 Todd C. Miller <Todd.Miller@courtesan.com>
27133:
27134: * configure.in:
27135: fixed a typo
27136: [e5c3e2e9a359]
27137:
27138: * configure.in:
27139: added support for --without-THING sanitized shadow pw situtation by
27140: adding support for
27141: --without-C2
27142: [65dc6bf64cce]
27143:
27144: * tgetpass.c:
27145: fixed a typo wrt placement of an end paren
27146: [a8780f818231]
27147:
27148: * check.c:
27149: was closing an fd that may not have been opened
27150: [760271c7bdc9]
27151:
27152: 1996-03-22 Todd C. Miller <Todd.Miller@courtesan.com>
27153:
27154: * OPTIONS, options.h, sudo.c:
27155: added NO_PASSWD
27156: [28ff1dc93d7a]
27157:
27158: 1996-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
27159:
27160: * configure.in:
27161: now always use shadow pw on some arches
27162: [069161ccffda]
27163:
27164: 1996-03-19 Todd C. Miller <Todd.Miller@courtesan.com>
27165:
27166: * configure.in:
27167: added pyramid support
27168: [a0eb57a3a531]
27169:
27170: * configure.in:
27171: no longer check for C2 if alternate passwd method is used no longer
27172: check for some libs twice
27173: [2d0c3c902b40]
27174:
27175: * parse.yacc:
27176: moved fqdn stuff into parse.lex (FQHOST)
27177: [d9c9abd481d8]
27178:
27179: * parse.lex:
27180: added FQHOST rules
27181: [4a1695acff6d]
27182:
27183: * tgetpass.c:
27184: now define TCSASOFT in necesary
27185: [3fac2e21c9ab]
27186:
27187: * tgetpass.c:
27188: now uses read/write instead of stdio string goop to avoid problems
27189: with select(2)
27190: [67fd174e518c]
27191:
27192: * OPTIONS, find_path.c, options.h:
27193: -DNO_DOT_PATH -> -DIGNORE_DOT_PATH
27194: [d05ba5100d28]
27195:
27196: 1996-03-17 Todd C. Miller <Todd.Miller@courtesan.com>
27197:
27198: * INSTALL:
27199: added note about no shadow auto-detect if using alternate auth
27200: schemes
27201: [b425592232a3]
27202:
27203: * configure.in:
27204: don't check for C2 if AFS or DCE (unless they said --with-C2)
27205: [61342962171a]
27206:
27207: * testsudoers.c:
27208: now groks shost
27209: [85dda17303f6]
27210:
27211: * OPTIONS, find_path.c, options.h:
27212: added NO_DOT_PATH
27213: [c261ca1fb196]
27214:
27215: 1996-03-16 Todd C. Miller <Todd.Miller@courtesan.com>
27216:
27217: * find_path.c:
27218: checkdot now works correctly
27219: [3bc4835bb3e9]
27220:
27221: 1996-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
27222:
27223: * configure.in:
27224: can't have DCE and C2 passwords both...
27225: [fb9a8ab7ca66]
27226:
27227: 1996-03-11 Todd C. Miller <Todd.Miller@courtesan.com>
27228:
27229: * parse.yacc, sudo.c, sudo.h, visudo.c:
27230: now uses shost even if not FQDN
27231: [87f7498b3a1f]
27232:
27233: * configure.in:
27234: now looks for skey in /usr/lib and doesn't require libskey to be in
27235: /usr/local/lib just because skey.h is (for my netbsd box :-)
27236: [ceb1763e37d2]
27237:
27238: * aclocal.m4, config.h.in, pathnames.h.in:
27239: _SUDO_PATH_ -> _CONFIG_PATH_
27240: [84d97ad13d75]
27241:
27242: * aclocal.m4, sudo.pod:
27243: /var/run/.odus -> /var/run/sudo
27244: [922da220b8f5]
27245:
27246: * pathnames.h.in:
27247: now uses _SUDO_PATH_TIMEDIR
27248: [5ecab0155fdf]
27249:
27250: * OPTIONS:
27251: udpated FQDN
27252: [361b6f7440c0]
27253:
27254: * aclocal.m4, configure.in:
27255: added SUDO_TIMEDIR
27256: [368c95c8c950]
27257:
27258: * config.h.in:
27259: added _SUDO_PATH_TIMEDIR
27260: [3879864d808c]
27261:
27262: * sudo.pod:
27263: updated wrt /var/run/sudo
27264: [9e14f2a429d3]
27265:
27266: * sudo.c, sudo.h:
27267: added support for shost if FQDN
27268: [51a3f51a09a1]
27269:
27270: * parse.yacc, visudo.c:
27271: now uses shost if FQDN
27272: [d19da2e92b42]
27273:
27274: * check.c:
27275: Now use skeylookup() instead off skeychallenge()
27276: [4c7438bb2ae0]
27277:
27278: 1996-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
27279:
27280: * logging.c:
27281: mail_argv should not contain ALERTMAIL as it includes "-t"
27282: [67ffaaa8f843]
27283:
27284: 1996-02-22 Todd C. Miller <Todd.Miller@courtesan.com>
27285:
27286: * INSTALL, Makefile.in, README, configure.in, version.h:
27287: ++version
27288: [e08fd4a809fc]
27289:
27290: * compat.h:
27291: added more _PASSWD_LEN stuff -- now uses PASS_MAX too
27292: [2f20c3153689]
27293:
27294: * tgetpass.c:
27295: now includes limits.h moved _PASSWD_LEN -> compat.h
27296: [b1ca3cafdacc]
27297:
27298: 1996-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
27299:
27300: * INSTALL, README:
27301: ++version
27302: [3eacf32803f5]
27303:
27304: * Makefile.in:
27305: ++versoin
27306: [3b91c317630a]
27307:
27308: * Makefile.in:
27309: fixed a typo
27310: [3661ac4a7803]
27311:
27312: * configure.in:
27313: ++version
27314: [60e842973745]
27315:
27316: 1996-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
27317:
27318: * RUNSON:
27319: updated
27320: [def2c3c24195]
27321:
27322: * CHANGES:
27323: done for 1.4.1 (I hope)
27324: [2ab543769a40]
27325:
27326: * sudoers.pod:
27327: added info on wildcards
27328: [ce3bd41bc063]
27329:
27330: * sample.sudoers:
27331: added wildcard example
27332: [762feb0577bd]
27333:
27334: * Makefile.in:
27335: now uses *.pod to build *.man and *.cat & *.html
27336: [3ec14962028b]
27337:
27338: * configure.in:
27339: addedSUDO_PROG_BSHELL !ll
27340: [3c80b320bf16]
27341:
27342: * visudo.pod:
27343: fixed up some formatting
27344: [12166c434526]
27345:
27346: * sudoers.pod:
27347: redid section describing sample sudoers stuff
27348: [b8065cceec71]
27349:
27350: * sudo.pod:
27351: fixed some formatting
27352: [aa9a681add0f]
27353:
27354: * getspwuid.c:
27355: now treats "" as bourne shell
27356: [30194a72ad56]
27357:
27358: * Makefile.in:
27359: TESTOBJS nwo includes wildmat.o
27360: [86cc6500f84d]
27361:
27362: * testsudoers.c:
27363: now works with NewArg[cv]
27364: [2f72674ce942]
27365:
27366: * sudo.c:
27367: removed an XXX (fixed it in getspwuid.c)
27368: [e791ee0d1a68]
27369:
27370: * aclocal.m4:
27371: added check for bourne shell
27372: [a2fd51676b8a]
27373:
27374: * pathnames.h.in:
27375: added _PATH_BSHELL
27376: [e7c10011d47b]
27377:
27378: * config.h.in:
27379: added _SUDO_PATH_BSHELL
27380: [6a1182898de9]
27381:
27382: 1996-02-04 Todd C. Miller <Todd.Miller@courtesan.com>
27383:
27384: * visudo.c:
27385: unixware vi returns 256 instead of 0
27386: [234ffc7c6786]
27387:
27388: * INSTALL:
27389: added Linux note
27390: [5f85efcd2b58]
27391:
27392: * logging.c:
27393: fixed up some XXX's. file log format now looks a little more like
27394: real syslog(3) format.
27395: [6df55707bfc3]
27396:
27397: * README, TROUBLESHOOTING:
27398: updated wrt lex/flex
27399: [eb787d69156b]
27400:
27401: * Makefile.in:
27402: commented out rule to build lex.yy.c from parse.lex since we ship
27403: with a pre-flex'd parser
27404: [7507e2ce4a95]
27405:
27406: * parse.c, parse.yacc, visudo.c:
27407: path_matches -> command_matches
27408: [0bd469424f86]
27409:
27410: * logging.c:
27411: eliminated some strcat()'s
27412: [9878a79bc374]
27413:
27414: * configure.in:
27415: no longer checks for lex/flex (now assumes flex)
27416: [a086ccc73798]
27417:
27418: * configure.in:
27419: now checks for $kerb_dir_candidate/krb.h instead of just
27420: kerb_dir_candidate
27421: [9133bc3c5208]
27422:
27423: 1996-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
27424:
27425: * parse.yacc:
27426: now use a 'hook' expression instead of an iffy one :-)
27427: [9560df01b8c0]
27428:
27429: 1996-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
27430:
27431: * visudo.c:
27432: now works with new sudo arg stuff
27433: [310a0d43ddad]
27434:
27435: * parse.yacc:
27436: fixed dereferencing deadbeef
27437: [474ef8a8006b]
27438:
27439: * sudo.c:
27440: changed an occurrence of Argv to NewArgv
27441: [205b012b7691]
27442:
27443: * parse.lex:
27444: took out support for quoted commands since there is no need...
27445: [5c5036d353b1]
27446:
27447: * parse.c:
27448: fixed a typo in a for() loop
27449: [7e8d5283c43b]
27450:
27451: * logging.c:
27452: protected against dereferencing rogue pointers
27453: [56debd517717]
27454:
27455: * sudo.c:
27456: now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
27457: also allows us to eliminate some kludges in parse_args() and
27458: eliminate superfluous code.
27459: [5122f66ad150]
27460:
27461: * logging.c:
27462: no longer uses cmnd_args, now uses NewArgv instead.
27463: [abddd23cf068]
27464:
27465: * sudo.h:
27466: added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
27467: (no longer used)
27468: [78410984fb05]
27469:
27470: * Makefile.in:
27471: added wildmat.c to SRCS & SUDOBJS
27472: [3800efb41794]
27473:
27474: * parse.yacc:
27475: COMMAND is now a struct containing the path and args
27476: [5c32822c5b94]
27477:
27478: * parse.lex:
27479: replaced append() with fill_cmnd() and fill_args. command args from
27480: a sudoers entry are now stored in an arrary for easy matching.
27481: [a981d7f4eb0d]
27482:
27483: * parse.c:
27484: command line args from sudoers file are now in an array like ones
27485: passed in from the command line
27486: [1d9e37e84519]
27487:
27488: 1996-02-01 Todd C. Miller <Todd.Miller@courtesan.com>
27489:
27490: * parse.c:
27491: wildwat stuff now works
27492: [49d16488531f]
27493:
27494: 1996-01-29 Todd C. Miller <Todd.Miller@courtesan.com>
27495:
27496: * version.h:
27497: ++version
27498: [53e55463ef89]
27499:
27500: * Makefile.in:
27501: ++version added wildmat.*
27502: [0508297a4711]
27503:
27504: 1996-01-28 Todd C. Miller <Todd.Miller@courtesan.com>
27505:
27506: * parse.lex:
27507: added support for quoted commands (w/ or w/o args)
27508: [b9a637155673]
27509:
27510: 1996-01-22 Todd C. Miller <Todd.Miller@courtesan.com>
27511:
27512: * sudo.pod, visudo.pod:
27513: cleaned up formatting
27514: [4591d4195437]
27515:
27516: * sudo.pod, visudo.pod:
27517: Initial revision
27518: [7564a8242750]
27519:
27520: 1996-01-21 Todd C. Miller <Todd.Miller@courtesan.com>
27521:
27522: * sudoers.pod:
27523: looks reasonable, could be mroe readable
27524: [a5be2d19d9e0]
27525:
27526: * sudoers.pod:
27527: Initial revision
27528: [957888be31a6]
27529:
27530: 1996-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
27531:
27532: * RUNSON:
27533: updated
27534: [633743aa924b]
27535:
27536: * OPTIONS:
27537: updated NO_ROOT_SUDO entry
27538: [f1c15b1dec9e]
27539:
27540: 1996-01-15 Todd C. Miller <Todd.Miller@courtesan.com>
27541:
27542: * RUNSON:
27543: *** empty log message ***
27544: [5b63de579ff7] [SUDO_1_4_0]
27545:
27546: * sudo.c:
27547: fixed SECURE_PATH
27548: [6002889f606d]
27549:
27550: * RUNSON:
27551: udpa`ted for 1.4
27552: [6014a8592815]
27553:
27554: * configure.in:
27555: AIX aixcrypt.exp now uses $(srcdir)
27556: [b0d57674fef4]
27557:
27558: * TROUBLESHOOTING:
27559: added entry for anal ansi compilers
27560: [4193cec1c6b1]
27561:
27562: 1996-01-14 Todd C. Miller <Todd.Miller@courtesan.com>
27563:
27564: * INSTALL:
27565: added info on libcrypt_i for SCO
27566: [575497d56698]
27567:
27568: * TODO:
27569: *** empty log message ***
27570: [d0aaf67b9913]
27571:
27572: * sample.sudoers:
27573: added comments
27574: [a7773f7eda8d]
27575:
27576: * TODO:
27577: 1.4 release
27578: [1dade29e9fd9]
27579:
27580: * CHANGES:
27581: ++version
27582: [67241be40780]
27583:
27584: * INSTALL, OPTIONS, README, config.h.in, configure.in:
27585: ++version
27586: [2e0a37897f68]
27587:
27588: * BUGS:
27589: ++version and fixed ISC
27590: [78963f01a0e3]
27591:
27592: * check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
27593: goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
27594: insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
27595: sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
27596: visudo.c:
27597: ++version
27598: [b6227f29b3d9]
27599:
27600: * interfaces.c:
27601: added STUB_LOAD_INTERFACES ++version
27602: [d8150a3fd577]
27603:
27604: * Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
27605: version.h:
27606: ++version
27607: [da9e90e69bdc]
27608:
27609: * PORTING:
27610: added info about fd_set in tgetpass added info on interfaces.c
27611: [a39902febd17]
27612:
27613: 1996-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
27614:
27615: * dce_pwent.c:
27616: added sudo header
27617: [fc0f2c48682e]
27618:
27619: * tgetpass.c:
27620: fixed a typo
27621: [43d40b72ee8f]
27622:
27623: * Makefile.in:
27624: tgetpass.o is now only linked in with sudo (not visudo)
27625: [7407c5ff11f8]
27626:
27627: 1996-01-09 Todd C. Miller <Todd.Miller@courtesan.com>
27628:
27629: * BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
27630: configure.in:
27631: ++version
27632: [9b82ad805d6b]
27633:
27634: * emul/utime.h:
27635: added copyright notice
27636: [4380f16cd075]
27637:
27638: * check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
27639: ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
27640: interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
27641: pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
27642: testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
27643: ++version
27644: [32717fdb5d05]
27645:
27646: * tgetpass.c:
27647: minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
27648: [326864428da2]
27649:
27650: * configure.in:
27651: ISC now gets -lcrypt now check for sys/bsdtypes.h
27652: [e064799c054b]
27653:
27654: * config.h.in:
27655: added check for sys/bsdtypes.h
27656: [9adb9533c363]
27657:
27658: 1996-01-07 Todd C. Miller <Todd.Miller@courtesan.com>
27659:
27660: * parse.yacc:
27661: removed debugging stuff (setting freed ptr to NULL)
27662: [02fe8eec63a0]
27663:
27664: * TROUBLESHOOTING:
27665: added 2 entries
27666: [02884e2733e2]
27667:
27668: * Makefile.in:
27669: added FAQ
27670: [074d8dfcf28d]
27671:
27672: * TROUBLESHOOTING:
27673: added section on syslog
27674: [e6bc02a22b86]
27675:
27676: * configure.in:
27677: added AC_ISC_POSIX for better ISC support
27678: [8436b3e12af2]
27679:
27680: * config.h.in:
27681: fixed typo
27682: [f1b3922babf4]
27683:
27684: * config.h.in:
27685: added define for _POSIX_SOURCE
27686: [ded6d92b34f9]
27687:
27688: 1996-01-04 Todd C. Miller <Todd.Miller@courtesan.com>
27689:
27690: * configure.in:
27691: fixed check for lsearch()
27692: [75baa5bc28a3]
27693:
27694: 1995-12-22 Todd C. Miller <Todd.Miller@courtesan.com>
27695:
27696: * interfaces.c:
27697: fixed for AIX now deal if num_interfaces == 0 (should not happen)
27698: [ae450e859227]
27699:
27700: 1995-12-20 Todd C. Miller <Todd.Miller@courtesan.com>
27701:
27702: * configure.in:
27703: now only define HAVE_LSEARCH if there is a corresponding search.h
27704: [8ce645c5d17f]
27705:
27706: * interfaces.c:
27707: works on ISC again
27708: [ccac920d424c]
27709:
27710: 1995-12-18 Todd C. Miller <Todd.Miller@courtesan.com>
27711:
27712: * configure.in:
27713: now define HAVE_LSEARCH if we find lsearch() in libcompat
27714: [7343e4313a87]
27715:
27716: * lsearch.c:
27717: char * -> const char *
27718: [1c0b11c2300a]
27719:
27720: * configure.in:
27721: now looks in -lcompat for lsearch()
27722: [a1cc1d6fcd09]
27723:
27724: * Makefile.in:
27725: remove sudo.core visudo.core for clan target
27726: [b523456a85df]
27727:
27728: * aclocal.m4:
27729: added UID_MAX support in check for MAX_UID_T_LEN
27730: [7ab262b1173f]
27731:
27732: * Makefile.in:
27733: fixed another occurence of sudo_getpwuid.*
27734: [fb5809c07da2]
27735:
27736: * Makefile.in, getspwuid.c:
27737: sudo_getpwuid.c -> getspwuid.c
27738: [875f2ef808b4]
27739:
27740: * configure.in:
27741: moved the "echo"
27742: [ad7b8f966076]
27743:
27744: * BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
27745: compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
27746: getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
27747: ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
27748: parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
27749: sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
27750: version.h, visudo.c:
27751: ++version
27752: [ee57c6410ffa]
27753:
27754: * testsudoers.c:
27755: added group support
27756: [54d8097df8bd]
27757:
27758: * sample.sudoers:
27759: added group entry
27760: [50994d31fd49]
27761:
27762: * sudoers.man:
27763: documented group support
27764: [0a16707f8fed]
27765:
27766: * parse.c, parse.lex, parse.yacc, visudo.c:
27767: added group support
27768: [427218c879c8]
27769:
27770: 1995-12-15 Todd C. Miller <Todd.Miller@courtesan.com>
27771:
27772: * check.c:
27773: tkfile was too short and overflowed the kerberos realm
27774: [53823a1ff5af]
27775:
27776: 1995-12-11 Todd C. Miller <Todd.Miller@courtesan.com>
27777:
27778: * sudo.c:
27779: now copy command args directly from Argv
27780: [77408278b6fd]
27781:
27782: * sudo.c:
27783: replaced code to copy cmnd_args so that is does not use realloc
27784: since most realloc()'s really stink
27785: [b29a0ff73fb6]
27786:
27787: 1995-12-08 Todd C. Miller <Todd.Miller@courtesan.com>
27788:
27789: * configure.in:
27790: syslog() fixed in hpux 10.01
27791: [2648e6f0cdb0]
27792:
27793: 1995-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
27794:
27795: * configure.in:
27796: AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
27797: [8f108b8d8711]
27798:
27799: * configure.in:
27800: better error if cannot find skey incs or libs
27801: [5887662ee9d3]
27802:
27803: * aclocal.m4:
27804: now use a temp file for determining max len of uid_t in string form.
27805: the old hacky way broke on netbsd
27806: [b68f470fa9f8]
27807:
27808: * sudo.c:
27809: added set of parens and a space
27810: [8a3d4826d022]
27811:
27812: 1995-12-05 Todd C. Miller <Todd.Miller@courtesan.com>
27813:
27814: * dce_pwent.c:
27815: fixes from Jeff Earickson <jaearick@colby.edu> ,
27816: [bde0f0b756ec]
27817:
27818: * check.c:
27819: modified a comment
27820: [e2a97f1afbbe]
27821:
27822: * Makefile.in:
27823: fixed up testsudoers target
27824: [d39c4e7bb609]
27825:
27826: * configure.in:
27827: DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
27828: SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
27829: [da7a1c433828]
27830:
27831: * Makefile.in:
27832: LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
27833: VISUDO_LDFLAGS
27834: [4b69503e8487]
27835:
27836: 1995-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
27837:
27838: * configure.in:
27839: fix for C2 on hpux 10 now uses -linet if it exists
27840: [8d300112263d]
27841:
27842: * check.c:
27843: LONG_SKEY_PROMPT is less of a klusge /
27844: [dcc144abaac3]
27845:
27846: * configure.in:
27847: fixed typos w/ dce stuff
27848: [f7dfd6d4e149]
27849:
27850: * Makefile.in:
27851: added dce_pwent.c
27852: [79047acdc516]
27853:
27854: 1995-11-26 Todd C. Miller <Todd.Miller@courtesan.com>
27855:
27856: * INSTALL:
27857: amended section on combining authentication mechanisms
27858: [dc5138c7c716]
27859:
27860: * PORTING:
27861: minor updates for 1.3.6
27862: [fe80c13bd994]
27863:
27864: * TROUBLESHOOTING:
27865: added 2 more entries
27866: [c7201439a0f5]
27867:
27868: * BUGS:
27869: updated for 1.3.6
27870: [979b414d2a2d]
27871:
27872: * README:
27873: overhauled
27874: [3af8b60eb594]
27875:
27876: * INSTALL:
27877: rewrote for sudo 1.3.6
27878: [b16027b9c726]
27879:
27880: * TROUBLESHOOTING:
27881: added 3 entries
27882: [934c9ee3f153]
27883:
27884: 1995-11-25 Todd C. Miller <Todd.Miller@courtesan.com>
27885:
27886: * find_path.c, getspwuid.c, sudo.c:
27887: added explict casts for strdup since many includes don't prototype
27888: it. gag me.
27889: [3e19a11f2fcc]
27890:
27891: * sudo.h:
27892: removed prototype for sudo_getpwuid() since convex C compiler choked
27893: on it.
27894: [c3ea74ca67b0]
27895:
27896: * sudo.c:
27897: added prototype for sudo_getpwuid()
27898: [4a8e3cdc2b98]
27899:
27900: * lsearch.c:
27901: now compiles on strict ANSI compilers
27902: [3ce5d72d0b08]
27903:
27904: * check.c:
27905: added LONG_SKEY_PROMPT support
27906: [48a18b8a2332]
27907:
27908: * Makefile.in:
27909: added extra $'s for make to eat up, yum.
27910: [2995b214e12b]
27911:
27912: * OPTIONS, options.h:
27913: added LONG_SKEY_PROMPT
27914: [f23ae799b5a4]
27915:
27916: 1995-11-24 Todd C. Miller <Todd.Miller@courtesan.com>
27917:
27918: * check.c:
27919: s/key support now works with normal s/key as well as logdaemon
27920: [d67573f523bf]
27921:
27922: * OPTIONS, options.h:
27923: added SKEY_ONLY
27924: [bbf07654e0de]
27925:
27926: * compat.h:
27927: set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
27928: [205895b96a36]
27929:
27930: * INSTALL:
27931: added DCE note added more AIX notes
27932: [6345403b3522]
27933:
27934: * sudo.c:
27935: now include pthread.h for DCE support
27936: [6fe02865f679]
27937:
27938: * check.c:
27939: dce_pwent() is ok after all .,
27940: [d26a8746a55d]
27941:
27942: * logging.c:
27943: now uses SYSLOG() macro that equates to either syslog() or
27944: syslog_wrapper
27945: [42ac4cff8045]
27946:
27947: * dce_pwent.c:
27948: minor formatting changes. renamed check() to somthing less generic
27949: [71859f217be1]
27950:
27951: * check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
27952: visudo.c:
27953: now uses user_pw_ent and simple macros to get at the contents
27954: [f4cbf3e7145a]
27955:
27956: 1995-11-23 Todd C. Miller <Todd.Miller@courtesan.com>
27957:
27958: * check.c:
27959: simpler dec unix C2 support
27960: [86bc8f75250e]
27961:
27962: * getspwuid.c:
27963: now sets crypt_type for DEC unix C2
27964: [99aeadd18266]
27965:
27966: 1995-11-21 Todd C. Miller <Todd.Miller@courtesan.com>
27967:
27968: * configure.in:
27969: added csops paths for skey
27970: [b8ca672e2117]
27971:
27972: * getspwuid.c:
27973: now includes string.h for strdup() prototype
27974: [3605259c3620]
27975:
27976: * getspwuid.c:
27977: fixed a few typos
27978: [46c97e4ea417]
27979:
27980: * check.c:
27981: now includes skey.h
27982: [11e611ce1b61]
27983:
27984: * getspwuid.c:
27985: fixed up comments
27986: [223dac56f0c8]
27987:
27988: * check.c:
27989: moved a lot of the shadow passwd crap to sudo_getpwuid()
27990: [97d8887fb7d3]
27991:
27992: * sudo.c:
27993: now uses sudo_pw_ent
27994: [d014dadbef48]
27995:
27996: * testsudoers.c:
27997: now uses sudo_pw_ent
27998: [d92936ed7e34]
27999:
28000: * visudo.c:
28001: now sets sudo_pw_ent
28002: [ff75cdfcf8b3]
28003:
28004: * getspwuid.c:
28005: Initial revision
28006: [6deb6df9d7bc]
28007:
28008: * tgetpass.c:
28009: moved dce stuff into compat.h
28010: [1124284396e7]
28011:
28012: * logging.c, sudo.h:
28013: now uses sudo_pw_ent
28014: [404ff20a5067]
28015:
28016: * Makefile.in:
28017: added sudo_getpwuid.c
28018: [6666d0644512]
28019:
28020: * compat.h:
28021: added dce support
28022: [3c3b36a7ce0e]
28023:
28024: * parse.yacc:
28025: now uses sudo_pw_ent
28026: [9f5e8d11bd68]
28027:
28028: 1995-11-20 Todd C. Miller <Todd.Miller@courtesan.com>
28029:
28030: * check.c:
28031: fixed exempt_group stuff for OS's that don't put base gid in group
28032: vector
28033: [003f153bd396]
28034:
28035: * check.c:
28036: S/Key support now works with sunos4 shadow passwords
28037: [1eb64a5efff1]
28038:
28039: * Makefile.in:
28040: fixed clean rule
28041: [5695a2c62816]
28042:
28043: * config.h.in, configure.in:
28044: added DCE support
28045: [f53c766c1947]
28046:
28047: * tgetpass.c:
28048: DCE & KERB support
28049: [904cf436506a]
28050:
28051: * check.c:
28052: first stab at dce support
28053: [aea5ca07b1e3]
28054:
28055: * dce_pwent.c:
28056: now smells like sudo
28057: [8b3d609b49cd]
28058:
28059: * dce_pwent.c:
28060: Initial revision
28061: [b573555f2399]
28062:
28063: * check.c:
28064: skey'd sudo now works w/ normal password as well
28065: [8d038f9f6e94]
28066:
28067: 1995-11-19 Todd C. Miller <Todd.Miller@courtesan.com>
28068:
28069: * Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
28070: getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
28071: ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
28072: parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
28073: sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
28074: version.h, visudo.c:
28075: updated version number
28076: [ba7e346d7904]
28077:
28078: * README:
28079: updated to reflect version change
28080: [1d15cf1d8cc8]
28081:
28082: * configure.in:
28083: --with options now line up ++version
28084: [08ebf625fbca]
28085:
28086: * sudo.h:
28087: removed unecesary S/Key stuff
28088: [68188cba90af]
28089:
28090: * configure.in:
28091: fixed S/Key support
28092: [f6d9cbc36618]
28093:
28094: * Makefile.in:
28095: -I stuff now goes in CPPFLAGS
28096: [7b8e53c5b046]
28097:
28098: * check.c:
28099: fixed SKey support
28100: [52c1a5cf4435]
28101:
28102: * README:
28103: updated version
28104: [bed6498a10bb]
28105:
28106: * OPTIONS:
28107: fixed description of EXEMPTGROUP
28108: [cfeead55edc2]
28109:
28110: * sudo.c:
28111: more people use _RLD_ than just alphas...
28112: [6a3c7090a6f6]
28113:
28114: * Makefile.in:
28115: replaced $man_prefix with $mandir
28116: [dc4b36a550e2]
28117:
28118: * configure.in:
28119: fixed a typo
28120: [a38a4acddcaf]
28121:
28122: * Makefile.in:
28123: now use more GNU'ish dir names
28124: [c5498391a520]
28125:
28126: * configure.in:
28127: now set *dir correctly (can override from command line)
28128: [523ff98fd438]
28129:
28130: * sudo.c:
28131: now deal with situations where we getwd() fails
28132: [88a9e61dccbb]
28133:
28134: 1995-11-17 Todd C. Miller <Todd.Miller@courtesan.com>
28135:
28136: * Makefile.in:
28137: added etc_dir, bin_dir, sbin_dir
28138: [75fd08d92842]
28139:
28140: * configure.in:
28141: added sbin_dir
28142: [3cb318c0d8d1]
28143:
28144: * Makefile.in:
28145: now ship a flex-generated lex.yy.c
28146: [4d083ed70dce]
28147:
28148: * Makefile.in:
28149: now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
28150: [4d51dc9c3780]
28151:
28152: * pathnames.h.in:
28153: _PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
28154: [773fd163d52f]
28155:
28156: * options.h:
28157: no more error for redefining SUDOERS_OWNER
28158: [4ba336644c6a]
28159:
28160: * OPTIONS:
28161: expanded SUDOERS_OWNER section
28162: [12fae405759e]
28163:
28164: 1995-11-16 Todd C. Miller <Todd.Miller@courtesan.com>
28165:
28166: * visudo.c:
28167: now warn if chown(2) failed
28168: [d0d1db6e3a1f]
28169:
28170: * logging.c:
28171: better default warning for NO_SUDOERS_FILE
28172: [5260b458ac64]
28173:
28174: * sudo.c:
28175: added missing set_perms() no more cryptic message if the sudoers
28176: file is zero length, now just give a parse error
28177: [b81ea724838a]
28178:
28179: * logging.c:
28180: better diagnostics if NO_SUDOERS_FILE
28181: [877e878663c5]
28182:
28183: * sudo.c:
28184: check_sudoers() now catches sudoers files that are not readable (but
28185: are stat'able).
28186: [fea05663b3de]
28187:
28188: 1995-11-13 Todd C. Miller <Todd.Miller@courtesan.com>
28189:
28190: * configure.in:
28191: now add -D__STDC__ for convex cc (not gcc)
28192: [c80fc53ff51b]
28193:
28194: * configure.in:
28195: MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
28196: [fe238226a057]
28197:
28198: * Makefile.in:
28199: now uses exec_prefix & prefix from configure
28200: [f62fca5f56bd]
28201:
28202: * find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
28203: parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
28204: utime.c, visudo.c:
28205: options.h is now <> instead of "" so shadow build trees can have a
28206: custom copy of options.h
28207: [e6782676099c]
28208:
28209: * check.c:
28210: user_is_exempt() is no longer a hack, it now uses getgrnam()
28211: [287f8d5356f7]
28212:
28213: * options.h:
28214: EXEMPTGROUP is now "sudo"
28215: [61487304dbe1]
28216:
28217: * configure.in:
28218: MAN_POSTINSTALL now contains a leading space
28219: [eaad4ac34012]
28220:
28221: * Makefile.in:
28222: removed leading tab if @MAN_POSTINSTALL@ not defined now removes
28223: testsudoers in clean:
28224: [e01711baceb8]
28225:
28226: * tgetpass.c:
28227: includes pwd.h to get _PASSWD_LEN definition
28228: [8ec174f263f1]
28229:
28230: 1995-10-30 Todd C. Miller <Todd.Miller@courtesan.com>
28231:
28232: * sudo.c:
28233: unset the KRB_CONF envariable if using kerberos so we don't get
28234: spoofed into using a bogus server
28235: [2561a0274fca]
28236:
28237: 1995-09-29 Todd C. Miller <Todd.Miller@courtesan.com>
28238:
28239: * parse.yacc:
28240: now explicately initialize match[] tp be FALSE
28241: [0e45e5c47766]
28242:
28243: 1995-09-23 Todd C. Miller <Todd.Miller@courtesan.com>
28244:
28245: * sudo.c:
28246: removed unused variable now passes -Wall
28247: [3452508bc16d]
28248:
28249: * parse.yacc:
28250: yyerror and dumpaliases are now void's now passes -Wall
28251: [2769dfb51993]
28252:
28253: * parse.lex:
28254: added prototype for yyerror
28255: [1f3f0c1b4ab4]
28256:
28257: * check.c, logging.c, parse.c:
28258: now passes -Wall
28259: [eab57e5e81d2]
28260:
28261: * interfaces.c:
28262: rmeoved unused cruft now passes -Wall
28263: [7a47e1866f4b]
28264:
28265: * Makefile.in:
28266: fixed headers that moved to emul dir
28267: [e680c1e5049b]
28268:
28269: * logging.c:
28270: fixed deref of nil pointer if no args
28271: [973b9bea432f]
28272:
28273: 1995-09-15 Todd C. Miller <Todd.Miller@courtesan.com>
28274:
28275: * OPTIONS:
28276: added a caveat to FQDN section
28277: [dcf6e2a5fff4]
28278:
28279: 1995-09-13 Todd C. Miller <Todd.Miller@courtesan.com>
28280:
28281: * Makefile.in:
28282: more $srcdir support for install targets
28283: [f6eac78436dd]
28284:
28285: * find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
28286: strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
28287: don't include malloc.h if we include stdlib.h
28288: [fca2ff307cd8]
28289:
28290: * parse.yacc:
28291: local search.h now lives in emul
28292: [51c458904424]
28293:
28294: * check.c, utime.c:
28295: local utime.h now lives in emul dir
28296: [f92fc9e8c8de]
28297:
28298: * lsearch.c:
28299: local search.h now lives in emul
28300: [579efc407439]
28301:
28302: * Makefile.in:
28303: added support for building in other than the sourcedir
28304: [2ab53a43f7d4]
28305:
28306: 1995-09-10 Todd C. Miller <Todd.Miller@courtesan.com>
28307:
28308: * OPTIONS:
28309: annotated CSOPS_INSULTS option
28310: [9e57d45a0afa]
28311:
28312: * TROUBLESHOOTING:
28313: updated shadow passwords blurb
28314: [39b785bc7253]
28315:
28316: * sudo.c:
28317: if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
28318: passes along foo as the arguments
28319: [a91077aa8fc5]
28320:
28321: 1995-09-09 Todd C. Miller <Todd.Miller@courtesan.com>
28322:
28323: * parse.lex:
28324: collapsed pathname and dir sections into one -- its now less
28325: expensive
28326: [89caa03bec25]
28327:
28328: * parse.lex:
28329: fixed spacing quoting [,:\\=] now works correctly append() and
28330: fill() now take args to make the above work
28331: [09d023d9ef3a]
28332:
28333: * sudo.c:
28334: fixed a typo that caused commands with no tty on fd 0 but a tty on
28335: fd 1 to erroneously have "none" as their tty
28336: [07d2c0e7977c]
28337:
28338: 1995-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
28339:
28340: * check.c:
28341: timestampfile is now a global static removed decl of timestampfile
28342: in remove_timestamp since we can just use the global one
28343: [f0cbdc6aab1c]
28344:
28345: * check.c:
28346: created touch() to update timestamps added USE_TTY_TICKETS support
28347: (bit of a kludge)
28348: [cee1dd0318f8]
28349:
28350: * compat.h:
28351: added _S_IFDIR and S_ISDIR
28352: [b4a51cc9628e]
28353:
28354: * OPTIONS, options.h:
28355: added USE_TTY_TICKETS
28356: [b4e22f81f25e]
28357:
28358: * parse.yacc:
28359: removed const from casts for lsearch() & lfind() to placate irix 4.x
28360: C compiler
28361: [5003081f76ea]
28362:
28363: 1995-09-03 Todd C. Miller <Todd.Miller@courtesan.com>
28364:
28365: * sudo.c:
28366: now only strip '/dev/' off of a tty if it starts with '/dev/'
28367: [7f62bcd24039]
28368:
28369: * pathnames.h.in:
28370: added _PATH_DEV
28371: [6375f44d1910]
28372:
28373: * configure.in:
28374: AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
28375: have termios.h
28376: [9c60391235fd]
28377:
28378: * tgetpass.c:
28379: fixed incorrect #ifdef termio uses "unsigned short" not int for
28380: c_?flag
28381: [d032e6a29845]
28382:
28383: * parse.lex, parse.yacc:
28384: fixed a spelling error
28385: [cad6a944c7b1]
28386:
28387: * Makefile.in:
28388: fixed typo
28389: [204a65403e7c]
28390:
28391: 1995-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
28392:
28393: * Makefile.in:
28394: fixed a comment
28395: [268f760e57ad]
28396:
28397: * parse.yacc:
28398: added dotcat() to cat 2 strings w/ a dot effeciently now that we
28399: dynamically allocate strings they need to be free()'d
28400: [ec2e2152f415]
28401:
28402: * parse.lex:
28403: dynamically allocates space for strings
28404: [d10ac3533d66]
28405:
28406: * sudo.h:
28407: no more MAXCOMMANDLENGTH
28408: [e2e1219bff8a]
28409:
28410: * sudo.h:
28411: added decl of tty
28412: [c8ae81303ee5]
28413:
28414: * logging.c, sudo.c:
28415: moved tty stuff into sudo.c
28416: [e028abefeb07]
28417:
28418: 1995-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
28419:
28420: * parse.c:
28421: fixed a logic bug. Was denying a command if user gave command line
28422: args but there were none in the sudoers file which is wrong.
28423: [7489a99b8e8a]
28424:
28425: * sudo.h:
28426: MAXCOMMMANDLEN dropped down to 1K
28427: [38ef54ba290b]
28428:
28429: * parse.lex:
28430: return foo; -> return(foo);
28431: [0e8be1b57001]
28432:
28433: * parse.yacc:
28434: fixed netgr_matches() prototype
28435: [e69f15910464]
28436:
28437: * parse.lex:
28438: added support for escaping "termination" characters
28439: [8bd4ef50f35c]
28440:
28441: * parse.c:
28442: buf is now of size MAXPATHLEN+1 since it never holds command args
28443: [2ce4b763058c]
28444:
28445: * sudo.c:
28446: fixed comments
28447: [0c74a3d2ebb0]
28448:
28449: * goodpath.c:
28450: fixed negation problem (doh!)
28451: [782814e3a2d1]
28452:
28453: * parse.yacc:
28454: fixed 2nd parameter to lfind()
28455: [63d7b1623c08]
28456:
28457: * parse.lex:
28458: now do bounds checking in fill() and append()
28459: [54381b563251]
28460:
28461: * sudo.c:
28462: include netdb.h as we should added a missing void cast added
28463: SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
28464: realloc actually moved the string instead of shrinking it
28465: [897ccdec9c06]
28466:
28467: * sample.sudoers:
28468: updated with examples of new features
28469: [9b3ed00e8aa6]
28470:
28471: * goodpath.c:
28472: now set errno to EACCES if not a regular file or not executable
28473: [2d069548a5ea]
28474:
28475: * find_path.c:
28476: if given a fully-qualified or relative path we now check it with
28477: sudo_goodpath() and error out with the appropriate error message if
28478: the file does not exist or is not executable
28479: [590f89dd8dec]
28480:
28481: * emul/search.h, lsearch.c:
28482: now use correct args for lfind
28483: [fccdcdbf020e]
28484:
28485: * logging.c:
28486: added a comment
28487: [fab9f49708ea]
28488:
28489: * insults.h:
28490: added in CSOps insults
28491: [ad8eb1862adc]
28492:
28493: * ins_csops.h:
28494: Initial revision
28495: [de5a475ec018]
28496:
28497: * tgetpass.c:
28498: added RCS id
28499: [c3ffd550a482]
28500:
28501: * sudo.h:
28502: increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
28503: [aba25c90d08a]
28504:
28505: * OPTIONS:
28506: added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
28507: [e27bd62e9ccf]
28508:
28509: * sudo.c:
28510: fixed -k load_interfaces() now gets called if FQDN is set
28511: -p now works with -s
28512: [07ca2a34bae8]
28513:
28514: * parse.c:
28515: don't try to stat() "pseudo commands" like "validate"
28516: [75527045984b]
28517:
28518: * options.h:
28519: added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
28520: [07b157a0eafd]
28521:
28522: * configure.in:
28523: added SecurID support added other insults to --with-csops
28524: [6c992ceb244c]
28525:
28526: * config.h.in:
28527: added HAVE_SECURID
28528: [e734ff617fe8]
28529:
28530: * Makefile.in:
28531: added clobber target added ins_csops.h now gets CFLAGS from
28532: configure
28533: [d1e29c7cec25]
28534:
28535: * aclocal.m4:
28536: relaxed SUDO_FULL_VOID
28537: [fb4084f27406]
28538:
28539: * visudo.c:
28540: function comment blocks are now in same style as rest of code
28541: [04a2931354c5]
28542:
28543: * testsudoers.c:
28544: added support for command line args in /etc/sudoers
28545: [bfe4e1bcc655]
28546:
28547: * sudoers.man:
28548: updated to have command args in the sudoers file
28549: [1cd34355e9ea]
28550:
28551: * sudo.man:
28552: added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
28553: [930b48023b68]
28554:
28555: 1995-08-19 Todd C. Miller <Todd.Miller@courtesan.com>
28556:
28557: * parse.yacc:
28558: PATH renamed to COMMAND
28559: [4e109a6de3cd]
28560:
28561: * parse.lex:
28562: it is now a parse error for directories to have args attached to
28563: them
28564: [2ab10a146b54]
28565:
28566: * logging.c:
28567: now say command args if telling user to buzz off
28568: [933de26ded8b]
28569:
28570: * sudo.c:
28571: -s no longer indicates end of args sped up loading on cmnd_args in
28572: load_cmnd()
28573: [eac99a4da862]
28574:
28575: * parse.c:
28576: removed an unreachable statement
28577: [634302623c49]
28578:
28579: * parse.lex:
28580: made more efficient by pulling out the terminators when in GOTCMND
28581: state and making them their own rule
28582: [80798f1e1166]
28583:
28584: 1995-08-14 Todd C. Miller <Todd.Miller@courtesan.com>
28585:
28586: * sudo.h:
28587: removed MAXLOGLEN since it is no longer used
28588: [102824196b71]
28589:
28590: * parse.lex:
28591: now allows command args
28592: [d29dfa1e5254]
28593:
28594: * parse.c:
28595: now groks command arguments
28596: [6c414cb7f105]
28597:
28598: * logging.c:
28599: now sets tty correctly when piped input
28600: [de46a30c0406]
28601:
28602: * sudo.c:
28603: fixed loading of cmnd_args (was including command name too)
28604: [15319a425ea6]
28605:
28606: * logging.c:
28607: fixed a core dump due to incorrect if construct
28608: [582363c7d7fa]
28609:
28610: 1995-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
28611:
28612: * configure.in:
28613: only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
28614: [da591fe9b931]
28615:
28616: * aclocal.m4:
28617: fixed check for ISC
28618: [52e59f2082a7]
28619:
28620: * sudo.c:
28621: now sets cmnd_args used by log_error() and that will be used by the
28622: parse to check against command args
28623: [c6804389723b]
28624:
28625: * sudo.h:
28626: added cmnd_args
28627: [4d00446b4a8d]
28628:
28629: * logging.c:
28630: now dynamically allocate logline since we can guess at its size
28631: [4bed8c8446aa]
28632:
28633: 1995-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
28634:
28635: * logging.c:
28636: cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
28637: "register" since the compiler knows more than I do now do a
28638: "basename" of the tty
28639: [3b1bbf0b3da1]
28640:
28641: 1995-07-31 Todd C. Miller <Todd.Miller@courtesan.com>
28642:
28643: * configure.in:
28644: ++version
28645: [5ce552f9a5f1]
28646:
28647: * sudo.h:
28648: added shell extern changed MODE_* to be bit masks to allow for
28649: several options together
28650: [06f9dc4f400c]
28651:
28652: * sudo.c:
28653: added -s (shell) option made MODE_* masks so we can do bitwise & and
28654: | to see if multiple flags are set.
28655: [01f8143010ad]
28656:
28657: * check.c:
28658: added securid support
28659: [909e078005fe]
28660:
28661: 1995-07-30 Todd C. Miller <Todd.Miller@courtesan.com>
28662:
28663: * logging.c:
28664: removed a bunch of unnecesary strncpy()'s and replaced with strcat()
28665: [644506b57d61]
28666:
28667: 1995-07-29 Todd C. Miller <Todd.Miller@courtesan.com>
28668:
28669: * Makefile.in, version.h:
28670: ++version
28671: [3cd6f1fbc3d9]
28672:
28673: 1995-07-27 Todd C. Miller <Todd.Miller@courtesan.com>
28674:
28675: * parse.yacc:
28676: fixed free() of an uninitialized pointer (yuck)
28677: [8c404ee502ee]
28678:
28679: * testsudoers.c:
28680: added netgr_matches
28681: [e7c9fa2f774c]
28682:
28683: * parse.c:
28684: cleaned up netgr_matches
28685: [8108f00b810e]
28686:
28687: 1995-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
28688:
28689: * RUNSON:
28690: updated for 1.3.4
28691: [4741704310a1]
28692:
28693: 1995-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
28694:
28695: * Makefile.in:
28696: now installs sudoers.man -- really should clean this up though.
28697: [455631d45a1d]
28698:
28699: * Makefile.in:
28700: added sudoers.cat and sudoers.man
28701: [0bdedd6c7363]
28702:
28703: * sudo.man:
28704: pulled out stuff on the sudoers file format into a separate man page
28705: [de215d999cb9]
28706:
28707: * sudoers.man:
28708: Initial revision
28709: [f25eafbb7095]
28710:
28711: * HISTORY:
28712: fixed up my email address
28713: [254fbf80be74]
28714:
28715: * configure.in:
28716: added checks for innetgr and getdomainname
28717: [24a99cb7e97e]
28718:
28719: * visudo.c:
28720: added dummy netgr_matches function
28721: [1841ff2c01da]
28722:
28723: * parse.c:
28724: added netgr_matches
28725: [ec90db6a97b8]
28726:
28727: * parse.lex, parse.yacc:
28728: added NETGROUP support
28729: [c9dd93e3bc4b]
28730:
28731: * config.h.in:
28732: added HAVE_INNETGR & HAVE_GETDOMAINNAME
28733: [14abd494d875]
28734:
28735: 1995-07-24 Todd C. Miller <Todd.Miller@courtesan.com>
28736:
28737: * sudo.c:
28738: rewrote clean_env() that has rm_env() builtin
28739: [55cb43818a95]
28740:
28741: 1995-07-23 Todd C. Miller <Todd.Miller@courtesan.com>
28742:
28743: * check.c:
28744: now cast uid to long in sprintf
28745: [b549eea40aeb]
28746:
28747: * OPTIONS:
28748: added _INSULTS suffix to HAL & GOONS end
28749: [ed620d0aad30]
28750:
28751: * options.h:
28752: added _INSULTS suffix to HAL & GOONS
28753: [9f72e9b83afd]
28754:
28755: * ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
28756: converted to new scheme of insult "unions" end
28757: [2f6d2b412132]
28758:
28759: * sudo.c:
28760: now uses MAX_UID_T_LEN
28761: [c1df79e0f389]
28762:
28763: * configure.in:
28764: added SUDO_UID_T_LEN !l
28765: [195f0b9f5f84]
28766:
28767: * config.h.in:
28768: added MAX_UID_T_LEN
28769: [73f42ae4f14d]
28770:
28771: * check.c:
28772: now use MAX_UID_T_LEN
28773: [df9c063234cb]
28774:
28775: * aclocal.m4:
28776: added check for max len of uid_t fixed sco vs. isc check
28777: [d558f36d2223]
28778:
28779: 1995-07-19 Todd C. Miller <Todd.Miller@courtesan.com>
28780:
28781: * configure.in:
28782: corrected version
28783: [828dd1571e86]
28784:
28785: * configure.in:
28786: added sco support
28787: [af1e2f616638]
28788:
28789: * aclocal.m4:
28790: hack to check for sco
28791: [549ab99a9a43]
28792:
28793: * interfaces.c:
28794: removed #include <net/route.h> since it was hosing some OS's
28795: [ac78a7c04005]
28796:
28797: 1995-07-18 Todd C. Miller <Todd.Miller@courtesan.com>
28798:
28799: * find_path.c:
28800: fixed prreadlink() prototype
28801: [b380fe1f2b11]
28802:
28803: * check.c:
28804: added parens in #if's
28805: [e96ade691b82]
28806:
28807: * configure.in:
28808: added SPW_ prefix
28809: [a302683a1483]
28810:
28811: * sudo.h:
28812: moved SPW_* to config.h.in
28813: [6b3be70e34cf]
28814:
28815: * sudo.c:
28816: added a set of parens
28817: [8188d735d695]
28818:
28819: * config.h.in:
28820: added SPW_*
28821: [5ead6371cf60]
28822:
28823: * sudo.h:
28824: added SPW_* reordered error codes
28825: [dead25b4ed0a]
28826:
28827: * check.c:
28828: moved SPW_* to sudo.h
28829: [ca51fb04caf4]
28830:
28831: 1995-07-17 Todd C. Miller <Todd.Miller@courtesan.com>
28832:
28833: * sudo.c:
28834: SPW_AUTH -> SPW_SECUREWARE
28835: [6b512b2bc5dc]
28836:
28837: * logging.c:
28838: GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
28839: [defdd0944e2f]
28840:
28841: * configure.in:
28842: AUTH -> SECUREWARE
28843: [d1f8a17001dd]
28844:
28845: * check.c:
28846: SPW_AUTH -> SPW_SECUREWARE
28847: [af0e8d8b89b2]
28848:
28849: * check.c:
28850: now uses SHADOW_TYPE to make shadow pw support more readable and
28851: modular. It's a start...
28852: [8c2a59667014]
28853:
28854: * configure.in:
28855: added autodetection of shadow passwords
28856: [85f81fa54b1b]
28857:
28858: * sudo.c:
28859: now uses SHADOW_TYPE define
28860: [355e5dc09b07]
28861:
28862: * config.h.in:
28863: added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
28864: [c0c06e83e483]
28865:
28866: * aclocal.m4:
28867: added SUDO_CHECK_SHADOW
28868: [464301301639]
28869:
28870: 1995-07-12 Todd C. Miller <Todd.Miller@courtesan.com>
28871:
28872: * configure.in:
28873: define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
28874: memmove() since we dno longer use it...
28875: [8aefa87d7d31]
28876:
28877: * CHANGES:
28878: updated
28879: [ce97b3fd7182]
28880:
28881: * logging.c:
28882: added BROKEN_SYSLOG support
28883: [a45c3bca36f6]
28884:
28885: * config.h.in:
28886: added BROKEN_SYSLOG
28887: [6f6abf0a6268]
28888:
28889: * check.c:
28890: now only bitch it timestamp > time_now + 2 * timeout to allow for a
28891: machine udpating its time from a server
28892: [546bc8d35325]
28893:
28894: * sudo.man:
28895: added 2 security notes updated Nieusma's email addr
28896: [616756c56977]
28897:
28898: * lsearch.c:
28899: changed a memmove() to memcpy() since we don't have to worry about
28900: overlapping segments.
28901: [30baa478526b]
28902:
28903: 1995-07-11 Todd C. Miller <Todd.Miller@courtesan.com>
28904:
28905: * interfaces.c:
28906: cleanup up the loop when interfaces are groped in so that it is
28907: readable
28908: [1fa39446bd69]
28909:
28910: * Makefile.in, version.h:
28911: ++version
28912: [b46bd2b1770f]
28913:
28914: 1995-07-09 Todd C. Miller <Todd.Miller@courtesan.com>
28915:
28916: * CHANGES:
28917: annotated 124-126
28918: [b82a2b3ec7ce]
28919:
28920: 1995-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
28921:
28922: * check.c:
28923: fixed permissions check on /tmp/.odus
28924: [cc2431a65468]
28925:
28926: 1995-07-06 Todd C. Miller <Todd.Miller@courtesan.com>
28927:
28928: * check.c:
28929: fixed some comments
28930: [8896d09b4fda]
28931:
28932: * check.c:
28933: now checks owner & mode of timedir also checks for bogus dates on
28934: timestamp file
28935: [a0fad5df5b0a]
28936:
28937: * OPTIONS:
28938: updated TIMEOUT info
28939: [033cc22d9e04]
28940:
28941: * logging.c, sudo.h:
28942: added BAD_STAMPDIR and BAD_STAMPFILE
28943: [31d9ce691101]
28944:
28945: * compat.h:
28946: added definition of S_IRWXU
28947: [ff2dab091a9b]
28948:
28949: * CHANGES:
28950: updated
28951: [a40df90284f1]
28952:
28953: 1995-07-03 Todd C. Miller <Todd.Miller@courtesan.com>
28954:
28955: * interfaces.c:
28956: added #ifdef to make it compile on strange arches
28957: [4a127f12afce]
28958:
28959: 1995-07-02 Todd C. Miller <Todd.Miller@courtesan.com>
28960:
28961: * aclocal.m4:
28962: fixed check for fulkl void impl.
28963: [b6f2a4a361d8]
28964:
28965: * check.c:
28966: added mssing "static"
28967: [520552f2772b]
28968:
28969: * insults.h:
28970: replaced #elif with #else #if constructs for ancient C compilers
28971: [39ab2d365b57]
28972:
28973: * INSTALL:
28974: updated irix c2 & kerb5 info
28975: [ae79b99b4905]
28976:
28977: * configure.in:
28978: added shadow pw support for irix
28979: [632469d9c528]
28980:
28981: 1995-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
28982:
28983: * BUGS, TODO:
28984: updated
28985: [2a96bb18ac30]
28986:
28987: * CHANGES:
28988: last changes for sudo 1.3.3
28989: [c1c0cd1034b8]
28990:
28991: * configure.in:
28992: now calls SUDO_SOCK_SA_LEN
28993: [14ea78159d45]
28994:
28995: * config.h.in:
28996: added HAVE_SA_LEN
28997: [cc2a346aa905]
28998:
28999: * aclocal.m4:
29000: added SUDO_SOCK_SA_LEN
29001: [456a2025644a]
29002:
29003: * interfaces.c:
29004: now works with ip implementations that use sa_len in sockaddr
29005: [90be6e028077]
29006:
29007: * INSTALL:
29008: added note about buggy AIX compiler
29009: [c0f6d427e4e4]
29010:
29011: * interfaces.c:
29012: now include sys/time.h for AIX
29013: [2510858ab38b]
29014:
29015: 1995-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
29016:
29017: * Makefile.in:
29018: getcwd -> getwd
29019: [66085ebca98e]
29020:
29021: * interfaces.c:
29022: now works for ISC and others. yay.
29023: [f336d4ffc927]
29024:
29025: 1995-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
29026:
29027: * Makefile.in, version.h:
29028: version++
29029: [836cffc2078d]
29030:
29031: 1995-06-23 Todd C. Miller <Todd.Miller@courtesan.com>
29032:
29033: * aclocal.m4:
29034: fixed test for full void impl
29035: [fb004107e7b9]
29036:
29037: * sudo.c:
29038: now check to see that st_dev is non-zero before assuming that we are
29039: being spoofed
29040: [1b0e1c30c506]
29041:
29042: 1995-06-20 Todd C. Miller <Todd.Miller@courtesan.com>
29043:
29044: * aclocal.m4, configure.in:
29045: SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
29046: [4953379bfb01]
29047:
29048: 1995-06-19 Todd C. Miller <Todd.Miller@courtesan.com>
29049:
29050: * aclocal.m4:
29051: fixed include file order for SUDO_FUNC_UTIME_POSIX
29052: [ff64ab7df44f]
29053:
29054: * logging.c:
29055: added cast for ttyname()
29056: [444f05f56758]
29057:
29058: * configure.in:
29059: fixed typo
29060: [de068e748431]
29061:
29062: * check.c:
29063: now deal correctly with all known variation of utime() -- yippe
29064: [b778a4195a89]
29065:
29066: * configure.in:
29067: added SUDO_FUNC_UTIME_POSIX
29068: [cf635f2269d6]
29069:
29070: * aclocal.m4:
29071: added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
29072: [d79593be4b73]
29073:
29074: * config.h.in:
29075: added HAVE_UTIME_POSIX
29076: [c67b4ac0dca5]
29077:
29078: * check.c:
29079: fixed a typo
29080: [b14df5680f59]
29081:
29082: * check.c:
29083: no longer assume !HAVE_UTIME_NULL means old BSD utime()
29084: [0aeaf4b2f38b]
29085:
29086: * check.c:
29087: fixed fascist C compiler warning
29088: [c61ddf2f1f93]
29089:
29090: * interfaces.c:
29091: now set strioctl.ic_timout in STRSET() now initialize num_interfaces
29092: to 0 (just to be anal)
29093: [c54cc2ba0052]
29094:
29095: 1995-06-18 Todd C. Miller <Todd.Miller@courtesan.com>
29096:
29097: * sudo.h:
29098: increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
29099: [74cf585a54fb]
29100:
29101: * logging.c:
29102: added tty logging
29103: [e27d8dcfbd78]
29104:
29105: * interfaces.c:
29106: reworked the ISC code
29107: [bcf57ce8ae69]
29108:
29109: * Makefile.in, version.h:
29110: updated version
29111: [032941c9b94d]
29112:
29113: * check.c:
29114: now expect old-style utime(3) if utime() can't take NULL as an arg
29115: [018dd4a73030]
29116:
29117: * configure.in:
29118: added check for utime.h
29119: [0b76e8feb618]
29120:
29121: * config.h.in:
29122: added HAVE_UTIME_H
29123: [62ee42feda46]
29124:
29125: * Makefile.in:
29126: added CPPFLAGS STATIC_FLAGS -> LDFLAGS
29127: [fa3201d294e1]
29128:
29129: * configure.in:
29130: now search for kerb libs and includes
29131: [cc332401e571]
29132:
29133: * check.c:
29134: added support for utime(2)'s that can't take a NULL parameter
29135: [98797fedf69f]
29136:
29137: * utime.c:
29138: moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
29139: [6ce6d825fb44]
29140:
29141: * configure.in:
29142: added utime(s) stuff
29143: [a2afb744403e]
29144:
29145: * check.c:
29146: now use utime()
29147: [48902240a51e]
29148:
29149: * config.h.in:
29150: added HAVE_UTIME and HAVE_UTIME_NULL
29151: [9a56ab65d4f4]
29152:
29153: 1995-06-17 Todd C. Miller <Todd.Miller@courtesan.com>
29154:
29155: * utime.c:
29156: now use HAVE_UTIME_NULL
29157: [e3944de09a92]
29158:
29159: * emul/utime.h, utime.c:
29160: Initial revision
29161: [a2cbf2ef3427]
29162:
29163: * check.c:
29164: need to setuid(0) to make kerb4 stuff work.
29165: [c6cfda4039d7]
29166:
29167: * tgetpass.c:
29168: no more special case for kerberos
29169: [4a5c33145be9]
29170:
29171: * config.h.in:
29172: took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
29173: emulation)
29174: [a607ee43e650]
29175:
29176: * compat.h:
29177: no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
29178: kerberos
29179: [02fb274cc136]
29180:
29181: * check.c:
29182: now use private ticket file for kerberos support to avoid trouncing
29183: on system one
29184: [28d8b6b812c7]
29185:
29186: 1995-06-15 Todd C. Miller <Todd.Miller@courtesan.com>
29187:
29188: * sudo.h:
29189: added SPOOF_ATTEMPT & cmnd_st
29190: [d3b42a1f4d0d]
29191:
29192: * sudo.c:
29193: added anti-spoofing support
29194: [ab1e2aa44a57]
29195:
29196: * parse.c:
29197: now use global cmnd_st
29198: [47018265a1a6]
29199:
29200: * logging.c:
29201: added SPOOF_ATTEMPT suypport
29202: [7bbe9dd2a021]
29203:
29204: * testsudoers.c, visudo.c:
29205: added void casts where appropriate
29206: [f191441ba333]
29207:
29208: * parse.yacc:
29209: fixed up spacing and added void casts where appropriate
29210: [15d886fc809c]
29211:
29212: * sudo.c:
29213: fixed problem with "-p prompt" but no args
29214: [6fc048261a3e]
29215:
29216: 1995-06-14 Todd C. Miller <Todd.Miller@courtesan.com>
29217:
29218: * sudo.man:
29219: added BUGS and annotated -l description
29220: [e5c506de2603]
29221:
29222: * sudo.h:
29223: validate() now takes a flag
29224: [26627becc60a]
29225:
29226: * sudo.c:
29227: validate() now takes a flag added -l
29228: [a4f7bb97fe54]
29229:
29230: * parse.yacc:
29231: added support for -l
29232: [e7a9b10b0ad3]
29233:
29234: * parse.c:
29235: validate() now takes a flag that says whether or not to check the
29236: command
29237: [9e1e67f4e281]
29238:
29239: 1995-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
29240:
29241: * logging.c:
29242: now deals with Argv == 1
29243: [0acb637ab635]
29244:
29245: * sudo.man:
29246: added -p option
29247: [e60382fc0561]
29248:
29249: * sudo.c:
29250: added prompt support reworked parse_args()
29251: [2f605267ed4a]
29252:
29253: * sudo.h:
29254: added prompt
29255: [5ab021bdb419]
29256:
29257: * options.h:
29258: added PASSPROMPT
29259: [614727ff44a2]
29260:
29261: * check.c:
29262: now use BUFSIZ as length of kerb password added kpass so pass is
29263: always a char * now use prompt global when asking for a password
29264: [76be09af784f]
29265:
29266: * tgetpass.c:
29267: now use BUFSIZ as _PASSWD_LEN if using kerberos
29268: [1e907eed312b]
29269:
29270: * OPTIONS:
29271: added PASSPROMPT
29272: [ddb2f405ce40]
29273:
29274: 1995-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
29275:
29276: * configure.in:
29277: only look for -lufc or -lcrypt if crypt() not in libc
29278: [9717d315661f]
29279:
29280: * check.c:
29281: don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
29282: (unknown user) silently fail
29283: [2b48693d4ee9]
29284:
29285: * INSTALL:
29286: added kerb4 note
29287: [986e393f740c]
29288:
29289: * tgetpass.c:
29290: HAVE_KERBEROS -> HAVE_KERB4
29291: [e438bfb5e6aa]
29292:
29293: * check.c:
29294: removed debugging printf
29295: [1cf9f5cbffa5]
29296:
29297: * configure.in:
29298: KERBEROS -> KERB4 added checks for setreuid & setresuid
29299: [01e9945beb1e]
29300:
29301: * config.h.in:
29302: HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
29303: [0e0bb5b8ac3e]
29304:
29305: * compat.h:
29306: added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
29307: with setresuid if applic
29308: [9dae24c47696]
29309:
29310: * check.c:
29311: HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
29312: no setreuid() or a broken one
29313: [1fca642bdb8e]
29314:
29315: 1995-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
29316:
29317: * configure.in:
29318: added kerberos support
29319: [da5639b9b8e7]
29320:
29321: * config.h.in:
29322: added HAVE_KERBEROS
29323: [fcc5be550e65]
29324:
29325: * tgetpass.c:
29326: added KERBEROS support (long passwords)
29327: [303ba6924dd2]
29328:
29329: * check.c:
29330: added kerberos support
29331: [e40afe98fc1d]
29332:
29333: 1995-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
29334:
29335: * sudo.h:
29336: added MODE_BACKGROUND
29337: [9b483c932016]
29338:
29339: * sudo.man:
29340: escaped dashes added -b option
29341: [62e84f1a7714]
29342:
29343: * sudo.c:
29344: added -b option
29345: [7e78aaefeb95]
29346:
29347: * check.c:
29348: added crypt() for osf/1 3.x enhanced secuiry
29349: [e9aa5abdb7d5]
29350:
29351: * configure.in:
29352: now check for -lcrypt
29353: [5cb9c67e9fa2]
29354:
29355: * interfaces.c:
29356: added ENXIO like EADDRNOTAVAIL
29357: [74223bb1ba75]
29358:
29359: 1995-05-08 Todd C. Miller <Todd.Miller@courtesan.com>
29360:
29361: * configure.in:
29362: now emulate getwd(), not getcwd()
29363: [3e5439d9a5f4]
29364:
29365: * sudo.c:
29366: getcwd() -> getwd()
29367: [6392a96a658e]
29368:
29369: * getwd.c:
29370: getcwd -> getwd
29371: [1b0ab9bae11e]
29372:
29373: 1995-05-02 Todd C. Miller <Todd.Miller@courtesan.com>
29374:
29375: * ins_2001.h, ins_classic.h, ins_goons.h:
29376: Initial revision
29377: [86db60d8cf00]
29378:
29379: * insults.h:
29380: broke out insults into separate include files
29381: [0a01993bd38a]
29382:
29383: * OPTIONS, options.h:
29384: added GOONS
29385: [e283203c6515]
29386:
29387: * Makefile.in:
29388: added ins_2001.h ins_classic.h ins_goons.h
29389: [2a39cd6a4cd2]
29390:
29391: * Makefile.in, version.h:
29392: ++version
29393: [05ebf4f5e41a]
29394:
29395: * visudo.c:
29396: moved signal handler setup to setup_signals()
29397: [3dd976c04540]
29398:
29399: * sudo.h:
29400: added load_interfaces()
29401: [af2d473b09e2]
29402:
29403: * sudo.c:
29404: moved load_interfaces to interfaces.c
29405: [5c8c138e5d4c]
29406:
29407: * parse.yacc:
29408: added clearaliases
29409: [aeb4ff301daa]
29410:
29411: * OPTIONS, options.h:
29412: added FAST_MATCH
29413: [f49ea3d1b525]
29414:
29415: * parse.lex:
29416: now uses clearaliases variable
29417: [a2dda415bf61]
29418:
29419: * interfaces.c:
29420: Initial revision
29421: [a1990e3f5c69]
29422:
29423: * Makefile.in:
29424: added interfaces.[co]
29425: [1e8e5984de97]
29426:
29427: * testsudoers.c:
29428: now uses ip addrs and netmasks via load_interfaces()
29429: [54b8f7a6835e]
29430:
29431: * sudo.c:
29432: now remove IFS instead of setting to "sane" value
29433: [ce7eec9f115e]
29434:
29435: 1995-05-01 Todd C. Miller <Todd.Miller@courtesan.com>
29436:
29437: * parse.c:
29438: added FAST_MATCH
29439: [816d4f5fe81a]
29440:
29441: 1995-04-30 Todd C. Miller <Todd.Miller@courtesan.com>
29442:
29443: * Makefile.in:
29444: sudo_goodpath.c-> goodpath.c
29445: [a5072c4e1de2]
29446:
29447: * sudo.c:
29448: added Andy's new ISC changes
29449: [caa6bbee358e]
29450:
29451: 1995-04-14 Todd C. Miller <Todd.Miller@courtesan.com>
29452:
29453: * OPTIONS:
29454: added a sentence to SECURE_PATH info
29455: [cad6e1569d15]
29456:
29457: * BUGS:
29458: added one
29459: [4b35cf699a83]
29460:
29461: * CHANGES:
29462: updated
29463: [5fded9dc62f0]
29464:
29465: * RUNSON:
29466: updated
29467: [33cb993cfd39]
29468:
29469: 1995-04-13 Todd C. Miller <Todd.Miller@courtesan.com>
29470:
29471: * RUNSON:
29472: updated for beta3
29473: [a05dc6a91995]
29474:
29475: * Makefile.in, version.h:
29476: ++version
29477: [54aaf3fadc75]
29478:
29479: * aclocal.m4:
29480: sendmail is now looked for in �/usr/ucblib
29481: [231ac1a4662f]
29482:
29483: * sudo.c:
29484: fixed indentation
29485: [fb137400c8c2]
29486:
29487: * aclocal.m4:
29488: fixed a typo
29489: [e03f1acc468b]
29490:
29491: * sudo.c:
29492: updated ISC mods
29493: [070290d4754b]
29494:
29495: * configure.in:
29496: added unixware case
29497: [e90250bae0d9]
29498:
29499: * check.c:
29500: user_is_exempt is no longer hidden
29501: [1a341765b8af]
29502:
29503: * RUNSON:
29504: updated
29505: [a9c4898b26dd]
29506:
29507: * aclocal.m4:
29508: isc and riscos changes
29509: [98b5d86585d1]
29510:
29511: * OPTIONS:
29512: added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
29513: [e1ecc464ce4b]
29514:
29515: * Makefile.in:
29516: fixed a typo and added testsudoers stuff
29517: [435d60e163dc]
29518:
29519: * testsudoers.c:
29520: Initial revision
29521: [6ce14a448662]
29522:
29523: 1995-04-12 Todd C. Miller <Todd.Miller@courtesan.com>
29524:
29525: * parse.yacc:
29526: applied fixed patch from Chris
29527: [cd6144203d13]
29528:
29529: 1995-04-11 Todd C. Miller <Todd.Miller@courtesan.com>
29530:
29531: * Makefile.in:
29532: fixed a typo
29533: [34f8a54ba041]
29534:
29535: * parse.yacc:
29536: added a set of braces for bison
29537: [f0e43b938914]
29538:
29539: * parse.yacc:
29540: merged in Chris' changes to dekludge the parser.
29541: [82d6e373ab1c]
29542:
29543: * logging.c:
29544: send_mail() was calling find_path() which is wrong since find_path()
29545: stores cmnd in a static var. Anyhow, it doesn't make much sense
29546: since MAILER should always be fully qualified
29547: [6eae6a0b8098]
29548:
29549: 1995-04-10 Todd C. Miller <Todd.Miller@courtesan.com>
29550:
29551: * sample.sudoers:
29552: added User_Alias stuff
29553: [aaba8c8e918d]
29554:
29555: * aclocal.m4:
29556: SUDO_NEXT now looks for /usr/lib/NextStep/software_version
29557: [52bd81f34b32]
29558:
29559: * RUNSON:
29560: added DEC UNIX 3.0 w/ gcc
29561: [7daf570775b5]
29562:
29563: * visudo.c:
29564: Exit was being used in places where exit should be used
29565: [6026a89c07ed]
29566:
29567: * sudoers:
29568: added "User alias specification"
29569: [a487b6e234f8]
29570:
29571: * parse.yacc:
29572: fixed probs caused by making nslots and naliases a size_t
29573: [0be919384f3f]
29574:
29575: * RUNSON:
29576: added KSR, upped rev to 1.3.1b2
29577: [ce04ee6faadf]
29578:
29579: * logging.c, parse.yacc:
29580: 1024 -> BUFSIZ
29581: [cd6dda45fa11]
29582:
29583: * parse.yacc:
29584: void * -> VOID * naliases and nslots are now size_t to appease
29585: lsearch on 64-bit machines
29586: [bf2f807c0dc1]
29587:
29588: 1995-04-09 Todd C. Miller <Todd.Miller@courtesan.com>
29589:
29590: * TODO:
29591: did a bunch of things and added a bunch :-)
29592: [42afd957b829]
29593:
29594: * PORTING:
29595: updated
29596: [972f95c85776]
29597:
29598: * visudo.man:
29599: closer to BSD manpage style
29600: [07ae88f50325]
29601:
29602: * sudo.man:
29603: closer to standard BSD man format
29604: [372c28dcc135]
29605:
29606: * compat.h, config.h.in, emul/search.h, insults.h, options.h,
29607: pathnames.h.in, sudo.h, version.h:
29608: added RCS id
29609: [c0ec90b81002]
29610:
29611: * sudo.h:
29612: removed crufty #defines that are no longer used
29613: [35e2b4b477f0]
29614:
29615: * BUGS:
29616: fixed a bug
29617: [5bb3e1bee85e]
29618:
29619: * sudo.man:
29620: updated based on sudo changes
29621: [e65de1cae438]
29622:
29623: * parse.yacc:
29624: now allow ALL keyword in User_Aliases now allow ALL keyword as well
29625: as a NAME or ALIAS
29626: [1fb31404dd0f]
29627:
29628: * CHANGES:
29629: updated
29630: [b24018ac610b]
29631:
29632: * sudo.c:
29633: now sets SUDO_COMMAND and SUDO_GID envariables.
29634: [e9d791557fb7]
29635:
29636: * aclocal.m4:
29637: fixed bug with full void impl check
29638: [35715301023c]
29639:
29640: * parse.yacc:
29641: fixed User_Alias supoprt
29642: [4c30dfbaaa07]
29643:
29644: * parse.yacc:
29645: added stubs for User_Alias support
29646: [f4afbd247edf]
29647:
29648: * sudo.c:
29649: now sets removes # bogus interfaces from num_interfaces
29650: [6f077fac9ab1]
29651:
29652: * parse.lex:
29653: added User_Alias support
29654: [bc7997e5df85]
29655:
29656: 1995-04-08 Todd C. Miller <Todd.Miller@courtesan.com>
29657:
29658: * Makefile.in:
29659: removed extraneous TODO
29660: [bc87a3b14d6d]
29661:
29662: 1995-04-07 Todd C. Miller <Todd.Miller@courtesan.com>
29663:
29664: * visudo.c:
29665: ntwk_matches -> addr_matches
29666: [475044e288b8]
29667:
29668: * parse.yacc:
29669: ntwk_matches -> addr_matches
29670: [dd1f4093fd2d]
29671:
29672: * parse.c:
29673: ntwk_matches -> addr_matches now use inet_addr() not inet_network()
29674: (which expects octet boundaries) fixes for OSF (sizeof(int) !=
29675: sizeof(long))
29676: [acd2f556940f]
29677:
29678: * sudo.c:
29679: took out debugging info
29680: [044023063eca]
29681:
29682: * aclocal.m4:
29683: OS was being set to unknown before non-uname based host checks.
29684: This caused no checks to happen since $OS was not zero-length.
29685: [335a7267479d]
29686:
29687: * sudo.c:
29688: fixed loading of interfaces struct still has debugging info in
29689: though
29690: [2d1a18998c1e]
29691:
29692: * parse.c:
29693: fixed typo
29694: [175674a3a9fa]
29695:
29696: 1995-04-06 Todd C. Miller <Todd.Miller@courtesan.com>
29697:
29698: * Makefile.in:
29699: ++version
29700: [55d191b5daa3]
29701:
29702: * version.h:
29703: ++
29704: [d7d1f115696a]
29705:
29706: * visudo.c:
29707: removed extraneous extern decl of "top
29708: [50355621047d]
29709:
29710: * visudo.c:
29711: now zeros "top"
29712: [4e683210345b]
29713:
29714: * parse.yacc:
29715: removed parser_cleanup (no need for it now)
29716: [afa59f222b6c]
29717:
29718: * parse.lex:
29719: now calls reset_aliases() directly
29720: [3a23cbd60fc0]
29721:
29722: 1995-04-04 Todd C. Miller <Todd.Miller@courtesan.com>
29723:
29724: * OPTIONS:
29725: added a sentence to SECURE_PATH description
29726: [c5bf75b85af0]
29727:
29728: * parse.c:
29729: fixed my stupid bug where I used NAMLEN on something I wanted to
29730: just get the name from. argh.
29731: [111f460f6540]
29732:
29733: 1995-04-03 Todd C. Miller <Todd.Miller@courtesan.com>
29734:
29735: * lsearch.c:
29736: fixed argument order of memmove() that i hosed when converting from
29737: bcopy(). arghh.
29738: [2f5336045c8b]
29739:
29740: * Makefile.in:
29741: finally fixed DISTFILES line
29742: [a1b419e73a63]
29743:
29744: * Makefile.in:
29745: tabs -> spaces
29746: [280fb03e5764]
29747:
29748: * Makefile.in:
29749: added missing files to DISTFILES
29750: [991fc1cd2263]
29751:
29752: * Makefile.in:
29753: SUPPORTED -> RUNSON
29754: [7580e65b05fb]
29755:
29756: 1995-04-01 Todd C. Miller <Todd.Miller@courtesan.com>
29757:
29758: * TODO:
29759: updated
29760: [fe764a29c1cc]
29761:
29762: * RUNSON:
29763: updated for pl5b1 release
29764: [aefc35bd2291]
29765:
29766: * BUGS, TODO:
29767: updated
29768: [8f0ea249b687]
29769:
29770: * check.c:
29771: fixed bug where if you hit return at first sudo prompt it would
29772: still log as a failure
29773: [24539c854692]
29774:
29775: * CHANGES:
29776: updated
29777: [251cc7b3ede4]
29778:
29779: * aclocal.m4:
29780: better test for bogus void * implementation
29781: [efe23180cb88]
29782:
29783: * logging.c:
29784: added PASSWORDS_NOT_CORRECT
29785: [bd12c73f83f7]
29786:
29787: * check.c:
29788: added PASSWORDS_NOT_CORRECT stuff]
29789: [90de391a979f]
29790:
29791: * sudo.h:
29792: added PASSWORDS_NOT_CORRECT
29793: [727fbeb76fc5]
29794:
29795: * tgetpass.c:
29796: moved pathnames.h
29797: [4f910e5a8df7]
29798:
29799: * sudo.c:
29800: removed some unused vars and fixed up uid2str
29801: [70e92c7f9076]
29802:
29803: * putenv.c:
29804: moved compat.h
29805: [b271091586f6]
29806:
29807: * getcwd.c, getwd.c:
29808: added pathnames.h
29809: [6f25218f133f]
29810:
29811: 1995-03-31 Todd C. Miller <Todd.Miller@courtesan.com>
29812:
29813: * parse.yacc:
29814: fixed a typo I introduced in the last checkin :-(
29815: [62c3af75c4fe]
29816:
29817: * parse.lex:
29818: can't have #ifdef's where N is defined so just do this the broken
29819: way for AIX
29820: [c5648a5594e4]
29821:
29822: * parse.yacc:
29823: better hack from Chris (but still a hack)
29824: [6b6d8aed93f3]
29825:
29826: * parse.lex:
29827: stupid hack for broken aix lex
29828: [efc3f9e5280e]
29829:
29830: * tgetpass.c:
29831: now includes compat.h �
29832: [401822173f77]
29833:
29834: * visudo.c:
29835: now includes fcntl.h
29836: [63865c2f8ac6]
29837:
29838: * compat.h:
29839: added FD_SET and FD_ZERO for 4.2BSD
29840: [00c5597c0bb0]
29841:
29842: * parse.yacc:
29843: dirty hack to fix parser bug. i don't really like this but it works
29844: for now...
29845: [5b8bbdc81569]
29846:
29847: * sudo.c:
29848: uid2str is now static like the prototype says
29849: [f2a97b5cb870]
29850:
29851: 1995-03-30 Todd C. Miller <Todd.Miller@courtesan.com>
29852:
29853: * CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
29854: updated
29855: [6f79c3e92716]
29856:
29857: * RUNSON:
29858: Initial revision
29859: [12a09ef9e884]
29860:
29861: * sudo.c:
29862: check_sudoers now returns an error code and sudo calls inform_user
29863: and log_error based on the return value.
29864: [340eca188d9a]
29865:
29866: * logging.c, sudo.h:
29867: added entries for new errors
29868: [6050d8542e1f]
29869:
29870: * parse.c:
29871: now set uid to that of SUDOERS_OWNER while parsing sudoers file
29872: [3683c42bc9b0]
29873:
29874: * Makefile.in:
29875: took out testsudoers �
29876: [65317d49db48]
29877:
29878: * sudo.c:
29879: now explicately checks that it is setuid root
29880: [2fe1be60ef6a]
29881:
29882: * sudo.c:
29883: If a user has no passwd entry sudo would segv (writing to a garbage
29884: pointer). Now allocate space before writing :-)
29885: [d08e7eb5e5ef]
29886:
29887: * configure.in:
29888: reordered AC_CHECK_FUNCS
29889: [4c82e56c6f4f]
29890:
29891: * config.h.in:
29892: fixed memset macro
29893: [77ede6b714ab]
29894:
29895: * tgetpass.c, visudo.c:
29896: bzero -> memset
29897: [1a005bb322c8]
29898:
29899: * logging.c:
29900: bzero -> memset when a parse error is logged the line number of the
29901: error is now logged too
29902: [a42d68047723]
29903:
29904: * INSTALL:
29905: added Sunos to blurb about c2 security
29906: [af750a1d131e]
29907:
29908: * configure.in:
29909: added a SUN4 define for C2 security
29910: [6ad5b23a3eb0]
29911:
29912: * config.h.in:
29913: bcopy -> memmove bzero -> memset
29914: [5494460c8464]
29915:
29916: * lsearch.c:
29917: bcopy -> memmove char * -> VOID *
29918: [a15f5c316e16]
29919:
29920: * check.c:
29921: added support for sunos with C2 security
29922: [03fea5bb21e6]
29923:
29924: * OPTIONS, options.h:
29925: reordered
29926: [1686265af3e1]
29927:
29928: * pathnames.h.in:
29929: _PATH_SUDO_LOGFILE now set based on configure
29930: [5867b58e4a04]
29931:
29932: * configure.in:
29933: added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
29934: [1984d9fd1b5c]
29935:
29936: * config.h.in:
29937: added _SUDO_PATH_LOGFILE
29938: [dd3eebe62580]
29939:
29940: * aclocal.m4:
29941: added SUDO_LOGFILE to find where to put sudo.log added
29942: SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
29943: SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
29944: [c589a515a99a]
29945:
29946: 1995-03-29 Todd C. Miller <Todd.Miller@courtesan.com>
29947:
29948: * TROUBLESHOOTING:
29949: Initial revision
29950: [f42f1baba3a8]
29951:
29952: * sudo.c:
29953: now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
29954: to work around a problem is trusted hpux shadow passwords. yuck.
29955: [ae1f13b54687]
29956:
29957: * parse.yacc:
29958: backed out a change in malloc/realloc
29959: [ab868db0ad69]
29960:
29961: * parse.yacc:
29962: now include stdlib.h
29963: [957eef0631eb]
29964:
29965: * visudo.c:
29966: now do an freopen() of the stmp file so that yyin will always point
29967: to the same thing. This is important for flex since we are doing a
29968: YY_NEWFILE
29969: [44558922fd3e]
29970:
29971: * parse.yacc:
29972: replaced yywrap() with parser_cleanup() since yywrap() needs to be
29973: in parse.lex to be able to use YY_NEW_FILE. sigh.
29974: [12dd09921074]
29975:
29976: * parse.lex:
29977: now have a rule that matches anything that doesn't match an
29978: explicite rule. well, you know what i mean (. matches anything not
29979: yet matched). However, this means that there is input still queued
29980: up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
29981: into parse.lex and it calls parser_cleanup() which is most of the
29982: old yywrap() sigh.
29983: [7f4042bc48d6]
29984:
29985: * SUPPORTED:
29986: no longer used
29987: [8f220be4da94]
29988:
29989: * getcwd.c, getwd.c:
29990: moved compat.h to be the last include file
29991: [9f3a65e2d485]
29992:
29993: * parse.yacc:
29994: fixed type of aliascmp() args
29995: [1c27eb989bdf]
29996:
29997: * find_path.c:
29998: NULL -> '\0'
29999: [5c8d8cf1692e]
30000:
30001: * parse.yacc:
30002: added casts to lfind and lsearch args for irix
30003: [61027ddeecf8]
30004:
30005: * Makefile.in:
30006: bsdinstall -> install-sh
30007: [61de6612c5a5]
30008:
30009: * INSTALL:
30010: added info about make realclean
30011: [29c6324d727f]
30012:
30013: * Makefile.in:
30014: updated VERSION added dependencies for visudo.cat
30015: [09077d7229d4]
30016:
30017: * version.h:
30018: -> pl5b1
30019: [5d21c7ad1a41]
30020:
30021: * sudo.c:
30022: took out -l
30023: [fc1478d81b38]
30024:
30025: * Makefile.in:
30026: now there is a real visudo.man and visudo.cat
30027: [58aeac43a6dd]
30028:
30029: * sudo.man:
30030: took out visudo stuff
30031: [4a6ac4393343]
30032:
30033: * visudo.man:
30034: Initial revision
30035: [cba348843db8]
30036:
30037: * parse.c, parse.lex, parse.yacc:
30038: updated copyright
30039: [ffa16b70944a]
30040:
30041: * README:
30042: updated for pl5
30043: [a26e423e9e5f]
30044:
30045: * sudo.man:
30046: updated Nieusma & Hieb email addresses
30047: [f0083e71989d]
30048:
30049: * INSTALL:
30050: updated to include options.h and OPTIONS
30051: [ee59e2b76c94]
30052:
30053: * CHANGES, TODO:
30054: updated
30055: [51e011ad5220]
30056:
30057: * BUGS:
30058: eliminated bug #1 (yay)
30059: [e7e88515494e]
30060:
30061: * configure.in:
30062: sunos no longer gets linked statically
30063: [2e5b3ff3108f]
30064:
30065: 1995-03-28 Todd C. Miller <Todd.Miller@courtesan.com>
30066:
30067: * parse.lex:
30068: prototype now uses __P()
30069: [68ecdcab4c70]
30070:
30071: * parse.lex:
30072: make fill() non-ansi
30073: [d6509972260b]
30074:
30075: * parse.c:
30076: made -v (validate) work
30077: [13c9d520638c]
30078:
30079: * logging.c:
30080: now gives host
30081: [f04859cdba5a]
30082:
30083: * find_path.c:
30084: don't check for execute/statable if fq or relative path given
30085: [4bbe851f3973]
30086:
30087: * parse.c:
30088: added a cast
30089: [345c308f72f3]
30090:
30091: * visudo.c:
30092: now include ctype.h for islower and tolower macros
30093: [582c0aa332d5]
30094:
30095: * goodpath.c:
30096: moved _S_IFMT & _S_ISREG to compat.h
30097: [828e4ca4e7b4]
30098:
30099: * sudo.c:
30100: moved a set of parens
30101: [5783474ecf37]
30102:
30103: * strdup.c:
30104: now include compat.h
30105: [75e2036b94af]
30106:
30107: * emul/search.h:
30108: void * -> VOID *
30109: [cedcfaf04161]
30110:
30111: * parse.yacc:
30112: now cast malloc & realloc return vals added search for HAVE_LSEARCH
30113: now use strcmp if no strcasecmp available
30114: [d6a42bc3d4ae]
30115:
30116: * lsearch.c:
30117: void * -> VOID *
30118: [886adc44f607]
30119:
30120: * config.h.in:
30121: removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
30122: HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
30123: [3b50d7fb4349]
30124:
30125: * compat.h:
30126: added _S_IFMT, _S_IFREG, and S_ISREG
30127: [73d506c7d53c]
30128:
30129: * aclocal.m4:
30130: took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
30131: to most SUDO_* macros
30132: [8442155f5936]
30133:
30134: * Makefile.in:
30135: no more -I.
30136: [63462f195bd4]
30137:
30138: * configure.in:
30139: various 1.x ro 2.x autoconf changes now check for strcasecmp now use
30140: AC_INSTALL_PROG instead of custom one added check for fully woorking
30141: void implementation
30142: [5ac6b6e6230f]
30143:
30144: * Makefile.in:
30145: added lsearch & search.h visudo links into $(LIBOBJS)
30146: [bc119cda4598]
30147:
30148: * aclocal.m4:
30149: partial 1.x to 2.x changes added SUDO_FULL_VOID
30150: [1194d01fa5c5]
30151:
30152: * visudo.c:
30153: whatnow_help was prototyped to be static be was not declared as
30154: such
30155: [0f85489dd426]
30156:
30157: * configure.in:
30158: autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
30159: for dirent/dir/ndir.h
30160: [7408f3854948]
30161:
30162: * parse.c:
30163: now use groovy gnu autoconf macro AC_HEADER_DIRENT
30164: [e465db9f5dfa]
30165:
30166: * getcwd.c, getwd.c:
30167: MAXPATHLEN -> MAXPATHLEN+1
30168: [714d87424e21]
30169:
30170: * emul/search.h, lsearch.c:
30171: Initial revision
30172: [55d79482c535]
30173:
30174: 1995-03-27 Todd C. Miller <Todd.Miller@courtesan.com>
30175:
30176: * parse.yacc:
30177: eliminated bison warnings
30178: [61ca0a96da22]
30179:
30180: * parse.lex:
30181: added missing case
30182: [6be0f849747c]
30183:
30184: * visudo.c:
30185: now iincludes signal.h
30186: [221e0fcc144f]
30187:
30188: * parse.yacc:
30189: only clear data structures on a parse error
30190: [7b1c0f1a4527]
30191:
30192: * visudo.c:
30193: whatnow() now gives help on invalid input
30194: [e5a4cd88c587]
30195:
30196: * visudo.c:
30197: added a whatnow() function (sort of like mh)
30198: [932d9b145f1c]
30199:
30200: * parse.yacc:
30201: kill_aliases -> reset_aliases yywrap() now cleans up by calling
30202: reset_aliases() and clearing top took reset stuff out of yyerror()
30203: since it doesn't beling there (and doesn't work anyway). errorlineno
30204: is now initially set to -1 so we can set it to the first error that
30205: occurrs (it was getting set to the last)
30206: [2f71f95a974c]
30207:
30208: * parse.lex:
30209: added a void cast
30210: [18ae6042dce4]
30211:
30212: * visudo.c:
30213: rewrote from scratch based on 4.3BSD vipw.c
30214: [2f6814f18576]
30215:
30216: 1995-03-26 Todd C. Miller <Todd.Miller@courtesan.com>
30217:
30218: * sudo.c, sudo.h:
30219: removed ocmnd
30220: [a31735f41ad4]
30221:
30222: * sudo.h:
30223: no more sudo_realpath() and find_path() changed params
30224: [8e85c3b39159]
30225:
30226: * sudo.c:
30227: find_path() changed since no more realpath()
30228: [b25366c7f2ee]
30229:
30230: * parse.yacc:
30231: on error, errorlineno is set to the line where the error occurred
30232: added kill_aliases() to free the aliases struct now clean up in
30233: yyerror() so we can reparse cleanly
30234: [2342f578c27a]
30235:
30236: * options.h, parse.c:
30237: no more USE_REALPATH
30238: [cfc59babeaff]
30239:
30240: * logging.c:
30241: changed to use new find_path()
30242: [91c7a38e7751]
30243:
30244: * find_path.c:
30245: removed all the realpath() stuff
30246: [cc21a43a8562]
30247:
30248: * Makefile.in:
30249: sudo_realpath.c -> sudo_goodpath.c
30250: [03a9b1ddec2f]
30251:
30252: * visudo.c:
30253: now works correctly with utk parser
30254: [08aa554a0ce8]
30255:
30256: * goodpath.c:
30257: Initial revision
30258: [1ea607e1ffb2]
30259:
30260: * sudo_realpath.c:
30261: eliminated a compiler warning
30262: [198bcccc55b6]
30263:
30264: * sudo.c:
30265: elinated compiler warning
30266: [e2384f9a878b]
30267:
30268: * sudo_realpath.c:
30269: added sudo_goodpath()
30270: [43878c4cc540]
30271:
30272: * sudo.h:
30273: added prototype for sudo_goodpath
30274: [23e8627a2265]
30275:
30276: * parse.c:
30277: added support for /sys/dir.h
30278: [eca897087741]
30279:
30280: * options.h:
30281: USE_REALPATH turned off
30282: [620ac8b63d85]
30283:
30284: * find_path.c:
30285: added calls to sudo_goodpath()
30286: [ad170904fbcd]
30287:
30288: * configure.in:
30289: added check for dirent.h
30290: [7964a8c26855]
30291:
30292: * config.h.in:
30293: added HAVE_DIRENT_H
30294: [1f785fec7e19]
30295:
30296: * configure.in:
30297: added in linux shadow pass stuff �
30298: [e585a5785f50]
30299:
30300: 1995-03-24 Todd C. Miller <Todd.Miller@courtesan.com>
30301:
30302: * visudo.c:
30303: added back host, user, cmnd, parse_error
30304: [0ec19f3d64f4]
30305:
30306: * visudo.c:
30307: added in utk changes plus some minor cosmetic changes
30308: [c5c1921c8a58]
30309:
30310: * sudo.c, sudo_realpath.c:
30311: added void casts for printf's
30312: [9c6ff11c0082]
30313:
30314: * options.h:
30315: added a define of USE_REALPATH
30316: [db3711c9efc5]
30317:
30318: * configure.in:
30319: there is no more visudoers/Makefile
30320: [36e1bc1f78d0]
30321:
30322: * Makefile.in:
30323: added in utk changes (visudo is now built from the toplevel)
30324: [76203d4b345d]
30325:
30326: * find_path.c:
30327: added (void) casts to printf's
30328: [dd5cb1e060ac]
30329:
30330: * parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
30331: merged in utk changes
30332: [35563307fd8e]
30333:
30334: 1995-03-23 Todd C. Miller <Todd.Miller@courtesan.com>
30335:
30336: * find_path.c:
30337: now check to see that what we are trying to run is a file (or a link
30338: to a file, we do a stat(2) so there is no diff)
30339: [05889c4bcace]
30340:
30341: 1995-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
30342:
30343: * CHANGES:
30344: updated
30345: [3e8047bb26fb]
30346:
30347: * Makefile.in:
30348: aclocal.m4 -> acsite.m4 make realclean updated for new autoconf �
30349: [0bdbaa7c4c7d]
30350:
30351: * sudo.man:
30352: added myself as maintainer
30353: [77a9d75aab84]
30354:
30355: 1995-02-17 Todd C. Miller <Todd.Miller@courtesan.com>
30356:
30357: * sudo.c:
30358: changed setegid -> setgid
30359: [7f4788d73b6f]
30360:
30361: 1995-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
30362:
30363: * configure.in:
30364: fixed the test for irix 5.x to skip bad libs
30365: [bfef896de013]
30366:
30367: * aclocal.m4:
30368: now initialize OS and OSREV
30369: [cc302756e440]
30370:
30371: 1995-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
30372:
30373: * configure.in:
30374: irix5 changes
30375: [ac985b23f5f2]
30376:
30377: * configure.in:
30378: AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
30379: compatibility
30380: [0cf8c92a06d7]
30381:
30382: 1995-01-19 Todd C. Miller <Todd.Miller@courtesan.com>
30383:
30384: * visudo.c:
30385: use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
30386: thing wrt yyrestart (grrrr)
30387: [18e8eabfbb82]
30388:
30389: 1995-01-16 Todd C. Miller <Todd.Miller@courtesan.com>
30390:
30391: * Makefile.in:
30392: added visudoers/compat.h to DISTFILES
30393: [db23b574b034]
30394:
30395: * configure.in:
30396: fixed an echo
30397: [7cbc0462b89d]
30398:
30399: * sudo.c:
30400: added ocmnd declaration adjusted for find_path()'s new parameters
30401: [d929cd156474]
30402:
30403: * sudo.h:
30404: added ocmnd extern adjusted find_path() prototype
30405: [e0004daf5d3c]
30406:
30407: * parse.c:
30408: cmndcmp() now takes 3 arguments and checks against the qualified as
30409: well as the unqualified pathname. more code that should use
30410: cmndcmp() but did not, now does
30411: [6f70a8c17bee]
30412:
30413: * options.h:
30414: added to a comment
30415: [7a78680426b2]
30416:
30417: * logging.c:
30418: changed to use new find_path() parameter passing
30419: [840981d30db4]
30420:
30421: * find_path.c:
30422: find_path() now takes 2 copyout parameters (one for the qualified
30423: pathname and one for the unqualified pathname). The third parameter
30424: may be NULL.
30425: [851503b005e9]
30426:
30427: * configure.in:
30428: no longer munge pathnames.h
30429: [427d8796c5a9]
30430:
30431: * pathnames.h.in:
30432: changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
30433: as a result, pathnames.h does not need to be run through configure
30434: and the user can override the configured values easily.
30435: [2e378f2ebe88]
30436:
30437: * config.h.in:
30438: added _SUDO_PATH_* entries
30439: [0857de7cebab]
30440:
30441: * aclocal.m4:
30442: _PATH* -> _SUDO_PATH_*
30443: [7601193f56cc]
30444:
30445: * Makefile.in:
30446: updated DISTFILES and HDRS .o's now depend on config.h
30447: [39d8601965cf]
30448:
30449: 1995-01-13 Todd C. Miller <Todd.Miller@courtesan.com>
30450:
30451: * compat.h:
30452: removed extraneous #endif
30453: [27d4c5f2ce7e]
30454:
30455: * aclocal.m4:
30456: added SUDO_PROG_MV
30457: [76dda3bdd816]
30458:
30459: * configure.in:
30460: added SUDO_PROG_MV added riscos and isc os types took out
30461: -DSHORT_MESSAGE from --with-csops since it is now the default
30462: [68c206ad976e]
30463:
30464: * sudo.c:
30465: move the include of id.h to compat.h now includes options.h
30466: [45a1eaafb3a8]
30467:
30468: * sudo.h:
30469: moved compatibility #defines to compat.h
30470: [0eee27057698]
30471:
30472: * pathnames.h.in:
30473: added _PATH_MV
30474: [e830797ab320]
30475:
30476: * config.h.in:
30477: move __P to compat.h
30478: [188e12e0ba93]
30479:
30480: * getcwd.c, getwd.c, putenv.c:
30481: now includes compat.h
30482: [c72cb6d73981]
30483:
30484: * compat.h:
30485: Initial revision
30486: [d4d2f359ae03]
30487:
30488: 1995-01-12 Todd C. Miller <Todd.Miller@courtesan.com>
30489:
30490: * sudo.h:
30491: pull user-configurable stuff out and put in options.h
30492: [ef929467b070]
30493:
30494: 1995-01-11 Todd C. Miller <Todd.Miller@courtesan.com>
30495:
30496: * parse.lex, parse.yacc, visudo.c:
30497: now includes options.h
30498: [e36d7c82add1]
30499:
30500: * check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
30501: sudo_setenv.c:
30502: now includes options.h
30503: [f186ba03de07]
30504:
30505: * Makefile.in:
30506: added visudoers/options.h
30507: [e5350c476494]
30508:
30509: * OPTIONS, options.h:
30510: Initial revision
30511: [9b6b5001e318]
30512:
30513: * Makefile.in:
30514: added OPTIONS and options.h
30515: [25448341e16a]
30516:
30517: * logging.c:
30518: changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
30519: [5dd6385dd1d3]
30520:
30521: * check.c, sudo.h:
30522: changed PASSWORD_TIMEOUT to minutes
30523: [0ec6aab98738]
30524:
30525: 1994-12-17 Todd C. Miller <Todd.Miller@courtesan.com>
30526:
30527: * visudo.c:
30528: now only do Editor +line_num if line_num != 0
30529: [b69f04b5e3c7]
30530:
30531: 1994-12-16 Todd C. Miller <Todd.Miller@courtesan.com>
30532:
30533: * visudo.c:
30534: now use mv if rename(2) fails
30535: [83210dca1bab]
30536:
30537: * BUGS:
30538: added a visudo bug
30539: [d61a806f9aa7]
30540:
30541: * check.c:
30542: expanded comment
30543: [641f2cba94cb]
30544:
30545: 1994-11-12 Todd C. Miller <Todd.Miller@courtesan.com>
30546:
30547: * check.c:
30548: fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
30549: [7a11135039a8]
30550:
30551: 1994-11-10 Todd C. Miller <Todd.Miller@courtesan.com>
30552:
30553: * sudo.c:
30554: added mips & isc support
30555: [e258dc053119]
30556:
30557: * parse.c:
30558: added support for non-root owned sudoers file
30559: [fea07e65a0fc]
30560:
30561: * check.c:
30562: added exempt group support
30563: [928fb4bd9ad5]
30564:
30565: * sudo.h:
30566: added set_perms() support added SUDOERS_OWNER so can have non-root
30567: own sudoers file added exempt group support added isc support
30568: [61c578d31fc1]
30569:
30570: * visudo.c:
30571: now copy sudoers to temp file via read/write (not stdio) now chown
30572: new sudoers file to SUDOERS_OWNER
30573: [a5176c59df70]
30574:
30575: 1994-11-08 Todd C. Miller <Todd.Miller@courtesan.com>
30576:
30577: * configure.in:
30578: added skey support
30579: [35a8d2fabdb7]
30580:
30581: * sudo_realpath.c:
30582: be_* -> setperms()
30583: [a1631d686e1c]
30584:
30585: * sudo.h:
30586: fixed typo added set_perms support added skey support added
30587: seteuid()/setegid() emulation for AIX
30588: [c0c8d6771406]
30589:
30590: * sudo.c:
30591: be_* -> setperms() now check to make sure sudoers file is owned by
30592: root nread/write by only root
30593: [13ab1e261f1a]
30594:
30595: * logging.c, parse.c:
30596: be_* -> setperms()
30597: [21499d845c8f]
30598:
30599: * check.c:
30600: be_* -> set_perms() added skey support
30601: [df51b56871c1]
30602:
30603: 1994-11-06 Todd C. Miller <Todd.Miller@courtesan.com>
30604:
30605: * Makefile.in:
30606: ++version
30607: [3c1abbe4e43c]
30608:
30609: * version.h:
30610: ++
30611: [1d2f9b540a95]
30612:
30613: 1994-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
30614:
30615: * sudo.c:
30616: now sets IFS
30617: [eabbb41b9f08]
30618:
30619: * insults.h:
30620: fixed typo
30621: [c7997f19216e]
30622:
30623: 1994-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
30624:
30625: * config.h.in:
30626: added HAVE_SKEY
30627: [da948ec4186b]
30628:
30629: 1994-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
30630:
30631: * CHANGES:
30632: updated
30633: [f4b55ab007ea]
30634:
30635: * Makefile.in:
30636: ++version
30637: [0489068b8c95]
30638:
30639: * version.h:
30640: ++
30641: [d189faedf423]
30642:
30643: * sudo.c:
30644: now bail if ARgv[1] > MAXPATHLEN
30645: [0cea8ecc9dc2]
30646:
30647: * configure.in:
30648: added function check for tcgetattr(3)
30649: [e03289b22c2f]
30650:
30651: * config.h.in:
30652: only define HAVE_TERMIOS_H if you have tcgetattr(3)
30653: [757eab83d1a2]
30654:
30655: * config.h.in:
30656: added check for tcgetattr
30657: [c5ae92715930]
30658:
30659: 1994-09-26 Todd C. Miller <Todd.Miller@courtesan.com>
30660:
30661: * CHANGES:
30662: updated
30663: [cbc419883108]
30664:
30665: 1994-09-22 Todd C. Miller <Todd.Miller@courtesan.com>
30666:
30667: * parse.lex:
30668: now only include unistd.h for linux
30669: [e9adeab95ef0]
30670:
30671: 1994-09-21 Todd C. Miller <Todd.Miller@courtesan.com>
30672:
30673: * Makefile.in:
30674: added visudo.8 generation
30675: [d6a3f0f887f8]
30676:
30677: * configure.in:
30678: added -Wl,-bI:./aixcrypt.exp to aix flags
30679: [72594a21edcf]
30680:
30681: 1994-09-20 Todd C. Miller <Todd.Miller@courtesan.com>
30682:
30683: * BUGS:
30684: added one
30685: [9993a349e096]
30686:
30687: * CHANGES:
30688: updated
30689: [297b31ec4cdd]
30690:
30691: * README:
30692: added mailing list info
30693: [10372f94a2b2]
30694:
30695: * parse.yacc:
30696: now use sudolineno instead of yylineno fixed bison warnings
30697: [25a83e62057b]
30698:
30699: * configure.in:
30700: now use -no_library_replacement for osf don't make a static binary
30701: for hpux >= 9.0
30702: [1fa7b892f1a3]
30703:
30704: * tgetpass.c:
30705: added string.h/strings.h inclusion
30706: [71faa98fc0a1]
30707:
30708: * config.h.in:
30709: added ssize_t def
30710: [406284bd1ac0]
30711:
30712: * parse.lex:
30713: added inclusion of string.h/strings.h
30714: [6985b1df5d09]
30715:
30716: * aclocal.m4:
30717: fixed uname | sed (needed to quote the '[')
30718: [4cd2d3415c1a]
30719:
30720: * parse.lex:
30721: replaced yylineno with sudolineno fixed bison syntax errors
30722: [0bd31a5fab26]
30723:
30724: * visudo.c:
30725: changed yylineno to sudolineno since yylineno cannot be counted
30726: upon.
30727: [38c30104d0ae]
30728:
30729: * TODO:
30730: updated
30731: [5d4746f1a752]
30732:
30733: * parse.c:
30734: added code to support command listings
30735: [030172e133fd]
30736:
30737: * sudo.c:
30738: added code for -l flag
30739: [801dbbc82778]
30740:
30741: * sudo.man:
30742: fixed typo added info for -l flag
30743: [8916ca945d65]
30744:
30745: * configure.in:
30746: AC_SSIZE_T -> SUDO_SSIZE_T
30747: [c61f7f47013f]
30748:
30749: * aclocal.m4:
30750: added SUDO_SSIZE_T
30751: [0ccdb77be84d]
30752:
30753: * sudo.h:
30754: added MODE_LIST
30755: [9b2bd844c76c]
30756:
30757: * configure.in:
30758: added AC_SSIZE_T
30759: [35cca208f9b5]
30760:
30761: * find_path.c, sudo_realpath.c:
30762: readlink() is now declared as returning ssize~_t
30763: [0640a08d1407]
30764:
30765: * configure.in:
30766: added -laud for OSF c2
30767: [b7539c905efc]
30768:
30769: 1994-09-02 Todd C. Miller <Todd.Miller@courtesan.com>
30770:
30771: * Makefile.in, visudo.c:
30772: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
30773: [067fd9bcb5e1]
30774:
30775: * config.h.in, parse.lex, parse.yacc, pathnames.h.in:
30776: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
30777: [fc46e7c7110a]
30778:
30779: * check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
30780: parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
30781: sudo_setenv.c, tgetpass.c, version.h:
30782: changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
30783: [d1d4fbc53a98]
30784:
30785: 1994-09-01 Todd C. Miller <Todd.Miller@courtesan.com>
30786:
30787: * Makefile.in:
30788: ++version
30789: [b7066d97633f]
30790:
30791: * version.h:
30792: ++
30793: [65ec69d88110]
30794:
30795: * logging.c:
30796: added host to alertmail messages
30797: [d973c19ce777]
30798:
30799: * CHANGES, TODO:
30800: udpated
30801: [5a65eb16faeb]
30802:
30803: * logging.c:
30804: fixed logging problem where mail would not say which user it was
30805: [35723edcc5d2]
30806:
30807: * configure.in:
30808: added -laud for gcc if osf & c2
30809: [18f1e0ae5548]
30810:
30811: * check.c:
30812: moved set_auth_parameters to sudo.c
30813: [d23112fe01db]
30814:
30815: * sudo.c:
30816: added set_auth_parameters for osf
30817: [eb70f65214ac]
30818:
30819: * configure.in:
30820: cleaned up -static stuff
30821: [01e9575f0422]
30822:
30823: * Makefile.in:
30824: ++version
30825: [7ac3bff5c770]
30826:
30827: * version.h:
30828: ++
30829: [10a4ff478469]
30830:
30831: * sudo.c:
30832: changed setenv() to sudo_setenv()
30833: [40a78abb9946]
30834:
30835: * check.c:
30836: fixed osf problem
30837: [3d69b118efb8]
30838:
30839: * configure.in:
30840: added OSF C2 stuff
30841: [38cff3ad4093]
30842:
30843: * CHANGES:
30844: updated
30845: [cd341dd0581a]
30846:
30847: * check.c:
30848: added osf auth support & removed some extra spaces
30849: [a448cdd81514]
30850:
30851: * INSTALL, SUPPORTED:
30852: added osf C2 stuff
30853: [f70484796146]
30854:
30855: 1994-08-31 Todd C. Miller <Todd.Miller@courtesan.com>
30856:
30857: * TODO:
30858: added 2 suggestions
30859: [695fbdbd86e6]
30860:
30861: * Makefile.in:
30862: removed README.v1.3.1 and added VERSION stuff
30863: [f69403eb04c6]
30864:
30865: * version.h:
30866: pl1
30867: [21580c0f8cb1]
30868:
30869: 1994-08-30 Todd C. Miller <Todd.Miller@courtesan.com>
30870:
30871: * version.h:
30872: 1.3.1final
30873: [630114970298]
30874:
30875: * Makefile.in:
30876: added HISTORY
30877: [901bff251614]
30878:
30879: * sudo.man:
30880: mention HISTPRY file
30881: [86dbcfd4326e]
30882:
30883: * sudo.c:
30884: use sizeof instead of a constant in 1 place
30885: [d819604c68ca]
30886:
30887: * parse.yacc:
30888: added unistd.h
30889: [6f9500f9fe7e]
30890:
30891: * parse.lex:
30892: added unistd.h
30893: [468b81a276eb]
30894:
30895: * README:
30896: udpated
30897: [7e275618923a]
30898:
30899: * HISTORY:
30900: Initial revision
30901: [5db1b0a3939b]
30902:
30903: 1994-08-17 Todd C. Miller <Todd.Miller@courtesan.com>
30904:
30905: * version.h:
30906: ++
30907: [7dfbb4a810bb] [SUDO_1_3_1]
30908:
30909: * CHANGES:
30910: updated
30911: [7820ee610bf8]
30912:
30913: * sudo_setenv.c:
30914: added unistd.h include
30915: [30cf2b654525]
30916:
30917: 1994-08-16 Todd C. Miller <Todd.Miller@courtesan.com>
30918:
30919: * sudo.c:
30920: added sys/time.h for AIX
30921: [199fc8caf3a3]
30922:
30923: 1994-08-15 Todd C. Miller <Todd.Miller@courtesan.com>
30924:
30925: * configure.in:
30926: added check for -lsocket and sys/sockio.h
30927: [f9abfbb31031]
30928:
30929: * config.h.in:
30930: took out libshadow check and added in sys/sockio.h check
30931: [0c4b0393ac80]
30932:
30933: * sudo.c:
30934: now include sockio.h instead of ioctl.h if it exists "sudo -" now
30935: gets a better error message
30936: [53041bea5483]
30937:
30938: * sample.sudoers:
30939: now has a dir and subnet entry
30940: [56b820f65438]
30941:
30942: 1994-08-13 Todd C. Miller <Todd.Miller@courtesan.com>
30943:
30944: * sudo.c:
30945: removed if_ether.h
30946: [b4f64507493e]
30947:
30948: * TODO:
30949: added an item
30950: [ea2a1bb6922a]
30951:
30952: * sudo.man:
30953: added network and ip addresses to man page
30954: [01c85016511f]
30955:
30956: * sudo.c:
30957: no error if can't get interfaces or netmask since networking may not
30958: be in the kernel.
30959: [50b8890e2134]
30960:
30961: * parse.c:
30962: nwo check for interfaces == NULL
30963: [dc1b3eef0db2]
30964:
30965: * parse.c:
30966: fixed a bug that caused directory specs in a Cmnd_Alias to fail if
30967: the last entry in the spec failed (ie: it was only looking at the
30968: last entry). CLeaned things up by adding the cmndcmp() function--all
30969: neat & tidy
30970: [007e93578e5e]
30971:
30972: * CHANGES:
30973: added one
30974: [40e8a2cef497]
30975:
30976: 1994-08-12 Todd C. Miller <Todd.Miller@courtesan.com>
30977:
30978: * sudo.c:
30979: now do two passes to skip bogus interfaces (lo0, etc)
30980: [465e30aecaf7]
30981:
30982: * parse.lex, parse.yacc, visudo.c:
30983: added include of netinet/in.h
30984: [11e3816ed362]
30985:
30986: * logging.c, sudo_realpath.c, sudo_setenv.c:
30987: added ninclude of netinet/in.h
30988: [daccfa40fe1e]
30989:
30990: * check.c, find_path.c, getcwd.c, getwd.c:
30991: added include of netinet/in.h
30992: [0222f95e06ad]
30993:
30994: * version.h:
30995: ++
30996: [d6b0cfa35a38]
30997:
30998: * sudo.h:
30999: added interfaces global
31000: [ba52fa8ad75e]
31001:
31002: * parse.c:
31003: now uses new interfaces global
31004: [17473ad5ecba]
31005:
31006: * sudo.c:
31007: now ip addresses are gleaned fw/o dns
31008: [8828bb2007e0]
31009:
31010: 1994-08-10 Todd C. Miller <Todd.Miller@courtesan.com>
31011:
31012: * sudo.c:
31013: added load_ip_addrs() to load the ip_addrs global var
31014: [60c825f04238]
31015:
31016: * parse.c:
31017: added hostcmp() to compare hostnames, ip addrs, and network addrs
31018: [ab0e40e37537]
31019:
31020: * sudo.h:
31021: added ip_addrs def added load_ip_addrs prototype
31022: [c41c565d0777]
31023:
31024: 1994-08-08 Todd C. Miller <Todd.Miller@courtesan.com>
31025:
31026: * CHANGES:
31027: updated
31028: [2a128dbe9bcb]
31029:
31030: * Makefile.in:
31031: removed multiple entries in DISTFILES
31032: [2490f4f371e6]
31033:
31034: * visudo.c:
31035: ansified the !STDC_HEADERS decls
31036: [646ba06d17ae]
31037:
31038: * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
31039: don't do malloc decl if gnuc
31040: [f1bad1925f98]
31041:
31042: * sudo.c:
31043: can't use getopt(3) since it munges args to the command to be run as
31044: root don't do malloc decl if gnuc
31045: [38e78f6da14e]
31046:
31047: * find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
31048: sudo_realpath.c, sudo_setenv.c:
31049: ansi-fied !STDC_HEADER function prottypes
31050: [51d8cad89976]
31051:
31052: * getcwd.c, getwd.c:
31053: added missing paren
31054: [6a1fae70e27e]
31055:
31056: * Makefile.in:
31057: added putenv.c to DISTFILES
31058: [a5e4523eabbb]
31059:
31060: * sudo_setenv.c:
31061: added params to func decls when STDC_HEADERS is not defined now can
31062: count on putenv() being there
31063: [fd587796189b]
31064:
31065: * sudo_realpath.c:
31066: took out errno decl since sudo.h does it for us fixed up a next cc
31067: warning added params to func decls when STDC_HEADERS is not defined
31068: [70fa5152ace6]
31069:
31070: * sudo.h:
31071: took out environ extern added local declaratio of putenv() if local
31072: version is needed
31073: [a84bae6c020d]
31074:
31075: * find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
31076: added params to func decls when STDC_HEADERS is not defined
31077: [f406f0e47ac0]
31078:
31079: * config.h.in:
31080: added memcpy check check to see that ansi vs bsd macros are ntot
31081: already defiend before defining (ie: avoid redefinition)
31082: [879ae026e19f]
31083:
31084: * configure.in:
31085: removed fluff setenv check plus check w/ replace for putenv if also
31086: no setenv
31087: [e3c03814ad4b]
31088:
31089: * putenv.c:
31090: Initial revision
31091: [3cff63e2dc1b]
31092:
31093: 1994-08-06 Todd C. Miller <Todd.Miller@courtesan.com>
31094:
31095: * sudo_setenv.c:
31096: Initial revision
31097: [4d637631fa6b]
31098:
31099: * sudo.h:
31100: rm'd s realp[ath added sudo_realpath and sudo_setenv
31101: [07ba001ff57e]
31102:
31103: * sudo.c:
31104: now use sudo_setenvc
31105: [fd81e04d5ef0]
31106:
31107: * configure.in:
31108: added puteenv and setenv, removed realpath
31109: [27bfacfb513b]
31110:
31111: * config.h.in:
31112: added putenv & setenv
31113: [515f14eaf6e4]
31114:
31115: * Makefile.in:
31116: added sudo_setenv
31117: [217731a717c5]
31118:
31119: * version.h:
31120: ++
31121: [eadb346d7129]
31122:
31123: 1994-08-05 Todd C. Miller <Todd.Miller@courtesan.com>
31124:
31125: * configure.in:
31126: added MAN_POSTINSTALL and /usr/share/catman for irix
31127: [2a9496c1bdba]
31128:
31129: * Makefile.in:
31130: added MAN_POSTINSTALL
31131: [89b0d4695529]
31132:
31133: * CHANGES:
31134: added
31135: [48c021ba8a70]
31136:
31137: * sudo.man:
31138: added SUDO_* plus new options
31139: [c0759cff5683]
31140:
31141: * CHANGES:
31142: added one
31143: [7d44a3922d56]
31144:
31145: * configure.in:
31146: took out shadow lib
31147: [07cf3de18701]
31148:
31149: * TODO:
31150: adde done
31151: [a27a578e8afe]
31152:
31153: * visudo.c:
31154: now use yyrestart() if flex now reset yylineno to 0
31155: [77d67ce0b677]
31156:
31157: * Makefile.in:
31158: support for installing a cat page instead of a man page if no nroff
31159: [44671c0fc0fa]
31160:
31161: * configure.in:
31162: now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
31163: to determine whether or not to install a cat or man page
31164: [0562d069c135]
31165:
31166: * config.h.in:
31167: added HAVE_FLEX
31168: [c5490bae39d3]
31169:
31170: * sudo.c:
31171: not set ret to MODE_RUN initially
31172: [88b4983c195b]
31173:
31174: * find_path.c:
31175: made command (and therefor cmnd dynamically allocated)
31176: [95b82e32b6de]
31177:
31178: * TODO:
31179: did #8
31180: [fb6f41308cdf]
31181:
31182: * version.h:
31183: ++
31184: [14112ecab5ae]
31185:
31186: * sudo_realpath.c:
31187: changed bufs from MAXPATHLEN to MAXPATHLEN+1
31188: [0ad4f34e55c0]
31189:
31190: * sudo.h:
31191: added MODE_ removed validate_only and added remove_timestamp()
31192: [dd5f99c57728]
31193:
31194: * sudo.c:
31195: usage() now takes an int (exit value) added parse_args() to parse
31196: command line arguments moved call to find_path() from load_globals
31197: to new function load_cmnd() removed validate_only global -- now use
31198: the concept of "modes" added -h and -k options
31199: [c3887090b28a]
31200:
31201: * parse.c:
31202: no longer use global validate_only now checks for command called
31203: "validate" removed check for non-fully qualified commands since that
31204: is done by find_path
31205: [7d56fbd26369]
31206:
31207: * find_path.c:
31208: changed MAXPATHLEN r to MAXPATHLEN+1
31209: [a86e8664d971]
31210:
31211: * find_path.c:
31212: fixed off by one error with MAXPATHLEN and fixed a comment
31213: [58adcef8c981]
31214:
31215: * check.c:
31216: check_timestamp no longer runs reminder(), it is implied in the
31217: return val added remove_timestamp()
31218: [42ab5a77066f]
31219:
31220: * CHANGES:
31221: updated
31222: [8e69b31df024]
31223:
31224: 1994-08-04 Todd C. Miller <Todd.Miller@courtesan.com>
31225:
31226: * BUGS:
31227: fixed on
31228: [bc34f1ac4280]
31229:
31230: * sudo_realpath.c:
31231: took out old_errno
31232: [a168d00a0768]
31233:
31234: * CHANGES:
31235: updated
31236: [04ba80922df7]
31237:
31238: 1994-08-03 Todd C. Miller <Todd.Miller@courtesan.com>
31239:
31240: * logging.c:
31241: moved send_mail to after syslog
31242: [4d4188087834]
31243:
31244: * sudo.c:
31245: now set SUDO_ envariables
31246: [e5963f1bd3bb]
31247:
31248: 1994-08-01 Todd C. Miller <Todd.Miller@courtesan.com>
31249:
31250: * version.h:
31251: ++
31252: [2a4534845d8c]
31253:
31254: * sudo_realpath.c:
31255: now print error if chdir fails
31256: [0d75c8973d49]
31257:
31258: * find_path.c:
31259: removed an XXX
31260: [e2077bcb35aa]
31261:
31262: 1994-07-26 Todd C. Miller <Todd.Miller@courtesan.com>
31263:
31264: * CHANGES:
31265: updated
31266: [e30a2b39b41a]
31267:
31268: * configure.in:
31269: no more static binaries for aix
31270: [77a0beb6bd80]
31271:
31272: 1994-07-25 Todd C. Miller <Todd.Miller@courtesan.com>
31273:
31274: * INSTALL:
31275: fixed typo
31276: [ba5e0d391bc4]
31277:
31278: * sudo_realpath.c:
31279: took out stuff not needed for sudo now does be_root/be_user itself
31280: now uses cwd global
31281: [4f6d4641d793]
31282:
31283: * version.h:
31284: +=2
31285: [97da927b297c]
31286:
31287: * logging.c, sudo.c:
31288: be_root/be_user is now down in sudo_realpath()
31289: [f331662fa50f]
31290:
31291: * logging.c, sudo.h:
31292: now works with 4.2BSD syslog (blech)
31293: [98e39d89dd36]
31294:
31295: * find_path.c:
31296: now use sudo_realpath()
31297: [ab436a8ebd02]
31298:
31299: * config.h.in:
31300: took out realpth() stuff since we now use sudo_realpath()
31301: [8de5ef9f6044]
31302:
31303: * configure.in:
31304: ultrix enhanced sec
31305: [815fb7fffcc0]
31306:
31307: * SUPPORTED:
31308: added ultrix enhanced sec.
31309: [6466766c8062]
31310:
31311: * INSTALL:
31312: updated
31313: [d681a634297a]
31314:
31315: * check.c:
31316: ultrix enhanced security suport
31317: [f10c8decbcc2]
31318:
31319: * Makefile.in:
31320: added sudo_realpath.c
31321: [6b9bcd3be022]
31322:
31323: * CHANGES:
31324: updated
31325: [2fa8084c1b53]
31326:
31327: * tgetpass.c:
31328: increased passwd len to 24 for c2 security
31329: [ec64838be62d]
31330:
31331: * BUGS:
31332: updated BUGS
31333: [ca00d8fec2ce]
31334:
31335: 1994-07-15 Todd C. Miller <Todd.Miller@courtesan.com>
31336:
31337: * check.c:
31338: now use user global var
31339: [568769719013]
31340:
31341: * configure.in:
31342: took out -ls
31343: [490a44180d5f]
31344:
31345: 1994-07-14 Todd C. Miller <Todd.Miller@courtesan.com>
31346:
31347: * configure.in:
31348: added AFS libs
31349: [4fb40c8c01ba]
31350:
31351: * sudo.h:
31352: user is now a char * added epasswd
31353: [27a919fafdfb]
31354:
31355: * sudo.c:
31356: added tzset() to load_globals added epasswd (encrypted password)
31357: global made user dynamically allocated
31358: [b99ef9bdbfce]
31359:
31360: * configure.in:
31361: added tzset test
31362: [27592dd1214b]
31363:
31364: * config.h.in:
31365: added HAVE_TZSET
31366: [b13f4213f3d0]
31367:
31368: * check.c:
31369: cleaned up encrypted passwd grab somewhat
31370: [c8ba9a4db38a]
31371:
31372: * configure.in:
31373: fixed AFS typo
31374: [2bfcbce237b6]
31375:
31376: * INSTALL:
31377: added AFS not
31378: [80c67329393c]
31379:
31380: * CHANGES:
31381: udpated
31382: [2f09ecdd5d31]
31383:
31384: * logging.c:
31385: can now log to both syslog & a file
31386: [4d5c0932bc01]
31387:
31388: * sudo.h:
31389: added BOTH_LOGS
31390: [623c539be824]
31391:
31392: * CHANGES:
31393: updated
31394: [a1c7f5ef3616]
31395:
31396: * configure.in:
31397: --with-AFS
31398: [28718d8f5daf]
31399:
31400: * config.h.in:
31401: added HAVE_AFS
31402: [2e32bb4e63e4]
31403:
31404: * check.c:
31405: added afs changes
31406: [fe4d0ff320a2]
31407:
31408: * sudo.h:
31409: removed AFS stuff :-)
31410: [a40387e6fa27]
31411:
31412: * tgetpass.c:
31413: include sys/select for AIX
31414: [f32c5a8f2c84]
31415:
31416: * sudo.h:
31417: added AFS
31418: [da2ab3dd0348]
31419:
31420: * version.h:
31421: ++
31422: [452d4dfe25af]
31423:
31424: 1994-07-07 Todd C. Miller <Todd.Miller@courtesan.com>
31425:
31426: * CHANGES, SUPPORTED:
31427: updated
31428: [e7dfe6f23a37]
31429:
31430: * logging.c:
31431: can now have MAILER undefined
31432: [1d33b98b35e1]
31433:
31434: * INSTALL:
31435: new sub-note about MAILER
31436: [d35c636a0574]
31437:
31438: * sudo.man:
31439: added blurb about password timeout
31440: [70c2ee50de20]
31441:
31442: * configure.in:
31443: convex c2 changes
31444: [367138a6232e]
31445:
31446: * aclocal.m4:
31447: took out duplicate define of _CONVEX_SOURCE
31448: [647182138450]
31449:
31450: * Makefile.in:
31451: added OSDEFS
31452: [7fdcd50602d1]
31453:
31454: * config.h.in:
31455: added spaces
31456: [f2b8a05e48f3]
31457:
31458: * tgetpass.c:
31459: added a goto if fgets fails
31460: [68a6586d9c45]
31461:
31462: * sudo.h:
31463: use __hpux not hpux convex c2 stuff
31464: [5c377a8d5f34]
31465:
31466: * sudo.c:
31467: use __hpux not hpux
31468: [9363bc0f9f9e]
31469:
31470: * logging.c:
31471: convex c2 stuff
31472: [ea5630975ac4]
31473:
31474: * config.h.in:
31475: define ansi-ish cpp os defines if non-ansi are defined for hpux &
31476: convex
31477: [664f53a5e786]
31478:
31479: * INSTALL:
31480: updated to say we support sonvex C2
31481: [5f2f8b87013e]
31482:
31483: * check.c:
31484: added convex c2 support
31485: [9a665d4918fa]
31486:
31487: 1994-07-01 Todd C. Miller <Todd.Miller@courtesan.com>
31488:
31489: * tgetpass.c:
31490: no more ioctl never returns NULL uses fgets() and select() to
31491: timeout
31492: [b333e6d63e97]
31493:
31494: 1994-06-29 Todd C. Miller <Todd.Miller@courtesan.com>
31495:
31496: * configure.in:
31497: things were testing -n "$GCC" instead of -z "$GCC"
31498: [059a9b15ede2]
31499:
31500: * tgetpass.c:
31501: now works + uses fgets()
31502: [353d7ebcb7bb]
31503:
31504: 1994-06-28 Todd C. Miller <Todd.Miller@courtesan.com>
31505:
31506: * tgetpass.c:
31507: select doesn't seem to recognize a single '\n' as input waiting so
31508: we can;t use it, sigh.
31509: [f76e3218b835]
31510:
31511: 1994-06-26 Todd C. Miller <Todd.Miller@courtesan.com>
31512:
31513: * PORTING:
31514: updated tgetpass() blurb
31515: [95baac736b49]
31516:
31517: * configure.in:
31518: added --with-getpass
31519: [42ac0bdf58ed]
31520:
31521: * Makefile.in:
31522: added tgetpass stuff
31523: [e2b38c635663]
31524:
31525: * tgetpass.c:
31526: now uses stdio
31527: [36af8ff66e35]
31528:
31529: * version.h:
31530: ++
31531: [4e81c9db19bd]
31532:
31533: 1994-06-24 Todd C. Miller <Todd.Miller@courtesan.com>
31534:
31535: * PORTING:
31536: updated ,.
31537: [54f523770a05]
31538:
31539: * config.h.in:
31540: added USE_GETPASS && HAVE_C2_SECURITY
31541: [86b355cb2953]
31542:
31543: * configure.in:
31544: fixed a test aded --with-C2 and --with-tgetpass
31545: [abf6181588ef]
31546:
31547: * check.c:
31548: added hpux C2 shit
31549: [20d4177ffa88]
31550:
31551: * Makefile.in:
31552: took out tgetpass.*
31553: [cc82fd9984b4]
31554:
31555: * INSTALL:
31556: added C2 blurb
31557: [1d2bfc35e4b6]
31558:
31559: 1994-06-13 Todd C. Miller <Todd.Miller@courtesan.com>
31560:
31561: * configure.in:
31562: no termio(s) for ultrix since it is broken
31563: [d3e82e835350]
31564:
31565: * check.c:
31566: added a space (yeah, anal)
31567: [05e4b31ca68c]
31568:
31569: * realpath.c, sudo_realpath.c:
31570: fixed it (duh, rtfm)
31571: [f13097cb8cb6]
31572:
31573: 1994-06-08 Todd C. Miller <Todd.Miller@courtesan.com>
31574:
31575: * config.h.in:
31576: took out bsd signal stuff for irix
31577: [e179cdafc97a]
31578:
31579: * visudo.c:
31580: comments in #endif
31581: [e3a629190f5e]
31582:
31583: * configure.in:
31584: don't define BSD signals for irix
31585: [3ce57bffb7f0]
31586:
31587: * TODO:
31588: did some...
31589: [274241cd0f74]
31590:
31591: * CHANGES:
31592: updated
31593: [8f29fc755faf]
31594:
31595: * realpath.c, sudo_realpath.c:
31596: took out unneeded code by changing where a strings was terminated
31597: [b5564d62d30e]
31598:
31599: 1994-06-07 Todd C. Miller <Todd.Miller@courtesan.com>
31600:
31601: * realpath.c, sudo_realpath.c:
31602: fix bug where /dirname would return NULL
31603: [b85f470daf26]
31604:
31605: * sudo.h:
31606: move __P to config.h
31607: [7763c0ff3f28]
31608:
31609: * getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
31610: added errno definition
31611: [4cc9d2d9782a]
31612:
31613: * config.h.in:
31614: added __P
31615: [ca06f5aa58f3]
31616:
31617: * config.h.in:
31618: added HAVE_FCHDIR
31619: [206d714641e0]
31620:
31621: * strdup.c:
31622: now include stdio
31623: [0d8458da0e1d]
31624:
31625: * realpath.c, sudo_realpath.c:
31626: now works if no fchdir
31627: [e035911b6722]
31628:
31629: * visudo.c:
31630: define SA_RESETHAND to null if not defined
31631: [afec03e84342]
31632:
31633: * configure.in:
31634: added check & replace
31635: [c1a65481441c]
31636:
31637: * configure.in:
31638: took out -static for nextstep -- it doesn't work
31639: [fa1a1a611743]
31640:
31641: 1994-06-06 Todd C. Miller <Todd.Miller@courtesan.com>
31642:
31643: * logging.c:
31644: moved #endif to where it belongs
31645: [07d3a8972097]
31646:
31647: * SUPPORTED:
31648: correction
31649: [0c1ecba3e5a3]
31650:
31651: * configure.in:
31652: now checks for strdup realpath getcwd bzero
31653: [f029a1917515]
31654:
31655: * config.h.in:
31656: emulate bzero
31657: [d792352e44a3]
31658:
31659: * visudo.c:
31660: added posic signals
31661: [2ed0005f90fc]
31662:
31663: * tgetpass.c:
31664: bzero cast
31665: [6d91b1a1526f]
31666:
31667: * logging.c:
31668: added posix signals
31669: [67ede9c22a05]
31670:
31671: * configure.in:
31672: removed BROKEN_GETPASS added new srcs toreplace missing functions
31673: [cf44274bb1c8]
31674:
31675: * config.h.in:
31676: added posix signal stuff
31677: [a3c1c98fe8ef]
31678:
31679: * Makefile.in:
31680: added new srcs
31681: [b6a079afee47]
31682:
31683: * visudo.c:
31684: updated useag
31685: [589ed091c44f]
31686:
31687: * tgetpass.c:
31688: now uses posix signals
31689: [30f74964074f]
31690:
31691: * PORTING:
31692: updated sto reflect major changes
31693: [bcfc309e017b]
31694:
31695: * CHANGES, TODO:
31696: updated
31697: [23aacbd54278]
31698:
31699: * tgetpass.c:
31700: uses sysconf() if available
31701: [a27431c90bab]
31702:
31703: * sudo.h:
31704: added PASSWORD_TIMEOUT + prototypes for new functions
31705: [d7473c2f77c4]
31706:
31707: * realpath.c, sudo_realpath.c:
31708: for those w/o this in libc
31709: [1e47aa7a9d46]
31710:
31711: * getcwd.c, getwd.c:
31712: Initial revision
31713: [c90dea57a84f]
31714:
31715: * find_path.c:
31716: rewrote to use realpath(3) - nis now all my code
31717: [d2c3bb8fb37d]
31718:
31719: * config.h.in:
31720: added HAVE_REALPATH
31721: [02c10352a8c7]
31722:
31723: * check.c:
31724: now use tgetpass
31725: [b5c021fc179f]
31726:
31727: * Makefile.in:
31728: added LIBOBJS use tgetpass.c
31729: [230a7b3eeaa3]
31730:
31731: 1994-06-05 Todd C. Miller <Todd.Miller@courtesan.com>
31732:
31733: * tgetpass.c:
31734: works now :-)
31735: [025e7a3875ba]
31736:
31737: * tgetpass.c:
31738: Initial revision
31739: [3316ab33b230]
31740:
31741: * pathnames.h.in:
31742: added /dev/tty
31743: [29242585e53f]
31744:
31745: 1994-06-04 Todd C. Miller <Todd.Miller@courtesan.com>
31746:
31747: * version.h:
31748: incremented
31749: [f2e54b48280f]
31750:
31751: * sudo.c:
31752: always use getcwd
31753: [c6068e8a4029]
31754:
31755: * config.h.in:
31756: added check for getwd
31757: [ab1e102ad673]
31758:
31759: * configure.in:
31760: replace strdup & realpath & getcwd if missing
31761: [b0eb14f2a1c3]
31762:
31763: * pathnames.h.in:
31764: added _PATH_PWD
31765: [309d2388f69a]
31766:
31767: * aclocal.m4:
31768: added SUDO_PROG_PWD
31769: [e16e85deb96c]
31770:
31771: * strdup.c:
31772: Initial revision
31773: [810efdc15007]
31774:
31775: * realpath.c, sudo_realpath.c:
31776: Initial revision
31777: [d85eee438e09]
31778:
31779: 1994-06-03 Todd C. Miller <Todd.Miller@courtesan.com>
31780:
31781: * configure.in:
31782: quoted quare brackets
31783: [d0e7ca111d98]
31784:
31785: 1994-06-02 Todd C. Miller <Todd.Miller@courtesan.com>
31786:
31787: * sudo.c:
31788: no need to strdup() a constant
31789: [a8c44712df9a]
31790:
31791: * CHANGES:
31792: updated
31793: [71364129cca0]
31794:
31795: * sudo.man:
31796: added validate
31797: [0bb198095a26]
31798:
31799: * sudo.c:
31800: added -v to usage
31801: [31ea71f11dbb]
31802:
31803: * parse.c, sudo.c, sudo.h:
31804: added validate_only stuff
31805: [9bcd853d3c90]
31806:
31807: 1994-05-30 Todd C. Miller <Todd.Miller@courtesan.com>
31808:
31809: * configure.in:
31810: now finds sed
31811: [6374bb0d3f28]
31812:
31813: * aclocal.m4:
31814: $OSREV is now an int
31815: [ace0666d66cf]
31816:
31817: 1994-05-29 Todd C. Miller <Todd.Miller@courtesan.com>
31818:
31819: * configure.in:
31820: added mtxinu to caser
31821: [73a776887b16]
31822:
31823: * sudo.h:
31824: added EXEC macro
31825: [2e8eb28b710a]
31826:
31827: * sudo.c:
31828: now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
31829: [56afb4f658d5]
31830:
31831: * logging.c:
31832: changed mail_argv[] def now use EXEC() macro
31833: [ddcabd28edb1]
31834:
31835: * check.c:
31836: took out crypt() definition
31837: [0e657724cf5f]
31838:
31839: * version.h:
31840: upped the version
31841: [62c5d66119fc]
31842:
31843: * configure.in:
31844: always look for -lnsl
31845: [d7b594f0313b]
31846:
31847: * aclocal.m4:
31848: added an echo
31849: [1caae3491dc5]
31850:
31851: * sudo.h:
31852: SHORT_MESSAGE is now the default
31853: [cfce35c3119a]
31854:
31855: * config.h.in:
31856: fixed typo
31857: [6499a564bf75]
31858:
31859: * configure.in:
31860: added missing AC_DEFINE(SVR4) for solaris
31861: [feef0b17b94f]
31862:
31863: * sudo.man:
31864: documented the -v flag
31865: [a6429f2bc2cf]
31866:
31867: * SUPPORTED:
31868: updated
31869: [088886e79540]
31870:
31871: * check.c:
31872: proto-ized crypt()
31873: [801e4ff5b121]
31874:
31875: * config.h.in:
31876: added LIBSHADOW undef
31877: [8df588e9ee2b]
31878:
31879: * configure.in:
31880: nwo set OS to be lowercase
31881: [561ebed833e4]
31882:
31883: 1994-05-28 Todd C. Miller <Todd.Miller@courtesan.com>
31884:
31885: * configure.in:
31886: now use SUDO_OSTYPE to set $OS
31887: [0e60aee23098]
31888:
31889: * aclocal.m4:
31890: now use uname to determine os
31891: [99705e58d400]
31892:
31893: * visudo.c:
31894: added prototypes & moved sig handler around
31895: [1f0bc8d23b51]
31896:
31897: * sudo.h:
31898: added prototyppes
31899: [be3935a2b163]
31900:
31901: * check.c, logging.c, sudo.c:
31902: added prototypes
31903: [2079b4605ab8]
31904:
31905: * parse.c:
31906: added comment
31907: [a34d147d8399]
31908:
31909: * config.h.in:
31910: nwo use _BSD_SIGNALS not _BSD_COMPAT
31911: [63663195f047]
31912:
31913: * aixcrypt.exp:
31914: Initial revision
31915: [890aed08357e]
31916:
31917: * Makefile.in:
31918: added aixcrypt.exp
31919: [1005a183105f]
31920:
31921: * parse.lex, parse.yacc:
31922: moved config.h to top of includes
31923: [9569c49aa5f3]
31924:
31925: 1994-05-25 Todd C. Miller <Todd.Miller@courtesan.com>
31926:
31927: * find_path.c:
31928: now don't bitch if get EACCESS (treat like EPERM)
31929: [dbeffb638de4]
31930:
31931: * visudo.c:
31932: added -v flag and usage()
31933: [4d44ed60ed75]
31934:
31935: * version.h:
31936: fixed a typo
31937: [cf3f9347ae41]
31938:
31939: * sudo.c:
31940: cast Argv to a const for exec added -v flag
31941: [d11b6efc0e45]
31942:
31943: * logging.c:
31944: mail_argv is now a const
31945: [93bb5d90bb6f]
31946:
31947: * configure.in:
31948: only set RETSIGTYPE if it is not set already
31949: [c97aac260b77]
31950:
31951: * aclocal.m4:
31952: now defines & STDC_HEADERS for Irix
31953: [9c2b24ad1fc5]
31954:
31955: * Makefile.in:
31956: added version.h
31957: [9f79e880229a]
31958:
31959: * insults.h, sudo.h:
31960: prevent multiple inclusion
31961: [d68c8a9243ce]
31962:
31963: * version.h:
31964: Initial revision
31965: [dbb39c5ef8d9]
31966:
31967: * parse.lex, parse.yacc:
31968: now includes config.h
31969: [f117e036a56b]
31970:
31971: * aclocal.m4:
31972: now talks about sunos 4.x
31973: [c9054aa92d4e]
31974:
31975: * visudo.c:
31976: calls to Exit now pass an arg
31977: [a92104670551]
31978:
31979: 1994-05-24 Todd C. Miller <Todd.Miller@courtesan.com>
31980:
31981: * visudo.c:
31982: signal handler now takes an int argument
31983: [26f480c41523]
31984:
31985: * CHANGES:
31986: updated
31987: [8c166a9d796b]
31988:
31989: * sudo.c:
31990: ok, the getcwd() is now *really* done as the user
31991: [ab86cf85134a]
31992:
31993: * configure.in:
31994: changed AIX STATIC_FLAGS
31995: [b9c0a3ba5663]
31996:
31997: * aclocal.m4:
31998: solaris now defines SVR4
31999: [c3e20cac96f5]
32000:
32001: * sudo.h:
32002: added cwd and fixed stupid core dump that makes no sense. sigh.
32003: [7a9755436dbb]
32004:
32005: * sudo.c:
32006: moved getcwd stuff into load_globals
32007: [ec2bc90df1f3]
32008:
32009: * parse.c:
32010: took out externs that are in suod.h
32011: [93c4b3f856d7]
32012:
32013: * logging.c:
32014: moved cwd into load_globals
32015: [050de754d228]
32016:
32017: * find_path.c:
32018: moved cwd stuff
32019: [22f3f3b4c34d]
32020:
32021: * Makefile.in:
32022: fixed make distclean & realclean
32023: [c9964d89bcef]
32024:
32025: * TODO:
32026: updated .,
32027: [e513581ef0e3]
32028:
32029: * CHANGES:
32030: added solaris changes
32031: [505d930daf27]
32032:
32033: * aclocal.m4:
32034: added solaris changes, need to rework
32035: [33f20fb16c49]
32036:
32037: * configure.in:
32038: cleaned up for solaris
32039: [2fb8cfa05d0f]
32040:
32041: * logging.c:
32042: reinstall reapchild signal handler for non-bsd signals
32043: [3d1dc545113d]
32044:
32045: * sudo.h:
32046: took out getdtablesize() emulation for HP-UX (no longer needed)
32047: [1fc83d170f34]
32048:
32049: * sudo.c:
32050: support for HAVE_SYSCONF
32051: [50ca2a7a224a]
32052:
32053: * visudo.c:
32054: added <fcntl.h> for solaris & reorg'd the includes + minor prettying
32055: up /
32056: [0a570e826dd4]
32057:
32058: * config.h.in:
32059: added HAVE_SYSCONF
32060: [2b9a9f3a4e94]
32061:
32062: 1994-05-16 Todd C. Miller <Todd.Miller@courtesan.com>
32063:
32064: * configure.in:
32065: now tells you what os you are running /.
32066: [06c6332a895b]
32067:
32068: * aclocal.m4:
32069: took out extra ','
32070: [e8c75ce59f4a]
32071:
32072: 1994-05-14 Todd C. Miller <Todd.Miller@courtesan.com>
32073:
32074: * config.h.in:
32075: added _BSD_COMPAT
32076: [73c5099806c2]
32077:
32078: * aclocal.m4:
32079: fixed for irix5
32080: [1047d1f6c0eb]
32081:
32082: * CHANGES:
32083: updated
32084: [1bc4969fee96]
32085:
32086: * sudo.c:
32087: uid seinitialized to -2
32088: [8d7812b1878b]
32089:
32090: 1994-04-28 Todd C. Miller <Todd.Miller@courtesan.com>
32091:
32092: * sudo.c:
32093: now removes LIBPATH for AIX
32094: [075392eb1dd9]
32095:
32096: 1994-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
32097:
32098: * configure.in:
32099: now uses ufc if it finds it
32100: [ab6ce30a5958]
32101:
32102: 1994-03-12 Todd C. Miller <Todd.Miller@courtesan.com>
32103:
32104: * sudo.h:
32105: no longer define yyval & yylval since yacc does it
32106: [09d250aea50a]
32107:
32108: * parse.lex:
32109: now defines yylval as extenr
32110: [8ec2b88952bc]
32111:
32112: * configure.in:
32113: BROKEN_GETPASS is now an OPTION
32114: [3714f4bb8312]
32115:
32116: * config.h.in:
32117: took out BROKEN_GETPASS
32118: [9c4f6aa50137]
32119:
32120: * Makefile.in:
32121: took out big comment
32122: [4c13cff0e556]
32123:
32124: * README:
32125: updated
32126: [b8b9902b620d]
32127:
32128: * Makefile.in:
32129: took out README.beta
32130: [ed2cd861e82b]
32131:
32132: * SUPPORTED:
32133: Initial revision
32134: [2fffc51e6606]
32135:
32136: * INSTALL:
32137: now reference SUPPORTED .,
32138: [d112c30be1f2]
32139:
32140: * config.h.in:
32141: now check for convex OR __convex__
32142: [a0e5701a3069]
32143:
32144: * aclocal.m4:
32145: now check for convex or __convex__
32146: [5dae2bfbe3bc]
32147:
32148: * Makefile.in:
32149: added dist target
32150: [400a54de57db]
32151:
32152: * aclocal.m4:
32153: use __convex__
32154: [58a19470ed0b]
32155:
32156: * find_path.c:
32157: now use _S_* stat stuff to be ansi-like
32158: [28cce560e048]
32159:
32160: * INSTALL:
32161: updated for configure directions
32162: [a034ccc7c30a]
32163:
32164: * Makefile.in:
32165: distclean now removes config.h and pathnames.h
32166: [300f2349b4ab]
32167:
32168: * CHANGES:
32169: updated
32170: [646f7e9430c1]
32171:
32172: * TODO:
32173: fixed typoe
32174: [70fd6361b2bc]
32175:
32176: * visudo.c:
32177: updated version
32178: [cf13d87d789f]
32179:
32180: * Makefile.in:
32181: updated version
32182: [8c5dacc27a7a]
32183:
32184: * config.h.in, pathnames.h.in:
32185: added copyright header
32186: [747ce3d3d6b7]
32187:
32188: * check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
32189: parse.yacc, sudo.c, sudo.h:
32190: udpated version
32191: [4751c39bad18]
32192:
32193: * visudo.c:
32194: udpated to use configure + pathnames.h
32195: [d45dff76a1cd]
32196:
32197: * aclocal.m4:
32198: updated
32199: [f05a367a55be]
32200:
32201: * Makefile.in, config.h.in, configure.in:
32202: updated
32203: [524778598879]
32204:
32205: * sudo.h:
32206: now works with configure
32207: [83fc40e533f4]
32208:
32209: * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
32210: updated to work with configure + pathnames.h
32211: [cb67fa6ab52d]
32212:
32213: * Makefile.in:
32214: added LEXLIB
32215: [f43cad4ab0a2]
32216:
32217: 1994-03-10 Todd C. Miller <Todd.Miller@courtesan.com>
32218:
32219: * COPYING:
32220: updated gnu general licence to versio 2
32221: [2b0b56112ddc]
32222:
32223: * config.h.in, pathnames.h.in:
32224: Initial revision
32225: [4b586f39ec2d]
32226:
32227: * sudo.h:
32228: changed to work with configure
32229: [13f3506ddf16]
32230:
32231: 1994-03-09 Todd C. Miller <Todd.Miller@courtesan.com>
32232:
32233: * Makefile.in, aclocal.m4, configure.in:
32234: Initial revision
32235: [a8636ae77371]
32236:
32237: * visudo.c:
32238: now uses defines used by configure
32239: [de438d118993]
32240:
32241: 1994-03-01 Todd C. Miller <Todd.Miller@courtesan.com>
32242:
32243: * find_path.c:
32244: sudo won't bitch about EPERM now, for real
32245: [ce26d9ef7e3f]
32246:
32247: 1994-02-28 Todd C. Miller <Todd.Miller@courtesan.com>
32248:
32249: * logging.c:
32250: renamed exec_argv to eliminate a libc name clash with ksros
32251: [bcb4350d8411]
32252:
32253: * CHANGES:
32254: corrected
32255: [dae68d422efd]
32256:
32257: * logging.c, sudo.c, sudo.h:
32258: execve -> execv
32259: [40cc2c4bdb15]
32260:
32261: * TODO:
32262: upated
32263: [9275a8b8fc45]
32264:
32265: * PORTING:
32266: added 2 mroe items
32267: [6cbb5c56993c]
32268:
32269: * CHANGES:
32270: updated
32271: [73f34f8e571a]
32272:
32273: * sudo.h:
32274: added UMASK and mode_t declaration
32275: [7c2015e1d171]
32276:
32277: * sudo.c:
32278: added UMASK
32279: [d37be7523680]
32280:
32281: * logging.c:
32282: now opens log file with mode 077
32283: [0825cc3ee841]
32284:
32285: * check.c:
32286: saved current umask ans restores it
32287: [659c1aaae8e8]
32288:
32289: * sudo.h:
32290: added MAXLOGFILELEN
32291: [34331c7dee90]
32292:
32293: * logging.c:
32294: split long log lines. FOr syslog, split into multiple entries, for
32295: a log file, indent the extra for readability
32296: [72c9e4cdba6e]
32297:
32298: 1994-02-27 Todd C. Miller <Todd.Miller@courtesan.com>
32299:
32300: * CHANGES:
32301: added changes
32302: [81196833673d]
32303:
32304: * sudo.h:
32305: MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
32306: [1aa69e903840]
32307:
32308: 1994-02-25 Todd C. Miller <Todd.Miller@courtesan.com>
32309:
32310: * TODO:
32311: added input from Brett M Hogden <hogden@rge.com>
32312: [80f01fc88ce9]
32313:
32314: 1994-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
32315:
32316: * sudo.c:
32317: added rmenv() to remove stuff from environ. can now uses execvp()
32318: OR execve() becuase of this.
32319: [e7fc2535bd67]
32320:
32321: * logging.c:
32322: now uses execvp() OR execve()
32323: [56391aa1f99d]
32324:
32325: * sudo.h:
32326: added USE_EXECVE
32327: [f21f38050b95]
32328:
32329: * sudo.h:
32330: added environ
32331: [6b805e23c6f6]
32332:
32333: * find_path.c:
32334: now ignore EPERM
32335: [c8fd7117a1d7]
32336:
32337: * sudo.h:
32338: moved some func decls out of sudo.h and into sudo.c as statics /.
32339: [5f555c267d27]
32340:
32341: * CHANGES:
32342: updated
32343: [431f478af320]
32344:
32345: * sudo.h:
32346: took out Envp
32347: [6f722be7793d]
32348:
32349: 1994-02-14 Todd C. Miller <Todd.Miller@courtesan.com>
32350:
32351: * BUGS:
32352: Initial revision
32353: [4a8ecf0da95c]
32354:
32355: 1994-02-10 Todd C. Miller <Todd.Miller@courtesan.com>
32356:
32357: * CHANGES:
32358: added SECURE_PATH
32359: [1c72cb222609]
32360:
32361: * sudo.c, sudo.h:
32362: added SECURE_PATH
32363: [5bf5357a63c5]
32364:
32365: * sudo.h:
32366: added SECURE_PATH
32367: [3976a74405ac]
32368:
32369: * INSTALL:
32370: added sample.sudoers note
32371: [1b395d29aaeb]
32372:
32373: * sudoers:
32374: Initial revision
32375: [485888d07477]
32376:
32377: 1994-02-09 Todd C. Miller <Todd.Miller@courtesan.com>
32378:
32379: * find_path.c:
32380: fixed typo
32381: [bfc3cc4d41ca]
32382:
32383: * PORTING:
32384: took out SAVED_UID garbage
32385: [b7c2d3469661] [SUDO_1_3_0]
32386:
32387: * INSTALL:
32388: mentioned HAL
32389: [253d6695df90]
32390:
32391: * sudo.h:
32392: added HAL line
32393: [29ec1a4ac6de]
32394:
32395: * insults.h:
32396: added HAL insults
32397: [7d7c96d77c74]
32398:
32399: * TODO:
32400: updated
32401: [aa2ed9790586]
32402:
32403: * logging.c:
32404: more verbose error if mailer not found
32405: [fca47fd00cb6]
32406:
32407: * check.c:
32408: now do getpwent as root for soem shadow password systems (bsdi)
32409: [e0339e110d46]
32410:
32411: 1994-02-08 Todd C. Miller <Todd.Miller@courtesan.com>
32412:
32413: * sudo.h:
32414: took out SAVED_UID garbade
32415: [fcb0e81dcdb5]
32416:
32417: * sudo.c:
32418: took out SAVED_UID garbage since it don't work
32419: [507e9513e9c2]
32420:
32421: 1994-02-06 Todd C. Miller <Todd.Miller@courtesan.com>
32422:
32423: * README:
32424: updated
32425: [d2b6b253dae5]
32426:
32427: * insults.h:
32428: added a missing space :-)
32429: [8940ea991f87]
32430:
32431: * sudo.c, sudo.h:
32432: took out multimax cruft
32433: [c2606b365181]
32434:
32435: * INSTALL:
32436: minor update
32437: [05fb6ee73131]
32438:
32439: * PORTING:
32440: finished
32441: [c4ac47c84dc5]
32442:
32443: * sudo.c:
32444: fixed a typo + indentation
32445: [7eab40aae8fa]
32446:
32447: 1994-02-05 Todd C. Miller <Todd.Miller@courtesan.com>
32448:
32449: * sudo.h:
32450: took outumoved some defines to the config file ,. ,.
32451: [defff05beb52]
32452:
32453: * PORTING:
32454: Initial revision
32455: [c803e9127959]
32456:
32457: * TODO:
32458: did #6
32459: [c6fa1c946c31]
32460:
32461: * sudo.h:
32462: added HAS_SAVED_UID
32463: [6a88a39c0a07]
32464:
32465: * sudo.c:
32466: put back AIX cruft
32467: [a24d2507ddd4]
32468:
32469: 1994-02-03 Todd C. Miller <Todd.Miller@courtesan.com>
32470:
32471: * sudo.c:
32472: aix changes
32473: [1663915f754a]
32474:
32475: 1994-02-02 Todd C. Miller <Todd.Miller@courtesan.com>
32476:
32477: * CHANGES:
32478: updated
32479: [a8cc73747cae]
32480:
32481: * check.c, logging.c, parse.c, sudo.c, sudo.h:
32482: now is only root when abs necesary
32483: [3c9d12c5cdfe]
32484:
32485: * check.c:
32486: added missing %s\n
32487: [609320b72d89]
32488:
32489: 1994-01-31 Todd C. Miller <Todd.Miller@courtesan.com>
32490:
32491: * install-sh:
32492: Initial revision
32493: [b5bba140a175]
32494:
32495: * TODO:
32496: updated
32497: [c9d2eba602af]
32498:
32499: * CHANGES:
32500: updated
32501: [932f1fc3bb14]
32502:
32503: * sudo.c:
32504: now removed _RLD_* for alphas
32505: [54a36e648158]
32506:
32507: * INSTALL:
32508: updated for new config scheme
32509: [61c8ae800444]
32510:
32511: * find_path.c:
32512: more verbose eror messages
32513: [b4fd123db42d]
32514:
32515: 1994-01-27 Todd C. Miller <Todd.Miller@courtesan.com>
32516:
32517: * TODO:
32518: now have solaris
32519: [371002fbf266]
32520:
32521: * sudo.h:
32522: define __svr4__ for SOLARIS
32523: [0b5cf5ed936d]
32524:
32525: * check.c:
32526: added svr4 junk for shadow pws for solaris 2.x
32527: [91ed58f21618]
32528:
32529: * check.c, sudo.c:
32530: took out setuid(0) and setreuid(udi) garbage. Its not needed since
32531: we start out setuid with the correct perms.
32532: [07689e782b0b]
32533:
32534: * check.c, sudo.c, sudo.h:
32535: now use setreuid()
32536: [7d64d685d78e]
32537:
32538: 1994-01-26 Todd C. Miller <Todd.Miller@courtesan.com>
32539:
32540: * sudo.man:
32541: revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
32542: sectoin
32543: [b26967b1e19b]
32544:
32545: * visudo.c:
32546: now uses ENV_EDITOR if you want to use the EDITOR envar
32547: [a4f8fcb9bd1d]
32548:
32549: * sudo.h:
32550: now uses ENV_EDITOR if you want to use the EDITOR envar >> .
32551: [028cc55c4328]
32552:
32553: 1993-12-07 Todd C. Miller <Todd.Miller@courtesan.com>
32554:
32555: * INSTALL:
32556: rewrote most of this
32557: [a6750923f9c9]
32558:
32559: * README:
32560: minor update + spell fix
32561: [a411717a7249]
32562:
32563: * sudo.h:
32564: added all options that are in the Makefile
32565: [6db3b3b841b3]
32566:
32567: * getpass.c:
32568: now use USE_TERMIO #define for sgi & hpux
32569: [b91f89ae6be1]
32570:
32571: * TODO:
32572: todo: posix sigs
32573: [4548a56eb2ef]
32574:
32575: 1993-12-06 Todd C. Miller <Todd.Miller@courtesan.com>
32576:
32577: * check.c, find_path.c:
32578: always include strings.h
32579: [1fc20bda92c0]
32580:
32581: * visudo.c:
32582: added STATICEDITOR
32583: [0596f820716e]
32584:
32585: * sudo.h:
32586: sgi has vi in /usr/bin too
32587: [94203b62bfd9]
32588:
32589: * sudo.man:
32590: added VISUAL
32591: [87c2844c4cac]
32592:
32593: 1993-12-03 Todd C. Miller <Todd.Miller@courtesan.com>
32594:
32595: * sudo.h:
32596: sue /usr/bin/vi on some systems
32597: [e3ad9190f35e]
32598:
32599: * sudo.c:
32600: fixed warning (include strings.h)
32601: [0b896de4d8a0]
32602:
32603: * sudo.man:
32604: added John_Rouillard@dl5000.bc.edu's changes (new features)
32605: [f41b4205a8cf]
32606:
32607: * CHANGES:
32608: changes from John_Rouillard@dl5000.bc.edu
32609: [6bdef8e948d5]
32610:
32611: * visudo.c:
32612: added EDITOR envar
32613: [5c4bf716de21]
32614:
32615: * check.c, find_path.c, parse.c, sudo.c:
32616: added patches from John_Rouillard directory spec
32617: uses EDITOR
32618: [f62a435f8c41]
32619:
32620: 1993-12-02 Todd C. Miller <Todd.Miller@courtesan.com>
32621:
32622: * getpass.c:
32623: added flush for hpux
32624: [07cfdd6a7b55]
32625:
32626: 1993-11-30 Todd C. Miller <Todd.Miller@courtesan.com>
32627:
32628: * sudo.c:
32629: no longer assume malloc returns a char *
32630: [7480bd2756f3]
32631:
32632: * sudo.c:
32633: alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
32634: gets removed correctly
32635: [8587166c6ac8]
32636:
32637: * sudo.h:
32638: added STD_HEADERS macro
32639: [480f5a9a516c]
32640:
32641: * sudo.c:
32642: now uses STD_HEADERS macor for ansi
32643: [c5018806fd59]
32644:
32645: * find_path.c:
32646: now uses STD_HEADERS macro
32647: [ad821e0788ea]
32648:
32649: * check.c:
32650: niceties for C compiler bitches -- no real change
32651: [0fc0b1a5fb64]
32652:
32653: 1993-11-29 Todd C. Miller <Todd.Miller@courtesan.com>
32654:
32655: * visudo.c:
32656: now doesn't fclose a file never opened.
32657: [ee888ec9427d]
32658:
32659: 1993-11-28 Todd C. Miller <Todd.Miller@courtesan.com>
32660:
32661: * sudo.man:
32662: added visudo line
32663: [698d51c66407]
32664:
32665: * sudo.man:
32666: added error stuff added me in there...
32667: [d202fd34b906]
32668:
32669: * CHANGES:
32670: noted insults
32671: [998a22c2230c]
32672:
32673: * INSTALL:
32674: added blurb about reading stuff
32675: [e71db100798f]
32676:
32677: * sudo.h:
32678: added insults
32679: [c110431cec56]
32680:
32681: * insults.h:
32682: corrected somments and removed newlines
32683: [493706fd488c]
32684:
32685: * check.c:
32686: now uses insults
32687: [6d23cf06a0ef]
32688:
32689: * insults.h:
32690: Initial revision
32691: [83153c26b4a3]
32692:
32693: * INSTALL:
32694: added dec syslog note
32695: [555437273237]
32696:
32697: * sample.sudoers:
32698: added real stuff in there
32699: [53442a7fba78]
32700:
32701: * TODO:
32702: added a todo
32703: [c630472bd4dc]
32704:
32705: * TODO:
32706: added one
32707: [806464453284]
32708:
32709: 1993-11-27 Todd C. Miller <Todd.Miller@courtesan.com>
32710:
32711: * sample.sudoers:
32712: Initial revision
32713: [7db0a9f1ca8f]
32714:
32715: * sudo.man:
32716: updated with changes
32717: [d9bf254c6c08]
32718:
32719: * sudo.man:
32720: Initial revision
32721: [dd6f11174ac6]
32722:
32723: * indent.pro:
32724: Initial revision
32725: [dbfbb494fad9]
32726:
32727: * CHANGES, COPYING, INSTALL, README, TODO:
32728: Initial revision
32729: [6d98f489a079]
32730:
32731: * visudo.c:
32732: updated version number and took out jeff's old addr since it is no
32733: good
32734: [ee47c24818cb]
32735:
32736: * check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
32737: sudo.c, sudo.h:
32738: updated version number and took out jeff's email (since it is
32739: invalid)
32740: [54616458a52e]
32741:
32742: 1993-10-28 Todd C. Miller <Todd.Miller@courtesan.com>
32743:
32744: * check.c:
32745: added fflush()
32746: [145c881f4fb4]
32747:
32748: 1993-10-23 Todd C. Miller <Todd.Miller@courtesan.com>
32749:
32750: * find_path.c:
32751: now return NULL instead pf��of exiting for nopn��n-fatal errors
32752: [8bc74f8cb1ae]
32753:
32754: 1993-10-21 Todd C. Miller <Todd.Miller@courtesan.com>
32755:
32756: * check.c:
32757: new banner
32758: [5387ab2af516]
32759:
32760: * parse.lex:
32761: now sudo.h gets included first
32762: [2acb01c18e18]
32763:
32764: 1993-10-18 Todd C. Miller <Todd.Miller@courtesan.com>
32765:
32766: * parse.lex:
32767: now can use flex
32768: [164d3839adf0]
32769:
32770: * sudo.h:
32771: linux patch
32772: [f1b6b1b1a2ca]
32773:
32774: * sudo.c:
32775: hpux 9 fix, removes SHLIB_PATH linux patch
32776: [67611dc1737f]
32777:
32778: * check.c:
32779: linux diff
32780: [c24536682397]
32781:
32782: 1993-10-15 Todd C. Miller <Todd.Miller@courtesan.com>
32783:
32784: * find_path.c:
32785: stat now ignores EINVAL
32786: [c7761a5dc642]
32787:
32788: 1993-10-06 Todd C. Miller <Todd.Miller@courtesan.com>
32789:
32790: * find_path.c, sudo.c:
32791: now declare strdup as extern
32792: [6b7d6f8784b5]
32793:
32794: 1993-10-04 Todd C. Miller <Todd.Miller@courtesan.com>
32795:
32796: * visudo.c:
32797: reformatted with indent + by hand
32798: [9d43084e4990]
32799:
32800: * check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
32801: used indent to "fix" coding style
32802: [489ffacbdc70]
32803:
32804: * find_path.c:
32805: now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
32806: move the code that does this into the loop body. makes it messier
32807: tho. hmmm.
32808: [c4d22b48da9a]
32809:
32810: 1993-09-08 Todd C. Miller <Todd.Miller@courtesan.com>
32811:
32812: * find_path.c:
32813: redid the fix for non-executable files in an easier to read way plus
32814: some minor aethetic changes
32815: [84fe337f1426]
32816:
32817: * find_path.c:
32818: fixed bug with non-executable tings of same name in path introduced
32819: by checkig errno after stat(2).
32820: [c2a812cfcbc1]
32821:
32822: 1993-09-05 Todd C. Miller <Todd.Miller@courtesan.com>
32823:
32824: * sudo.c:
32825: fixed off by one error
32826: [fabb7cee0041]
32827:
32828: * find_path.c:
32829: now handles decending below '/' correctly
32830: [5d2ddfc0b220]
32831:
32832: * sudo.c:
32833: now actually builds Envp instead of munging envp
32834: [bdc4b08f6898]
32835:
32836: 1993-09-04 Todd C. Miller <Todd.Miller@courtesan.com>
32837:
32838: * parse.yacc:
32839: now includes sys/param.h
32840: [efbb494ab4de]
32841:
32842: * visudo.c:
32843: now includes sys/param.h
32844: [ad6c91d59958]
32845:
32846: * sudo.h:
32847: fixed ifndef -> ifdef
32848: [7aebe822d863]
32849:
32850: * qualify.c:
32851: make more like find_path.c
32852: [853b2dab2e03]
32853:
32854: * find_path.c:
32855: rewritten by millert
32856: [c6a043cc11b3]
32857:
32858: * sudo.h:
32859: fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
32860: about new defines in the comment
32861: [39ffefce3aec]
32862:
32863: * logging.c:
32864: now uses USE_CWD
32865: [fa0f3b118bb3]
32866:
32867: * sudo.h:
32868: added delc for clean_envp() and Envp
32869: [a12034e300c2]
32870:
32871: * sudo.c:
32872: now rips LD_* env vars out of envp and passed sanitized Envp to exec
32873: [d201a218e056]
32874:
32875: * logging.c:
32876: now uses execve()
32877: [f3e01032cd33]
32878:
32879: * find_path.c:
32880: ENOTDIR is ok now too (in case part of the path is bogus)
32881: [b5cbbb201bb5]
32882:
32883: * qualify.c:
32884: now works correctly (ttaltotal rewrite)
32885: [0c25d64a5c68]
32886:
32887: * parse.lex:
32888: now includes sys/param.h didn't match trailing / -- fix from
32889: rouilj@cs.umb.edu
32890: [b6363ba110af]
32891:
32892: 1993-06-11 Todd C. Miller <Todd.Miller@courtesan.com>
32893:
32894: * sudo.c:
32895: moved around the #ifndef _AIX
32896: [7d4330950c20]
32897:
32898: * check.c, logging.c, parse.c:
32899: Initial revision
32900: [c101e9572d7f]
32901:
32902: 1993-03-20 Todd C. Miller <Todd.Miller@courtesan.com>
32903:
32904: * qualify.c:
32905: Initial revision
32906: [5a5f21d0e0bf]
32907:
32908: 1993-03-13 Todd C. Miller <Todd.Miller@courtesan.com>
32909:
32910: * find_path.c:
32911: now works if you do sudo bin/test
32912: [07835120ce43]
32913:
32914: * find_path.c:
32915: works
32916: [c3da8b5efa20]
32917:
32918: 1993-03-02 Todd C. Miller <Todd.Miller@courtesan.com>
32919:
32920: * sudo.h:
32921: Initial revision
32922: [28a1caa38b72]
32923:
32924: * visudo.c:
32925: Initial revision
32926: [0e5cd7c3cdbe]
32927:
32928: * parse.lex, parse.yacc:
32929: Initial revision
32930: [5f2d0cccb06b]
32931:
32932: 1993-02-16 Todd C. Miller <Todd.Miller@courtesan.com>
32933:
32934: * sudo.c:
32935: took out errno.h
32936: [7466431a2655]
32937:
32938: * sudo.c:
32939: now spews error if exec fails and exits with -1
32940: [e5c41ea725c1]
32941:
32942: * sudo.c:
32943: Initial revision
32944: [8aeabe39a0c2]
32945:
32946: * find_path.c:
32947: now only execs files with (an) executable bit set.
32948: [0a451f9c0e58]
32949:
32950: * find_path.c:
32951: Initial revision
32952: [02a534891a35]
32953:
32954: 1993-02-15 Todd C. Miller <Todd.Miller@courtesan.com>
32955:
32956: * getpass.c:
32957: added nice comment
32958: [ea8b2aaa9389]
32959:
32960: * getpass.c:
32961: now works on sgi's
32962: [bf2b7c6d0960]
32963:
32964: * getpass.c:
32965: Initial revision
32966: [9f4de251c1b5]
32967:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ChangeLog CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo